Re: [fuse-devel] [PATCH] send secondary groups through FUSE

[Miklos S. <mi...@sz...>]

ma...@ne... (Emmanuel Dreyfus) writes:

> Miklos Szeredi <mi...@sz...> wrote:
>
>> Which is why it is not a good idea to put this information into a
>> header.
>
> Do you have another idea of where it could go?

Yes, I already wrote about that a few emails earlier, but you seem to
have missed it.  So here it is again.


| An alternative solution would be to add new messages for credential
| caching, see patch at the end.  The only downside would be the added
| complexity on the kernel and userspace side.  But given the nature of
| supplementary groups I don't think this can be sanely avodided.
| 
| Thanks,
| Miklos
| 
| 
| diff --git a/include/linux/fuse.h b/include/linux/fuse.h
| index 464cff5..ac73a36 100644
| --- a/include/linux/fuse.h
| +++ b/include/linux/fuse.h
| @@ -272,6 +272,8 @@ enum fuse_opcode {
|  	FUSE_POLL          = 40,
|  	FUSE_NOTIFY_REPLY  = 41,
|  	FUSE_BATCH_FORGET  = 42,
| +	FUSE_CRED_NEW      = 43,
| +	FUSE_CRED_DESTROY  = 44,
|  
|  	/* CUSE specific operations */
|  	CUSE_INIT          = 4096,
| @@ -564,13 +566,33 @@ struct fuse_notify_poll_wakeup_out {
|  	__u64	kh;
|  };
|  
| +struct fuse_cred_new_in {
| +	__u32	uid;
| +	__u32	gid;
| +	__u32	ngroups;
| +	__u32	groups[0];
| +};
| +
| +struct fuse_cred_new_out {
| +	__u64	cred_id;
| +};
| +
| +struct fuse_cred_destroy_in {
| +	__u64	cred_id;
| +};
| +
|  struct fuse_in_header {
|  	__u32	len;
|  	__u32	opcode;
|  	__u64	unique;
|  	__u64	nodeid;
| -	__u32	uid;
| -	__u32	gid;
| +	union {
| +		struct {
| +			__u32	uid;
| +			__u32	gid;
| +		};
| +		__u64 cred_id;
| +	};
|  	__u32	pid;
|  	__u32	padding;
|  };