Home | History | Annotate | Download | only in nfs
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  */
     25 
     26 #ifndef _AUTH_H
     27 #define	_AUTH_H
     28 
     29 /*
     30  * nfsauth_prot.x (The NFSAUTH Protocol)
     31  *
     32  * This protocol is used by the kernel to authorize NFS clients. This svc
     33  * lives in the mount daemon and checks the client's access for an export
     34  * with a given authentication flavor.
     35  *
     36  * The status result determines what kind of access the client is permitted.
     37  *
     38  * The result is cached in the kernel, so the authorization call will be
     39  * made * only the first time the client mounts the filesystem.
     40  *
     41  * const A_MAXPATH	= 1024;
     42  *
     43  * struct auth_req {
     44  * 	netobj 	req_client;		# client's address
     45  * 	string	req_netid<>;		# Netid of address
     46  * 	string	req_path<A_MAXPATH>;	# export path
     47  * 	int	req_flavor;		# auth flavor
     48  * };
     49  *
     50  * const NFSAUTH_DENIED	  = 0x01;	# Access denied
     51  * const NFSAUTH_RO	  = 0x02;	# Read-only
     52  * const NFSAUTH_RW	  = 0x04;	# Read-write
     53  * const NFSAUTH_ROOT	  = 0x08;	# Root access
     54  * const NFSAUTH_WRONGSEC = 0x10;	# Advise NFS v4 clients to
     55  * 					# try a different flavor
     56  * #
     57  * # The following are not part of the protocol.
     58  * #
     59  * const NFSAUTH_DROP	 = 0x20;	# Drop request
     60  * const NFSAUTH_MAPNONE = 0x40;	# Mapped flavor to AUTH_NONE
     61  * const NFSAUTH_LIMITED = 0x80;	# Access limited to visible nodes
     62  *
     63  * struct auth_res {
     64  * 	int auth_perm;
     65  * };
     66  *
     67  * program NFSAUTH_PROG {
     68  * 	version NFSAUTH_VERS {
     69  *		#
     70  *		# Authorization Request
     71  *		#
     72  * 		auth_res
     73  * 		NFSAUTH_ACCESS(auth_req) = 1;
     74  *
     75  * 	} = 1;
     76  * } = 100231;
     77  */
     78 
     79 #ifndef _KERNEL
     80 #include <stddef.h>
     81 #endif
     82 #include <sys/sysmacros.h>
     83 #include <sys/types.h>
     84 #include <rpc/xdr.h>
     85 
     86 #ifdef	__cplusplus
     87 extern "C" {
     88 #endif
     89 
     90 
     91 /* --8<-- Start: nfsauth_prot.x definitions --8<-- */
     92 
     93 #define	A_MAXPATH		1024
     94 
     95 #define	NFSAUTH_ACCESS		1
     96 
     97 #define	NFSAUTH_DENIED		0x01
     98 #define	NFSAUTH_RO		0x02
     99 #define	NFSAUTH_RW		0x04
    100 #define	NFSAUTH_ROOT		0x08
    101 #define	NFSAUTH_WRONGSEC	0x10
    102 #define	NFSAUTH_DROP		0x20
    103 #define	NFSAUTH_MAPNONE		0x40
    104 #define	NFSAUTH_LIMITED		0x80
    105 
    106 struct auth_req {
    107 	netobj	 req_client;
    108 	char	*req_netid;
    109 	char	*req_path;
    110 	int	 req_flavor;
    111 };
    112 typedef struct auth_req auth_req;
    113 
    114 struct auth_res {
    115 	int	auth_perm;
    116 };
    117 typedef struct auth_res auth_res;
    118 
    119 /* --8<-- End: nfsauth_prot.x definitions --8<-- */
    120 
    121 
    122 #define	NFSAUTH_DR_OKAY		0x0	/* success */
    123 #define	NFSAUTH_DR_BADCMD	0x100	/* NFSAUTH_ACCESS is only cmd allowed */
    124 #define	NFSAUTH_DR_DECERR	0x200	/* mountd could not decode arguments */
    125 #define	NFSAUTH_DR_EFAIL	0x400	/* mountd could not encode results */
    126 #define	NFSAUTH_DR_TRYCNT	5	/* door handle acquisition retry cnt */
    127 
    128 #if defined(DEBUG) && !defined(_KERNEL)
    129 #define	MOUNTD_DOOR		"/var/run/mountd_door"
    130 #endif
    131 
    132 /*
    133  * Only cmd is added to the args. We need to know "what" we want
    134  * the daemon to do for us. Also, 'stat' returns the status from
    135  * the daemon down to the kernel in addition to perms.
    136  */
    137 struct nfsauth_arg {
    138 	uint_t		cmd;
    139 	auth_req	areq;
    140 };
    141 typedef struct nfsauth_arg nfsauth_arg_t;
    142 
    143 struct nfsauth_res {
    144 	uint_t		stat;
    145 	auth_res	ares;
    146 };
    147 typedef struct nfsauth_res nfsauth_res_t;
    148 
    149 /*
    150  * For future extensibility, we version the data structures so
    151  * future incantations of mountd(1m) will know how to XDR decode
    152  * the arguments.
    153  */
    154 enum vtypes {
    155 	V_ERROR = 0,
    156 	V_PROTO = 1
    157 };
    158 typedef enum vtypes vtypes;
    159 
    160 typedef struct varg {
    161 	uint_t	vers;
    162 	union {
    163 		nfsauth_arg_t	arg;
    164 		/* additional args versions go here */
    165 	} arg_u;
    166 } varg_t;
    167 
    168 extern bool_t	xdr_varg(XDR *, varg_t *);
    169 extern bool_t	xdr_nfsauth_arg(XDR *, nfsauth_arg_t *);
    170 extern bool_t	xdr_nfsauth_res(XDR *, nfsauth_res_t *);
    171 
    172 #ifdef	__cplusplus
    173 }
    174 #endif
    175 
    176 #endif /* _AUTH_H */
    177