nfssvc(2)

NAME

nfssvc - NFS services

LIBRARY

Standard C Library (libc, -lc)

SYNOPSIS

#include <sys/param.h>
#include <sys/mount.h>
#include <sys/time.h>
#include <nfs/rpcv2.h>
#include <nfs/nfs.h>
#include <unistd.h>
int
nfssvc(int flags, void *argstructp);

DESCRIPTION

The nfssvc() system call is used by the NFS daemons to pass
information
into and out of the kernel and also to enter the kernel as a
server daemon. The flags argument consists of several bits that show
what action
is to be taken once in the kernel and the argstructp points
to one of
three structures depending on which bits are set in flags.
On the client side, nfsiod(8) calls nfssvc() with the flags
argument set
to NFSSVC_BIOD and argstructp set to NULL to enter the ker
nel as a block
I/O server daemon. For NQNFS, mount_nfs(8) calls nfssvc()
with the
NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GO
TAUTH and
NFSSVC_AUTHINFAIL along with a pointer to a
struct nfsd_cargs {
char *ncd_dirp; /* Mount dir path */
uid_t ncd_authuid; /* Effective uid */
int ncd_authtype; /* Type of authenti
cator */
int ncd_authlen; /* Length of authen
ticator string */
u_char *ncd_authstr; /* Authenticator
string */
int ncd_verflen; /* and the verifier
*/
u_char *ncd_verfstr;
NFSKERBKEY_T ncd_key; /* Session key */
};
structure. The initial call has only the NFSSVC_MNTD flag
set to specify
service for the mount point. If the mount point is using
Kerberos, then
the mount_nfs(8) utility will return from nfssvc() with
errno ==
ENEEDAUTH whenever the client side requires an ``rcmd'' au
thentication
ticket for the user. The mount_nfs(8) utility will attempt
to get the
Kerberos ticket, and if successful will call nfssvc() with
the flags
NFSSVC_MNTD and NFSSVC_GOTAUTH after filling the ticket into
the
ncd_authstr field and setting the ncd_authlen and ncd_au
thtype fields of
the nfsd_cargs structure. If mount_nfs(8) failed to get the
ticket,
nfssvc() will be called with the flags NFSSVC_MNTD, NF
SSVC_GOTAUTH and
NFSSVC_AUTHINFAIL to denote a failed authentication attempt.
On the server side, nfssvc() is called with the flag NF
SSVC_NFSD and a
pointer to a
struct nfsd_srvargs {
struct nfsd *nsd_nfsd; /* Pointer to in
kernel nfsd struct */
uid_t nsd_uid; /* Effective uid
mapped to cred */
u_int32_t nsd_haddr; /* Ip address of
client */
struct ucred nsd_cr; /* Cred. uid maps to
*/
int nsd_authlen; /* Length of auth
string (ret) */
u_char *nsd_authstr; /* Auth string (ret)
*/
int nsd_verflen; /* and the verifier
*/
u_char *nsd_verfstr;
struct timeval nsd_timestamp; /* timestamp from
verifier */
u_int32_t nsd_ttl; /* credential ttl
(sec) */
NFSKERBKEY_T nsd_key; /* Session key */
};
to enter the kernel as an nfsd(8) daemon. Whenever an
nfsd(8) daemon
receives a Kerberos authentication ticket, it will return
from nfssvc()
with errno == ENEEDAUTH. The nfsd(8) utility will attempt
to authenticate the ticket and generate a set of credentials on the
server for the
``user id'' specified in the field nsd_uid. This is done by
first
authenticating the Kerberos ticket and then mapping the Ker
beros principal to a local name and getting a set of credentials for
that user via
getpwnam(3) and getgrouplist(3). If successful, the nfsd(8)
utility will
call nfssvc() with the NFSSVC_NFSD and NFSSVC_AUTHIN flags
set to pass
the credential mapping in nsd_cr into the kernel to be
cached on the
server socket for that client. If the authentication
failed, nfsd(8)
calls nfssvc() with the flags NFSSVC_NFSD and NFSSVC_AUTHIN
FAIL to denote
an authentication failure.
The master nfsd(8) server daemon calls nfssvc() with the
flag
NFSSVC_ADDSOCK and a pointer to a
struct nfsd_args {
int sock; /* Socket to serve */
caddr_t name; /* Client address for connection
based sockets */
int namelen;/* Length of name */
};
to pass a server side NFS socket into the kernel for servic
ing by the
nfsd(8) daemons.

RETURN VALUES

Normally nfssvc() does not return unless the server is ter
minated by a
signal when a value of 0 is returned. Otherwise, -1 is re
turned and the
global variable errno is set to specify the error.

ERRORS

[ENEEDAUTH] This special error value is really used
for authenti
cation support, particularly Kerberos, as
explained
above.
[EPERM] The caller is not the super-user.

SEE ALSO

mount_nfs(8), nfsd(8), nfsiod(8)

HISTORY

The nfssvc() system call first appeared in 4.4BSD.

BUGS

The nfssvc() system call is designed specifically for the
NFS support
daemons and as such is specific to their requirements. It
should really
return values to indicate the need for authentication sup
port, since
ENEEDAUTH is not really an error. Several fields of the ar
gument structures are assumed to be valid and sometimes to be unchanged
from a previous call, such that nfssvc() must be used with extreme care.
BSD June 9, 1993

BSD

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout