source: trunk/locker/doc/cluedump/AFS.tex @ 1954

Last change on this file since 1954 was 1648, checked in by ezyang, 14 years ago
Add cluedump slide sources to Subversion.
File size: 2.5 KB
Line 
1\subsection{AFS}
2
3\begin{frame}
4  \frametitle{AFS access controls}
5  \begin{itemize}
6  \item AFS enforces server side access controls.
7  \item On Athena systems: user's password $\to$ Kerberos tickets
8    $\to$ AFS tokens, which authenticate the client to the AFS server.
9  \item On scripts, we don't have the user's password or tickets.
10  \item User's scripts are not publicly readable.
11  \item Access is controlled through a single {\tt daemon.scripts} AFS
12    user.
13  \end{itemize}
14\end{frame}
15
16\begin{frame}
17  \frametitle{Isolating users on scripts}
18  \begin{itemize}
19  \item If all users share {\tt daemon.scripts} AFS tokens, how are
20    they prevented from accessing each other's {\tt web\_scripts}?
21  \item On scripts, we enforce additional restrictions in the AFS
22    kernel module.
23    \begin{itemize}
24    \item \texttt{afsAccessOK()} in
25      \texttt{openafs/src/afs/VNOPS/afs\_vnop\_access.c}
26      \end{itemize}
27  \end{itemize}
28\end{frame}
29
30\begin{frame}[fragile]
31  \only<1>{You can only use {\tt daemon.scripts} credentials to access
32    files in a volume with volume ID equal to your UID,}%
33  \only<2>{or the file is {\tt system:anyuser} readable
34    anyway,\vspace{\baselineskip}}%
35  \only<3>{or the {\tt apache} or {\tt postfix} users are doing a {\tt
36      stat()},\vspace{\baselineskip}}%
37  \only<4>{or the {\tt apache} user is trying to read a file with mode
38    {\tt 777},\vspace{\baselineskip}}%
39  \only<5>{or the {\tt root} or {\tt signup} users are accessing file
40    with the special {\tt D} or {\tt E} bits.}%
41
42\begin{footnotesize}
43\begin{semiverbatim}
44 int
45 afs_AccessOK(struct vcache *avc, afs_int32 arights,
46              struct vrequest *areq, afs_int32 check_mode_bits)
47 \{
48     \ldots
49+    if (\alert<1>{!(areq->realuid == avc->fid.Fid.Volume)} &&
50+        \alert<2>{!((avc->anyAccess | arights) == avc->anyAccess)} &&
51+        \alert<3>{!(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&}
52+        \alert<3>{!(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID)} &&
53+        \alert<4>{!(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&}
54+        \alert<4>{  avc->m.Mode == 0100777)} &&
55+        \alert<5>{!(PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq) &&}
56+        \alert<5>{  areq->realuid == 0) &&}
57+        \alert<5>{!(PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq) &&}
58+        \alert<5>{  (areq->realuid == 0 || areq->realuid == SIGNUP_UID))}) \{
59+       return 0;
60+    \}
61     \ldots
62\end{semiverbatim}
63\end{footnotesize}
64\end{frame}
65
Note: See TracBrowser for help on using the repository browser.