• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * linux/include/linux/sunrpc/svcauth.h
3  *
4  * RPC server-side authentication stuff.
5  *
6  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
7  */
8 
9 #ifndef _LINUX_SUNRPC_SVCAUTH_H_
10 #define _LINUX_SUNRPC_SVCAUTH_H_
11 
12 #ifdef __KERNEL__
13 
14 #include <linux/string.h>
15 #include <linux/sunrpc/msg_prot.h>
16 #include <linux/sunrpc/cache.h>
17 #include <linux/hash.h>
18 
19 #define SVC_CRED_NGROUPS	32
20 struct svc_cred {
21 	uid_t			cr_uid;
22 	gid_t			cr_gid;
23 	struct group_info	*cr_group_info;
24 };
25 
26 struct svc_rqst;		/* forward decl */
27 
28 /* Authentication is done in the context of a domain.
29  *
30  * Currently, the nfs server uses the auth_domain to stand
31  * for the "client" listed in /etc/exports.
32  *
33  * More generally, a domain might represent a group of clients using
34  * a common mechanism for authentication and having a common mapping
35  * between local identity (uid) and network identity.  All clients
36  * in a domain have similar general access rights.  Each domain can
37  * contain multiple principals which will have different specific right
38  * based on normal Discretionary Access Control.
39  *
40  * A domain is created by an authentication flavour module based on name
41  * only.  Userspace then fills in detail on demand.
42  *
43  * In the case of auth_unix and auth_null, the auth_domain is also
44  * associated with entries in another cache representing the mapping
45  * of ip addresses to the given client.
46  */
47 struct auth_domain {
48 	struct kref		ref;
49 	struct hlist_node	hash;
50 	char			*name;
51 	struct auth_ops		*flavour;
52 };
53 
54 /*
55  * Each authentication flavour registers an auth_ops
56  * structure.
57  * name is simply the name.
58  * flavour gives the auth flavour. It determines where the flavour is registered
59  * accept() is given a request and should verify it.
60  *   It should inspect the authenticator and verifier, and possibly the data.
61  *    If there is a problem with the authentication *authp should be set.
62  *    The return value of accept() can indicate:
63  *      OK - authorised. client and credential are set in rqstp.
64  *           reqbuf points to arguments
65  *           resbuf points to good place for results.  verfier
66  *             is (probably) already in place.  Certainly space is
67  *	       reserved for it.
68  *      DROP - simply drop the request. It may have been deferred
69  *      GARBAGE - rpc garbage_args error
70  *      SYSERR - rpc system_err error
71  *      DENIED - authp holds reason for denial.
72  *      COMPLETE - the reply is encoded already and ready to be sent; no
73  *		further processing is necessary.  (This is used for processing
74  *		null procedure calls which are used to set up encryption
75  *		contexts.)
76  *
77  *   accept is passed the proc number so that it can accept NULL rpc requests
78  *   even if it cannot authenticate the client (as is sometimes appropriate).
79  *
80  * release() is given a request after the procedure has been run.
81  *  It should sign/encrypt the results if needed
82  * It should return:
83  *    OK - the resbuf is ready to be sent
84  *    DROP - the reply should be quitely dropped
85  *    DENIED - authp holds a reason for MSG_DENIED
86  *    SYSERR - rpc system_err
87  *
88  * domain_release()
89  *   This call releases a domain.
90  * set_client()
91  *   Givens a pending request (struct svc_rqst), finds and assigns
92  *   an appropriate 'auth_domain' as the client.
93  */
94 struct auth_ops {
95 	char *	name;
96 	struct module *owner;
97 	int	flavour;
98 	int	(*accept)(struct svc_rqst *rq, u32 *authp);
99 	int	(*release)(struct svc_rqst *rq);
100 	void	(*domain_release)(struct auth_domain *);
101 	int	(*set_client)(struct svc_rqst *rq);
102 };
103 
104 #define	SVC_GARBAGE	1
105 #define	SVC_SYSERR	2
106 #define	SVC_VALID	3
107 #define	SVC_NEGATIVE	4
108 #define	SVC_OK		5
109 #define	SVC_DROP	6
110 #define	SVC_DENIED	7
111 #define	SVC_PENDING	8
112 #define	SVC_COMPLETE	9
113 
114 
115 extern int	svc_authenticate(struct svc_rqst *rqstp, u32 *authp);
116 extern int	svc_authorise(struct svc_rqst *rqstp);
117 extern int	svc_set_client(struct svc_rqst *rqstp);
118 extern int	svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops);
119 extern void	svc_auth_unregister(rpc_authflavor_t flavor);
120 
121 extern struct auth_domain *unix_domain_find(char *name);
122 extern void auth_domain_put(struct auth_domain *item);
123 extern int auth_unix_add_addr(struct in_addr addr, struct auth_domain *dom);
124 extern struct auth_domain *auth_domain_lookup(char *name, struct auth_domain *new);
125 extern struct auth_domain *auth_domain_find(char *name);
126 extern struct auth_domain *auth_unix_lookup(struct in_addr addr);
127 extern int auth_unix_forget_old(struct auth_domain *dom);
128 extern void svcauth_unix_purge(void);
129 
hash_str(char * name,int bits)130 static inline unsigned long hash_str(char *name, int bits)
131 {
132 	unsigned long hash = 0;
133 	unsigned long l = 0;
134 	int len = 0;
135 	unsigned char c;
136 	do {
137 		if (unlikely(!(c = *name++))) {
138 			c = (char)len; len = -1;
139 		}
140 		l = (l << 8) | c;
141 		len++;
142 		if ((len & (BITS_PER_LONG/8-1))==0)
143 			hash = hash_long(hash^l, BITS_PER_LONG);
144 	} while (len);
145 	return hash >> (BITS_PER_LONG - bits);
146 }
147 
hash_mem(char * buf,int length,int bits)148 static inline unsigned long hash_mem(char *buf, int length, int bits)
149 {
150 	unsigned long hash = 0;
151 	unsigned long l = 0;
152 	int len = 0;
153 	unsigned char c;
154 	do {
155 		if (len == length) {
156 			c = (char)len; len = -1;
157 		} else
158 			c = *buf++;
159 		l = (l << 8) | c;
160 		len++;
161 		if ((len & (BITS_PER_LONG/8-1))==0)
162 			hash = hash_long(hash^l, BITS_PER_LONG);
163 	} while (len);
164 	return hash >> (BITS_PER_LONG - bits);
165 }
166 
167 #endif /* __KERNEL__ */
168 
169 #endif /* _LINUX_SUNRPC_SVCAUTH_H_ */
170