auth.h revision 5cb0d67909d9970a3e7adbea9422ca3fc88000bf
* The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * See the License for the specific language governing permissions * and limitations under the License. * When distributing Covered Code, include this CDDL HEADER in each * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2014 Nexenta Systems, Inc. All rights reserved. * nfsauth_prot.x (The NFSAUTH Protocol) * This protocol is used by the kernel to authorize NFS clients. This svc * lives in the mount daemon and checks the client's access for an export * with a given authentication flavor. * The status result determines what kind of access the client is permitted. * The result is cached in the kernel, so the authorization call will be * made only the first time the client mounts the filesystem. * const A_MAXPATH = 1024; * netobj req_client; # client's address * string req_netid<>; # Netid of address * string req_path<A_MAXPATH>; # export path * int req_flavor; # auth flavor * uid_t req_clnt_uid; # client's uid * gid_t req_clnt_gid; # client's gid * const NFSAUTH_DENIED = 0x01; # Access denied * const NFSAUTH_RO = 0x02; # Read-only * const NFSAUTH_RW = 0x04; # Read-write * const NFSAUTH_ROOT = 0x08; # Root access * const NFSAUTH_WRONGSEC = 0x10; # Advise NFS v4 clients to * # try a different flavor * const NFSAUTH_UIDMAP = 0x100; # uid mapped * const NFSAUTH_GIDMAP = 0x200; # gid mapped * # The following are not part of the protocol. * const NFSAUTH_DROP = 0x20; # Drop request * const NFSAUTH_MAPNONE = 0x40; # Mapped flavor to AUTH_NONE * const NFSAUTH_LIMITED = 0x80; # Access limited to visible nodes * # Authorization Request * NFSAUTH_ACCESS(auth_req) = 1; /* --8<-- Start: nfsauth_prot.x definitions --8<-- */ /* --8<-- End: nfsauth_prot.x definitions --8<-- */ * Only cmd is added to the args. We need to know "what" we want * the daemon to do for us. Also, 'stat' returns the status from * the daemon down to the kernel in addition to perms. * For future extensibility, we version the data structures so * future incantations of mountd(1m) will know how to XDR decode /* additional args versions go here */