How to "login"

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
earlz
Member
Member
Posts: 1546
Joined: Thu Jul 07, 2005 11:00 pm
Contact:
Contact earlz

How to "login"

Post by earlz »

Ok.. my kernel is (I think) a hybrid.. I don't really care to follow any one pattern for monolithic or micro... I will follow what looks and works the best at the time.

So I am stuck though. How do I manage logins in my kernel? is the kernel even the appropriate place to do it?

My current idea is very fuzzy in my opinion. This is it:
have a securelevel variable. When it is of appropriate value, then processes can not be spawned without a valid login ID. And there would be a syscall for obtaining a login ID through a user and password combination.
My problem with this: how would I manage sudo? (su seems simple enough with this)

How have you guys done it and other kernels? cause I really have no idea if logins should be a hybrid of userspace and kernel, or just kernel(for security), or just userland(for flexibility) and which would be easiest.
Top
User avatar
Troy Martin
Member
Member
Posts: 1686
Joined: Fri Apr 18, 2008 4:40 pm
Location: Langley, Vancouver, BC, Canada
Contact:
Contact Troy Martin

Re: How to "login"

Post by Troy Martin »

Take a peek at how linux/BSD do it. That's what I'm doing to figure out a simple login system (doing it in rmode assembly takes more time though...)
how would I manage sudo? (su seems simple enough with this)
Well, one easy way is to set the login ID to whatever root's ID is, then have the program return to the middle of the sudo program no matter what (might need to modify some ISRs here) so that you can't take advantage of being root, even though you could just sudo bash or whatever your shell is.
Image
Image
Solar wrote:It keeps stunning me how friendly we - as a community - are towards people who start programming "their first OS" who don't even have a solid understanding of pointers, their compiler, or how a OS is structured.
I wish I could add more tex
Top
User avatar
Colonel Kernel
Member
Member
Posts: 1437
Joined: Tue Oct 17, 2006 6:06 pm
Location: Vancouver, BC, Canada
Contact:
Contact Colonel Kernel

Re: How to "login"

Post by Colonel Kernel »

I can briefly describe how NT does it, based on only publicly-available info of course. :) Every kernel resource (mutex, file, thread, process, device, etc.) is represented by an object that can be protected by an ACL (access control list). However, the actual principals (users and groups) referred to by those ACLs are managed in user space by LSASS.exe (Local Security Access Sub-System), which manages the users/groups and passwords stored in the Registry. Yet another user-space server (Winlogon.exe) handles actual logons and communicates with LSASS. Winlogon is the root of the tree of processes for a logon session. All these sub-systems communicate via IPC amongst themselves and with the kernel.

Obviously *nix concepts like su don't really exist in the NT world, but hopefully this helps anyway...
Top three reasons why my OS project died:
  1. Too much overtime at work
  2. Got married
  3. My brain got stuck in an infinite loop while trying to design the memory manager
Don't let this happen to you!
Top
Post Reply

Return to “OS Development”