NAME
nfssvc —
NFS services
LIBRARY
library “libc”
SYNOPSIS
#include
<unistd.h>
#include <nfs/nfs.h>
int
nfssvc(int
flags, void
*argstructp);
DESCRIPTION
Thenfssvc()
function is used by the NFS daemons to pass information into and out of the
kernel and also to enter the kernel as a server daemon. The
flags argument consists of several bits that show what
action is to be taken once in the kernel and the
argstructp points to one of three structures depending
on which bits are set in flags.
Calls used by nfsd(8)
On the server side, nfssvc() is called
with the flag NFSSVC_NFSD and a pointer to a
struct nfsd_srvargs {
struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
uid_t nsd_uid; /* Effective uid mapped to cred */
u_long nsd_haddr; /* Ip address of client */
struct ucred nsd_cr; /* Cred. uid maps to */
int nsd_authlen; /* Length of auth string (ret) */
char *nsd_authstr; /* Auth string (ret) */
};
to enter the kernel as an
nfsd(8) daemon. Whenever an
nfsd(8) daemon receives a Kerberos authentication ticket, it will
return from
nfssvc()
with errno set to ENEEDAUTH. The
nfsd(8) will attempt to authenticate the ticket and generate a set of
credentials on the server for the “user id” specified in the
field nsd_uid. This is done by first authenticating the Kerberos ticket and
then mapping the Kerberos principal to a local name and getting a set of
credentials for that user via
getpwnam(3) and
getgrouplist(3). If successful, the
nfsd(8) will call nfssvc() with the
NFSSVC_NFSD and
NFSSVC_AUTHIN flags set to pass the credential
mapping in nsd_cr into the kernel to be cached on the server socket for that
client. If the authentication failed,
nfsd(8) calls nfssvc() with the flags
NFSSVC_NFSD and
NFSSVC_AUTHINFAIL to denote an authentication
failure.
The master
nfsd(8) server daemon calls
nfssvc()
with the flag NFSSVC_ADDSOCK and a pointer to a
struct nfsd_args {
int sock; /* Socket to serve */
caddr_t name; /* Client address for connection based sockets */
int namelen; /* Length of name */
};
to pass a server side NFS socket into the kernel for servicing by the nfsd(8) daemons.
Calls used by mountd(8)
The mountd(8) server daemon calls
nfssvc()
with the flag NFSSVC_SETEXPORTSLIST and a pointer to
a struct mountd_exports_list object to atomically
change the exports lists of a specific file system. This structure has the
following fields:
- const char *mel_path
- Path to the file system that will have its exports list replaced by the one described in the other fields.
- size_t mel_nexports
- Number of valid entries in the mel_export field. If zero, the exports list will be cleared for the given file system.
- struct export_args mel_export[AF_MAX]
- Set of exports to be used for the given file system.
RETURN VALUES
Usually nfssvc does not return unless the
server is terminated by a signal when a value of 0 is returned. Otherwise,
-1 is returned and the global variable errno is set to
specify the error.
ERRORS
- [
ENEEDAUTH] - This special error value is really used for authentication support, particularly Kerberos, as explained above.
- [
EPERM] - The caller is not the super-user.
SEE ALSO
HISTORY
The nfssvc function first appeared in
4.4BSD.
BUGS
The nfssvc system call is designed
specifically for the NFS support daemons and as such is specific to their
requirements. It should really return values to indicate the need for
authentication support, since ENEEDAUTH is not
really an error. Several fields of the argument structures are assumed to be
valid and sometimes to be unchanged from a previous call, such that
nfssvc must be used with extreme care.