xref: /illumos-gate/usr/src/uts/common/nfs/auth.h (revision 4eaa471005973e11a6110b69fe990530b3b95a38)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _AUTH_H
27 #define	_AUTH_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 
32 /*
33  * nfsauth_prot.x (The NFSAUTH Protocol)
34  *
35  * This protocol is used by the kernel to authorize NFS clients. This svc
36  * lives in the mount daemon and checks the client's access for an export
37  * with a given authentication flavor.
38  *
39  * The status result determines what kind of access the client is permitted.
40  *
41  * The result is cached in the kernel, so the authorization call will be
42  * made * only the first time the client mounts the filesystem.
43  *
44  * const A_MAXPATH	= 1024;
45  *
46  * struct auth_req {
47  * 	netobj 	req_client;		# client's address
48  * 	string	req_netid<>;		# Netid of address
49  * 	string	req_path<A_MAXPATH>;	# export path
50  * 	int	req_flavor;		# auth flavor
51  * };
52  *
53  * const NFSAUTH_DENIED	  = 0x01;	# Access denied
54  * const NFSAUTH_RO	  = 0x02;	# Read-only
55  * const NFSAUTH_RW	  = 0x04;	# Read-write
56  * const NFSAUTH_ROOT	  = 0x08;	# Root access
57  * const NFSAUTH_WRONGSEC = 0x10;	# Advise NFS v4 clients to
58  * 					# try a different flavor
59  * #
60  * # The following are not part of the protocol.
61  * #
62  * const NFSAUTH_DROP	 = 0x20;	# Drop request
63  * const NFSAUTH_MAPNONE = 0x40;	# Mapped flavor to AUTH_NONE
64  * const NFSAUTH_LIMITED = 0x80;	# Access limited to visible nodes
65  *
66  * struct auth_res {
67  * 	int auth_perm;
68  * };
69  *
70  * program NFSAUTH_PROG {
71  * 	version NFSAUTH_VERS {
72  *		#
73  *		# Authorization Request
74  *		#
75  * 		auth_res
76  * 		NFSAUTH_ACCESS(auth_req) = 1;
77  *
78  * 	} = 1;
79  * } = 100231;
80  */
81 
82 #ifndef _KERNEL
83 #include <stddef.h>
84 #endif
85 #include <sys/sysmacros.h>
86 #include <sys/types.h>
87 #include <rpc/xdr.h>
88 
89 #ifdef	__cplusplus
90 extern "C" {
91 #endif
92 
93 
94 /* --8<-- Start: nfsauth_prot.x definitions --8<-- */
95 
96 #define	A_MAXPATH		1024
97 
98 #define	NFSAUTH_ACCESS		1
99 
100 #define	NFSAUTH_DENIED		0x01
101 #define	NFSAUTH_RO		0x02
102 #define	NFSAUTH_RW		0x04
103 #define	NFSAUTH_ROOT		0x08
104 #define	NFSAUTH_WRONGSEC	0x10
105 #define	NFSAUTH_DROP		0x20
106 #define	NFSAUTH_MAPNONE		0x40
107 #define	NFSAUTH_LIMITED		0x80
108 
109 struct auth_req {
110 	netobj	 req_client;
111 	char	*req_netid;
112 	char	*req_path;
113 	int	 req_flavor;
114 };
115 typedef struct auth_req auth_req;
116 
117 struct auth_res {
118 	int	auth_perm;
119 };
120 typedef struct auth_res auth_res;
121 
122 /* --8<-- End: nfsauth_prot.x definitions --8<-- */
123 
124 
125 #define	NFSAUTH_DR_OKAY		0x0	/* success */
126 #define	NFSAUTH_DR_BADCMD	0x100	/* NFSAUTH_ACCESS is only cmd allowed */
127 #define	NFSAUTH_DR_DECERR	0x200	/* mountd could not decode arguments */
128 #define	NFSAUTH_DR_EFAIL	0x400	/* mountd could not encode results */
129 #define	NFSAUTH_DR_TRYCNT	5	/* door handle acquisition retry cnt */
130 
131 #if defined(DEBUG) && !defined(_KERNEL)
132 #define	MOUNTD_DOOR		"/var/run/mountd_door"
133 #endif
134 
135 /*
136  * Only cmd is added to the args. We need to know "what" we want
137  * the daemon to do for us. Also, 'stat' returns the status from
138  * the daemon down to the kernel in addition to perms.
139  */
140 struct nfsauth_arg {
141 	uint_t		cmd;
142 	auth_req	areq;
143 };
144 typedef struct nfsauth_arg nfsauth_arg_t;
145 
146 struct nfsauth_res {
147 	uint_t		stat;
148 	auth_res	ares;
149 };
150 typedef struct nfsauth_res nfsauth_res_t;
151 
152 /*
153  * For future extensibility, we version the data structures so
154  * future incantations of mountd(1m) will know how to XDR decode
155  * the arguments.
156  */
157 enum vtypes {
158 	V_ERROR = 0,
159 	V_PROTO = 1
160 };
161 typedef enum vtypes vtypes;
162 
163 typedef struct varg {
164 	uint_t	vers;
165 	union {
166 		nfsauth_arg_t	arg;
167 		/* additional args versions go here */
168 	} arg_u;
169 } varg_t;
170 
171 extern bool_t	xdr_varg(XDR *, varg_t *);
172 extern bool_t	xdr_nfsauth_arg(XDR *, nfsauth_arg_t *);
173 extern bool_t	xdr_nfsauth_res(XDR *, nfsauth_res_t *);
174 
175 #ifdef	__cplusplus
176 }
177 #endif
178 
179 #endif /* _AUTH_H */
180