NAME | SYNOPSIS | FEATURES | DESCRIPTION | RETURN VALUES | ERRORS | ATTRIBUTES | SEE ALSO | HISTORY | BUGS | RESTRICTIONS FOR ChorusOS
#include <unistd.h> #include <nfs/nfs.h>int nfssvc(int flags, void *argstructp);
NFS_SERVER
The nfssvc() function is used by the NFS daemons to pass information into and out of the kernel, as well as to enter the kernel as a server daemon. The flags argument consists of several bits that show what action is to be taken once in the kernel, The argstructp points to one of three structures depending on which bits are set in flags.
On the client side, nfsd(1M) calls nfssvc() with the flags argument set to NFSSVC_BIOD and argstructp set to NULL to enter the kernel as a block I/O server daemon. For NQNFS , mount_nfs(1M) calls nfssvc() with the NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL along with a pointer to the following strucure:
struct nfsd_cargs { char *ncd_dirp; /* Mount dir path */ uid_t ncd_authuid; /* Effective uid */ int ncd_authtype; /* Type of authenticator */ int ncd_authlen; /* Length of authenticator string */ u_char *ncd_authstr; /* Authenticator string */ int ncd_verflen; /* and the verifier */ u_char *ncd_verfstr; NFSKERBKEY_T ncd_key; /* Session key */ };
The initial call only has the NFSSVC_MNTD flag set to specify service for the mount point. If the mount point is using Kerberos, the mount_nfs(1M) daemon will return from nfssvc with errno set to ENEEDAUTH whenever the client side requires an "rcmd" authentication ticket for the user.
The mount_nfs(1M) function will attempt to get the Kerberos ticket, and if successful, will call nfssvc() with the NFSSVC_MNTD and NFSSVC_GOTAUTH flags after putting the ticket information into the ncd_authstr field and setting the ncd_authlen and ncd_authtype fields of the nfsd_cargs structure. If mount_nfs(1M) failed to get the ticket, nfssvc() will be called with the flags NFSSVC_MNTD, NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL to denote a failed authentication attempt. See RESTRICTIONS for Kerberos filesystems with ChorusOS.
On the server side, nfssvc() is called with the flag NFSSVC_NFSD and a pointer to the following structure:
struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_long nsd_haddr; /* Ip address of client */ struct ucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verfier */ u_char *nsd_verfstr; struct timeval nsd_timestamp; /* timestamp from verifier */ u_long nsd_ttl; /* credential ttl (sec) */ NFSKERBKEY_T nsd_key; /* Session key */ };
This allows it to enter the kernel as an nfsd(1M) daemon. Whenever an nfsd(1M) daemon receives a Kerberos authentication ticket, it will return from nfssvc() with errno set to ENEEDAUTH. The nfsd(1M) will attempt to authenticate the ticket and generate a set of credentials on the server for the "user id" specified in the nsd_uid field. This is done by first authenticating the Kerberos ticket and then mapping the Kerberos principal to a local name and getting a set of credentials for that user via getpwnam() and getgrouplist(). If successful, the nfsd(1M) will call nfssvc() with the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in nsd_crnto to the kernel to be cached on the server socket for that client. If the authentication failed, nfsd(1M) calls nfssvc() with the flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure. See RESTRICTIONS about authentication on top of ChorusOS.
The master nfsd(1M) server daemon calls nfssvc with the flag NFSSVC_ADDSOCK and a pointer to the following structure:
struct nfsd_args { int sock; /* Socket to serve */ caddr_t name; /* Client address for connection based sockets */ int namelen; /* Length of name */ };
This allows it to pass a server side NFS socket into the kernel for servicing by the nfsd(1M) daemons.
Under normal circumstances, nfssvc does not return. If the server is terminated by a signal, a value of 0 is returned. Otherwise, a value of -1 is returned and the global variable errno is set to indicate one of the following error conditions.
This special error value is used for authentication support, particularly Kerberos, as explained above.
The caller is not the super-user.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Interface Stability | Evolving |
The nfssvc() function first appeared in 4.4BSD.
The nfssvc() system call is designed specifically for the NFS support daemons and as such is specific to their requirements. It should return values to indicate the need for authentication support, as ENEEDAUTH is not really an error. Several fields of the argument structures are assumed to be valid and sometimes to be unchanged from a previous call, nfssvc() should therefore be used with extreme care.
The Kerberos filesystem is not supported.
Authentication on top of ChorusOS never calls getpwnam() or getgrouplist() because /etc/passwd and /etc/group files are not supported.
NAME | SYNOPSIS | FEATURES | DESCRIPTION | RETURN VALUES | ERRORS | ATTRIBUTES | SEE ALSO | HISTORY | BUGS | RESTRICTIONS FOR ChorusOS