From: Kevin Koch Date: Mon, 17 Dec 2007 15:21:58 +0000 (+0000) Subject: Add the CCAPI design sketch to the new directory X-Git-Tag: krb5-1.7-alpha1~762 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f37458341f450e024c6ef178fd5984bbaf62f673;p=krb5.git Add the CCAPI design sketch to the new directory TargetVersion: 1.7 Component: krb5-libs Ticket: new Subj: Create doc directory git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20188 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/ccapi/doc/CCAPI-Windows-Design.html b/src/ccapi/doc/CCAPI-Windows-Design.html new file mode 100644 index 000000000..8be161447 --- /dev/null +++ b/src/ccapi/doc/CCAPI-Windows-Design.html @@ -0,0 +1,148 @@ + + + + +Windows CCAPI RPC design + + + + +

Proposed RPC design for Windows CCAPI clients and server

+

The proposal is for a single user; the solution is replicated for each user logged onto the PC.

+

Conventions & clarifications

+

"Client" and "server" refer to the CCAPI client and server.

+

The CCAPI client acts as both an RPC client and RPC server and the CCAPI server acts as both an RPC client and RPC server.

+ +

The Windows username is referred to below as "<USER>."

+

The Windows Logon Security Identifier is referred to as "<LSID>."

+

<UUID> means a thread-specific UUID.

+

<SST> means server start time, a time_t.

+

A description of client and server authentication has not been added yet.

+

Design Requirements

+ +

Design

+

The server and each client create an RPC endpoint. The server's endpoint is CCS_<LSID> and the client's endpoint is CCAPI_<UUID>, where each client geta a UUID.

+

On Windows, the server's ccs_pipe_t type is a char* and is set to the client UUID.

+

How is the request handled in the server and the reply sent to the client?

+

One straightforward way is for the reply to be the returned data in the request RPC call (an [out] parameter). That is, data passed from the RPC server to the RPC client. The request handler calls ccs_server_handle_request. Eventually, the server code calls ccs_os_server_send_reply, which saves the reply somewhere. When the server eventually returns to the request handler, the handler returns the saved reply to the client.

+

But this doesn't work. If two clients A and B ask for the same lock, A will acquire the lock and B will have to wait. But if the single threaded server waits for B's lock, it will never handle A's unlock message. Therefore the server must return to B's request handler and not send a reply to B. So this method will not work.

+

Instead, there are listener and worker threads in Windows-specific code.

+

The client's cci_os_ipc function waits for ccs_reply. The client sends the request, including it's UUID, from which the server can construct the endpoint on which to call ccs_reply.

+

The server's listener thread listens for RPC requests. The request handler puts each request/reply endpoint in a queue and returns to the client.

+

The server's worker thread removes items from the queue, calls ccs_server_handle_request. ccs_server_handle_request takes both the request data and the client UUID . Eventually ccs_os_server_send_reply is called, with the reply data and client UUID in the reply_pipe. ccs_os_server_send_reply calls ccs_reply on the client's endpoint, which sends the reply to the client.

+

Is there any security issue with the client listening for RPC calls from the server?

+

Connections

+

If the client wants state to be maintained on the server, the client creates a connection. When the connection is closed, the server cleans up any state associated with the connection.

+

Any given thread in an application process could want to create a connection. When cci_ipc_thread_init is called, the connection thread-local variables are initialized. New connections are created when cci_os_ipc() (via _cci_ipc_send) is called and no connection was previously established. Basically we lazily establish connections so the client doesn't talk to the server until it has to.

+

Detecting client exit

+

The server must be able to detect when clients disappear, so the server can free any resources that had been held for the client.

+

The Windows RPC API does not appear to provide a notification for an endpoint disappearing. It does provide a way to ask if an endpoint is listening. This is useful for polling, but we want a better performing solution than that.

+

The client has an isAlive function on its endpoint.

+

To detect the client disappearing without using polling, the server makes an asynchronous call to the isAlive function on the client's endpoint. The isAlive function never returns. When the client exits for any reason, it's endpoint will be closed and the server's function call will return an error. The asynchronous call on the server means no additional threads are used.

+

Windows provides a number of notification methods to signal I/O completion. Among them are I/O completion ports and callback functions. I chose callback functions because they appear to consume fewer resources.

+

RPC Endpoint / Function summary

+ +

Windows-specific implementation details

+

Client CCAPI library initialization:

+

This code runs when the CCAPI DLL is loaded.

+ +

Client initialization:

+

This code runs when cci_os_ipc_thread_init is called:

+ +

Server initialization:

+

[old]

+ +

[new]

+ +

Establishing a connection:

+ +

Client request:

+

The server's reply to the client's request is not synchronous.

+ +

Detecting client exit

+ +

Detecting server exit

+ +

 

+

------
+ Stop:
+Start:

+ +