10 files changed, 409 insertions, 9 deletions

diff --git a/hurd/translator/checkperms.mdwn b/hurd/translator/checkperms.mdwn
new file mode 100644
index 00000000..a8a52cb1
--- /dev/null
+++ b/hurd/translator/checkperms.mdwn
@@ -0,0 +1,233 @@
+[[!meta copyright="Copyright © 2021 Free Software Foundation, Inc."]]
+
+[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
+is included in the section entitled [[GNU Free Documentation
+License|/fdl]]."]]"""]]
+
+The *checkperms* translator implements deferred authorization.
+
+It is part of a project to enable asking for a grant of authorization
+when processes access a file. It is built as a translator and a simple
+permission granting program.
+
+The translator can delegate permission-granting to the program via two
+FIFO files. The goal is to create a simple replacement for the
+use-case of polkit of granting privilege to a process to access some
+resource after user-interaction with a permission-granting daemon.
+
+
+# Code
+
+The translator is available in the checkperm-deferred-authorization branch in [the hurd repository](https://git.savannah.gnu.org/cgit/hurd/hurd.git).
+
+The code for the program is provided in this article
+
+# Usage Example
+
+We restrict a the node /hello to require explicit permission for every
+PID that does not have the group `user`. This notably does include
+processes started by root.
+
+
+## How it looks
+
+**First shell** as root:
+
+    settrans -cga /hello $(realpath ~/Dev/hurd/trans/checkperms) --groupname=user
+    su - user --shell /bin/bash -c 'cat /hello'
+    # ⇒ HELLOWORLD # user has the group user
+    cat /hello # root does not have the group user, so
+               # this blocks until positive reply in the other shell
+
+**Second shell** (run the program):
+
+    Process 732 tries to access file /hello but is not in the required group user.
+    USER       PID %CPU %MEM    SZ   RSS TT STAT   START     TIME COMMAND
+    root       732  0.0  0.1  148M 3.55M p2 Sso  Mon 1AM  0:01.10 -bash
+    Grant permission and add group "user" for 5 minutes? [y/N]> y
+
+**First shell** as root:
+
+    # ⇒ HELLOWORLD
+    # only blocks once despite getting two reads from cat,
+    # because for the second read cat already has the group `user`.
+
+
+
+## Trying it yourself
+
+Setup the development environment with the code at ~/Dev similar to
+https://www.draketo.de/software/hurd-development-environment
+
+
+Compile and setup the translator:
+
+    cd ~/Dev/hurd && \
+    patch -p1 < checkperms.patch && \
+    autoreconf -i  && \
+    ./configure --without-parted && \
+    make && \
+    touch trans/checkperms.c && \
+    CFLAGS="$CFLAGS -g" make && \
+    echo HELLOWORLD > /hello && \
+    settrans -cga /hello $(realpath ~/Dev/hurd/trans/checkperms) --groupname=user
+
+Create the FIFOs:
+
+    USER=root
+    GROUP=user
+    mkdir -p /run/$USER/request-permission
+    mkdir -p /run/$USER/grant-permission
+    mkfifo /run/$USER/request-permission/$GROUP
+    mkfifo /run/$USER/grant-permission/$GROUP
+
+Setup the permission-granting program in a separate shell:
+
+    USER=root
+    GROUP=user
+    while true; do
+      PID="$(cat /run/$USER/request-permission/$GROUP)"
+      echo Process $PID tries to access file /hello but is not in the required group $GROUP.
+      ps-hurd -p $PID -aeux
+      if [[ "$(read -e -p 'Grant permission and add group "'$GROUP'" for 5 minutes? [y/N]> '; echo $REPLY)" == [Yy]* ]]; then
+        addauth -p $PID -g $GROUP
+        echo 0 > /run/$USER/grant-permission/$GROUP
+        (sleep 300 && rmauth -p $PID -g $GROUP 2>/dev/null) &
+      else
+        echo 1 > /run/$USER/grant-permission/$GROUP
+      fi
+    done
+
+
+Access the translator as user without the required group and with the group:
+
+    su - user --shell /bin/bash -c cat /hello'
+    cat /hello &
+
+
+# Concept
+
+## The translator
+
+The translator is started with a GROUP as argument. When the file is
+accessed, the translator checks whether the process has the given
+group. If it does, it returns data read from the underlying file.
+
+If the process lacks the required group, the translator retrieves its
+USER and PID and writes the PID into a FIFO located at
+
+    /run/USER/request-permission/GROUP
+
+Then it reads from
+
+    /run/USER/grant-permission/GROUP
+
+It blocks until it gets a reply. If it reads a 0 (=success), it reads
+from the file and returns the data.
+
+## The permission granting program
+
+The permission granting program reads the PID from
+
+    /run/USER/request-permission/GROUP
+
+retrieves information about the PID and asks the user whether to allow
+the program.
+
+If the USER answers no, the RET value is non-zero.
+
+If the USER answers yes, the RET value is zero (0)
+and the program adds the GROUP to the process at PID (using addauth).
+
+It also starts a daemon that will remove the group again after 5
+minutes (modelled after the temporary permissions to run privileged
+without password granted by sudo).
+
+The program then writes the RET value into
+
+    /run/USER/grant-permission/GROUP
+
+## What if the translator crashes?
+
+If the translator crashes, the permissions return to those of the
+underlying node. For every user except root this usually means that
+the process does not have access to the file.
+
+The failure-mode should therefore be safe.
+
+# Possibilities
+
+The most important use-case for this translator is to make it easier
+to start programs with reduced permissions and only add these when
+required.
+
+To setup deferred permissions for a single file, you can create a
+group just for that file. Then each file can have its own permission
+granting program. Having dedicated groups decouples authentication and
+authorization while staying in the conventional *nix permissions
+scheme.
+
+You can also set this translator on a file that gets accessed first
+when a process accesses a set of related files that all have the same
+group. Since the authorization-program here adds the group for 5
+minutes, the other files can afterwards be accessed, too.
+
+Since the translator simply defers to a program, that program could do
+any action to get authorization, including `curl`. Administrators for
+a local network could therefore set up terminals for unprivileged
+users that request permissions from a local server when accessing a
+file. That way permissions can easily be coordinated over multiple
+machines. (naturally this does not restrict root who can always use
+settrans -g to get raw access to the file)
+
+
+
+
+# Open Issues
+
+## read-only
+
+[[!tag open_issue_hurd]]
+
+The current implementation only provides read-access, writing is
+prevented. This is not an intrinsic limitation, only an implementation
+artefact.
+
+## delegate
+
+The underlying file is currently read by the translator and the data
+returned to the reading process. To reduce delays, it could directly
+delegate to the underlying file. With the long term goal to provide
+multiplexing of access, for example for audio, reading via the
+translator could be preferable, though.
+
+## writing via system shell
+
+Writing to and reading from the FIFOs is currently done with
+`system()`. It would be nicer to move to an implementation that does
+not rely on the system-shell.
+
+## potential race-condition
+
+Accesses from two different translators can currently race for the
+reply. To fix this, the translator should write the PID and a random
+LABEL into the request. The program should repeat that label for
+replies to ensure that the reply and request can be matched. If
+receiving a non-matching reply, it MUST be written into the grant
+again after a random delay to enable a matching translator to
+retrieve the grant.  
+REQUEST: PID LABEL  
+GRANT: RET LABEL (RET=0 is success)  
+LABEL=$RANDOM
+
+
+## multiple permission-granting programs
+
+The system assumes having a single permission granting program per
+user. For a setup with multiple unconnected sessions per user (like
+several TTYs) the permission granting program needs to coordinate
+between these.
diff --git a/hurd/translator/httpfs.mdwn b/hurd/translator/httpfs.mdwn
index 8b02aa06..0ce0f30b 100644
--- a/hurd/translator/httpfs.mdwn
+++ b/hurd/translator/httpfs.mdwn
@@ -12,6 +12,84 @@ License|/fdl]]."]]"""]]
 
 While the httpfs translator works, it is only suitable for very simple use cases: it just provides the actual file contents downloaded from the URL, but no additional status information that are necessary for interactive use. (Progress indication, error codes, HTTP redirects etc.)
 
+# Introduction
+
+Here we describe the structure of the /http filesystem for the Hurd.
+Under the Hurd, we provide a translator called 'httpfs' which is intended
+to provide the filesystem structure.
+
+The httpfs translator accepts an "http:// URL" as an argument. The underlying
+node of the translator can be a file or directory. This is guided by the --mode
+command lineoption. Default is a directory.
+
+If its a file, only file system read requests are supported on that node.  If
+its a directory, we can cd into that directory and ls would list the files in
+the web server. A web server may provide a directory listing or it may not
+provide, whatever it be the case the web server always returns an HTML stream
+for an user request (GET command). So to get the files residing in the web
+server, we have to parse the incoming HTML stream to find out the anchor
+tags. These anchor tags point to different pages or files in the web
+server. These file name are extracted and filled into the node of the
+translator. An anchor tag can also be a pointer to an external URL, in such a
+case we just show that URL as a regular file so that the user can make file
+system read requests on that URL. In case the file is a URL, we change the name
+of URL by converting all the /'s with .'s so that it can be displayed in the
+file system.
+
+Only the root node is filled when the translator is set, subdirectories inside
+that are filled as on demand, i.e. when a cd or ls occurs on that particular sub
+directory.
+
+The File size is now displayed as 0. One way of getting individual file sizes is
+sending a GET request for each file and cull the file size from Content-Length
+field of an HTTP response. But this may put a very heavy burden on the network,
+So as of now we have not incorporated this method with this http translator.
+
+The translator uses the libxml2 library for doing the parsing of HTML
+stream. The libxml2 provides SAX interfaces for the parser which are used for
+finding the begining of anchor tags `<A href="i.html">`. So the translator has
+dependency on the libxml2 library.
+
+If the connection to the Internet through a proxy, then the user must explicitly
+give the IP address and port of the proxy server by using the command line
+options --proxy and --port.
+
+
+# How to Use httpfs
+
+    # settrans -a tmp/ /hurd/httpfs http://www.gnu.org/software/hurd/index.html
+
+<Remember to give the / at the end of the URL, unless you are specifying a specific file like www.hurd-project.com/httpfs.html >
+
+    # cd tmp/
+
+    # ls -l
+
+    # settrans -a tmp/ /hurd/httpfs http://www.gnu.org/software/hurd/index.html --proxy=192.168.1.103
+				--port=3126
+
+The above command should be used in case if the access to the Internet is
+through a proxy server, substitute your proxies IP and port no.s
+
+# TODO
+
+- https:// support
+- scheme-relative URL support (eg. "//example.com/")
+- query-string and fragment support
+- HTTP/1.1 support
+- HTTP/2 support
+- HTTP/3 support (there may exist a C library that provides HTTP/[123]
+  support).
+- Teach httpfs to understand HTTP status codes like re-directs, 404 not found,
+  etc.
+- Teach httpfs to look for "sitemaps".  Many sites offer a sitemap, and this
+  would be a nifty way for httpfs to allow grep-ing the entire site's
+  contents. [[sitemaps.org|https://www.sitemaps.org]] is a great resource for
+  this.
+- Teach httpfs to check if the computer has an internet connection at
+  startup and during operation.  The translator causes 30 second
+  pauses on commands like "ls", when the internet is down.
+
 # Source
 
 <http://www.nongnu.org/hurdextras/#httpfs>
diff --git a/hurd/translator/lwip.mdwn b/hurd/translator/lwip.mdwn
index efa59285..fab7d6f2 100644
--- a/hurd/translator/lwip.mdwn
+++ b/hurd/translator/lwip.mdwn
@@ -16,7 +16,10 @@ To configure lwip for internet connectivity, use the
 
 The argument /server/socket/2 is the node that the translator is to be attached to. This is followed by the translator program to run and any arguments to give it.
 
-There, -i, -a, -g and -m are, quite obviously, the (Mach) device to use, the IP address, the gateway and netmask.
+There, -i, -a, -g and -m are, quite obviously, the (Mach) device to use, the IP
+address, the gateway and netmask.  You can discover these values via the
+`ifconfig` command (You need to run this command on the host system and NOT in
+the qemu environment).
 
 
 More information can be found on Joan Lledo's blog:
diff --git a/hurd/translator/pfinet/ipv6.mdwn b/hurd/translator/pfinet/ipv6.mdwn
index ccb359cb..d864e256 100644
--- a/hurd/translator/pfinet/ipv6.mdwn
+++ b/hurd/translator/pfinet/ipv6.mdwn
@@ -139,7 +139,7 @@ Indeed, IPv6 now works properly, and the very machine hosting this wiki
     <youpi> which repo?
     <youpi> I don't have such commit here
     <gnu_srs>
-      http://git.savannah.gnu.org/cgit/hurd/hurd.git/commit/?id=2b2d7fdc42475019e5ce3eabc9c9673e3c13d89f
+      https://git.savannah.gnu.org/cgit/hurd/hurd.git/commit/?id=2b2d7fdc42475019e5ce3eabc9c9673e3c13d89f
     <gnu_srs> From which release, 2.4.x, 2.6.x?
     <youpi> it's very old
     <youpi> 2002
diff --git a/hurd/translator/procfs.mdwn b/hurd/translator/procfs.mdwn
index 0228d4d4..b3753592 100644
--- a/hurd/translator/procfs.mdwn
+++ b/hurd/translator/procfs.mdwn
@@ -31,7 +31,7 @@ Madhusudan.C.S has implemented a new, fully functional [[procfs|madhusudancs]] f
 
 In August 2010, Jérémie Koenig [published another, new
 version](http://lists.gnu.org/archive/html/bug-hurd/2010-08/msg00165.html).
-This can be found in <http://git.savannah.gnu.org/cgit/hurd/procfs.git/>.
+This can be found in <https://git.savannah.gnu.org/cgit/hurd/procfs.git/>.
 
 Testing it is as simple as this:
 
diff --git a/hurd/translator/tmpfs.mdwn b/hurd/translator/tmpfs.mdwn
index 3d5cb74e..4db6542b 100644
--- a/hurd/translator/tmpfs.mdwn
+++ b/hurd/translator/tmpfs.mdwn
@@ -20,6 +20,18 @@ system|ext2fs]] on it, having a real `tmpfs` is better, as it need not deal
 with the additional block-level indirection layer that `ext2` (or any other
 disk-based file system) imposes.
 
-`tmpfs` generally works, although it requires root permissions for file content;
-see the [[discussion]] sub-pages for the past and current issues.
-There is a [[!FF_project 271]][[!tag bounty]] on this task.
+`tmpfs` generally works.  See the [[discussion]] sub-pages for the
+past and current issues.  There is a [[!FF_project 271]][[!tag
+bounty]] on this task.
+
+## How to use tmpfs
+
+    $ settrans -ac tmp /hurd/tmpfs 1MB
+    $ cd tmp
+    $ touch file
+    $ cat file
+
+    $ echo "tmpfs rocks!" > ./file
+    $ cat file
+      tmpfs rocks!
+    $
\ No newline at end of file
diff --git a/hurd/translator/tmpfs/discussion.mdwn b/hurd/translator/tmpfs/discussion.mdwn
index 72400121..d61fd796 100644
--- a/hurd/translator/tmpfs/discussion.mdwn
+++ b/hurd/translator/tmpfs/discussion.mdwn
@@ -107,7 +107,7 @@ License|/fdl]]."]]"""]]
 
     <antrik> mcsim: did you publish your in-progress work?
     <mcsim> there is a branch with working tmpfs in git repository:
-      http://git.savannah.gnu.org/cgit/hurd/hurd.git/log/?h=mplaneta/tmpfs/defpager
+      https://git.savannah.gnu.org/cgit/hurd/hurd.git/log/?h=mplaneta/tmpfs/defpager
     <jd823592> sorry for interrupting the meeting but i wonder what is a
       lazyfs?
     <mcsim> jd823592: lazyfs is tmpfs which uses own pager
diff --git a/hurd/translator/ufs.mdwn b/hurd/translator/ufs.mdwn
index 4d611e95..9e9c6f75 100644
--- a/hurd/translator/ufs.mdwn
+++ b/hurd/translator/ufs.mdwn
@@ -19,7 +19,7 @@ and will eat your data.
 
     <Arne`> There might be a copyright problem: <nalaginrut> well, there seems
       BSD-4clauses in the code:
-      http://git.savannah.gnu.org/cgit/hurd/hurd.git/tree/ufs/alloc.c
+      https://git.savannah.gnu.org/cgit/hurd/hurd.git/tree/ufs/alloc.c
     <Arne`> braunr, tschwinge: Do you have any info on that? 4-clause BSD and
       GPL on the same code are a license incompatibility… 
     <tschwinge> Arne`: I've put it onto my (long) TODO list.
diff --git a/hurd/translator/unionfs.mdwn b/hurd/translator/unionfs.mdwn
index 06524f3e..31162c37 100644
--- a/hurd/translator/unionfs.mdwn
+++ b/hurd/translator/unionfs.mdwn
@@ -15,7 +15,7 @@ License|/fdl]]."]]"""]]
 
 *Unionfs allows you to simply union one directory or translator into another one, so you see the files of both of them side by side.*
 
-Source repository: <http://git.savannah.gnu.org/cgit/hurd/unionfs.git/>
+Source repository: <https://git.savannah.gnu.org/cgit/hurd/unionfs.git/>
 
 Right now there are some problems with syncing, so please be aware
 that it might not work as expected.
diff --git a/hurd/translator/xmlfs.mdwn b/hurd/translator/xmlfs.mdwn
index a4de1668..6028d43f 100644
--- a/hurd/translator/xmlfs.mdwn
+++ b/hurd/translator/xmlfs.mdwn
@@ -11,6 +11,80 @@ License|/fdl]]."]]"""]]
 `xmlfs` is a translator that provides access to XML documents through the
 filesystem.
 
+# How to Use xmlfs
+
+	xmlfs - a translator for accessing XML documents
+
+This is  only an alpha version.   It works in read  only.  It supports
+text  nodes and  attributes. It  doesn't do  anything fancy  like size
+computing, though. Here is an example of how to use it:
+
+    $ wget http://cvs.savannah.nongnu.org/viewvc/*checkout*/hurdextras/xmlfs/example.xml?content-type=text%2Fplain;
+    $ settrans -ca xml /hurd/xmlfs example.xml  #the website says to use ./xmlfs
+    $ cd xml; ls
+      library0 library1
+    $ cd library0; ls -A
+      .text1  .text2  @name  book0  book1  book2  sub-library0  sub-library1
+    $ cat .text2
+
+CDATA, again !
+
+    $ cat book0
+      <book>
+      <author>Mark Twain</author>
+      <title>La case de l'oncle Tom</title>
+      <isbn>4242</isbn>
+      </book>
+    $ cat book0/author/.text
+      Mark Twain
+
+As  you can  see,  text nodes  are  named .textN,  with  N an  integer
+starting from 0. Sorting is supposed to be stable, so you get the same
+N every time you access the same  file. If there is only one text node
+at this level, N is ommitted. Attributes are prefixed with @.
+
+An  example file,  example.xml, is  provided. Of  course, it  does not
+contain anything  useful. xmlfs  has been tested  on several-megabytes
+XML documents, though.
+
+Comments are welcome.
+
+	-- Manuel Menal <mmenal@hurdfr.org>
+
+# TODO
+- Handle memory usage in a clever way:
+     - do not dump the nodes at each read, try to guess if read()
+       is called in a sequence of read() operations (e.g. cat reads
+       8192 bytes by 8192 bytes) and if it is, cache the node
+       contents. That'd need a very small ftpfs-like GC.
+     - perhaps we shouldn't store the node informations from
+       first access to end and have a pool of them. That might come
+       with next entries though.
+- Handle changes of the backing store (XML document) while running.
+    (Idea: we should probably attach to the XML node and handle
+     read()/write() operations ourselves, with libxml primitives.)
+- Write support. Making things like echo >, sed and so on work is
+   quite obvious. Editing is not -that- simple, 'cause we could
+   want to save a not XML well-formed, and libxml will just return
+   an error. Perhaps we should use something like 'sync'.
+- Handle error cases in a more clever way ; there are many error
+   conditions that will just cause xmlfs to crash or do strange
+   things. We should review them.
+- Make sorting *really* stable.
+
+# TODO WISHLIST
+--------
+
+- Kilobug suggested a --xslt option that would make xmlfs provide
+   a tree matching the XSLT-modified document.
+   (Problem: In this case we cannot attach easily to the .xml 'cause
+    the user would loose access to theirs original document. Perhaps
+    we should allow an optional "file.xml" argument and check if it
+    is not the same as the file we are attaching to when --xslt is
+    specified.)
+- DTD support ; perhaps XML schema/RelaxNG when I'm sure I understand
+   them ;-)
+
 
 # Source