1 /* 2 * linux/include/linux/sunrpc/svcauth.h 3 * 4 * RPC server-side authentication stuff. 5 * 6 * Copyright (C) 1995, 1996 Olaf Kirch <okir (at) monad.swb.de> 7 */ 8 9 #ifndef _LINUX_SUNRPC_SVCAUTH_H_ 10 #define _LINUX_SUNRPC_SVCAUTH_H_ 11 12 #ifdef __KERNEL__ 13 14 #include <linux/string.h> 15 #include <linux/sunrpc/msg_prot.h> 16 #include <linux/sunrpc/cache.h> 17 #include <linux/hash.h> 18 19 #define SVC_CRED_NGROUPS 32 20 struct svc_cred { 21 uid_t cr_uid; 22 gid_t cr_gid; 23 struct group_info *cr_group_info; 24 }; 25 26 struct svc_rqst; /* forward decl */ 27 28 /* Authentication is done in the context of a domain. 29 * 30 * Currently, the nfs server uses the auth_domain to stand 31 * for the "client" listed in /etc/exports. 32 * 33 * More generally, a domain might represent a group of clients using 34 * a common mechanism for authentication and having a common mapping 35 * between local identity (uid) and network identity. All clients 36 * in a domain have similar general access rights. Each domain can 37 * contain multiple principals which will have different specific right 38 * based on normal Discretionary Access Control. 39 * 40 * A domain is created by an authentication flavour module based on name 41 * only. Userspace then fills in detail on demand. 42 * 43 * In the case of auth_unix and auth_null, the auth_domain is also 44 * associated with entries in another cache representing the mapping 45 * of ip addresses to the given client. 46 */ 47 struct auth_domain { 48 struct kref ref; 49 struct hlist_node hash; 50 char *name; 51 struct auth_ops *flavour; 52 }; 53 54 /* 55 * Each authentication flavour registers an auth_ops 56 * structure. 57 * name is simply the name. 58 * flavour gives the auth flavour. It determines where the flavour is registered 59 * accept() is given a request and should verify it. 60 * It should inspect the authenticator and verifier, and possibly the data. 61 * If there is a problem with the authentication *authp should be set. 62 * The return value of accept() can indicate: 63 * OK - authorised. client and credential are set in rqstp. 64 * reqbuf points to arguments 65 * resbuf points to good place for results. verfier 66 * is (probably) already in place. Certainly space is 67 * reserved for it. 68 * DROP - simply drop the request. It may have been deferred 69 * GARBAGE - rpc garbage_args error 70 * SYSERR - rpc system_err error 71 * DENIED - authp holds reason for denial. 72 * COMPLETE - the reply is encoded already and ready to be sent; no 73 * further processing is necessary. (This is used for processing 74 * null procedure calls which are used to set up encryption 75 * contexts.) 76 * 77 * accept is passed the proc number so that it can accept NULL rpc requests 78 * even if it cannot authenticate the client (as is sometimes appropriate). 79 * 80 * release() is given a request after the procedure has been run. 81 * It should sign/encrypt the results if needed 82 * It should return: 83 * OK - the resbuf is ready to be sent 84 * DROP - the reply should be quitely dropped 85 * DENIED - authp holds a reason for MSG_DENIED 86 * SYSERR - rpc system_err 87 * 88 * domain_release() 89 * This call releases a domain. 90 * set_client() 91 * Givens a pending request (struct svc_rqst), finds and assigns 92 * an appropriate 'auth_domain' as the client. 93 */ 94 struct auth_ops { 95 char * name; 96 struct module *owner; 97 int flavour; 98 int (*accept)(struct svc_rqst *rq, u32 *authp); 99 int (*release)(struct svc_rqst *rq); 100 void (*domain_release)(struct auth_domain *); 101 int (*set_client)(struct svc_rqst *rq); 102 }; 103 104 #define SVC_GARBAGE 1 105 #define SVC_SYSERR 2 106 #define SVC_VALID 3 107 #define SVC_NEGATIVE 4 108 #define SVC_OK 5 109 #define SVC_DROP 6 110 #define SVC_DENIED 7 111 #define SVC_PENDING 8 112 #define SVC_COMPLETE 9 113 114 115 extern int svc_authenticate(struct svc_rqst *rqstp, u32 *authp); 116 extern int svc_authorise(struct svc_rqst *rqstp); 117 extern int svc_set_client(struct svc_rqst *rqstp); 118 extern int svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops); 119 extern void svc_auth_unregister(rpc_authflavor_t flavor); 120 121 extern struct auth_domain *unix_domain_find(char *name); 122 extern void auth_domain_put(struct auth_domain *item); 123 extern int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom); 124 extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *new); 125 extern struct auth_domain *auth_domain_find(char *name); 126 extern struct auth_domain *auth_unix_lookup(struct in_addr addr); 127 extern int auth_unix_forget_old(struct auth_domain *dom); 128 extern void svcauth_unix_purge(void); 129 130 static inline unsigned long hash_str(char *name, int bits) 131 { 132 unsigned long hash = 0; 133 unsigned long l = 0; 134 int len = 0; 135 unsigned char c; 136 do { 137 if (unlikely(!(c = *name++))) { 138 c = (char)len; len = -1; 139 } 140 l = (l << 8) | c; 141 len++; 142 if ((len & (BITS_PER_LONG/8-1))==0) 143 hash = hash_long(hash^l, BITS_PER_LONG); 144 } while (len); 145 return hash >> (BITS_PER_LONG - bits); 146 } 147 148 static inline unsigned long hash_mem(char *buf, int length, int bits) 149 { 150 unsigned long hash = 0; 151 unsigned long l = 0; 152 int len = 0; 153 unsigned char c; 154 do { 155 if (len == length) { 156 c = (char)len; len = -1; 157 } else 158 c = *buf++; 159 l = (l << 8) | c; 160 len++; 161 if ((len & (BITS_PER_LONG/8-1))==0) 162 hash = hash_long(hash^l, BITS_PER_LONG); 163 } while (len); 164 return hash >> (BITS_PER_LONG - bits); 165 } 166 167 #endif /* __KERNEL__ */ 168 169 #endif /* _LINUX_SUNRPC_SVCAUTH_H_ */ 170
