+.\"
+.\" Copyright (c) 1999-2007 Apple Inc. All rights reserved.
+.\"
+.\" @APPLE_LICENSE_HEADER_START@
+.\"
+.\" This file contains Original Code and/or Modifications of Original Code
+.\" as defined in and that are subject to the Apple Public Source License
+.\" Version 2.0 (the 'License'). You may not use this file except in
+.\" compliance with the License. Please obtain a copy of the License at
+.\" http://www.opensource.apple.com/apsl/ and read it before using this
+.\" file.
+.\"
+.\" The Original Code and all software distributed under the License are
+.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+.\" Please see the License for the specific language governing rights and
+.\" limitations under the License.
+.\"
+.\" @APPLE_LICENSE_HEADER_END@
+.\"
.\" $NetBSD: nfssvc.2,v 1.6 1995/02/27 12:35:08 cgd Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
.\"
.\" @(#)nfssvc.2 8.1 (Berkeley) 6/9/93
.\"
-.Dd June 9, 1993
+.Dd January 9, 2007
.Dt NFSSVC 2
.Os
.Sh NAME
.Sh DESCRIPTION
The
.Fn nfssvc
-function is used by the NFS daemons to pass information into and out
+function is used by the NFS server daemon to pass information into and out
of the kernel and also to enter the kernel as a server daemon.
The
.Fa flags
argument consists of several bits that show what action is to be taken
once in the kernel and the
.Fa argstructp
-points to one of three structures depending on which bits are set in
-flags.
-.Pp
-On the client side,
-.Xr nfsiod 8
-calls
-.Fn nfssvc
-with the
-.Fa flags
-argument set to
-.Dv NFSSVC_BIOD
-and
-.Fa argstructp
-set to
-.Dv NULL
-to enter the kernel as a block I/O server daemon.
-For
-.Nm NQNFS ,
-.Xr mount_nfs 8
-calls
-.Fn nfssvc
-with the
-.Dv NFSSVC_MNTD
-flag, optionally or'd with the flags
-.Dv NFSSVC_GOTAUTH
-and
-.Dv NFSSVC_AUTHINFAIL
-along with a pointer to a
-.Bd -literal
-struct nfsd_cargs {
- char *ncd_dirp; /* Mount dir path */
- uid_t ncd_authuid; /* Effective uid */
- int ncd_authtype; /* Type of authenticator */
- int ncd_authlen; /* Length of authenticator string */
- char *ncd_authstr; /* Authenticator string */
-};
-.Ed
-.sp
-structure.
-The initial call has only the
-.Dv NFSSVC_MNTD
-flag set to specify service for the mount point.
-If the mount point is using Kerberos, then the
-.Xr mount_nfs 8
-daemon will return from
-.Fn nfssvc
-with errno == ENEEDAUTH whenever the client side requires an ``rcmd''
-authentication ticket for the user.
-.Xr Mount_nfs 8
-will attempt to get the Kerberos ticket, and if successful will call
-.Fn nfssvc
-with the flags
-.Dv NFSSVC_MNTD
-and
-.Dv NFSSVC_GOTAUTH
-after filling the ticket into the
-ncd_authstr field
-and
-setting the ncd_authlen and ncd_authtype
-fields of the nfsd_cargs structure.
-If
-.Xr mount_nfs 8
-failed to get the ticket,
-.Fn nfssvc
-will be called with the flags
-.Dv NFSSVC_MNTD ,
-.Dv NFSSVC_GOTAUTH
-and
-.Dv NFSSVC_AUTHINFAIL
-to denote a failed authentication attempt.
+points to any corresponding data that the action may require.
.Pp
-On the server side,
.Fn nfssvc
is called with the flag
.Dv NFSSVC_NFSD
-and a pointer to a
-.Bd -literal
-struct nfsd_srvargs {
- struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */
- uid_t nsd_uid; /* Effective uid mapped to cred */
- u_long nsd_haddr; /* Ip address of client */
- struct ucred nsd_cr; /* Cred. uid maps to */
- int nsd_authlen; /* Length of auth string (ret) */
- char *nsd_authstr; /* Auth string (ret) */
-};
-.Ed
-.sp
+and a NULL
+.Fa argstructp
to enter the kernel as an
.Xr nfsd 8
-daemon.
-Whenever an
-.Xr nfsd 8
-daemon receives a Kerberos authentication ticket, it will return from
-.Fn nfssvc
-with errno == ENEEDAUTH.
-The
-.Xr nfsd 8
-will attempt to authenticate the ticket and generate a set of credentials
-on the server for the ``user id'' specified in the field nsd_uid.
-This is done by first authenticating the Kerberos ticket and then mapping
-the Kerberos principal to a local name and getting a set of credentials for
-that user via.
-.Xr getpwnam 3
-and
-.Xr getgrouplist 3 .
-If successful, the
-.Xr nfsd 8
-will call
-.Fn nfssvc
-with the
-.Dv NFSSVC_NFSD
-and
-.Dv NFSSVC_AUTHIN
-flags set to pass the credential mapping in nsd_cr into the
-kernel to be cached on the server socket for that client.
-If the authentication failed,
-.Xr nfsd 8
-calls
-.Fn nfssvc
-with the flags
+daemon. The
.Dv NFSSVC_NFSD
-and
-.Dv NFSSVC_AUTHINFAIL
-to denote an authentication failure.
+action normally does not return until the NFS server is stopped.
.Pp
-The master
+The
.Xr nfsd 8
server daemon calls
.Fn nfssvc
socket into the kernel for servicing by the
.Xr nfsd 8
daemons.
+.Pp
+The
+.Xr nfsd 8
+server daemon calls
+.Fn nfssvc
+with the flag
+.Dv NFSSVC_EXPORT
+and a pointer to a
+.Bd -literal
+struct nfs_export_args {
+ uint32_t nxa_fsid; /* export FS ID */
+ uint32_t nxa_expid; /* export ID */
+ char *nxa_fspath; /* export FS path */
+ char *nxa_exppath; /* export sub-path */
+ uint32_t nxa_flags; /* export arg flags */
+ uint32_t nxa_netcount; /* #entries in ex_nets array */
+ struct nfs_export_net_args *nxa_nets; /* array of net args */
+};
+.Ed
+.sp
+to pass exported file system information into the kernel.
.Sh RETURN VALUES
-Normally
-.Nm nfssvc
-does not return unless the server
-is terminated by a signal when a value of 0 is returned.
-Otherwise, -1 is returned and the global variable
+Upon successful completion, a value of 0 is returned. Otherwise, -1 is
+returned the global variable
.Va errno
is set to specify the error.
+.Pp
.Sh ERRORS
.Bl -tag -width Er
-.It Bq Er ENEEDAUTH
-This special error value
-is really used for authentication support, particularly Kerberos,
-as explained above.
.It Bq Er EPERM
The caller is not the super-user.
+.It Bq Er EINVAL
+The action specified by the
+.Fa flags
+argument was not valid.
+.It Bq EFAULT
+.Fa argstructp
+points to an invalid address.
+.It Bq ENOMEM
+A memory allocation failure prevented the action from completing.
+.It Bq EEXIST
+An attempt was made to add a UDP socket via the
+.Dv NFSSVC_ADDSOCK
+action, but the UDP socket has already been added.
.El
.Sh SEE ALSO
-.Xr nfsd 8 ,
-.Xr mount_nfs 8 ,
-.Xr nfsiod 8
+.Xr nfsd 8
.Sh HISTORY
The
.Nm nfssvc
.Nm nfssvc
system call is designed specifically for the
.Tn NFS
-support daemons and as such is specific to their requirements.
-It should really return values to indicate the need for authentication
-support, since
-.Dv ENEEDAUTH
-is not really an error.
-Several fields of the argument structures are assumed to be valid and
-sometimes to be unchanged from a previous call, such that
+server daemons and as such is specific to their requirements. Several
+fields of the argument structures are assumed to be valid, such that
.Nm nfssvc
must be used with extreme care.
projects / apple / xnu.git / blobdiff