Print this page
NEX-15279 support NFS server in zone
NEX-15520 online NFS shares cause zoneadm halt to hang in nfs_export_zone_fini
Portions contributed by: Dan Kruchinin dan.kruchinin@nexenta.com
Portions contributed by: Stepan Zastupov stepan.zastupov@gmail.com
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
Reviewed by: Rob Gittins <rob.gittins@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
NEX-1974 Support for more than 16 groups with AUTH_SYS
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com>
NEX-1128 NFS server: Generic uid and gid remapping for AUTH_SYS
Reviewed by: Jan Kryl <jan.kryl@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/nfs/auth.h
+++ new/usr/src/uts/common/nfs/auth.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 - * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
23 + * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 + * Use is subject to license terms.
24 25 */
25 26
26 27 /*
27 - * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
28 - * Use is subject to license terms.
28 + * Copyright 2018 Nexenta Systems, Inc.
29 29 */
30 30
31 31 #ifndef _AUTH_H
32 32 #define _AUTH_H
33 33
34 34 /*
35 35 * nfsauth_prot.x (The NFSAUTH Protocol)
36 36 *
37 37 * This protocol is used by the kernel to authorize NFS clients. This svc
38 38 * lives in the mount daemon and checks the client's access for an export
39 39 * with a given authentication flavor.
40 40 *
41 41 * The status result determines what kind of access the client is permitted.
42 42 *
43 43 * The result is cached in the kernel, so the authorization call will be
44 44 * made only the first time the client mounts the filesystem.
45 45 *
46 46 * const A_MAXPATH = 1024;
47 47 *
48 48 * struct auth_req {
49 49 * netobj req_client; # client's address
50 50 * string req_netid<>; # Netid of address
51 51 * string req_path<A_MAXPATH>; # export path
52 52 * int req_flavor; # auth flavor
53 53 * uid_t req_clnt_uid; # client's uid
54 54 * gid_t req_clnt_gid; # client's gid
55 55 * gid_t req_clnt_gids<>; # client's supplemental groups
56 56 * };
57 57 *
58 58 * const NFSAUTH_DENIED = 0x01; # Access denied
59 59 * const NFSAUTH_RO = 0x02; # Read-only
60 60 * const NFSAUTH_RW = 0x04; # Read-write
61 61 * const NFSAUTH_ROOT = 0x08; # Root access
62 62 * const NFSAUTH_WRONGSEC = 0x10; # Advise NFS v4 clients to
63 63 * # try a different flavor
64 64 * const NFSAUTH_UIDMAP = 0x100; # uid mapped
65 65 * const NFSAUTH_GIDMAP = 0x200; # gid mapped
66 66 * const NFSAUTH_GROUPS = 0x400; # translated supplemental groups
67 67 * #
68 68 * # The following are not part of the protocol.
69 69 * #
70 70 * const NFSAUTH_DROP = 0x20; # Drop request
71 71 * const NFSAUTH_MAPNONE = 0x40; # Mapped flavor to AUTH_NONE
72 72 * const NFSAUTH_LIMITED = 0x80; # Access limited to visible nodes
73 73 *
74 74 * struct auth_res {
75 75 * int auth_perm;
76 76 * uid_t auth_srv_uid; # translated uid
77 77 * gid_t auth_srv_gid; # translated gid
78 78 * gid_t auth_srv_gids<>; # translated supplemental groups
79 79 * };
80 80 *
81 81 * program NFSAUTH_PROG {
82 82 * version NFSAUTH_VERS {
83 83 * #
84 84 * # Authorization Request
85 85 * #
86 86 * auth_res
87 87 * NFSAUTH_ACCESS(auth_req) = 1;
88 88 *
89 89 * } = 1;
90 90 * } = 100231;
91 91 */
92 92
93 93 #ifndef _KERNEL
94 94 #include <stddef.h>
95 95 #endif
96 96 #include <sys/sysmacros.h>
97 97 #include <sys/types.h>
98 98 #include <rpc/xdr.h>
99 99
100 100 #ifdef __cplusplus
101 101 extern "C" {
102 102 #endif
103 103
104 104
105 105 /* --8<-- Start: nfsauth_prot.x definitions --8<-- */
106 106
107 107 #define A_MAXPATH 1024
108 108
109 109 #define NFSAUTH_ACCESS 1
110 110
111 111 #define NFSAUTH_DENIED 0x01
112 112 #define NFSAUTH_RO 0x02
113 113 #define NFSAUTH_RW 0x04
114 114 #define NFSAUTH_ROOT 0x08
115 115 #define NFSAUTH_WRONGSEC 0x10
116 116 #define NFSAUTH_DROP 0x20
117 117 #define NFSAUTH_MAPNONE 0x40
118 118 #define NFSAUTH_LIMITED 0x80
119 119 #define NFSAUTH_UIDMAP 0x100
120 120 #define NFSAUTH_GIDMAP 0x200
121 121 #define NFSAUTH_GROUPS 0x400
122 122
123 123 struct auth_req {
124 124 netobj req_client;
125 125 char *req_netid;
126 126 char *req_path;
127 127 int req_flavor;
128 128 uid_t req_clnt_uid;
129 129 gid_t req_clnt_gid;
130 130 struct {
131 131 uint_t len;
132 132 gid_t *val;
133 133 } req_clnt_gids;
134 134 };
135 135 typedef struct auth_req auth_req;
136 136
137 137 struct auth_res {
138 138 int auth_perm;
139 139 uid_t auth_srv_uid;
140 140 gid_t auth_srv_gid;
141 141 struct {
142 142 uint_t len;
143 143 gid_t *val;
144 144 } auth_srv_gids;
145 145 };
146 146 typedef struct auth_res auth_res;
147 147
148 148 /* --8<-- End: nfsauth_prot.x definitions --8<-- */
149 149
150 150
151 151 #define NFSAUTH_DR_OKAY 0x0 /* success */
152 152 #define NFSAUTH_DR_BADCMD 0x100 /* NFSAUTH_ACCESS is only cmd allowed */
153 153 #define NFSAUTH_DR_DECERR 0x200 /* mountd could not decode arguments */
154 154 #define NFSAUTH_DR_EFAIL 0x400 /* mountd could not encode results */
155 155 #define NFSAUTH_DR_TRYCNT 5 /* door handle acquisition retry cnt */
156 156
157 157 #if defined(DEBUG) && !defined(_KERNEL)
158 158 #define MOUNTD_DOOR "/var/run/mountd_door"
159 159 #endif
160 160
161 161 /*
162 162 * Only cmd is added to the args. We need to know "what" we want
163 163 * the daemon to do for us. Also, 'stat' returns the status from
164 164 * the daemon down to the kernel in addition to perms.
165 165 */
166 166 struct nfsauth_arg {
167 167 uint_t cmd;
168 168 auth_req areq;
169 169 };
170 170 typedef struct nfsauth_arg nfsauth_arg_t;
171 171
172 172 struct nfsauth_res {
173 173 uint_t stat;
174 174 auth_res ares;
175 175 };
176 176 typedef struct nfsauth_res nfsauth_res_t;
177 177
178 178 /*
179 179 * For future extensibility, we version the data structures so
180 180 * future incantations of mountd(1m) will know how to XDR decode
181 181 * the arguments.
182 182 */
183 183 enum vtypes {
184 184 V_ERROR = 0,
185 185 V_PROTO = 1
186 186 };
187 187 typedef enum vtypes vtypes;
188 188
189 189 typedef struct varg {
190 190 uint_t vers;
191 191 union {
192 192 nfsauth_arg_t arg;
193 193 /* additional args versions go here */
194 194 } arg_u;
195 195 } varg_t;
196 196
197 197 extern bool_t xdr_varg(XDR *, varg_t *);
198 198 extern bool_t xdr_nfsauth_arg(XDR *, nfsauth_arg_t *);
199 199 extern bool_t xdr_nfsauth_res(XDR *, nfsauth_res_t *);
200 200
201 201 #ifdef __cplusplus
202 202 }
203 203 #endif
204 204
205 205 #endif /* _AUTH_H */
|
↓ open down ↓ |
167 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX