diff options
Diffstat (limited to 'include/linux/sunrpc/svcauth.h')
-rw-r--r-- | include/linux/sunrpc/svcauth.h | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h new file mode 100644 index 000000000000..c119ce7cbd22 --- /dev/null +++ b/include/linux/sunrpc/svcauth.h | |||
@@ -0,0 +1,167 @@ | |||
1 | /* | ||
2 | * linux/include/linux/sunrpc/svcauth.h | ||
3 | * | ||
4 | * RPC server-side authentication stuff. | ||
5 | * | ||
6 | * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de> | ||
7 | */ | ||
8 | |||
9 | #ifndef _LINUX_SUNRPC_SVCAUTH_H_ | ||
10 | #define _LINUX_SUNRPC_SVCAUTH_H_ | ||
11 | |||
12 | #ifdef __KERNEL__ | ||
13 | |||
14 | #include <linux/string.h> | ||
15 | #include <linux/sunrpc/msg_prot.h> | ||
16 | #include <linux/sunrpc/cache.h> | ||
17 | #include <linux/hash.h> | ||
18 | |||
19 | #define SVC_CRED_NGROUPS 32 | ||
20 | struct svc_cred { | ||
21 | uid_t cr_uid; | ||
22 | gid_t cr_gid; | ||
23 | struct group_info *cr_group_info; | ||
24 | }; | ||
25 | |||
26 | struct svc_rqst; /* forward decl */ | ||
27 | |||
28 | /* Authentication is done in the context of a domain. | ||
29 | * | ||
30 | * Currently, the nfs server uses the auth_domain to stand | ||
31 | * for the "client" listed in /etc/exports. | ||
32 | * | ||
33 | * More generally, a domain might represent a group of clients using | ||
34 | * a common mechanism for authentication and having a common mapping | ||
35 | * between local identity (uid) and network identity. All clients | ||
36 | * in a domain have similar general access rights. Each domain can | ||
37 | * contain multiple principals which will have different specific right | ||
38 | * based on normal Discretionary Access Control. | ||
39 | * | ||
40 | * A domain is created by an authentication flavour module based on name | ||
41 | * only. Userspace then fills in detail on demand. | ||
42 | * | ||
43 | * In the case of auth_unix and auth_null, the auth_domain is also | ||
44 | * associated with entries in another cache representing the mapping | ||
45 | * of ip addresses to the given client. | ||
46 | */ | ||
47 | struct auth_domain { | ||
48 | struct cache_head h; | ||
49 | char *name; | ||
50 | int flavour; | ||
51 | }; | ||
52 | |||
53 | /* | ||
54 | * Each authentication flavour registers an auth_ops | ||
55 | * structure. | ||
56 | * name is simply the name. | ||
57 | * flavour gives the auth flavour. It determines where the flavour is registered | ||
58 | * accept() is given a request and should verify it. | ||
59 | * It should inspect the authenticator and verifier, and possibly the data. | ||
60 | * If there is a problem with the authentication *authp should be set. | ||
61 | * The return value of accept() can indicate: | ||
62 | * OK - authorised. client and credential are set in rqstp. | ||
63 | * reqbuf points to arguments | ||
64 | * resbuf points to good place for results. verfier | ||
65 | * is (probably) already in place. Certainly space is | ||
66 | * reserved for it. | ||
67 | * DROP - simply drop the request. It may have been deferred | ||
68 | * GARBAGE - rpc garbage_args error | ||
69 | * SYSERR - rpc system_err error | ||
70 | * DENIED - authp holds reason for denial. | ||
71 | * COMPLETE - the reply is encoded already and ready to be sent; no | ||
72 | * further processing is necessary. (This is used for processing | ||
73 | * null procedure calls which are used to set up encryption | ||
74 | * contexts.) | ||
75 | * | ||
76 | * accept is passed the proc number so that it can accept NULL rpc requests | ||
77 | * even if it cannot authenticate the client (as is sometimes appropriate). | ||
78 | * | ||
79 | * release() is given a request after the procedure has been run. | ||
80 | * It should sign/encrypt the results if needed | ||
81 | * It should return: | ||
82 | * OK - the resbuf is ready to be sent | ||
83 | * DROP - the reply should be quitely dropped | ||
84 | * DENIED - authp holds a reason for MSG_DENIED | ||
85 | * SYSERR - rpc system_err | ||
86 | * | ||
87 | * domain_release() | ||
88 | * This call releases a domain. | ||
89 | */ | ||
90 | struct auth_ops { | ||
91 | char * name; | ||
92 | struct module *owner; | ||
93 | int flavour; | ||
94 | int (*accept)(struct svc_rqst *rq, u32 *authp); | ||
95 | int (*release)(struct svc_rqst *rq); | ||
96 | void (*domain_release)(struct auth_domain *); | ||
97 | int (*set_client)(struct svc_rqst *rq); | ||
98 | }; | ||
99 | |||
100 | #define SVC_GARBAGE 1 | ||
101 | #define SVC_SYSERR 2 | ||
102 | #define SVC_VALID 3 | ||
103 | #define SVC_NEGATIVE 4 | ||
104 | #define SVC_OK 5 | ||
105 | #define SVC_DROP 6 | ||
106 | #define SVC_DENIED 7 | ||
107 | #define SVC_PENDING 8 | ||
108 | #define SVC_COMPLETE 9 | ||
109 | |||
110 | |||
111 | extern int svc_authenticate(struct svc_rqst *rqstp, u32 *authp); | ||
112 | extern int svc_authorise(struct svc_rqst *rqstp); | ||
113 | extern int svc_set_client(struct svc_rqst *rqstp); | ||
114 | extern int svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops); | ||
115 | extern void svc_auth_unregister(rpc_authflavor_t flavor); | ||
116 | |||
117 | extern struct auth_domain *unix_domain_find(char *name); | ||
118 | extern void auth_domain_put(struct auth_domain *item); | ||
119 | extern int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom); | ||
120 | extern struct auth_domain *auth_domain_lookup(struct auth_domain *item, int set); | ||
121 | extern struct auth_domain *auth_domain_find(char *name); | ||
122 | extern struct auth_domain *auth_unix_lookup(struct in_addr addr); | ||
123 | extern int auth_unix_forget_old(struct auth_domain *dom); | ||
124 | extern void svcauth_unix_purge(void); | ||
125 | |||
126 | static inline unsigned long hash_str(char *name, int bits) | ||
127 | { | ||
128 | unsigned long hash = 0; | ||
129 | unsigned long l = 0; | ||
130 | int len = 0; | ||
131 | unsigned char c; | ||
132 | do { | ||
133 | if (unlikely(!(c = *name++))) { | ||
134 | c = (char)len; len = -1; | ||
135 | } | ||
136 | l = (l << 8) | c; | ||
137 | len++; | ||
138 | if ((len & (BITS_PER_LONG/8-1))==0) | ||
139 | hash = hash_long(hash^l, BITS_PER_LONG); | ||
140 | } while (len); | ||
141 | return hash >> (BITS_PER_LONG - bits); | ||
142 | } | ||
143 | |||
144 | static inline unsigned long hash_mem(char *buf, int length, int bits) | ||
145 | { | ||
146 | unsigned long hash = 0; | ||
147 | unsigned long l = 0; | ||
148 | int len = 0; | ||
149 | unsigned char c; | ||
150 | do { | ||
151 | if (len == length) { | ||
152 | c = (char)len; len = -1; | ||
153 | } else | ||
154 | c = *buf++; | ||
155 | l = (l << 8) | c; | ||
156 | len++; | ||
157 | if ((len & (BITS_PER_LONG/8-1))==0) | ||
158 | hash = hash_long(hash^l, BITS_PER_LONG); | ||
159 | } while (len); | ||
160 | return hash >> (BITS_PER_LONG - bits); | ||
161 | } | ||
162 | |||
163 | extern struct cache_detail auth_domain_cache, ip_map_cache; | ||
164 | |||
165 | #endif /* __KERNEL__ */ | ||
166 | |||
167 | #endif /* _LINUX_SUNRPC_SVCAUTH_H_ */ | ||