Coda File System

Re: auth + offline

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Fri, 23 Mar 2007 23:00:46 -0400
On Tue, Mar 20, 2007 at 11:35:11PM +0100, u+codalist-p4pg_at_chalmers.se wrote:
> Coming back to the topic - the inconveniences while disconnected do not
> in fact have any good reason.
> 
> In my eyes, even expiring tokens in general should not prevent users
> from accessing the cached objects, nor modifications.
> That should of course work the same with fully available network (security
> may not depend on connectivity). I'd like to notice when my modifications
> cease to propagate, but that's all. I may choose to authenticate a week later
> and until then behave like in disconnected mode, why not?

Actually as of 6.9.0 this may just be possible, we refuse to reintegrate
without tokens, but we could still access cached object based on rights
we had before the token expired. Any uncached objects fetched during
this period would get system:anyuser rights.

We already invalidate all cached rights when we obtain a new token. The
only problem is that currently rights are reinstated when validateattrs
reports that an object has not changed on the server, which is actually
really bad if the user had an administrator token and switched to a
normal user identity. I think the only other way to recache rights is to
actually access every file individually. Maybe hoarding could do it, but
I think that relies on the same validateattr promotion of old rights.

I'm thinking of 'softening' the demotion after reconnection so that it
only marks object as needing revalidation but leave the rights alone.
Also keep cached rights demotion when a server rejects our token, Greg's
argument is correct, if we already had an object cached we could just as
well have copied it to the local disk, or search for it in the cache
directory. These changes should make reconnections and token expiry a
lot more liveable.

Then there still is the issue of PromoteAcRights, which I still find
highly suspect, but it may be needed because I don't really see any
other way in which we currently (efficiently) reestablish our cached
access rights. Maybe clog and cunlog need a more agressive method to
clear out cached rights so that they will not be reestablished by
PromoteAcRights.

Jan
Received on 2007-03-23 23:02:20