4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
27 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
28 * Use is subject to license terms.
35 * nfsauth_prot.x (The NFSAUTH Protocol)
37 * This protocol is used by the kernel to authorize NFS clients. This svc
38 * lives in the mount daemon and checks the client's access for an export
39 * with a given authentication flavor.
41 * The status result determines what kind of access the client is permitted.
43 * The result is cached in the kernel, so the authorization call will be
44 * made only the first time the client mounts the filesystem.
46 * const A_MAXPATH = 1024;
49 * netobj req_client; # client's address
50 * string req_netid<>; # Netid of address
51 * string req_path<A_MAXPATH>; # export path
52 * int req_flavor; # auth flavor
53 * uid_t req_clnt_uid; # client's uid
54 * gid_t req_clnt_gid; # client's gid
55 * gid_t req_clnt_gids<>; # client's supplemental groups
58 * const NFSAUTH_DENIED = 0x01; # Access denied
59 * const NFSAUTH_RO = 0x02; # Read-only
60 * const NFSAUTH_RW = 0x04; # Read-write
61 * const NFSAUTH_ROOT = 0x08; # Root access
62 * const NFSAUTH_WRONGSEC = 0x10; # Advise NFS v4 clients to
63 * # try a different flavor
64 * const NFSAUTH_UIDMAP = 0x100; # uid mapped
65 * const NFSAUTH_GIDMAP = 0x200; # gid mapped
66 * const NFSAUTH_GROUPS = 0x400; # translated supplemental groups
68 * # The following are not part of the protocol.
70 * const NFSAUTH_DROP = 0x20; # Drop request
71 * const NFSAUTH_MAPNONE = 0x40; # Mapped flavor to AUTH_NONE
72 * const NFSAUTH_LIMITED = 0x80; # Access limited to visible nodes
76 * uid_t auth_srv_uid; # translated uid
77 * gid_t auth_srv_gid; # translated gid
78 * gid_t auth_srv_gids<>; # translated supplemental groups
81 * program NFSAUTH_PROG {
82 * version NFSAUTH_VERS {
84 * # Authorization Request
87 * NFSAUTH_ACCESS(auth_req) = 1;
96 #include <sys/sysmacros.h>
97 #include <sys/types.h>
105 /* --8<-- Start: nfsauth_prot.x definitions --8<-- */
107 #define A_MAXPATH 1024
109 #define NFSAUTH_ACCESS 1
111 #define NFSAUTH_DENIED 0x01
112 #define NFSAUTH_RO 0x02
113 #define NFSAUTH_RW 0x04
114 #define NFSAUTH_ROOT 0x08
115 #define NFSAUTH_WRONGSEC 0x10
116 #define NFSAUTH_DROP 0x20
117 #define NFSAUTH_MAPNONE 0x40
118 #define NFSAUTH_LIMITED 0x80
119 #define NFSAUTH_UIDMAP 0x100
120 #define NFSAUTH_GIDMAP 0x200
121 #define NFSAUTH_GROUPS 0x400
135 typedef struct auth_req auth_req
;
146 typedef struct auth_res auth_res
;
148 /* --8<-- End: nfsauth_prot.x definitions --8<-- */
151 #define NFSAUTH_DR_OKAY 0x0 /* success */
152 #define NFSAUTH_DR_BADCMD 0x100 /* NFSAUTH_ACCESS is only cmd allowed */
153 #define NFSAUTH_DR_DECERR 0x200 /* mountd could not decode arguments */
154 #define NFSAUTH_DR_EFAIL 0x400 /* mountd could not encode results */
155 #define NFSAUTH_DR_TRYCNT 5 /* door handle acquisition retry cnt */
157 #if defined(DEBUG) && !defined(_KERNEL)
158 #define MOUNTD_DOOR "/var/run/mountd_door"
162 * Only cmd is added to the args. We need to know "what" we want
163 * the daemon to do for us. Also, 'stat' returns the status from
164 * the daemon down to the kernel in addition to perms.
170 typedef struct nfsauth_arg nfsauth_arg_t
;
176 typedef struct nfsauth_res nfsauth_res_t
;
179 * For future extensibility, we version the data structures so
180 * future incantations of mountd(1m) will know how to XDR decode
187 typedef enum vtypes vtypes
;
189 typedef struct varg
{
193 /* additional args versions go here */
197 extern bool_t
xdr_varg(XDR
*, varg_t
*);
198 extern bool_t
xdr_nfsauth_arg(XDR
*, nfsauth_arg_t
*);
199 extern bool_t
xdr_nfsauth_res(XDR
*, nfsauth_res_t
*);