nfssvc (2)
Leading comments
Copyright (c) 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the fol...
NAME
nfssvc - NFS servicesLIBRARY
Lb libcSYNOPSIS
In sys/param.h In sys/mount.h In sys/time.h In nfs/rpcv2.h In nfsserver/nfs.h In unistd.h Ft int Fn nfssvc int flags void *argstructpDESCRIPTION
The Fn nfssvc system call is used by the NFS daemons to pass information into and out of the kernel and also to enter the kernel as a server daemon. The Fa flags argument consists of several bits that show what action is to be taken once in the kernel and the Fa argstructp points to one of three structures depending on which bits are set in flags.On the client side, nfsiod(8) calls Fn nfssvc with the Fa flags argument set to NFSSVC_BIOD and Fa argstructp set to NULL to enter the kernel as a block I/O server daemon. For NQNFS mount_nfs8 calls Fn nfssvc with the NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL along with a pointer to a
struct nfsd_cargs { char *ncd_dirp; /* Mount dir path */ uid_t ncd_authuid; /* Effective uid */ int ncd_authtype; /* Type of authenticator */ int ncd_authlen; /* Length of authenticator string */ u_char *ncd_authstr; /* Authenticator string */ int ncd_verflen; /* and the verifier */ u_char *ncd_verfstr; NFSKERBKEY_T ncd_key; /* Session key */ };
structure. The initial call has only the NFSSVC_MNTD flag set to specify service for the mount point. If the mount point is using Kerberos, then the mount_nfs8 utility will return from Fn nfssvc with errno == Er ENEEDAUTH whenever the client side requires an ``rcmd'' authentication ticket for the user. The mount_nfs8 utility will attempt to get the Kerberos ticket, and if successful will call Fn nfssvc with the flags NFSSVC_MNTD and NFSSVC_GOTAUTH after filling the ticket into the ncd_authstr field and setting the ncd_authlen and ncd_authtype fields of the nfsd_cargs structure. If mount_nfs8 failed to get the ticket, Fn nfssvc will be called with the flags NFSSVC_MNTD NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL to denote a failed authentication attempt.
On the server side, Fn nfssvc is called with the flag NFSSVC_NFSD and a pointer to a
struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ uint32_t nsd_haddr; /* Ip address of client */ struct ucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verifier */ u_char *nsd_verfstr; struct timeval nsd_timestamp; /* timestamp from verifier */ uint32_t nsd_ttl; /* credential ttl (sec) */ NFSKERBKEY_T nsd_key; /* Session key */ };
to enter the kernel as an nfsd(8) daemon. Whenever an nfsd(8) daemon receives a Kerberos authentication ticket, it will return from Fn nfssvc with errno == Er ENEEDAUTH . The nfsd(8) utility will attempt to authenticate the ticket and generate a set of credentials on the server for the ``user id'' specified in the field nsd_uid. This is done by first authenticating the Kerberos ticket and then mapping the Kerberos principal to a local name and getting a set of credentials for that user via getpwnam(3) and getgrouplist(3). If successful, the nfsd(8) utility will call Fn nfssvc with the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in nsd_cr into the kernel to be cached on the server socket for that client. If the authentication failed, nfsd(8) calls Fn nfssvc with the flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure.
The master nfsd(8) server daemon calls Fn nfssvc with the flag NFSSVC_ADDSOCK and a pointer to a
struct nfsd_args { int sock; /* Socket to serve */ caddr_t name; /* Client address for connection based sockets */ int namelen;/* Length of name */ };
to pass a server side NFS socket into the kernel for servicing by the nfsd(8) daemons.
RETURN VALUES
Normally Fn nfssvc does not return unless the server is terminated by a signal when a value of 0 is returned. Otherwise, -1 is returned and the global variable errno is set to specify the error.ERRORS
- Bq Er ENEEDAUTH
- This special error value is really used for authentication support, particularly Kerberos, as explained above.
- Bq Er EPERM
- The caller is not the super-user.