Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

NFSSVC(2)                     System Calls Manual                    NFSSVC(2)

     nfssvc - NFS services

     Standard C Library (libc, -lc)

     #include <unistd.h>
     #include <nfs/nfs.h>

     nfssvc(int flags, void *argstructp);

     The nfssvc() function is used by the NFS daemons to pass information into
     and out of the kernel and also to enter the kernel as a server daemon.
     The flags argument consists of several bits that show what action is to
     be taken once in the kernel and the argstructp points to one of three
     structures depending on which bits are set in flags.

   Calls used by nfsd(8)
     On the server side, nfssvc() is called with the flag NFSSVC_NFSD and a
     pointer to a

     struct nfsd_srvargs {
             struct nfsd     *nsd_nfsd;      /* Pointer to in kernel nfsd struct */
             uid_t           nsd_uid;        /* Effective uid mapped to cred */
             u_long          nsd_haddr;      /* Ip address of client */
             struct ucred    nsd_cr;         /* Cred. uid maps to */
             int             nsd_authlen;    /* Length of auth string (ret) */
             char            *nsd_authstr;   /* Auth string (ret) */

     to enter the kernel as an nfsd(8) daemon.  Whenever an nfsd(8) daemon
     receives a Kerberos authentication ticket, it will return from nfssvc()
     with errno set to ENEEDAUTH.  The nfsd(8) will attempt to authenticate
     the ticket and generate a set of credentials on the server for the "user
     id" specified in the field nsd_uid.  This is done by first authenticating
     the Kerberos ticket and then mapping the Kerberos principal to a local
     name and getting a set of credentials for that user via getpwnam(3) and
     getgrouplist(3).  If successful, the nfsd(8) will call nfssvc() with the
     NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in
     nsd_cr into the kernel to be cached on the server socket for that client.
     If the authentication failed, nfsd(8) calls nfssvc() with the flags
     NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure.

     The master nfsd(8) server daemon calls nfssvc() with the flag
     NFSSVC_ADDSOCK and a pointer to a

     struct nfsd_args {
             int     sock;           /* Socket to serve */
             caddr_t name;           /* Client address for connection based sockets */
             int     namelen;        /* Length of name */

     to pass a server side NFS socket into the kernel for servicing by the
     nfsd(8) daemons.

   Calls used by mountd(8)
     The mountd(8) server daemon calls nfssvc() with the flag
     NFSSVC_REPLACEEXPORTSLIST and a pointer to a struct mountd_exports_list
     object to atomically replace the exports lists of a specific file system.
     This structure has the following fields:

     const char *mel_path      Path to the file system that will have its
                               exports list replaced by the one described in
                               the other fields.

     size_t mel_nexports       Number of valid entries in the mel_export
                               field.  If zero, the exports list will be
                               cleared for the given file system.

     struct export_args mel_export[AF_MAX]
                               Set of exports to be used for the given file

     Usually nfssvc does not return unless the server is terminated by a
     signal when a value of 0 is returned.  Otherwise, -1 is returned and the
     global variable errno is set to specify the error.

     [ENEEDAUTH]        This special error value is really used for
                        authentication support, particularly Kerberos, as
                        explained above.

     [EPERM]            The caller is not the super-user.

     mount_nfs(8), nfsd(8)

     The nfssvc function first appeared in 4.4BSD.

     The nfssvc system call is designed specifically for the NFS support
     daemons and as such is specific to their requirements.  It should really
     return values to indicate the need for authentication support, since
     ENEEDAUTH is not really an error.  Several fields of the argument
     structures are assumed to be valid and sometimes to be unchanged from a
     previous call, such that nfssvc must be used with extreme care.

NetBSD 10.99                     June 8, 2021                     NetBSD 10.99