rfc3010.txt

最新的RFC

                  struct fattr4 {
                          bitmap4       attrmask;
                          attrlist4     attr_vals;
                  };

        The fattr4 structure is used to represent file and directory
        attributes.

        The bitmap is a counted array of 32 bit integers used to contain
        bit values.  The position of the integer in the array that
        contains bit n can be computed from the expression (n / 32) and
        its bit within that integer is (n mod 32).

                                      0            1
                    +-----------+-----------+-----------+--
                    |  count    | 31  ..  0 | 63  .. 32 |
                    +-----------+-----------+-----------+--


   change_info4

                  struct change_info4 {
                          bool          atomic;
                          changeid4     before;
                          changeid4     after;
                  };



Shepler, et al.             Standards Track                    [Page 16]

RFC 3010                 NFS version 4 Protocol            December 2000


        This structure is used with the CREATE, LINK, REMOVE, RENAME
        operations to let the client the know value of the change
        attribute for the directory in which the target file system
        object resides.


   clientaddr4

                  struct clientaddr4 {
                          /* see struct rpcb in RFC 1833 */
                          string r_netid<>;    /* network id */
                          string r_addr<>;     /* universal address */
                  };

        The clientaddr4 structure is used as part of the SETCLIENT
        operation to either specify the address of the client that is
        using a clientid or as part of the call back registration.


   cb_client4

                  struct cb_client4 {
                          unsigned int  cb_program;
                          clientaddr4   cb_location;
                  };

        This structure is used by the client to inform the server of its
        call back address; includes the program number and client
        address.


   nfs_client_id4

                  struct nfs_client_id4 {
                          verifier4     verifier;
                          opaque        id<>;
                  };

        This structure is part of the arguments to the SETCLIENTID
        operation.


   nfs_lockowner4

                  struct nfs_lockowner4 {
                          clientid4     clientid;
                          opaque        owner<>;
                  };



Shepler, et al.             Standards Track                    [Page 17]

RFC 3010                 NFS version 4 Protocol            December 2000


        This structure is used to identify the owner of a OPEN share or
        file lock.

3.  RPC and Security Flavor

   The NFS version 4 protocol is a Remote Procedure Call (RPC)
   application that uses RPC version 2 and the corresponding eXternal
   Data Representation (XDR) as defined in [RFC1831] and [RFC1832].  The
   RPCSEC_GSS security flavor as defined in [RFC2203] MUST be used as
   the mechanism to deliver stronger security for the NFS version 4
   protocol.

3.1.  Ports and Transports

   Historically, NFS version 2 and version 3 servers have resided on
   port 2049.  The registered port 2049 [RFC1700] for the NFS protocol
   should be the default configuration.  Using the registered port for
   NFS services means the NFS client will not need to use the RPC
   binding protocols as described in [RFC1833]; this will allow NFS to
   transit firewalls.

   The transport used by the RPC service for the NFS version 4 protocol
   MUST provide congestion control comparable to that defined for TCP in
   [RFC2581].  If the operating environment implements TCP, the NFS
   version 4 protocol SHOULD be supported over TCP.  The NFS client and
   server may use other transports if they support congestion control as
   defined above and in those cases a mechanism may be provided to
   override TCP usage in favor of another transport.

   If TCP is used as the transport, the client and server SHOULD use
   persistent connections.  This will prevent the weakening of TCP's
   congestion control via short lived connections and will improve
   performance for the WAN environment by eliminating the need for SYN
   handshakes.

   Note that for various timers, the client and server should avoid
   inadvertent synchronization of those timers.  For further discussion
   of the general issue refer to [Floyd].

3.2.  Security Flavors

   Traditional RPC implementations have included AUTH_NONE, AUTH_SYS,
   AUTH_DH, and AUTH_KRB4 as security flavors.  With [RFC2203] an
   additional security flavor of RPCSEC_GSS has been introduced which
   uses the functionality of GSS-API [RFC2078].  This allows for the use
   of varying security mechanisms by the RPC layer without the
   additional implementation overhead of adding RPC security flavors.
   For NFS version 4, the RPCSEC_GSS security flavor MUST be used to



Shepler, et al.             Standards Track                    [Page 18]

RFC 3010                 NFS version 4 Protocol            December 2000


   enable the mandatory security mechanism.  Other flavors, such as,
   AUTH_NONE, AUTH_SYS, and AUTH_DH MAY be implemented as well.

3.2.1.  Security mechanisms for NFS version 4

   The use of RPCSEC_GSS requires selection of: mechanism, quality of
   protection, and service (authentication, integrity, privacy).  The
   remainder of this document will refer to these three parameters of
   the RPCSEC_GSS security as the security triple.

3.2.1.1.  Kerberos V5 as security triple

   The Kerberos V5 GSS-API mechanism as described in [RFC1964] MUST be
   implemented and provide the following security triples.

   column descriptions:

   1 == number of pseudo flavor
   2 == name of pseudo flavor
   3 == mechanism's OID
   4 == mechanism's algorithm(s)
   5 == RPCSEC_GSS service

1      2     3                    4              5
-----------------------------------------------------------------------
390003 krb5  1.2.840.113554.1.2.2 DES MAC MD5    rpc_gss_svc_none
390004 krb5i 1.2.840.113554.1.2.2 DES MAC MD5    rpc_gss_svc_integrity
390005 krb5p 1.2.840.113554.1.2.2 DES MAC MD5    rpc_gss_svc_privacy
                                  for integrity,
                                  and 56 bit DES
                                  for privacy.

   Note that the pseudo flavor is presented here as a mapping aid to the
   implementor.  Because this NFS protocol includes a method to
   negotiate security and it understands the GSS-API mechanism, the
   pseudo flavor is not needed.  The pseudo flavor is needed for NFS
   version 3 since the security negotiation is done via the MOUNT
   protocol.

   For a discussion of NFS' use of RPCSEC_GSS and Kerberos V5, please
   see [RFC2623].

3.2.1.2.  LIPKEY as a security triple

   The LIPKEY GSS-API mechanism as described in [RFC2847] MUST be
   implemented and provide the following security triples. The
   definition of the columns matches the previous subsection "Kerberos
   V5 as security triple"



Shepler, et al.             Standards Track                    [Page 19]

RFC 3010                 NFS version 4 Protocol            December 2000


1      2        3                    4              5
-----------------------------------------------------------------------
390006 lipkey   1.3.6.1.5.5.9        negotiated  rpc_gss_svc_none
390007 lipkey-i 1.3.6.1.5.5.9        negotiated  rpc_gss_svc_integrity
390008 lipkey-p 1.3.6.1.5.5.9        negotiated  rpc_gss_svc_privacy

   The mechanism algorithm is listed as "negotiated".  This is because
   LIPKEY is layered on SPKM-3 and in SPKM-3 [RFC2847] the
   confidentiality and integrity algorithms are negotiated.  Since
   SPKM-3 specifies HMAC-MD5 for integrity as MANDATORY, 128 bit
   cast5CBC for confidentiality for privacy as MANDATORY, and further
   specifies that HMAC-MD5 and cast5CBC MUST be listed first before
   weaker algorithms, specifying "negotiated" in column 4 does not
   impair interoperability.  In the event an SPKM-3 peer does not
   support the mandatory algorithms, the other peer is free to accept or
   reject the GSS-API context creation.

   Because SPKM-3 negotiates the algorithms, subsequent calls to
   LIPKEY's GSS_Wrap() and GSS_GetMIC() by RPCSEC_GSS will use a quality
   of protection value of 0 (zero).  See section 5.2 of [RFC2025] for an
   explanation.

   LIPKEY uses SPKM-3 to create a secure channel in which to pass a user
   name and password from the client to the user.  Once the user name
   and password have been accepted by the server, calls to the LIPKEY
   context are redirected to the SPKM-3 context.  See [RFC2847] for more
   details.

3.2.1.3.  SPKM-3 as a security triple

   The SPKM-3 GSS-API mechanism as described in [RFC2847] MUST be
   implemented and provide the following security triples. The
   definition of the columns matches the previous subsection "Kerberos
   V5 as security triple".

1      2        3                    4              5
-----------------------------------------------------------------------
390009 spkm3    1.3.6.1.5.5.1.3      negotiated  rpc_gss_svc_none
390010 spkm3i   1.3.6.1.5.5.1.3      negotiated  rpc_gss_svc_integrity
390011 spkm3p   1.3.6.1.5.5.1.3      negotiated  rpc_gss_svc_privacy

   For a discussion as to why the mechanism algorithm is listed as
   "negotiated", see the previous section "LIPKEY as a security triple."

   Because SPKM-3 negotiates the algorithms, subsequent calls to SPKM-
   3's GSS_Wrap() and GSS_GetMIC() by RPCSEC_GSS will use a quality of
   protection value of 0 (zero).  See section 5.2 of [RFC2025] for an
   explanation.



Shepler, et al.             Standards Track                    [Page 20]

RFC 3010                 NFS version 4 Protocol            December 2000


   Even though LIPKEY is layered over SPKM-3, SPKM-3 is specified as a
   mandatory set of triples to handle the situations where the initiator
   (the client) is anonymous or where the initiator has its own
   certificate.  If the initiator is anonymous, there will not be a user
   name and password to send to the target (the server).  If the
   initiator has its own certificate, then using passwords is
   superfluous.

3.3.  Security Negotiation

   With the NFS version 4 server potentially offering multiple security
   mechanisms, the client needs a method to determine or negotiate which
   mechanism is to be used for its communication with the server.  The
   NFS server may have multiple points within its file system name space
   that are available for use by NFS clients.  In turn the NFS server
   may be configured such that each of these entry points may have
   different or multiple security mechanisms in use.

   The security negotiation between client and server must be done with
   a secure channel to eliminate the possibility of a third party
   intercepting the negotiation sequence and forcing the client and
   server to choose a lower level of security than required or desired.

3.3.1.  Security Error

   Based on the assumption that each NFS version 4 client and server
   must support a minimum set of security (i.e. LIPKEY, SPKM-3, and
   Kerberos-V5 all under RPCSEC_GSS), the NFS client will start its
   communication with the server with one of the minimal security
   triples.  During communication with the server, the client may