1*62897Sbostic.\" Copyright (c) 1989, 1991, 1993 2*62897Sbostic.\" The Regents of the University of California. All rights reserved. 338392Smckusick.\" 450487Scael.\" %sccs.include.redist.roff% 538392Smckusick.\" 6*62897Sbostic.\" @(#)nfssvc.2 8.1 (Berkeley) 06/09/93 738392Smckusick.\" 847208Scael.Dd 947208Scael.Dt NFSSVC 2 1050487Scael.Os 1147208Scael.Sh NAME 1247208Scael.Nm nfssvc 1357834Smckusick.Nd NFS services 1447208Scael.Sh SYNOPSIS 1547208Scael.Fd #include <unistd.h> 1657834Smckusick.Fd #include <nfs/nfs.h> 1747208Scael.Ft int 1857834Smckusick.Fn nfssvc "int flags" "void *argstructp" 1947208Scael.Sh DESCRIPTION 2057834SmckusickThe 2160175Sbostic.Fn nfssvc 2260175Sbosticfunction is used by the NFS daemons to pass information into and out 2360175Sbosticof the kernel and also to enter the kernel as a server daemon. 2460175SbosticThe 2557834Smckusick.Fa flags 2657834Smckusickargument consists of several bits that show what action is to be taken 2757834Smckusickonce in the kernel and the 2857834Smckusick.Fa argstructp 2957834Smckusickpoints to one of three structures depending on which bits are set in 3057834Smckusickflags. 3157834Smckusick.Pp 3257834SmckusickOn the client side, 3357834Smckusick.Xr nfsiod 8 3457834Smckusickcalls 3557834Smckusick.Fn nfssvc 3657834Smckusickwith the 3757834Smckusick.Fa flags 3857834Smckusickargument set to 3957834Smckusick.Dv NFSSVC_BIOD 4057834Smckusickand 4157834Smckusick.Fa argstructp 4257834Smckusickset to 4357834Smckusick.Dv NULL 4457834Smckusickto enter the kernel as a block I/O server daemon. 4557834SmckusickFor 4657834Smckusick.Nm NQNFS , 4757834Smckusick.Xr mount_nfs 8 4857834Smckusickcalls 4957834Smckusick.Fn nfssvc 5057834Smckusickwith the 5157834Smckusick.Dv NFSSVC_MNTD 5257834Smckusickflag, optionally or'd with the flags 5357834Smckusick.Dv NFSSVC_GOTAUTH 5457834Smckusickand 5557834Smckusick.Dv NFSSVC_AUTHINFAIL 5657834Smckusickalong with a pointer to a 5757834Smckusick.Bd -literal 5857834Smckusickstruct nfsd_cargs { 5957834Smckusick char *ncd_dirp; /* Mount dir path */ 6057834Smckusick uid_t ncd_authuid; /* Effective uid */ 6157834Smckusick int ncd_authtype; /* Type of authenticator */ 6257834Smckusick int ncd_authlen; /* Length of authenticator string */ 6357834Smckusick char *ncd_authstr; /* Authenticator string */ 6457834Smckusick}; 6557834Smckusick.Ed 6657834Smckusick.sp 6757834Smckusickstructure. 6857834SmckusickThe initial call has only the 6957834Smckusick.Dv NFSSVC_MNTD 7057834Smckusickflag set to specify service for the mount point. 7157834SmckusickIf the mount point is using Kerberos, then the 7257834Smckusick.Xr mount_nfs 8 7357834Smckusickdaemon will return from 7457834Smckusick.Fn nfssvc 7557834Smckusickwith errno == ENEEDAUTH whenever the client side requires an ``rcmd'' 7657834Smckusickauthentication ticket for the user. 7757834Smckusick.Xr Mount_nfs 8 7857834Smckusickwill attempt to get the Kerberos ticket, and if successful will call 7957834Smckusick.Fn nfssvc 8057834Smckusickwith the flags 8157834Smckusick.Dv NFSSVC_MNTD 8257834Smckusickand 8357834Smckusick.Dv NFSSVC_GOTAUTH 8457834Smckusickafter filling the ticket into the 8557834Smckusickncd_authstr field 8657834Smckusickand 8757834Smckusicksetting the ncd_authlen and ncd_authtype 8857834Smckusickfields of the nfsd_cargs structure. 8957834SmckusickIf 9057834Smckusick.Xr mount_nfs 8 9157834Smckusickfailed to get the ticket, 9257834Smckusick.Fn nfssvc 9357834Smckusickwill be called with the flags 9457834Smckusick.Dv NFSSVC_MNTD , 9557834Smckusick.Dv NFSSVC_GOTAUTH 9657834Smckusickand 9757834Smckusick.Dv NFSSVC_AUTHINFAIL 9857834Smckusickto denote a failed authentication attempt. 9957834Smckusick.Pp 10057834SmckusickOn the server side, 10157834Smckusick.Fn nfssvc 10257834Smckusickis called with the flag 10357834Smckusick.Dv NFSSVC_NFSD 10457834Smckusickand a pointer to a 10557834Smckusick.Bd -literal 10657834Smckusickstruct nfsd_srvargs { 10757834Smckusick struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ 10857834Smckusick uid_t nsd_uid; /* Effective uid mapped to cred */ 10957834Smckusick u_long nsd_haddr; /* Ip address of client */ 11057834Smckusick struct ucred nsd_cr; /* Cred. uid maps to */ 11157834Smckusick int nsd_authlen; /* Length of auth string (ret) */ 11257834Smckusick char *nsd_authstr; /* Auth string (ret) */ 11357834Smckusick}; 11457834Smckusick.Ed 11557834Smckusick.sp 11657834Smckusickto enter the kernel as an 11757834Smckusick.Xr nfsd 8 11857834Smckusickdaemon. 11957834SmckusickWhenever an 12057834Smckusick.Xr nfsd 8 12157834Smckusickdaemon receives a Kerberos authentication ticket, it will return from 12257834Smckusick.Fn nfssvc 12357834Smckusickwith errno == ENEEDAUTH. 12457834SmckusickThe 12557834Smckusick.Xr nfsd 8 12657834Smckusickwill attempt to authenticate the ticket and generate a set of credentials 12757834Smckusickon the server for the ``user id'' specified in the field nsd_uid. 12857834SmckusickThis is done by first authenticating the Kerberos ticket and then mapping 12957834Smckusickthe Kerberos principal to a local name and getting a set of credentials for 13057834Smckusickthat user via. 13157834Smckusick.Xr getpwnam 3 13257834Smckusickand 13357834Smckusick.Xr getgrouplist 3 . 13457834SmckusickIf successful, the 13557834Smckusick.Xr nfsd 8 13657834Smckusickwill call 13757834Smckusick.Fn nfssvc 13857834Smckusickwith the 13957834Smckusick.Dv NFSSVC_NFSD 14057834Smckusickand 14157834Smckusick.Dv NFSSVC_AUTHIN 14257834Smckusickflags set to pass the credential mapping in nsd_cr into the 14357834Smckusickkernel to be cached on the server socket for that client. 14457834SmckusickIf the authentication failed, 14557834Smckusick.Xr nfsd 8 14657834Smckusickcalls 14757834Smckusick.Fn nfssvc 14857834Smckusickwith the flags 14957834Smckusick.Dv NFSSVC_NFSD 15057834Smckusickand 15157834Smckusick.Dv NFSSVC_AUTHINFAIL 15257834Smckusickto denote an authentication failure. 15357834Smckusick.Pp 15457834SmckusickThe master 15557834Smckusick.Xr nfsd 8 15657834Smckusickserver daemon calls 15757834Smckusick.Fn nfssvc 15857834Smckusickwith the flag 15957834Smckusick.Dv NFSSVC_ADDSOCK 16057834Smckusickand a pointer to a 16157834Smckusick.Bd -literal 16257834Smckusickstruct nfsd_args { 16357834Smckusick int sock; /* Socket to serve */ 16457834Smckusick caddr_t name; /* Client address for connection based sockets */ 16557834Smckusick int namelen; /* Length of name */ 16657834Smckusick}; 16757834Smckusick.Ed 16857834Smckusick.sp 16957834Smckusickto pass a server side 17047208Scael.Tn NFS 17157834Smckusicksocket into the kernel for servicing by the 17257834Smckusick.Xr nfsd 8 17357834Smckusickdaemons. 17447208Scael.Sh RETURN VALUES 17547208ScaelNormally 17647208Scael.Nm nfssvc 17747208Scaeldoes not return unless the server 17857834Smckusickis terminated by a signal when a value of 0 is returned. 17947208ScaelOtherwise, -1 is returned and the global variable 18047208Scael.Va errno 18157834Smckusickis set to specify the error. 18247208Scael.Sh ERRORS 18357834Smckusick.Bl -tag -width [ENEEDAUTH] 18457834Smckusick.It Bq Er ENEEDAUTH 18557834SmckusickThis special error value 18657834Smckusickis really used for authentication support, particularly Kerberos, 18757834Smckusickas explained above. 18847208Scael.It Bq Er EPERM 18938392SmckusickThe caller is not the super-user. 19047208Scael.El 19147208Scael.Sh SEE ALSO 19257834Smckusick.Xr nfsd 8 , 19357834Smckusick.Xr mount_nfs 8 , 19457834Smckusick.Xr nfsiod 8 19547208Scael.Sh HISTORY 19647208ScaelThe 19750487Scael.Nm nfssvc 19862896Sbosticfunction first appeared in 4.4BSD. 19957834Smckusick.Sh BUGS 20057834SmckusickThe 20157834Smckusick.Nm nfssvc 20257834Smckusicksystem call is designed specifically for the 20357834Smckusick.Tn NFS 20457834Smckusicksupport daemons and as such is specific to their requirements. 20557834SmckusickIt should really return values to indicate the need for authentication 20657834Smckusicksupport, since 20757834Smckusick.Dv ENEEDAUTH 20857834Smckusickis not really an error. 20957834SmckusickSeveral fields of the argument structures are assumed to be valid and 21057834Smckusicksometimes to be unchanged from a previous call, such that 21157834Smckusick.Nm nfssvc 21257834Smckusickmust be used with extreme care. 213