`Callaghan et al.
`
`1111111111111111111111111111111111111111111111111111111111111111111111111
`US005737523A
`[111 Patent Number:
`[451 Date of Patent:
`
`5,737,523
`Apr. 7, 1998
`
`[54] METHODS AND APPARATUS FOR
`PROVIDING DYNAMIC NETWORK FILE
`SYSTEM CLIENT AUTHENTICATION
`
`B. Clifford Neuman, ''Proxy-Based, Authorization and
`Accounting for Distibuted Systems." 1993 Int'l Conference
`on Distributed Computing Systems, pp. 283-291.
`
`[75]
`
`Inventors: Brent P. Callaghan. Mountain View;
`Michael R. Eisler. San Jose. both of
`Calif.
`
`Debra Herman, UNIX System V NFS Administration, 1993.
`System Administrator Collection, pp. 69-79.
`
`[73] Assignee: Sun Microsystems, Inc., Palo Alto,
`Calif.
`
`Primary Examiner-Paul V. Kulik
`Attorney, Agent, or Finn-Hickman Beyer & Weaver. LLP
`
`[21] Appl. No.: 610,704
`
`Mar. 4, 19!16
`
`[22] Filed:
`Int. Cl.6
`................................................... G06F 15/163
`[51]
`[52] U.S. CI ................................. 3!15/187.01; 395/200.59;
`395/200.55
`[58] Field of Search ......................... 395/187.01. 200.06.
`395/200.09. 186. 610. 616. 617. 200.59.
`200.55. 20033
`
`[56]
`
`References Cited
`U.S. PJJENT DOCUMENTS
`
`5,001,628
`5,!13,519
`5,452,447
`5,481,720
`5,560,008
`
`3/1991 Johnson et al .......................... 395/617
`5/1992 Johnson et al. ......................... 395/617
`9/1995 Nelson et al ........................... 395/621
`1/1996 Loucks et al ...................... 395/187.01
`9/1996 Johnson et al .......................... 395!680
`
`OTHER PUBLICATIONS
`
`Richard E. Smith. "MLS File Service for Network Data
`Shaving." Computer Security Applications Conference.
`1993. pp. 94-99.
`Rainer Tobbicke, "Distributed F!le SystemS=Focus on
`Andrew File System/Distributed File Service (AFSIDFS)."
`1994 13th IEEE Symposium on Mass Storage Systems. pp.
`23-26.
`Eliezer Levy et al.. "Distributed File Systems =Concepts and
`· Examples."ACM Computing Surveys. vol. 22 No. 4. 1990.
`pp. 321-374.
`
`[57]
`
`ABSTRACT
`
`A variety of methods and apparatus are taught for providing
`dynamic distributed file system client authentication. One
`method for providing dynamic distributed file system client
`authentication within a distributed file system computing
`environment includes the steps of receiving an NFS request
`from an NFS client determining whether the NFS client has
`an access status sufficient to perform the NFS request. and
`performing the NFS request when the 1\'FS client has
`sufficient access status. In some embodiments. the NFS
`request includes a file handle representing a given :file
`system available on the server computer system and a :file
`operation to be performed upon the given file system. A
`server computer in accordance with one embodiment of the
`present invention is operable to provide dynamic NFS client
`authentication. The server computer includes a CPU. a RAM
`accessible by the CPU. a ROM accessible by the CPU. a
`network I/0 port coupled with the CPU. a mass storage
`device accessible by the CPU. and a kernel implemented on
`the server computer. In addition. the server computer imple(cid:173)
`ments a dynamic NFS client authentication service operable
`to receive an NFS request from an NFS client and to
`authenticate the NFS client in relation to the NFS request.
`The dynamic NFS client authentication service cmisiders
`factors such as time. date. identity of the NFS client. a nature
`of the NFS request. and a current status of a resource upon
`which the NFS request operates.
`
`30 Claims, 10 Drawing Sheets
`
`430~
`
`432~
`
`T
`
`434"
`NFS SERVER RECEIVES NFS REQUEST.
`INCLUDING VALID FILE HANDLE
`
`NFS SERVER COMPARES CLIENT'S ACCESS
`STATUS WITH ACCESS STATUS REQUIRED TO
`PERFORM NFS REQUEST AND RESPONDS ACCORDINGLY
`
`LG Electronics, Inc. et al.
`EXHIBIT 1020
`IPR Petition for
`U.S. Patent No.7, 149,511
`
`
`
`US. Patent
`
`Apr. 1, 1998
`
`‘Sheet 1 of 10
`
`5,737,523
`
`wmz
`
`mm>mmw
`
`.mzmmi
`
`.
`
`8L h (g
`
`EQEEQ
`
`
`
`US. Patent
`
`‘
`
`Apr. 7, 1998
`
`Sheet 2 of 10
`
`5,737,523
`
`50
`
`\ 52 "\
`TAR
`
`54\
`
`‘y
`
`J
`CLIENT MAKES NFS REQUEST
`(INCLUDING VALID FILE HANDLE)
`FOR WHICH CLIENT IS NOT AUTHORIZE
`D
`
`‘
`
`v
`CLIENT RECEIVES
`DESIRED RESPONSE, SERVER'S
`SECURITY IS BREACHED
`
`v
`604'“
`MODIFY SHARE TABLE FILE
`
`V
`606 "\
`REPLACE EXPORT INFO TABLE
`ENTRY TO REPRESENT NEW
`ACCESS STATUS (IF NECESSARY)
`
`— @610
`SHARE
`COMMAND
`‘
`
`9g. 13
`
`
`
`US. Patent
`
`Apr. 7, 1998
`
`Sheet 3 of 19
`
`5,737,523
`
`@
`
`110
`
`K106
`
`102
`
`/ K108
`
`/
`
`
`
`U.S. Patent
`
`Apr. 7, 1998
`
`Sheet 4 0f 10
`
`5,737,523
`
`130\
`
`142 [
`
`|/0 '
`
`I
`
`CPU
`
`132
`
`f-
`
`<——>
`
`134
`f
`RAM
`
`[136
`
`138
`P - - ‘f- - -f
`|
`I
`
`:
`
`|
`
`I
`Mass H
`Storage |
`
`I
`
`I _ _ _ _ _ _ l
`
`‘__ ROM
`
`I f
`
`140
`
`l/O
`
`fly. 4
`
`
`
`US. Patent
`
`Apr. 7, 1998
`
`Sheet 5 0f 10
`
`5,737,523
`
`152mm!
`
`8 53mm
`22
`
`cow
`
`emu
`
`
`
`US. Patent
`
`Apr. 7, 1998
`
`Sheet 6 0f 10
`
`5,737,523
`
`298 \
`
`300
`
`302 \
`
`PROCESS DFSTAB FILE
`CREATED BY SYSTEM ADMINSTRATOR,
`CREATE AND LOAD EXPORT INFO TABLE
`INTO KERNEL, AND CREATE SHARE TABL
`304x
`I
`START MOUNT SERVICE
`WITHIN MOUNT DAEMON
`306\
`I
`START NFS AUTH SERVICE
`WITHIN MOUNT DAEMON
`308~\
`I
`START NFS SERVICE
`WITHIN KERNEL
`I
`WAIT FOR NFS
`
`31'0\
`
`REQUEST @
`
`fig. 6
`
`
`
`US. Patent
`
`Apr. 7, 1998
`
`Sheet 7 0f 10
`
`5,737,523
`
`400
`
`\ 402 "\Q TAR
`
`95' 7
`5'
`
`CLIENT MAKES NFS REQUEST
`(INCLUDING VALID FILE HANDLE)
`FOR WHICH CLIENT IS AUTHORIZED
`
`4061
`
`,
`CLIENT RECEIVES
`
`DESIRED RESPONSE @
`
`410
`
`x '412
`
`TAR
`
`:H 8
`(9"
`
`v
`414-\
`CLIENT MAKES NFS REQUEST
`(INCLUDING VALID FILE HANDLE)
`FOR WHICH CLIENT IS NOT AUTHORIZED
`
`CLIENT RECEIVES
`ERROR MESSAGE
`
`TAR
`
`NFS SERVER RECEIVES NFS REQUEST
`INCLUDING VALID FILE HANDLE
`
`NFS SERVER COMPARES CLIENT'S ACCESS I
`STATUS WITH ACCESS STATUS REQUIRED TO .
`,
`,
`PERFORM NFS REQUEST ANDRESPONDS ACCORDINGLY
`
`@
`
`
`
`U.S. Patent
`
`Apr. 7, 1998 .
`
`Sheet 3 of 10
`
`5,737,523
`
`43a
`
`\‘ 452
`
`454x SEARCH FOR HLE SYSTEM IN EXPORT
`
`INFO TABLE usme FILE HANDLE AS KEY
`
`45%
`HETURNEHROH
`— MESSAGETO
`CLIENT
`
`46h
`CALLSUBHOUTINENFSAUTHWITH
`CLIENTS NETWORKSOUHCE ADDRESS AND
`EXPORT INFOTABLE ENTRYAS PARAMETERS
`462
`HECEWIVE CLIENTS ACCESS STATUS
`FHOMSUBHOUTINENFSAUTH
`
`455x
`nmmnsnnon
`MESSAGE TO
`CLIENT
`
`412w
`CALLSUBROUTINENFSAUTHWHH
`CLIENTS NEI'WORK SOURCE ADDRESS AND
`EXPORT INFDTABLE ENTRYAS PARAMETERS
`
`476‘
`CLIENT
`
`4" ISCLIENT'S
`
`ACCESS smus YES EOUALTORO
`ACCESS?
`mW
`PROVIDE CLIENT RW
`ACCESS AND PERFORM
`HEQUESTEDOPEHATION
`
`momncmou
`REQUEST?
`41oW
`“0
`pnovmecucmno
`ACCESSANDPERFOHM
`REQUESTEDOPEHATIONI
`
`@
`
`‘ T1910
`
`
`
`US. Patent
`
`Apr. 7, 1998
`
`Sheet 9 0f 10
`
`5,737,523
`
`500
`N 502
`“O
`I
`504x
`NFSAUTHSUBIIOUTINERECEIIIES
`AREOUESTHAIIINO CLIENPS INFO
`ANO PATH AS PARANEIERS
`
`EXPORT I‘IFO TABLE
`ENTRI SET?
`
`514
`
`NO
`IS RIII BIT IN
`EAPORT IIFO TABLE
`
`s221
`RETURN ACCESS STATUS
`FRON EXPORT AUTHENTICATION
`
`5241
`CALLNFS AUTH SERVICE I'IITHCIIENT'S
`SOURCE NETWORK ADDRESS AND
`GIVEN HIE SISTEN AS PARANETERS
`5251
`RECEIIIECIIENT‘SACCESS
`STATUS FOR GIIIEN FILE SYSTEN
`(HO, IIIIIlOR NO ACCESS
`
`CREATE CORRESPONDING
`ACCESS STATUS ENTRY NI
`EXPORT AUTHENTICATION CACHE
`
`
`
`US. Patent
`
`Apr. 7, 1998
`
`Sheet 10 0f 10
`
`5,737,523
`
`55a\
`REsTT‘?'fggcf?gg?g?ggss
`INCONSISTENCY 0N
`SYSTEM TERMINAL
`
`55o
`
`\ 552d @
`
`V
`NFS AUTH SERVICE RECETVES
`REQUEST mom KERNEL
`
`556
`
`11
`OES GIVEN FILE SYSTE
`HAVE A" ENTRY '“
`SHARE TABLE FILE?
`5so\
`VYES
`CALL NETWORK NAME SERVICE
`TO CONVERT CLIENT'S NETWORK
`SOURCE ADDRESS TO HOSTNAME
`
`y
`RECEIVE CLIENT'S HOSTNAME
`
`v
`5643
`COMPARE CLIENT'S HOSTNAME
`WITH ACCESS STATUS FOR
`EXPORT IN SHARE TABLE FILE
`
`v
`RETURN CLIENT'S ACCESS STATUS
`(NO ACCESS, R0, RW)
`
`568
`
`v
`
`TDONE)
`
`
`
`1
`METHODS AND APPARATUS FOR
`PROVIDING DYNAMIC NETWORK FILE
`SYSTEM CLIENT AUTHENTICATION
`
`5 .737,523
`
`BACKGROUND OF THE INVENTION
`The present invention relates generally to ?le sharing over
`a computer network. More speci?cally, the present invention
`teaches methods and apparatus for providing dynamic client
`authentication in a distributed computer ?le system.
`Sun Microsystems. Inc.’s “Distributed File System”. des
`ignated as NFS®. is a computer implemented service
`designed to allow computer systems to share ?les across a
`computer network. In brief. ?le systems are mounted across
`the network. making them appear as if a local computer
`system is accessing the ?le system locally when in fact the
`?les are stored on a remote server computer. Thus. using
`NFS. it is possible to share individual ?les. ?le hierarchies.
`and entire ?le systems across a network.
`NFS employs a client/server paradigm A computer that
`wishes to share its ?le system with other computers on the
`network acts as a server computer. Files are physically
`located on and managed by the server computer. A separate
`computer that wishes to access ?les located on the server
`computer acts as a client of the server computer. In order to
`access ?les located on the server computer. the client com
`puter ?rst mounts the required ?le system and then makes
`?le access requests across the network to the server. In
`general. a computer may simultaneously operate as a client
`and a server.
`FIG. 1 diagramatically illustrates an NFS client/server
`paradigm 10 of the prior art. The NFS client/server paradigm
`10 includes an NFS client 12 and an NFS server 14. The
`NFS server 14 includes a kernel 16 and a mount daemon 18.
`As will be well familiar to those of skill in the art. the kernel
`16 typically implements the most primitive functions of the
`server’s operating system. Additionally. because the kernel
`16 is generally resident in random access memory (RAM).
`it is sound programming strategy to minimize the memory
`space required by these primitive functions.
`The mount daemon 18 is a process implemented on the
`server 14 which autonomously answers ?le system mount
`requests. making available those ?le systems which the
`clients may legitimately access. When the NFS client 12
`attempts to mount a given ?le system 30. the mount daemon
`18 authenticates that the NFS client 12 is entitled to access
`the given ?le system 30 and. if so. returns a ?le handle 24
`corresponding to the given ?le system 30. The file handle 24
`serves as a key facilitating all further requests between the
`NFS client 12 and the NFS server 14 with regards to the
`given ?le system 30.
`Once the NFS client 12 obtains a ?le handle 24. all ?le
`system requests are handled by an NFS service 20 imple
`mented within the kernel 16. Each ?le system request such
`as NFS request 22 includes both the ?le handle 24 and a ?le
`operation 26. When the ?le handle 24 is valid. the NFS
`service 20 executes the ?le operation 26 as a matter of
`course. without authenticating the NFS client 12. When
`necessary. the NFS service 20 returns an NFS response 28.
`providing the NFS client 12 with either the requested ?le
`information or a message indicating success or failure of the
`requested ?le operation 26.
`While the prior art NFS paradigm 10 provides resource
`sharing across a network. it inherently creates a potential for
`security risks within the network. As used herein. security
`risks include unauthorized access to resources found on an
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`2
`NFS server computer. In particular. prior art NFS imple
`mentations only provide what is herein termed static client
`authentication mechanisms.
`A static client authentication mechanism operates only
`once with respect to a client’s log in session: initially when
`the client attempts to mount resources. In perhaps the least
`secure situations the mount daemon 18 simply veri?es that
`the NFS client 12 is entitled to access by comparing the NFS
`client 12 and the mount request with the client’s access
`status stored in a ?le generally called sharetab (for share
`table). As will be appreciated. a client’s access status to a
`given ?le system 30 can be either “no access”. “ro” for read
`only access. or “rw” for read and write access. When the
`client’s access status satis?es the mount request. the NFS
`client 12 receives a valid ?le handle 24 for use in subsequent
`NFS requests.
`Therefore. a static client authentication mechanism can
`protect NFS servers from unauthorized NFS clients lacking
`a valid ?le handle. However. even the more sophisticated
`static client authentication mechanism relies on the assump
`tion that clients having valid ?le handles are authorized to
`access the server’s ?le system corresponding to the valid ?le
`handle. No protection is provided against attacking clients
`who have guessed or misappropriated valid ?le handles.
`FIG. 2 is a ?ow chart illustrating a security breach 50 of
`an NFS server 14 by an attacking client 12 having a valid ?le
`handle 24. The breach 50 starts in a step 52. At step 52 the
`attacking client has unauthorized possession of a valid ?le
`handle 24. The attacking client may have guessed or mis
`appropriated the valid ?le handle 24 by eavesdropping on
`the network. In a step 54 the attacking client 14 makes an
`NFS request 22 including the valid ?le handle 24. Because
`the current NFS request 22 includes the valid ?le handle 24.
`the NFS service 20 performs the requested ?le operation 26.
`Then. in step 56. the attacking client receives back the
`desired response and security of the server 14 is breached.
`While the example of FIG. 2 focused on security risks
`posed by attacking clients. security problems exist even with
`respect to clients whose access status has changed subse
`quent to mounting the given ?le system 30. This is because.
`once an NFS client 12 has mounted within the prior art NFS
`client/server paradigm 10. the only way an NFS server 14
`can enforce the client’s new access status to given ?le
`system 30 is to force the NFS client 12 to unmount the given
`?le system 30 and then mount the given ?le system 30 again.
`Accordingly. what is needed is a dynamic NFS client
`authentication mechanism which provides NFS client
`authentication upon every NFS request. Such a dynamic
`NFS client authentication mechanism should insure that
`only authorized clients are allowed to access a server’s ?le
`systems. regardless of whether the client’s request includes
`a valid ?le handle. In addition. the dynamic NFS client
`authentication mechanism should enable a server to dynami
`cally alter a client’s access status without altering a client’s
`server connection status.
`
`SUMMARY OF THE INVENTION
`To achieve the foregoing and other objectives and in
`accordance with the purpose of the present invention. a
`variety of methods and apparatus are disclosed herein. A?rst
`aspect of the present invention teaches a method for pro
`viding dynamic network ?le system client authentication
`within a distributed ?le system computing environment. The
`method is implemented upon an NFS server computer
`system and includes the steps of receiving a network ?le
`system request from an NFS client, determining whether the
`
`
`
`3
`NFS client has an access status suf?cient to perform the NFS
`request. and performing the NFS request when the NFS
`client has su?icient access status. According to some
`embodiments. the NFS request includes a ?le handle repre
`senting a given ?le system available on the server computer
`system and a ?le operation to be performed upon the given
`?le system.
`In accordance with another aspect. an export information
`table is resident on the server computer system. An entry in
`the export information table for the given ?le system
`includes a read only bit and a read-write bit. The read only
`bit indicates global read only access status. while the read
`write bit indicates global read and write access status.
`According to this aspect. the export information table is
`searched to determine whether the NFS client has an access
`status su?icient to perform the NFS request. When the read
`only bit is set. the client’s access status is set to read only.
`Similarly. when the read~write bit is set. the client’s access
`status is set to read-write. Thus when the entry in the export
`information table is determinative of the client’s access
`status. it is then directly determined from the client’s access
`status whether the requested NFS operation can be per
`formed.
`In a further related aspect. when the entry in the export
`information table is not determinative of the client’s access
`status (neither bit is set). a cache memory is searched for a
`speci?c export authentication cache entry for the NFS client
`which corresponds to the given ?le system. When present.
`the speci?c export authentication cache entry indicates the
`client’s access status for the given ?le system thereby
`enabling direct determination of whether the requested NFS
`operation can be performed. When not present. the speci?c
`export authentication cache entry is ?rst created.
`One embodiment of the present invention teaches a server
`computer for use in a NFS computing environment. the
`server computer operable to provide dynamic NFS client
`authentication. The server computer includes a CPU. a RAM
`accessible by the CPU. a ROM accessible by the CPU. a
`network 110 port coupled with the CPU. a mass storage
`device accessible by the CPU. and a kernel implemented on
`the server computer. The mass storage device is capable of
`storing a given ?le system modi?able by clients of the server
`computer having an access status of read-write for the given
`?le system. readable by clients of the server computer
`having the access status of read only for the given ?le
`system. and inaccessible to other clients. In addition. the
`server computer implements a dynamic NFS client authen
`tication service operable to receive an NFS request from an
`NFS client and to authenticate the NFS client in relation to
`the NFS request. The dynamic NFS client authentication
`service considers factors such as time. date. identity of the
`NFS client. a nature of the NFS request. and a current status
`of a resource upon which the NFS request operates.
`
`20
`
`25
`
`35
`
`40
`
`45
`
`5,737,523
`
`4
`FIG. 4 illustrates diagrammatically the major components
`of a computer in FIG. 3;
`FIG. 5 is a pictorial illustration of an NFS client/server
`paradigm in accordance with one embodiment of the present
`invention;
`FIG. 6 is a ?ow chart showing a process by which an NFS
`server starts in accordance with another embodiment of the
`present invention;
`FIG. 7 is a flow chart showing a method by which an NFS
`client makes an NFS request for which the NFS client is
`authorized. the method in accordance with one aspect of the
`present invention;
`FIG. 8 is a ?ow chart showing a method by which an NFS
`client makes an NFS request for which the NFS client is not
`authorized. the method in accordance with another aspect of
`the present invention;
`FIG. 9 is a flow chart showing a method by which an NFS
`server performs dynamic NFS client authentication with
`regards to an NFS request in accordance with yet another
`aspect of the present invention;
`FIG. 10 is a flow chart providing a more detailed showing
`of step 436 of FIG. 9. the method of FIG. 10 in accordance
`with a further aspect of the present invention;
`FIG. 11 is a ?ow chart showing one method for perform
`ing that portion of dynamic NFS client authentication which
`occurs in the NFS server’s kernel. the method in accordance
`with yet another aspect of the present invention;
`FIG. 12 is a ?ow chart showing a method for performing
`that portion of dynamic NFS client authentication which
`occurs external to the NFS server’s kernel. the method in
`accordance with a still further aspect of the present inven
`tion; and
`FIG. 13 is a flow chart showing a method for temporarily
`modifying the access status of an NFS client with respect to
`a given ?le system on an NFS server. the method in
`accordance with one aspect of the present invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`In a preferred embodiment of the present invention. a
`distributed ?le system computing environment is imple
`mented on a server computer and one or more client com
`puters linked together by a network. The network may take
`any suitable form. By way of example. a representative
`network arrangement 100 is illustrated in FIG. 3. The
`network arrangement 100 includes a ?rst computer 102
`which is coupled to a transmission line 104. The network
`100 further includes a router or the like 106 in addition to
`other computers 108. 110. and 112 such that NFS requests
`and NFS replies can be passed among the networked com
`puters. As will be appreciated. any of computers 102. 106.
`108. 110. and 112 may be con?gured as an NFS server. an
`NFS client. or both. The design. construction and imple
`mentation of computer networks will be familiar to those of
`skill in the art.
`A representative computer 130 suitable for use as com
`puters 102. 108. 110. and/or 112 of FIG. 3 is illustrated
`schematically in FIG. 4. Computer 130 includes a central
`processing unit (CPU) 132 which is coupled with random
`access memory (RAM) 134 and with read only memory
`(ROM) 136. Typically. RAM 134 is used as a “scratch pad”
`memory and includes programming instructions and data for
`processes currently operating on CPU 132. ROM 136 typi
`cally includes basic operating instructions and data used by
`the computer 130 to perform its functions. In addition. a
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`The invention. together with further objectives and advan
`tages thereof. may best be understood by reference to the
`following description taken in conjunction with the accom
`panying drawings in which:
`FIG. 1 is a pictorial illustration of an NFS client/server
`paradigm of the prior art;
`FIG. 2 is a ?ow chart showing a security breach of an NFS
`server computer by an attacking NFS client computer having
`a valid ?le handle;
`FIG. 3 is a pictorial illustration of various computers
`linked together in a computer network;
`
`55
`
`65
`
`
`
`5
`mass storage device 138. such as a hard disk. CD ROM,
`magneto-optical (?optical) drive. tape drive or the like, may
`be optionally coupled with CPU 132.
`The mass storage device 138 is optional for an NFS client.
`but typically an essential element of an NFS server. This is
`because. in order to play a useful role, the NFS server ought
`to maintain substantial ?le systems. However. the methods
`and apparatus of the present invention may be implemented
`upon a computer 130 which does not include a mass storage
`device 138. The mass storage device 138 of an NFS server
`includes data in the form of ?le systems potentially acces
`sible by all NFS clients on the network 100. In addition. the
`mass storage device 138 often includes additional program
`ming instructions. data and objects that typically are not in
`active use by the CPU 132. although the address space may
`be accessed by the CPU 132. e.g.. for virtual memory or the
`like.
`'
`Each of the above described computers includes a net
`work input/output source 140 which is coupled with a
`network such as network 100. The network input/output
`source may take any suitable form. Further. the above
`described computers optionally includes an additional input/
`output source 142 such as a keyboard. pointer devices (e.g..
`a mouse or stylus) and/0r display connections. It will be
`appreciated by those skilled in the art that the ' above
`described hardware and software elements. as well as the
`networking devices. are of standard design and construction.
`and will be well familiar to those skilled in the art.
`Turning next to FIG. 5. an NFS client/server paradigm
`198 in accordance with one embodiment of the present
`invention will now be described The NFS client/server
`paradigm 198 includes an NFS client 12 and an NFS server
`200. The NFS client 12 and the NFS server 200 may take
`any suitable form such as a computer 130. The NFS client
`12 and the NFS server 200 are typically connected over a
`network such as network 100 and may communicate via
`NFS requests and responses such as NFS request 22 and an
`NFS response 28. In preferred embodiments of the present
`invention. the NFS request 22 follows a format identical to
`that of the prior art NFS client/server paradigm 10. having
`a ?le handle 24 and a ?le operation 26. Therefore. preferred
`embodiments of the present invention are backwards com
`patible with prior art NFS paradigms. As will be appreciated.
`the ?le handle 24 is an identi?er or key to a given ?le system
`30 provided to the NFS client 12 during an earlier successful
`mount request In general. the given ?le system 30 may
`represent any NFS resource available on the server com
`puter. Example NFS resources include such resources as a
`?le and a ?le system hierarchical structure.
`Included in the NFS server 200 are a kernel 202. a mount
`daemon 204. a dfstab ?le 206. and a share table ?le 208. As
`will be appreciated by those familiar with the NFS comput
`ing environment. the dfstab ?le 206 is a text ?le listing both
`the resources that the NFS server 200 is making available for
`sharing. the clients allowed to access the shared resources.
`and the access status of such clients. The share table ?le 208
`is generated from the dfstab ?le 206 and provides similar
`information. but in a format more useful to the mount
`daemon 204.
`I
`As will be appreciated. the kernel 202 implements the
`more primitive functions of the server’s operating system
`which in the NFS paradigm 198 includes an NFS service
`220. As described below with reference to FIGS. 9-13. the
`NFS service 220 manages all NFS requests. In order to
`enable such management. the NFS service 220 includes an
`export information table 222 and may include export authen
`
`50
`
`55
`
`65
`
`5,737,523
`
`25
`
`35
`
`6
`tication information such as an export authentication cache
`224 for a speci?c client stored in cache memory. The export
`information table 222 provides information regarding the
`global access status to listed resources. That is. any access
`status provided in the export information table 222 applies
`to all NFS clients.
`According to one embodiment of the present invention.
`the export information table 222 has entries such as entry
`226 having a ?le system identi?er 228. a read only (r0) bit
`230. and a read-write (rw) bit 232. The ?le system identi?er
`228 may take any suitable form such as a ?le path. The re
`bit 230 is set when all clients have read only access status
`with regards to the resource represented by the ?le system
`identi?er 228. Similarly. the rw bit 232 is set when all clients
`have read and write access status with regards to the
`resource represented by the ?le system identi?er 228. The ro
`bit 230 and the rw bit 232 are exclusive; only one of the two
`may be set. Of course. the ro bit 230 and the rw bit 232 may
`be implemented by another format representing equivalent
`information. For example. the ro bit 230 may be an ASCII
`string wherein the value “TRUE” indicates that all clients
`have read only access status.
`The export authentication cache 224 provides information
`regarding an access status of a speci?c client. In the embodi
`ment of FIG. 5. the export authentication cache 224 has a
`client identi?er 240. a ?le system identi?er 242. and a client
`access status 244. By Way of example. the client identi?er
`240 may be a network source address. the ?le system
`identi?er 242 may be a ?le path or other suitable identi?er.
`and the client access status 244 may be a parameter indi
`cating one of no access. read only access. or read and write
`access. As will be appreciated. the client access status 244
`indicates the access status of the NFS client 12 with respect
`to the resources identi?ed by the ?le system identi?er 242.
`In the embodiment of FIG. 5. the mount daemon 204
`includes a mount service 250 and an NFS authentication
`service 252. As will be appreciated. a daemon is an autono
`mous process. In essence. a process within a computer has
`at least one thread of execution as well as exclusively
`allocated memory. The mount service 250 autonomously
`answers ?le system mount requests. making available those
`?le systems which the NFS server 200 is willing to share.
`When the NFS client 12 attempts to mount a given ?le
`system 30. the mount service 250 authenticates that the NFS
`client 12 is entitled to access the given ?le system 30 and.
`if so. returns a ?le handle 24 corresponding to the particular
`?le system. As will be appreciated. the mount service 250
`essentially implements the functionality of the mount dae
`mon 18 of the prior art.
`The NFS server 200 also includes a dynamic NFS client
`authentication service 270. In embodiments such as that of
`FIG. 5. the dynamic NFS client authentication service 270
`includes the NFS service 220 and the NFS authentication
`service 252. According to the present invention. for each
`NFS request 22. the dynamic NFS client authentication
`service authenticates the requesting NFS client 12. The steps
`involved in authenticating the NFS client 12 may include the
`following.
`Initially an NFS request 22 including a ?le handle 24 and
`a ?le operation 26 is received. Then, a client’s access status
`for a given ?le system 30 indicated by the ?le handle 24 is
`determined. The criteria for determining the client’s access
`status may vary. but a fundamental criterion is the client’s
`access status for the given ?le system 30 as provided in the
`share table ?le 208. However. this information may also be
`provided (directly or indirectly) in the export information
`
`
`
`5,737,523
`
`15
`
`20
`
`7
`table 222 or as an entry in the cache 224; in Which case. the
`share table ?le 208 need not be consulted. Beyond this
`fundamental criterion. the client’s access status may be
`further limited or expanded by other parameters.
`For example. in some embodiments it may be desirable to
`limit access to certain resources during peak usage periods.
`A commercial on-line service may impose a hierarchy in its
`membership structure. The lowest level members would
`only have access to high demand resources during non-peak
`usage periods. In contrast. the highest level members access
`would never be limited. Another criterion which would be
`suitable for controlling access would be a current status of
`the given ?le system 30. For example. if the given ?le
`system 30 was currently off line. it may be desirable to limit
`access even though the NFS server 200 originally intended
`to share the ?le system 30. Accordingly. such information
`would be utilized by the dynamic NFS client authentication
`service 270 when authenticating the NFS client 12.
`In any event. once the client’s access status for the given
`?le system is determined as one of no access. read only
`access. or read-write access. the authentication process
`continues by detennining the nature of the ?le operation 26.
`For example. the ?le operating may be a read or write
`operation. Then. the client’s access status is compared with
`the nature of the ?le operation 26 in order to determine if the
`?le operation 26 should be executed. For example. if the ?le
`operation 26 requires modifying the given ?le system 30 but
`the client’s access status is read only access. then the ?le
`operation 26 is unauthorized and will not be executed.
`As seen in FIG. 5. preferred embodiments of the dynamic
`NFS client authenticating service 270 are implemented by
`multiple components. One rationale for providing only a
`portion (the NFS service 220) of the dynamic NFS client
`authenticating service 270 within the kernel is as follows.
`The kernel 200 is typically implemented in precious (in
`terms of cost and availability)random access memory such
`as RAM 134. As will be appreciated. the most time efficient
`response would arise from implementing the entire dynamic
`NFS client authenticating service 270 within the kernel.
`However. the costs of utilizing RAM 134 for the NFS
`service 220 must be balanced with the need for conserving
`RAM 134 for other software running on the NFS server 200.
`In essence. the NFS service 220 ought to provide a
`minimal dynamic NFS client authentication. This includes
`the capability to (a) authenticate an NFS client 12 when the
`client’s access status for a given ?le system 30 has been
`determined in a previous NFS request 22. (b) authenticate
`the NFS client 12 when the NFS server 200 provides read
`only access to all NFS clients for the given ?le system 30
`and the ?le operation 26 does not require modifying the
`given ?le system 30. (c) authenticate the NFS client 12 when
`the NFS server 200 provides read-write access to all NFS
`clients for the given ?le system 30. and (d) make a dynamic
`authentication request to a resource external to the kernel
`