1*1cc55349Srmesta /* 2*1cc55349Srmesta * CDDL HEADER START 3*1cc55349Srmesta * 4*1cc55349Srmesta * The contents of this file are subject to the terms of the 5*1cc55349Srmesta * Common Development and Distribution License (the "License"). 6*1cc55349Srmesta * You may not use this file except in compliance with the License. 7*1cc55349Srmesta * 8*1cc55349Srmesta * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*1cc55349Srmesta * or http://www.opensolaris.org/os/licensing. 10*1cc55349Srmesta * See the License for the specific language governing permissions 11*1cc55349Srmesta * and limitations under the License. 12*1cc55349Srmesta * 13*1cc55349Srmesta * When distributing Covered Code, include this CDDL HEADER in each 14*1cc55349Srmesta * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*1cc55349Srmesta * If applicable, add the following below this CDDL HEADER, with the 16*1cc55349Srmesta * fields enclosed by brackets "[]" replaced with your own identifying 17*1cc55349Srmesta * information: Portions Copyright [yyyy] [name of copyright owner] 18*1cc55349Srmesta * 19*1cc55349Srmesta * CDDL HEADER END 20*1cc55349Srmesta */ 21*1cc55349Srmesta /* 22*1cc55349Srmesta * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23*1cc55349Srmesta * Use is subject to license terms. 24*1cc55349Srmesta */ 25*1cc55349Srmesta 26*1cc55349Srmesta #ifndef _AUTH_H 27*1cc55349Srmesta #define _AUTH_H 28*1cc55349Srmesta 29*1cc55349Srmesta #pragma ident "%Z%%M% %I% %E% SMI" 30*1cc55349Srmesta 31*1cc55349Srmesta 32*1cc55349Srmesta /* 33*1cc55349Srmesta * nfsauth_prot.x (The NFSAUTH Protocol) 34*1cc55349Srmesta * 35*1cc55349Srmesta * This protocol is used by the kernel to authorize NFS clients. This svc 36*1cc55349Srmesta * lives in the mount daemon and checks the client's access for an export 37*1cc55349Srmesta * with a given authentication flavor. 38*1cc55349Srmesta * 39*1cc55349Srmesta * The status result determines what kind of access the client is permitted. 40*1cc55349Srmesta * 41*1cc55349Srmesta * The result is cached in the kernel, so the authorization call will be 42*1cc55349Srmesta * made * only the first time the client mounts the filesystem. 43*1cc55349Srmesta * 44*1cc55349Srmesta * const A_MAXPATH = 1024; 45*1cc55349Srmesta * 46*1cc55349Srmesta * struct auth_req { 47*1cc55349Srmesta * netobj req_client; # client's address 48*1cc55349Srmesta * string req_netid<>; # Netid of address 49*1cc55349Srmesta * string req_path<A_MAXPATH>; # export path 50*1cc55349Srmesta * int req_flavor; # auth flavor 51*1cc55349Srmesta * }; 52*1cc55349Srmesta * 53*1cc55349Srmesta * const NFSAUTH_DENIED = 0x01; # Access denied 54*1cc55349Srmesta * const NFSAUTH_RO = 0x02; # Read-only 55*1cc55349Srmesta * const NFSAUTH_RW = 0x04; # Read-write 56*1cc55349Srmesta * const NFSAUTH_ROOT = 0x08; # Root access 57*1cc55349Srmesta * const NFSAUTH_WRONGSEC = 0x10; # Advise NFS v4 clients to 58*1cc55349Srmesta * # try a different flavor 59*1cc55349Srmesta * # 60*1cc55349Srmesta * # The following are not part of the protocol. 61*1cc55349Srmesta * # 62*1cc55349Srmesta * const NFSAUTH_DROP = 0x20; # Drop request 63*1cc55349Srmesta * const NFSAUTH_MAPNONE = 0x40; # Mapped flavor to AUTH_NONE 64*1cc55349Srmesta * const NFSAUTH_LIMITED = 0x80; # Access limited to visible nodes 65*1cc55349Srmesta * 66*1cc55349Srmesta * struct auth_res { 67*1cc55349Srmesta * int auth_perm; 68*1cc55349Srmesta * }; 69*1cc55349Srmesta * 70*1cc55349Srmesta * program NFSAUTH_PROG { 71*1cc55349Srmesta * version NFSAUTH_VERS { 72*1cc55349Srmesta * # 73*1cc55349Srmesta * # Authorization Request 74*1cc55349Srmesta * # 75*1cc55349Srmesta * auth_res 76*1cc55349Srmesta * NFSAUTH_ACCESS(auth_req) = 1; 77*1cc55349Srmesta * 78*1cc55349Srmesta * } = 1; 79*1cc55349Srmesta * } = 100231; 80*1cc55349Srmesta */ 81*1cc55349Srmesta 82*1cc55349Srmesta #ifndef _KERNEL 83*1cc55349Srmesta #include <stddef.h> 84*1cc55349Srmesta #endif 85*1cc55349Srmesta #include <sys/sysmacros.h> 86*1cc55349Srmesta #include <sys/types.h> 87*1cc55349Srmesta #include <rpc/xdr.h> 88*1cc55349Srmesta 89*1cc55349Srmesta #ifdef __cplusplus 90*1cc55349Srmesta extern "C" { 91*1cc55349Srmesta #endif 92*1cc55349Srmesta 93*1cc55349Srmesta 94*1cc55349Srmesta /* --8<-- Start: nfsauth_prot.x definitions --8<-- */ 95*1cc55349Srmesta 96*1cc55349Srmesta #define A_MAXPATH 1024 97*1cc55349Srmesta 98*1cc55349Srmesta #define NFSAUTH_ACCESS 1 99*1cc55349Srmesta 100*1cc55349Srmesta #define NFSAUTH_DENIED 0x01 101*1cc55349Srmesta #define NFSAUTH_RO 0x02 102*1cc55349Srmesta #define NFSAUTH_RW 0x04 103*1cc55349Srmesta #define NFSAUTH_ROOT 0x08 104*1cc55349Srmesta #define NFSAUTH_WRONGSEC 0x10 105*1cc55349Srmesta #define NFSAUTH_DROP 0x20 106*1cc55349Srmesta #define NFSAUTH_MAPNONE 0x40 107*1cc55349Srmesta #define NFSAUTH_LIMITED 0x80 108*1cc55349Srmesta 109*1cc55349Srmesta struct auth_req { 110*1cc55349Srmesta netobj req_client; 111*1cc55349Srmesta char *req_netid; 112*1cc55349Srmesta char *req_path; 113*1cc55349Srmesta int req_flavor; 114*1cc55349Srmesta }; 115*1cc55349Srmesta typedef struct auth_req auth_req; 116*1cc55349Srmesta 117*1cc55349Srmesta struct auth_res { 118*1cc55349Srmesta int auth_perm; 119*1cc55349Srmesta }; 120*1cc55349Srmesta typedef struct auth_res auth_res; 121*1cc55349Srmesta 122*1cc55349Srmesta /* --8<-- End: nfsauth_prot.x definitions --8<-- */ 123*1cc55349Srmesta 124*1cc55349Srmesta 125*1cc55349Srmesta #define NFSAUTH_DR_OKAY 0x0 /* success */ 126*1cc55349Srmesta #define NFSAUTH_DR_BADCMD 0x100 /* NFSAUTH_ACCESS is only cmd allowed */ 127*1cc55349Srmesta #define NFSAUTH_DR_DECERR 0x200 /* mountd could not decode arguments */ 128*1cc55349Srmesta #define NFSAUTH_DR_EFAIL 0x400 /* mountd could not encode results */ 129*1cc55349Srmesta #define NFSAUTH_DR_TRYCNT 5 /* door handle acquisition retry cnt */ 130*1cc55349Srmesta 131*1cc55349Srmesta #if defined(DEBUG) && !defined(_KERNEL) 132*1cc55349Srmesta #define MOUNTD_DOOR "/var/run/mountd_door" 133*1cc55349Srmesta #endif 134*1cc55349Srmesta 135*1cc55349Srmesta /* 136*1cc55349Srmesta * Only cmd is added to the args. We need to know "what" we want 137*1cc55349Srmesta * the daemon to do for us. Also, 'stat' returns the status from 138*1cc55349Srmesta * the daemon down to the kernel in addition to perms. 139*1cc55349Srmesta */ 140*1cc55349Srmesta struct nfsauth_arg { 141*1cc55349Srmesta uint_t cmd; 142*1cc55349Srmesta auth_req areq; 143*1cc55349Srmesta }; 144*1cc55349Srmesta typedef struct nfsauth_arg nfsauth_arg_t; 145*1cc55349Srmesta 146*1cc55349Srmesta struct nfsauth_res { 147*1cc55349Srmesta uint_t stat; 148*1cc55349Srmesta auth_res ares; 149*1cc55349Srmesta }; 150*1cc55349Srmesta typedef struct nfsauth_res nfsauth_res_t; 151*1cc55349Srmesta 152*1cc55349Srmesta /* 153*1cc55349Srmesta * For future extensibility, we version the data structures so 154*1cc55349Srmesta * future incantations of mountd(1m) will know how to XDR decode 155*1cc55349Srmesta * the arguments. 156*1cc55349Srmesta */ 157*1cc55349Srmesta enum vtypes { 158*1cc55349Srmesta V_ERROR = 0, 159*1cc55349Srmesta V_PROTO = 1 160*1cc55349Srmesta }; 161*1cc55349Srmesta typedef enum vtypes vtypes; 162*1cc55349Srmesta 163*1cc55349Srmesta typedef struct varg { 164*1cc55349Srmesta uint_t vers; 165*1cc55349Srmesta union { 166*1cc55349Srmesta nfsauth_arg_t arg; 167*1cc55349Srmesta /* additional args versions go here */ 168*1cc55349Srmesta } arg_u; 169*1cc55349Srmesta } varg_t; 170*1cc55349Srmesta 171*1cc55349Srmesta extern bool_t xdr_varg(XDR *, varg_t *); 172*1cc55349Srmesta extern bool_t xdr_nfsauth_arg(XDR *, nfsauth_arg_t *); 173*1cc55349Srmesta extern bool_t xdr_nfsauth_res(XDR *, nfsauth_res_t *); 174*1cc55349Srmesta 175*1cc55349Srmesta #ifdef __cplusplus 176*1cc55349Srmesta } 177*1cc55349Srmesta #endif 178*1cc55349Srmesta 179*1cc55349Srmesta #endif /* _AUTH_H */ 180