1 .\" Copyright (c) 1989, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)nfssvc.2 8.1 (Berkeley) 6/9/93
33 .\" $FreeBSD: src/lib/libc/sys/nfssvc.2,v 1.8.2.6 2002/12/29 16:35:34 schweikh Exp $
51 .Fn nfssvc "int flags" "void *argstructp"
55 function is used by the NFS daemons to pass information into and out
56 of the kernel and also to enter the kernel as a server daemon.
59 argument consists of several bits that show what action is to be taken
60 once in the kernel and the
62 points to one of three structures depending on which bits are set in
77 to enter the kernel as a block I/O server daemon.
85 flag, optionally or'd with the flags
89 along with a pointer to a
92 char *ncd_dirp; /* Mount dir path */
93 uid_t ncd_authuid; /* Effective uid */
94 int ncd_authtype; /* Type of authenticator */
95 int ncd_authlen; /* Length of authenticator string */
96 u_char *ncd_authstr; /* Authenticator string */
97 int ncd_verflen; /* and the verifier */
99 NFSKERBKEY_T ncd_key; /* Session key */
104 The initial call has only the
106 flag set to specify service for the mount point.
107 If the mount point is using Kerberos, then the
109 daemon will return from
115 whenever the client side requires an ``rcmd''
116 authentication ticket for the user.
118 will attempt to get the Kerberos ticket, and if successful will call
124 after filling the ticket into the
127 setting the ncd_authlen and ncd_authtype
128 fields of the nfsd_cargs structure.
131 failed to get the ticket,
133 will be called with the flags
137 .Dv NFSSVC_AUTHINFAIL
138 to denote a failed authentication attempt.
142 is called with the flag
146 struct nfsd_srvargs {
147 struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
148 uid_t nsd_uid; /* Effective uid mapped to cred */
149 u_int32_t nsd_haddr; /* Ip address of client */
150 struct ucred nsd_cr; /* Cred. uid maps to */
151 int nsd_authlen; /* Length of auth string (ret) */
152 u_char *nsd_authstr; /* Auth string (ret) */
153 int nsd_verflen; /* and the verifier */
155 struct timeval nsd_timestamp; /* timestamp from verifier */
156 u_int32_t nsd_ttl; /* credential ttl (sec) */
157 NFSKERBKEY_T nsd_key; /* Session key */
161 to enter the kernel as an
166 daemon receives a Kerberos authentication ticket, it will return from
174 will attempt to authenticate the ticket and generate a set of credentials
175 on the server for the ``user id'' specified in the field nsd_uid.
176 This is done by first authenticating the Kerberos ticket and then mapping
177 the Kerberos principal to a local name and getting a set of credentials for
190 flags set to pass the credential mapping in nsd_cr into the
191 kernel to be cached on the server socket for that client.
192 If the authentication failed,
199 .Dv NFSSVC_AUTHINFAIL
200 to denote an authentication failure.
211 int sock; /* Socket to serve */
212 caddr_t name; /* Client address for connection based sockets */
213 int namelen;/* Length of name */
217 to pass a server side
219 socket into the kernel for servicing by the
225 does not return unless the server
226 is terminated by a signal when a value of 0 is returned.
227 Otherwise, -1 is returned and the global variable
229 is set to specify the error.
233 This special error value
234 is really used for authentication support, particularly Kerberos,
237 The caller is not the super-user.
246 function first appeared in
251 system call is designed specifically for the
253 support daemons and as such is specific to their requirements.
254 It should really return values to indicate the need for authentication
257 is not really an error.
258 Several fields of the argument structures are assumed to be valid and
259 sometimes to be unchanged from a previous call, such that
261 must be used with extreme care.