.de Sc
\\s-1\\$1\\s0\\$2
..
.ds cA 2007/064
.ds aR \s-1PSARC\s0
.LP
.so ../../amac
.ds px \s-1POSIX\s0
.ds Sp \s-1SPARC\s0
.if n .dsTm (\uTM\d)
.if t .dsTm \v'-0.5m'\s-4TM\s0\v'0.5m'
.Co
.ds LF \fI\*(aR/\*(cA\fP
.ds RF \fICopyright 2007 Sun Microsystems\fP
.if n .ds CF
.IP \fBSubject:\fP 15
Unified \*(px and Windows Credentials for Solaris
.IP "\fBSubmitted by:\fP" 15
Mike Shapiro
.IP \fBFile:\fP 15
\*(aR/\*(cA/opinion.ms
.IP \fBDate:\fP 15
March 14th, 2007
.IP "\fBCommittee:\fP" 15
Gary Winiger,
Kais Belgaied,
James Carlson,
Glenn Skinner,
Bill Sommerfeld.
.IP "\fBProduct Approval Committee:\fP" 15

Solaris PAC
.br
solaris-pac-opinion@sun.com
.pn 2
.NH
Summary
.LP
This project is an overview of and proposal for accommodating non-\*(px
identities in Solaris with minimum disruption to all existing interfaces.
It provides a baseline upon which to evaluate other projects including
those in [1] section 19.
.NH
Decision & Precedence Information
.LP
This project is approved as specified in references [1],
[2]
and
[3],
but as modified by the required technical changes listed in Appendix A below.
.LP
By itself, this project defines no concrete deliverables.
Subprojects in [1] section 19, are expected to modify types
\fIuid_t\fP
and
\fIgid_t\fP
to allow for use of values in the range
\f(CW[0x80000000:0xfffffffe]\fP.
Such modification may be delivered in a minor release of Solaris.
.LP
.if n .ne 20
.if t .ne 3
.NH
Interfaces
.LP
The project exports the following interfaces.
.TS H
box;
c s s
l | l | l.
Interfaces Exported
_
Interface	Classification	Comments
_
.TH
\fIuid_t\fP	Committed	type change to unsigned
\fIgid_t\fP	Committed	type change to unsigned
.TE
.LP
.TE
.NH
Opinion
.LP
The majority of the discussion involved the impact on the Solaris
Community with respect to \*Qnegative\*U User and Group identifiers.
The materials [1] and [3] provide an analysis of the impact.
That analysis lead the committee to accept that it is unlikely that
existing Sun and third party executables will experience a change in behavior.
.br
.NH 2
Standards
.LP
The project team has documented in [1] section 10
how the relevant programming interface (API) standards provide vendor
latitude in values used for user and group identifier types
\fIuid_t\fP
and
\fIgid_t\fP.
The API standards require these be integral types.
Analysis the project team provided shows existing programs written to
conform to the:
.in .75i
\*(px,
.br
Single
.UX
Specification,
.br
System V Interface Definition, Third Edition
and
.br
X/Open Portability Guide
.in -.75i
standards are expected to continue to run correctly.
.LP
However, relevant Application Binary Interface (ABI) standards such as the
System V ABI for Intel386\*(Tm and \*(Sp\*(Tm
as well as the \*(Sp Compliance Definition,
require that 
\fIuid_t\fP
and
\fIgid_t\fP
types be signed long.
Binary compatibility is preserved for existing application binaries.
The project team cannot know the the complete set of Solaris applications
that may be affected by recompilation.
Incompatibilities may occur either due to the type change or assumptions about
the nature of
\fIuid_t\fP
or
\fIgid_t\fP
values.
The business plan required by the project that integrates the type
change is intended to mitigate third party applications.
See 6. Advisory Information below.
.br
.NH 2
Ephemeral User and Group IDs
.LP
This project proposes two ranges for user and group IDs.
The legacy \*(px range is defined in Solaris as the
\*Qpositive\*U 32 bit integers \f(CW[0x0:0x7fffffff]\fP
and
\f(CW-1\fP,
and
an ephemeral range is defined as the \*Qnegative\*U 32 bit integers
\f(CW[0x80000000:0xfffffffe]\fP.
The ephemeral range is intended to be used to map Microsoft
Security Identifiers (SIDs) [4] to 32 bit integers for use in Solaris
\fIuid_t\fP
and
\fIgid_t\fP
fields.
Mappings are intended to be performed by the
Winchester: Schema Mapping and ID Mapping for AD Interoperability
(\*(aR/2006/315) project.
.NH 2
Updated 20 Questions
.LP
To assist project teams and the ARC in understanding and accessing
the impact of changing user and group ID types, this project will
update the PSARC 20 questions.
.NH 2
Sentinel User and Group IDs
.LP
Standard interfaces
\fBsetreuid\fP(2)
and
\fBsetregid\fP(2)
specify
\f(CW-1\fP
as a sentinel value.
The value
\f(CW-1\fP
is not included in the set of ephemeral identifiers.
Additionally, some Solaris components have internally used
other sentinel user and/or group identifiers.
Until the impact on these components is verified,
any implementation of ephemeral identifiers will
reserve
\f(CW-2\fP
and
\f(CW-3\fP
ephemeral values.
In particular,
the NFS subsystem defines
\f(CWNFS_UID_NOBODY\fP
and 
\f(CWNFS_GID_NOBODY\fP
as
\f(CW-2\fP
in versions 2 and 3;
the Solaris Audit subsystem uses
\f(CW(uid_t)-1\fP,
\f(CW(uid_t)-2\fP
and
\f(CW(uid_t)-3\fP
as sentinel values.
.NH
Minority Opinion(s)
.LP
None.
.NH
Advisory Information
.LP
.NH 2
Advice for Subprojects
.LP
During the discussion a number points of advice for the proposed subprojects
were identified:
.RS 
.IP \(bu
The CIFS Service (\*(aR/2006/715) project will need to modify PAX.
.IP \(bu
The project that integrates the type change to
\fIuid_t\fP
and
\fIgid_t\fP
will need to provide developer documentation for how to deal with the
type change.
Furthermore, a business plan for how to handle ISVs who may have problems
with their code must be presented.
.IP \(bu
The project that integrates the type change must audit the use of
\fIuid_t\fP
and
\fIgid_t\fP
over as broad code base as possible to ensure that ephemeral IDs
do not cause change in existing binary behavior.
.RE
.NH 2
Risks to Existing Code
.LP
The Product Approval Committee is advised that acceptance of this
project and its subprojects may pose unforeseen binary incompatibilities.
Appropriate business plans need to be in place to mitigate any
incompatibility.
.NH 2
ABI Standards
.LP
The Product Approval Committee is advised that acceptance of this
project and its subprojects places Solaris in violation of
ABI standards.
See 4.1. Standards above.
Revision of the relevant standards may be desirable.
7.1. Technical Changes Required below and
the business plan above are intended as mitigation. 
.br
.NH
Appendices
.NH 2
Appendix A: Technical Changes Required
.LP
.RS
.IP 1.
Type changes for
\fIuid_t\fP
and
\fIgid_t\fP
may not be integrated unless all of the official generic and
processor specific \*(Sp ABI conformance tests for the
System V ABI pass.
Equivalent tests are not defined for x86 and x64 systems[5].
The list of tests is:
.RS
.IP \(bu
SCD version 2.4.1.
.IP \(bu
gABI version 2.1.
.IP \(bu
psABI version 2.1.
.RE
.IP
If the tests all pass successfully or all pass after any newly discovered
bugs are fixed,
then the type changes are accepted and may be integrated.
If an unresolvable test issue is discovered,
the project team must return to ARC to discuss an appropriate resolution,
including discussing the relative merits of leaving the types alone
(i.e., \*Qnegative\*U values for ephemeral IDs) versus documenting a difference
with respect to the ABI document (and thus conforming to the language of
\*(px with respect to non-negative values).
.RE
.NH 2
Appendix B: Technical Changes Advised
.LP
None.
.NH 2
Appendix C: Reference Material
.LP
Unless stated otherwise, path names are relative to the case
directory \*(aR/\*(cA.
.IP 1.
Project Specification
.br
File:
commit.materials/spec.txt
.IP 2.
Update to PSARC 20 Questions
.br
File:
commit.materials/20questions.new
.IP 3.
Answers to issues
.br
File:
issues
.IP 4.
Microsoft Security Identifiers
.br
http://technet2.microsoft.com/WindowsServer/en/library/\
86cf2457-4f17-43f8-a2ab-7f4e2e5659091033.mspx?mfr=true
.IP 5.
Discussion of ABI conformance tests
.br
File:
x86x64-ABI
.br
File:
mail
.br