NAME
nfssvc —
NFS services
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
#include <nfs/nfs.h>
int
nfssvc(
int
flags,
void
*argstructp);
DESCRIPTION
The
nfssvc() function is used by the NFS daemons to pass
information into and out of the kernel and also to enter the kernel as a
server daemon. The
flags argument consists of several
bits that show what action is to be taken once in the kernel and the
argstructp points to one of three structures depending
on which bits are set in flags.
On the server side,
nfssvc() is called with the flag
NFSSVC_NFSD
and a pointer to a
struct nfsd_srvargs {
struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
uid_t nsd_uid; /* Effective uid mapped to cred */
u_long nsd_haddr; /* Ip address of client */
struct ucred nsd_cr; /* Cred. uid maps to */
int nsd_authlen; /* Length of auth string (ret) */
char *nsd_authstr; /* Auth string (ret) */
};
to enter the kernel as an
nfsd(8)
daemon. Whenever an
nfsd(8) daemon
receives a Kerberos authentication ticket, it will return from
nfssvc() with errno set to
ENEEDAUTH
. The
nfsd(8) will attempt to
authenticate the ticket and generate a set of credentials on the server for
the “user id” specified in the field nsd_uid. This is done by
first authenticating the Kerberos ticket and then mapping the Kerberos
principal to a local name and getting a set of credentials for that user via
getpwnam(3) and
getgrouplist(3). If
successful, the
nfsd(8) will call
nfssvc() with the
NFSSVC_NFSD
and
NFSSVC_AUTHIN
flags set to pass the credential mapping
in nsd_cr into the kernel to be cached on the server socket for that client.
If the authentication failed,
nfsd(8) calls
nfssvc() with the flags
NFSSVC_NFSD
and
NFSSVC_AUTHINFAIL
to denote an authentication
failure.
The master
nfsd(8) server daemon
calls
nfssvc() with the flag
NFSSVC_ADDSOCK
and a pointer to a
struct nfsd_args {
int sock; /* Socket to serve */
caddr_t name; /* Client address for connection based sockets */
int namelen; /* Length of name */
};
to pass a server side NFS socket into the kernel for servicing by the
nfsd(8) daemons.
The
mountd(8) server daemon calls
nfssvc() with the flag
NFSSVC_SETEXPORTSLIST
and a pointer to a
struct mountd_exports_list object to atomically change
the exports lists of a specific file system. This structure has the following
fields:
-
-
- const char
*mel_path
- Path to the file system that will have its exports list
replaced by the one described in the other fields.
-
-
- size_t
mel_nexports
- Number of valid entries in the
mel_export field. If zero, the exports list will be
cleared for the given file system.
-
-
- struct
export_args mel_export[AF_MAX]
- Set of exports to be used for the given file system.
RETURN VALUES
Usually
nfssvc does not return unless the server is terminated
by a signal when a value of 0 is returned. Otherwise, -1 is returned and the
global variable
errno is set to specify the error.
ERRORS
-
-
- [
ENEEDAUTH
]
- This special error value is really used for authentication
support, particularly Kerberos, as explained above.
-
-
- [
EPERM
]
- The caller is not the super-user.
SEE ALSO
mount_nfs(8),
nfsd(8)
HISTORY
The
nfssvc function first appeared in
4.4BSD.
BUGS
The
nfssvc system call is designed specifically for the NFS
support daemons and as such is specific to their requirements. It should
really return values to indicate the need for authentication support, since
ENEEDAUTH
is not really an error. Several fields of
the argument structures are assumed to be valid and sometimes to be unchanged
from a previous call, such that
nfssvc must be used with
extreme care.