[Xorg] Draft proposal for getpeer* based X authentication

[Alan Coopersmith]

I had hoped to send this out earlier so more people would have a chance
to read it before the conference this week, but got busy.  In a nutshell,
this uses the new "server-interpreted" extensible scheme to xhost authentication
to allow for uid/gid-based authentication on platforms that can get the
credentials of the user on the other end of a local transport (i.e. OpenBSD
with getpeereid, Solaris 10 with getpeerucred, etc.)

I've got an implementation that seems to work well on Solaris with a patch
to a single server-side source file (see the attachment), but I haven't had
a chance to try it out on anything else yet.

Open questions:
  - Is this the right definition?  Do we need to specify some sort of
    @<authenticationdomain> optional qualifier?
  - What process do we want to follow for this?  One of the goals of the
    SI authentication method was to allow a much lighter weight process
    (both technically and procedurally) for adding new authentication schemes,
    but we haven't defined yet what the procedure is we want to use for additions
    like this.  (The process shouldn't be too heavy since the risk of damage is
    low if we get it wrong - the namespace is huge for registering new schemes,
    and most new schemes won't be formally adopted as part of the official standards,
    nor is a platform required to implement any of them to be considered standards
    compliant.)

-----------
Proposed Server-interpreted Authentication Types "localuser" and "localgroup":

On systems which can determine in a secure fashion the credentials of a client
process, the "localuser" and "localgroup" authentication methods provide access
based on those credentials.  The format of the values provided is platform
specific.  For POSIX & UNIX platforms, if the value starts with the character
'#', the rest of the string shall be treated as a decimal uid or gid, otherwise
the string is defined as a user name or group name.

Systems offering this MUST not simply trust a user supplied value (such as an
environment variable or IDENT protocol response).  It is expected many systems
will only support this for clients running on the same host using a local IPC
transport.

Examples:
         xhost +SI:localuser:alanc
         xhost +SI:localuser:#1234
         xhost +SI:localgroup:wheel
         xhost +SI:localgroup:#0
-----------

Maybe we'll get a chance to discuss this in Boston this week - see you there!
(Except for those on these lists who are not going, of course. 8-)

-- 
	-Alan Coopersmith-           alan.coopersmith at sun.com
	 Sun Microsystems, Inc. - X Window System Engineering
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: access.c-patch.txt
URL: <http://lists.x.org/archives/xorg/attachments/20040426/65f1ae2a/attachment.txt>