1/* 2 * linux/include/linux/sunrpc/svcauth.h 3 * 4 * RPC server-side authentication stuff. 5 * 6 * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> 7 */ 8 9#ifndef _LINUX_SUNRPC_SVCAUTH_H_ 10#define _LINUX_SUNRPC_SVCAUTH_H_ 11 12#ifdef __KERNEL__ 13 14#include <linux/string.h> 15#include <linux/sunrpc/msg_prot.h> 16#include <linux/sunrpc/cache.h> 17#include <linux/hash.h> 18 19#define SVC_CRED_NGROUPS 32 20struct svc_cred { 21 uid_t cr_uid; 22 gid_t cr_gid; 23 struct group_info *cr_group_info; 24}; 25 26struct svc_rqst; /* forward decl */ 27 28/* Authentication is done in the context of a domain. 29 * 30 * Currently, the nfs server uses the auth_domain to stand 31 * for the "client" listed in /etc/exports. 32 * 33 * More generally, a domain might represent a group of clients using 34 * a common mechanism for authentication and having a common mapping 35 * between local identity (uid) and network identity. All clients 36 * in a domain have similar general access rights. Each domain can 37 * contain multiple principals which will have different specific right 38 * based on normal Discretionary Access Control. 39 * 40 * A domain is created by an authentication flavour module based on name 41 * only. Userspace then fills in detail on demand. 42 * 43 * In the case of auth_unix and auth_null, the auth_domain is also 44 * associated with entries in another cache representing the mapping 45 * of ip addresses to the given client. 46 */ 47struct auth_domain { 48 struct kref ref; 49 struct hlist_node hash; 50 char *name; 51 struct auth_ops *flavour; 52}; 53 54/* 55 * Each authentication flavour registers an auth_ops 56 * structure. 57 * name is simply the name. 58 * flavour gives the auth flavour. It determines where the flavour is registered 59 * accept() is given a request and should verify it. 60 * It should inspect the authenticator and verifier, and possibly the data. 61 * If there is a problem with the authentication *authp should be set. 62 * The return value of accept() can indicate: 63 * OK - authorised. client and credential are set in rqstp. 64 * reqbuf points to arguments 65 * resbuf points to good place for results. verfier 66 * is (probably) already in place. Certainly space is 67 * reserved for it. 68 * DROP - simply drop the request. It may have been deferred 69 * GARBAGE - rpc garbage_args error 70 * SYSERR - rpc system_err error 71 * DENIED - authp holds reason for denial. 72 * COMPLETE - the reply is encoded already and ready to be sent; no 73 * further processing is necessary. (This is used for processing 74 * null procedure calls which are used to set up encryption 75 * contexts.) 76 * 77 * accept is passed the proc number so that it can accept NULL rpc requests 78 * even if it cannot authenticate the client (as is sometimes appropriate). 79 * 80 * release() is given a request after the procedure has been run. 81 * It should sign/encrypt the results if needed 82 * It should return: 83 * OK - the resbuf is ready to be sent 84 * DROP - the reply should be quitely dropped 85 * DENIED - authp holds a reason for MSG_DENIED 86 * SYSERR - rpc system_err 87 * 88 * domain_release() 89 * This call releases a domain. 90 * set_client() 91 * Givens a pending request (struct svc_rqst), finds and assigns 92 * an appropriate 'auth_domain' as the client. 93 */ 94struct auth_ops { 95 char * name; 96 struct module *owner; 97 int flavour; 98 int (*accept)(struct svc_rqst *rq, u32 *authp); 99 int (*release)(struct svc_rqst *rq); 100 void (*domain_release)(struct auth_domain *); 101 int (*set_client)(struct svc_rqst *rq); 102}; 103 104#define SVC_GARBAGE 1 105#define SVC_SYSERR 2 106#define SVC_VALID 3 107#define SVC_NEGATIVE 4 108#define SVC_OK 5 109#define SVC_DROP 6 110#define SVC_DENIED 7 111#define SVC_PENDING 8 112#define SVC_COMPLETE 9 113 114 115extern int svc_authenticate(struct svc_rqst *rqstp, u32 *authp); 116extern int svc_authorise(struct svc_rqst *rqstp); 117extern int svc_set_client(struct svc_rqst *rqstp); 118extern int svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops); 119extern void svc_auth_unregister(rpc_authflavor_t flavor); 120 121extern struct auth_domain *unix_domain_find(char *name); 122extern void auth_domain_put(struct auth_domain *item); 123extern int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom); 124extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *new); 125extern struct auth_domain *auth_domain_find(char *name); 126extern struct auth_domain *auth_unix_lookup(struct in_addr addr); 127extern int auth_unix_forget_old(struct auth_domain *dom); 128extern void svcauth_unix_purge(void); 129 130static inline unsigned long hash_str(char *name, int bits) 131{ 132 unsigned long hash = 0; 133 unsigned long l = 0; 134 int len = 0; 135 unsigned char c; 136 do { 137 if (unlikely(!(c = *name++))) { 138 c = (char)len; len = -1; 139 } 140 l = (l << 8) | c; 141 len++; 142 if ((len & (BITS_PER_LONG/8-1))==0) 143 hash = hash_long(hash^l, BITS_PER_LONG); 144 } while (len); 145 return hash >> (BITS_PER_LONG - bits); 146} 147 148static inline unsigned long hash_mem(char *buf, int length, int bits) 149{ 150 unsigned long hash = 0; 151 unsigned long l = 0; 152 int len = 0; 153 unsigned char c; 154 do { 155 if (len == length) { 156 c = (char)len; len = -1; 157 } else 158 c = *buf++; 159 l = (l << 8) | c; 160 len++; 161 if ((len & (BITS_PER_LONG/8-1))==0) 162 hash = hash_long(hash^l, BITS_PER_LONG); 163 } while (len); 164 return hash >> (BITS_PER_LONG - bits); 165} 166 167#endif /* __KERNEL__ */ 168 169#endif /* _LINUX_SUNRPC_SVCAUTH_H_ */ 170