MirBSD manpage: nfssvc(2)

NFSSVC(2)                  BSD Programmer's Manual                   NFSSVC(2)


     nfssvc - NFS services


     #include <unistd.h>
     #include <nfs/nfs.h>

     nfssvc(int flags, void *argstructp);


     The nfssvc() function is used by the NFS daemons to pass information into
     and out of the kernel and also to enter the kernel as a server daemon.
     The flags argument consists of several bits that show what action is to
     be taken once in the kernel and the argstructp points to one of three
     structures depending on which bits are set in flags.

     On the client side, there is no longer a need to call nfssvc() with the
     flags argument set to NFSSVC_BIOD since this functionality has been re-
     placed by a nfsiod implementation using kernel threads. See nfsd(8) and
     sysctl(8) for further discussion. For NQNFS, mount_nfs(8) calls nfssvc()
     with the NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GOTAUTH
     and NFSSVC_AUTHINFAIL along with a pointer to a

     struct nfsd_cargs {
             char            *ncd_dirp;      /* Mount dir path */
             uid_t           ncd_authuid;    /* Effective uid */
             int             ncd_authtype;   /* Type of authenticator */
             u_int           ncd_authlen;   /* Length of authenticator string */
             u_char          *ncd_authstr;   /* Authenticator string */
             u_int           ncd_verflen;    /* and the verifier */
             u_char          *ncd_verfstr;
             NFSKERBKEY_T    ncd_key;        /* Session key */

     structure. The initial call has only the NFSSVC_MNTD flag set to specify
     service for the mount point. If the mount point is using Kerberos, then
     the mount_nfs(8) daemon will return from nfssvc() with errno set to
     ENEEDAUTH whenever the client side requires an "rcmd" authentication
     ticket for the user. mount_nfs(8) will attempt to get the Kerberos tick-
     et, and if successful will call nfssvc() with the flags NFSSVC_MNTD and
     NFSSVC_GOTAUTH after filling the ticket into the ncd_authstr field and
     setting the ncd_authlen and ncd_authtype fields of the nfsd_cargs struc-
     ture. If mount_nfs(8) failed to get the ticket, nfssvc() will be called
     denote a failed authentication attempt.

     On the server side, nfssvc() is called with the flag NFSSVC_NFSD and a
     pointer to a

     struct nfsd_srvargs {
             struct nfsd     *nsd_nfsd;   /* Pointer to in kernel nfsd struct */
             uid_t           nsd_uid;        /* Effective uid mapped to cred */
             u_int32_t       nsd_haddr;      /* IP address of client */
             struct ucred    nsd_cr;         /* Cred. uid maps to */
             int             nsd_authlen;    /* Length of auth string (ret) */
             u_char          *nsd_authstr;   /* Auth string (ret) */
             int             nsd_verflen;    /* and the verifier */
             u_char          *nsd_verfstr;
             struct timeval  nsd_timestamp;  /* timestamp from verifier */
             u_int32_t       nsd_ttl;        /* credential ttl (sec) */
             NFSKERBKEY_T    nsd_key;        /* Session key */

     to enter the kernel as an nfsd(8) daemon. Whenever an nfsd(8) daemon re-
     ceives a Kerberos authentication ticket, it will return from nfssvc()
     with errno set to ENEEDAUTH. The nfsd(8) will attempt to authenticate the
     ticket and generate a set of credentials on the server for the user ID
     specified in the field nsd_uid. This is done by first authenticating the
     Kerberos ticket and then mapping the Kerberos principal to a local name
     and getting a set of credentials for that user via getpwnam(3) and
     getgrouplist(3). If successful, the nfsd(8) will call nfssvc() with the
     NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in
     nsd_cr into the kernel to be cached on the server socket for that client.
     If the authentication failed, nfsd(8) calls nfssvc() with the flags
     NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure.

     The master nfsd(8) server daemon calls nfssvc() with the flag
     NFSSVC_ADDSOCK and a pointer to a

     struct nfsd_args {
             int     sock;     /* Socket to serve */
             caddr_t name;     /* Client address for connection based sockets */
             int     namelen;  /* Length of name */

     to pass a server side NFS socket into the kernel for servicing by the
     nfsd(8) daemons.


     Normally nfssvc does not return unless the server is terminated by a sig-
     nal when a value of 0 is returned. Otherwise, -1 is returned and the glo-
     bal variable errno is set to specify the error.


     [ENEEDAUTH]   This special error value is really used for authentication
                   support, particularly Kerberos, as explained above.

     [EPERM]       The caller is not the superuser.


     mount_nfs(8), nfsd(8), sysctl(8)


     The nfssvc function first appeared in 4.4BSD.


     The nfssvc system call is designed specifically for the NFS support dae-
     mons and as such is specific to their requirements. It should really re-
     turn values to indicate the need for authentication support, since
     ENEEDAUTH is not really an error. Several fields of the argument struc-
     tures are assumed to be valid and sometimes to be unchanged from a previ-
     ous call, such that nfssvc must be used with extreme care.

MirBSD #10-current               June 9, 1993                                1

Generated on 2021-12-07 11:07:08 by $MirOS: src/scripts/roff2htm,v 1.103 2021/01/23 20:24:35 tg Exp $ — This product includes material provided by mirabilos.

These manual pages and other documentation are copyrighted by their respective writers; their sources are available at the project’s CVSweb, AnonCVS and other mirrors. The rest is Copyright © 2002–2021 MirBSD.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report — diffs preferred.