196 lines
5.6 KiB
Groff
196 lines
5.6 KiB
Groff
.\" $NetBSD: nfssvc.2,v 1.25 2021/06/08 10:02:04 hannken Exp $
|
|
.\"
|
|
.\" Copyright (c) 1989, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)nfssvc.2 8.1 (Berkeley) 6/9/93
|
|
.\"
|
|
.Dd June 8, 2021
|
|
.Dt NFSSVC 2
|
|
.Os
|
|
.Sh NAME
|
|
.Nm nfssvc
|
|
.Nd NFS services
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In unistd.h
|
|
.In nfs/nfs.h
|
|
.Ft int
|
|
.Fn nfssvc "int flags" "void *argstructp"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn nfssvc
|
|
function is used by the NFS daemons to pass information into and out
|
|
of the kernel and also to enter the kernel as a server daemon.
|
|
The
|
|
.Fa flags
|
|
argument consists of several bits that show what action is to be taken
|
|
once in the kernel and the
|
|
.Fa argstructp
|
|
points to one of three structures depending on which bits are set in
|
|
flags.
|
|
.Ss Calls used by Xr nfsd 8
|
|
On the server side,
|
|
.Fn nfssvc
|
|
is called with the flag
|
|
.Dv NFSSVC_NFSD
|
|
and a pointer to a
|
|
.Bd -literal
|
|
struct nfsd_srvargs {
|
|
struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
|
|
uid_t nsd_uid; /* Effective uid mapped to cred */
|
|
u_long nsd_haddr; /* Ip address of client */
|
|
struct ucred nsd_cr; /* Cred. uid maps to */
|
|
int nsd_authlen; /* Length of auth string (ret) */
|
|
char *nsd_authstr; /* Auth string (ret) */
|
|
};
|
|
.Ed
|
|
.Pp
|
|
to enter the kernel as an
|
|
.Xr nfsd 8
|
|
daemon.
|
|
Whenever an
|
|
.Xr nfsd 8
|
|
daemon receives a Kerberos authentication ticket, it will return from
|
|
.Fn nfssvc
|
|
with errno set to
|
|
.Er ENEEDAUTH .
|
|
The
|
|
.Xr nfsd 8
|
|
will attempt to authenticate the ticket and generate a set of credentials
|
|
on the server for the
|
|
.Dq user id
|
|
specified in the field nsd_uid.
|
|
This is done by first authenticating the Kerberos ticket and then mapping
|
|
the Kerberos principal to a local name and getting a set of credentials for
|
|
that user via
|
|
.Xr getpwnam 3
|
|
and
|
|
.Xr getgrouplist 3 .
|
|
If successful, the
|
|
.Xr nfsd 8
|
|
will call
|
|
.Fn nfssvc
|
|
with the
|
|
.Dv NFSSVC_NFSD
|
|
and
|
|
.Dv NFSSVC_AUTHIN
|
|
flags set to pass the credential mapping in nsd_cr into the
|
|
kernel to be cached on the server socket for that client.
|
|
If the authentication failed,
|
|
.Xr nfsd 8
|
|
calls
|
|
.Fn nfssvc
|
|
with the flags
|
|
.Dv NFSSVC_NFSD
|
|
and
|
|
.Dv NFSSVC_AUTHINFAIL
|
|
to denote an authentication failure.
|
|
.Pp
|
|
The master
|
|
.Xr nfsd 8
|
|
server daemon calls
|
|
.Fn nfssvc
|
|
with the flag
|
|
.Dv NFSSVC_ADDSOCK
|
|
and a pointer to a
|
|
.Bd -literal
|
|
struct nfsd_args {
|
|
int sock; /* Socket to serve */
|
|
caddr_t name; /* Client address for connection based sockets */
|
|
int namelen; /* Length of name */
|
|
};
|
|
.Ed
|
|
.Pp
|
|
to pass a server side
|
|
.Tn NFS
|
|
socket into the kernel for servicing by the
|
|
.Xr nfsd 8
|
|
daemons.
|
|
.Ss Calls used by Xr mountd 8
|
|
The
|
|
.Xr mountd 8
|
|
server daemon calls
|
|
.Fn nfssvc
|
|
with the flag
|
|
.Dv NFSSVC_REPLACEEXPORTSLIST
|
|
and a pointer to a
|
|
.Ft struct mountd_exports_list
|
|
object to atomically replace the exports lists of a specific file system.
|
|
This structure has the following fields:
|
|
.Bl -tag -width ".Vt const char *mel_path"
|
|
.It Vt const char *mel_path
|
|
Path to the file system that will have its exports list replaced by the
|
|
one described in the other fields.
|
|
.It Vt size_t mel_nexports
|
|
Number of valid entries in the
|
|
.Vt mel_export
|
|
field.
|
|
If zero, the exports list will be cleared for the given file system.
|
|
.It Vt struct export_args mel_export[AF_MAX]
|
|
Set of exports to be used for the given file system.
|
|
.El
|
|
.Sh RETURN VALUES
|
|
Usually
|
|
.Nm
|
|
does not return unless the server
|
|
is terminated by a signal when a value of 0 is returned.
|
|
Otherwise, \-1 is returned and the global variable
|
|
.Va errno
|
|
is set to specify the error.
|
|
.Sh ERRORS
|
|
.Bl -tag -width Er
|
|
.It Bq Er ENEEDAUTH
|
|
This special error value is really used for authentication support,
|
|
particularly Kerberos, as explained above.
|
|
.It Bq Er EPERM
|
|
The caller is not the super-user.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr mount_nfs 8 ,
|
|
.Xr nfsd 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
function first appeared in
|
|
.Bx 4.4 .
|
|
.Sh BUGS
|
|
The
|
|
.Nm
|
|
system call is designed specifically for the
|
|
.Tn NFS
|
|
support daemons and as such is specific to their requirements.
|
|
It should really return values to indicate the need for authentication
|
|
support, since
|
|
.Er ENEEDAUTH
|
|
is not really an error.
|
|
Several fields of the argument structures are assumed to be valid and
|
|
sometimes to be unchanged from a previous call, such that
|
|
.Nm
|
|
must be used with extreme care.
|