1 .\" Copyright (c) 1989, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. Neither the name of the University nor the names of its contributors
13 .\" may be used to endorse or promote products derived from this software
14 .\" without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44 .Fn nfssvc "int flags" "void *argstructp"
48 system call is used by the NFS daemons to pass information into and out
49 of the kernel and also to enter the kernel as a server daemon.
52 argument consists of several bits that show what action is to be taken
53 once in the kernel and the
55 points to one of three structures depending on which bits are set in
70 to enter the kernel as a block I/O server daemon.
78 flag, optionally or'd with the flags
82 along with a pointer to a
85 char *ncd_dirp; /* Mount dir path */
86 uid_t ncd_authuid; /* Effective uid */
87 int ncd_authtype; /* Type of authenticator */
88 int ncd_authlen; /* Length of authenticator string */
89 u_char *ncd_authstr; /* Authenticator string */
90 int ncd_verflen; /* and the verifier */
92 NFSKERBKEY_T ncd_key; /* Session key */
97 The initial call has only the
99 flag set to specify service for the mount point.
100 If the mount point is using Kerberos, then the
102 utility will return from
108 whenever the client side requires an ``rcmd''
109 authentication ticket for the user.
112 utility will attempt to get the Kerberos ticket, and if successful will call
118 after filling the ticket into the
121 setting the ncd_authlen and ncd_authtype
122 fields of the nfsd_cargs structure.
125 failed to get the ticket,
127 will be called with the flags
131 .Dv NFSSVC_AUTHINFAIL
132 to denote a failed authentication attempt.
136 is called with the flag
140 struct nfsd_srvargs {
141 struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
142 uid_t nsd_uid; /* Effective uid mapped to cred */
143 uint32_t nsd_haddr; /* Ip address of client */
144 struct ucred nsd_cr; /* Cred. uid maps to */
145 int nsd_authlen; /* Length of auth string (ret) */
146 u_char *nsd_authstr; /* Auth string (ret) */
147 int nsd_verflen; /* and the verifier */
149 struct timeval nsd_timestamp; /* timestamp from verifier */
150 uint32_t nsd_ttl; /* credential ttl (sec) */
151 NFSKERBKEY_T nsd_key; /* Session key */
155 to enter the kernel as an
160 daemon receives a Kerberos authentication ticket, it will return from
168 utility will attempt to authenticate the ticket and generate a set of credentials
169 on the server for the ``user id'' specified in the field nsd_uid.
170 This is done by first authenticating the Kerberos ticket and then mapping
171 the Kerberos principal to a local name and getting a set of credentials for
184 flags set to pass the credential mapping in nsd_cr into the
185 kernel to be cached on the server socket for that client.
186 If the authentication failed,
193 .Dv NFSSVC_AUTHINFAIL
194 to denote an authentication failure.
205 int sock; /* Socket to serve */
206 caddr_t name; /* Client address for connection based sockets */
207 int namelen;/* Length of name */
211 to pass a server side
213 socket into the kernel for servicing by the
219 does not return unless the server
220 is terminated by a signal when a value of 0 is returned.
221 Otherwise, -1 is returned and the global variable
223 is set to specify the error.
227 This special error value
228 is really used for authentication support, particularly Kerberos,
231 The caller is not the super-user.
240 system call first appeared in
245 system call is designed specifically for the
247 support daemons and as such is specific to their requirements.
248 It should really return values to indicate the need for authentication
251 is not really an error.
252 Several fields of the argument structures are assumed to be valid and
253 sometimes to be unchanged from a previous call, such that
255 must be used with extreme care.