Main index | Section 2 | 日本語 | Options |
#include <sys/param.h>
#include <sys/mount.h>
#include <sys/time.h>
#include <nfs/rpcv2.h>
#include <nfsserver/nfs.h>
#include <unistd.h>
On the client side, nfsiod(8) calls nfssvc() with the flags argument set to NFSSVC_BIOD and argstructp set to NULL to enter the kernel as a block I/O server daemon. For NQNFS, mount_nfs(8) calls nfssvc() with the NFSSVC_MNTD flag, optionally or'd with the flags NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL along with a pointer to a
struct nfsd_cargs { char *ncd_dirp; /* Mount dir path */ uid_t ncd_authuid; /* Effective uid */ int ncd_authtype; /* Type of authenticator */ int ncd_authlen; /* Length of authenticator string */ u_char *ncd_authstr; /* Authenticator string */ int ncd_verflen; /* and the verifier */ u_char *ncd_verfstr; NFSKERBKEY_T ncd_key; /* Session key */ };
structure. The initial call has only the NFSSVC_MNTD flag set to specify service for the mount point. If the mount point is using Kerberos, then the mount_nfs(8) utility will return from nfssvc() with errno == ENEEDAUTH whenever the client side requires an ``rcmd'' authentication ticket for the user. The mount_nfs(8) utility will attempt to get the Kerberos ticket, and if successful will call nfssvc() with the flags NFSSVC_MNTD and NFSSVC_GOTAUTH after filling the ticket into the ncd_authstr field and setting the ncd_authlen and ncd_authtype fields of the nfsd_cargs structure. If mount_nfs(8) failed to get the ticket, nfssvc() will be called with the flags NFSSVC_MNTD, NFSSVC_GOTAUTH and NFSSVC_AUTHINFAIL to denote a failed authentication attempt.
On the server side, nfssvc() is called with the flag NFSSVC_NFSD and a pointer to a
struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ uint32_t nsd_haddr; /* Ip address of client */ struct ucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ u_char *nsd_authstr; /* Auth string (ret) */ int nsd_verflen; /* and the verifier */ u_char *nsd_verfstr; struct timeval nsd_timestamp; /* timestamp from verifier */ uint32_t nsd_ttl; /* credential ttl (sec) */ NFSKERBKEY_T nsd_key; /* Session key */ };
to enter the kernel as an nfsd(8) daemon. Whenever an nfsd(8) daemon receives a Kerberos authentication ticket, it will return from nfssvc() with errno == ENEEDAUTH. The nfsd(8) utility will attempt to authenticate the ticket and generate a set of credentials on the server for the ``user id'' specified in the field nsd_uid. This is done by first authenticating the Kerberos ticket and then mapping the Kerberos principal to a local name and getting a set of credentials for that user via getpwnam(3) and getgrouplist(3). If successful, the nfsd(8) utility will call nfssvc() with the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in nsd_cr into the kernel to be cached on the server socket for that client. If the authentication failed, nfsd(8) calls nfssvc() with the flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure.
The master nfsd(8) server daemon calls nfssvc() with the flag NFSSVC_ADDSOCK and a pointer to a
struct nfsd_args { int sock; /* Socket to serve */ caddr_t name; /* Client address for connection based sockets */ int namelen;/* Length of name */ };
to pass a server side NFS socket into the kernel for servicing by the nfsd(8) daemons.
[ENEEDAUTH] | |
This special error value is really used for authentication support, particularly Kerberos, as explained above. | |
[EPERM] | |
The caller is not the super-user. | |
NFSSVC (2) | June 9, 1993 |
Main index | Section 2 | 日本語 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | How do you pronounce UNIX ? You Nix ! | ” |