NFSSVC(2) | NetBSD System Calls Manual | NFSSVC(2) |
struct nfsd_srvargs { struct nfsd *nsd_nfsd; /* Pointer to in kernel nfsd struct */ uid_t nsd_uid; /* Effective uid mapped to cred */ u_long nsd_haddr; /* Ip address of client */ struct ucred nsd_cr; /* Cred. uid maps to */ int nsd_authlen; /* Length of auth string (ret) */ char *nsd_authstr; /* Auth string (ret) */ };
to enter the kernel as an nfsd(8) daemon. Whenever an nfsd(8) daemon receives a Kerberos authentication ticket, it will return from nfssvc() with errno set to ENEEDAUTH. The nfsd(8) will attempt to authenticate the ticket and generate a set of credentials on the server for the “user id” specified in the field nsd_uid. This is done by first authenticating the Kerberos ticket and then mapping the Kerberos principal to a local name and getting a set of credentials for that user via getpwnam(3) and getgrouplist(3). If successful, the nfsd(8) will call nfssvc() with the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential mapping in nsd_cr into the kernel to be cached on the server socket for that client. If the authentication failed, nfsd(8) calls nfssvc() with the flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to denote an authentication failure.
The master nfsd(8) server daemon calls nfssvc() with the flag NFSSVC_ADDSOCK and a pointer to a
struct nfsd_args { int sock; /* Socket to serve */ caddr_t name; /* Client address for connection based sockets */ int namelen; /* Length of name */ };
to pass a server side NFS socket into the kernel for servicing by the nfsd(8) daemons.
December 30, 2006 | NetBSD 5.99 |