diff options
| author | Neil Brown <neilb@cse.unsw.edu.au> | 2002-10-11 05:39:15 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.transmeta.com> | 2002-10-11 05:39:15 -0700 |
| commit | 7b1c5134432d8d9eff53094ce27bd153e401dbfd (patch) | |
| tree | acfff167ad52c7ba05c64500532982003e8cea4e /include | |
| parent | bc9ff117c1bc6a879fced39d09fae033d21b7d67 (diff) | |
[PATCH] kNFSd: Tidy up the rpc authentication interface.
Define auth_ops that contains a method for authenticating a request and a
method for authorising a reply. Call both methods as appropriate.
Also discard rq_verfed and cr_flavour, neither ever used.
And discard rq_auth as it isn't needed.
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/sunrpc/svc.h | 9 | ||||
| -rw-r--r-- | include/linux/sunrpc/svcauth.h | 66 |
2 files changed, 53 insertions, 22 deletions
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h index e1ed17ddc419..e4a2bdc0b87c 100644 --- a/include/linux/sunrpc/svc.h +++ b/include/linux/sunrpc/svc.h @@ -98,6 +98,7 @@ struct svc_rqst { struct svc_serv * rq_server; /* RPC service definition */ struct svc_procedure * rq_procinfo; /* procedure info */ + struct auth_ops * rq_authop; /* authentication flavour */ struct svc_cred rq_cred; /* auth info */ struct sk_buff * rq_skbuff; /* fast recv inet buffer */ struct svc_buf rq_defbuf; /* default buffer */ @@ -108,10 +109,10 @@ struct svc_rqst { u32 rq_vers; /* program version */ u32 rq_proc; /* procedure number */ u32 rq_prot; /* IP protocol */ - unsigned short rq_verfed : 1, /* reply has verifier */ + unsigned short rq_userset : 1, /* auth->setuser OK */ - rq_secure : 1, /* secure port */ - rq_auth : 1; /* check client */ + rq_secure : 1; /* secure port */ + void * rq_argp; /* decoded arguments */ void * rq_resp; /* xdr'd results */ @@ -128,7 +129,7 @@ struct svc_rqst { * to report (real or virtual) */ - wait_queue_head_t rq_wait; /* synchronozation */ + wait_queue_head_t rq_wait; /* synchronization */ }; /* diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h index 83aa079fe2f3..0852b50ff63d 100644 --- a/include/linux/sunrpc/svcauth.h +++ b/include/linux/sunrpc/svcauth.h @@ -14,34 +14,64 @@ #include <linux/sunrpc/msg_prot.h> struct svc_cred { - rpc_authflavor_t cr_flavor; uid_t cr_uid; gid_t cr_gid; gid_t cr_groups[NGROUPS]; }; struct svc_rqst; /* forward decl */ - -void svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp); -int svc_auth_register(rpc_authflavor_t flavor, - void (*)(struct svc_rqst *,u32 *,u32 *)); -void svc_auth_unregister(rpc_authflavor_t flavor); - -#if 0 /* - * Decoded AUTH_UNIX data. This is different from what's in the RPC lib. + * Each authentication flavour registers an auth_ops + * structure. + * name is simply the name. + * flavour gives the auth flavour. It determines where the flavour is registered + * accept() is given a request and should verify it. + * It should inspect the authenticator and verifier, and possibly the data. + * If there is a problem with the authentication *authp should be set. + * The return value of accept() can indicate: + * OK - authorised. client and credential are set in rqstp. + * reqbuf points to arguments + * resbuf points to good place for results. verfier + * is (probably) already in place. Certainly space is + * reserved for it. + * DROP - simply drop the request. It may have been deferred + * GARBAGE - rpc garbage_args error + * SYSERR - rpc system_err error + * DENIED - authp holds reason for denial. + * + * accept is passed the proc number so that it can accept NULL rpc requests + * even if it cannot authenticate the client (as is sometimes appropriate). + * + * release() is given a request after the procedure has been run. + * It should sign/encrypt the results if needed + * It should return: + * OK - the resbuf is ready to be sent + * DROP - the reply should be quitely dropped + * DENIED - authp holds a reason for MSG_DENIED + * SYSERR - rpc system_err */ -#define NGRPS 16 -struct authunix_parms { - u32 aup_stamp; - u32 aup_uid; - u32 aup_gid; - u32 aup_len; - u32 aup_gids[NGRPS]; +struct auth_ops { + char * name; + int flavour; + int (*accept)(struct svc_rqst *rq, u32 *authp, int proc); + int (*release)(struct svc_rqst *rq); }; +extern struct auth_ops *authtab[RPC_AUTH_MAXFLAVOR]; + +#define SVC_GARBAGE 1 +#define SVC_SYSERR 2 +#define SVC_VALID 3 +#define SVC_NEGATIVE 4 +#define SVC_OK 5 +#define SVC_DROP 6 +#define SVC_DENIED 7 +#define SVC_PENDING 8 + -struct svc_authops * auth_getops(rpc_authflavor_t flavor); -#endif +extern int svc_authenticate(struct svc_rqst *rqstp, u32 *statp, u32 *authp, int proc); +extern int svc_authorise(struct svc_rqst *rqstp); +extern int svc_auth_register(rpc_authflavor_t flavor, struct auth_ops *aops); +extern void svc_auth_unregister(rpc_authflavor_t flavor); #endif /* __KERNEL__ */ |