NAME¶

LIBRARY¶

SYNOPSIS¶

int
nfssvc(int flags, void *argstructp);

DESCRIPTION¶

On the client side, nfsiod(8) calls nfssvc() with the flags argument set to NFSSVC_BIOD and argstructp set to NULL to enter the kernel as a block I/O server daemon. For NQNFS, mount_nfs(8) calls nfssvc() with the NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL along with a pointer to a

struct nfsd_cargs {
	char		*ncd_dirp;	/* Mount dir path */
	uid_t		ncd_authuid;	/* Effective uid */
	int		ncd_authtype;	/* Type of authenticator */
	int		ncd_authlen;	/* Length of authenticator string */
	u_char		*ncd_authstr;	/* Authenticator string */
	int		ncd_verflen;	/* and the verifier */
	u_char		*ncd_verfstr;
	NFSKERBKEY_T	ncd_key;	/* Session key */
};

structure. The initial call has only the NFSSVC_MNTD flag set to specify service for the mount point. If the mount point is using Kerberos, then the mount_nfs(8) utility will return from nfssvc() with errno == ENEEDAUTH whenever the client side requires an ``rcmd'' authentication ticket for the user. The mount_nfs(8) utility will attempt to get the Kerberos ticket, and if successful will call nfssvc() with the flags NFSSVC_MNTD and NFSSVC_GOTAUTH after filling the ticket into the ncd_authstr field and setting the ncd_authlen and ncd_authtype fields of the nfsd_cargs structure. If mount_nfs(8) failed to get the ticket, nfssvc() will be called with the flags NFSSVC_MNTD, NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL to denote a failed authentication attempt.

On the server side, nfssvc() is called with the flag NFSSVC_NFSD and a pointer to a

struct nfsd_srvargs {
	struct nfsd	*nsd_nfsd;	/* Pointer to in kernel nfsd struct */
	uid_t		nsd_uid;	/* Effective uid mapped to cred */
	uint32_t	nsd_haddr;	/* Ip address of client */
	struct ucred	nsd_cr;		/* Cred. uid maps to */
	int		nsd_authlen;	/* Length of auth string (ret) */
	u_char		*nsd_authstr;	/* Auth string (ret) */
	int		nsd_verflen;	/* and the verifier */
	u_char		*nsd_verfstr;
	struct timeval	nsd_timestamp;	/* timestamp from verifier */
	uint32_t	nsd_ttl;	/* credential ttl (sec) */
	NFSKERBKEY_T	nsd_key;	/* Session key */
};

to enter the kernel as an nfsd(8) daemon. Whenever an nfsd(8) daemon receives a Kerberos authentication ticket, it will return from nfssvc() with errno == ENEEDAUTH. The nfsd(8) utility will attempt to authenticate the ticket and generate a set of credentials on the server for the ``user id'' specified in the field nsd_uid. This is done by first authenticating the Kerberos ticket and then mapping the Kerberos principal to a local name and getting a set of credentials for that user via getpwnam(3) and getgrouplist(3). If successful, the nfsd(8) utility will call nfssvc() with the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in nsd_cr into the kernel to be cached on the server socket for that client. If the authentication failed, nfsd(8) calls nfssvc() with the flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure.

The master nfsd(8) server daemon calls nfssvc() with the flag NFSSVC_ADDSOCK and a pointer to a

struct nfsd_args {
	int	sock;	/* Socket to serve */
	caddr_t	name;	/* Client address for connection based sockets */
	int	namelen;/* Length of name */
};

to pass a server side NFS socket into the kernel for servicing by the nfsd(8) daemons.

RETURN VALUES¶

ERRORS¶

[ENEEDAUTH]

This special error value is really used for authentication support, particularly Kerberos, as explained above.

[EPERM]

The caller is not the super-user.

SEE ALSO¶

HISTORY¶

BUGS¶