NFSSVC(2) BSD Programmer's Manual NFSSVC(2) NNAAMMEE nnffssssvvcc - NFS services SSYYNNOOPPSSIISS ##iinncclluuddee <<uunniissttdd..hh>> ##iinncclluuddee <<nnffss//nnffss..hh>> _i_n_t nnffssssvvcc(_i_n_t _f_l_a_g_s, _v_o_i_d _*_a_r_g_s_t_r_u_c_t_p); DDEESSCCRRIIPPTTIIOONN The nnffssssvvcc() function is used by the NFS daemons to pass information into and out of the kernel and also to enter the kernel as a server daemon. The _f_l_a_g_s argument consists of several bits that show what action is to be taken once in the kernel and the _a_r_g_s_t_r_u_c_t_p points to one of three structures depending on which bits are set in flags. On the client side, nfsiod(8) calls nnffssssvvcc() with the _f_l_a_g_s argument set to NFSSVC_BIOD and _a_r_g_s_t_r_u_c_t_p set to NULL to enter the kernel as a block I/O server daemon. For NNQQNNFFSS, mount_nfs(8) calls nnffssssvvcc() with the NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL along with a pointer to a struct nfsd_cargs { char *ncd_dirp; /* Mount dir path */ uid_t ncd_authuid; /* Effective uid */ int ncd_authtype; /* Type of authenticator */ int ncd_authlen; /* Length of authenticator string */ char *ncd_authstr; /* Authenticator string */ }; structure. The initial call has only the NFSSVC_MNTD flag set to specify service for the mount point. If the mount point is using Kerberos, then the mount_nfs(8) daemon will return from nnffssssvvcc() with errno == ENEEDAUTH whenever the client side requires an ``rcmd'' authentication ticket for the user. Mount_nfs(8) will attempt to get the Kerberos ticket, and if successful will call nnffssssvvcc() with the flags NFSSVC_MNTD and NFSSVC_GOTAUTH after filling the ticket into the ncd_authstr field and setting the ncd_authlen and ncd_authtype fields of the nfsd_cargs struc- ture. If mount_nfs(8) failed to get the ticket, nnffssssvvcc() will be called with the flags NFSSVC_MNTD, NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL to de- note a failed authentication attempt. On the server side, nnffssssvvcc() is called with the flag NFSSVC_NFSD and a pointer to a struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_long nsd_haddr; /* Ip address of client */ struct ucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ char *nsd_authstr; /* Auth string (ret) */ }; to enter the kernel as an nfsd(8) daemon. Whenever an nfsd(8) daemon re- ceives a Kerberos authentication ticket, it will return from nnffssssvvcc() with errno == ENEEDAUTH. The nfsd(8) will attempt to authenticate the ticket and generate a set of credentials on the server for the ``user id'' specified in the field nsd_uid. This is done by first authenticat- ing the Kerberos ticket and then mapping the Kerberos principal to a lo- cal name and getting a set of credentials for that user via. getpwnam(3) and getgrouplist(3). If successful, the nfsd(8) will call nnffssssvvcc() with the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential map- ping in nsd_cr into the kernel to be cached on the server socket for that client. If the authentication failed, nfsd(8) calls nnffssssvvcc() with the flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication fail- ure. The master nfsd(8) server daemon calls nnffssssvvcc() with the flag NFSSVC_ADDSOCK and a pointer to a struct nfsd_args { int sock; /* Socket to serve */ caddr_t name; /* Client address for connection based sockets */ int namelen; /* Length of name */ }; to pass a server side NFS socket into the kernel for servicing by the nfsd(8) daemons. RREETTUURRNN VVAALLUUEESS Normally nnffssssvvcc does not return unless the server is terminated by a sig- nal when a value of 0 is returned. Otherwise, -1 is returned and the global variable _e_r_r_n_o is set to specify the error. EERRRROORRSS [ENEEDAUTH] This special error value is really used for authentication support, particularly Kerberos, as explained above. [EPERM] The caller is not the super-user. SSEEEE AALLSSOO nfsd(8), mount_nfs(8), nfsiod(8) HHIISSTTOORRYY The nnffssssvvcc function first appeared in 4.4BSD. BBUUGGSS The nnffssssvvcc system call is designed specifically for the NFS support dae- mons and as such is specific to their requirements. It should really re- turn values to indicate the need for authentication support, since ENEEDAUTH is not really an error. Several fields of the argument struc- tures are assumed to be valid and sometimes to be unchanged from a previ- ous call, such that nnffssssvvcc must be used with extreme care. 4.4BSD June 9, 1993 2