/*
* Called by nfssvc() for nfsds. Just loops around servicing rpc requests
* until it is killed by a signal.
*/
int
nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
{
char principal[MAXHOSTNAMELEN + 5];
int error = 0;
bool_t ret2, ret3, ret4;
error = copyinstr(args->principal, principal, sizeof (principal),
NULL);
if (error)
goto out;
/*
* Only the first nfsd actually does any work. The RPC code
* adds threads to it as needed. Any extra processes offered
* by nfsd just exit. If nfsd is new enough, it will call us
* once with a structure that specifies how many threads to
* use.
*/
NFSD_LOCK();
if (newnfs_numnfsd == 0) {
newnfs_numnfsd++;
NFSD_UNLOCK();
/* An empty string implies AUTH_SYS only. */
if (principal[0] != '\0') {
ret2 = rpc_gss_set_svc_name_call(principal,
"kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
ret3 = rpc_gss_set_svc_name_call(principal,
"kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
ret4 = rpc_gss_set_svc_name_call(principal,
"kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
if (!ret2 || !ret3 || !ret4)
printf("nfsd: can't register svc name\n");
}
nfsrvd_pool->sp_minthreads = args->minthreads;
nfsrvd_pool->sp_maxthreads = args->maxthreads;
svc_run(nfsrvd_pool);
if (principal[0] != '\0') {
rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2);
rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3);
rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4);
}
NFSD_LOCK();
newnfs_numnfsd--;
nfsrvd_init(1);
}
NFSD_UNLOCK();
out:
NFSEXITCODE(error);
return (error);
}
/*
* Called by nfssvc() for nfscbds. Just loops around servicing rpc requests
* until it is killed by a signal.
*
* For now, only support callbacks via RPCSEC_GSS if there is a KerberosV
* keytab entry with a host based entry in it on the client. (I'm not even
* sure that getting Acceptor credentials for a user principal with a
* credentials cache is possible, but even if it is, major changes to the
* kgssapi would be required.)
* I don't believe that this is a serious limitation since, as of 2009, most
* NFSv4 servers supporting callbacks are using AUTH_SYS for callbacks even
* when the client is using RPCSEC_GSS. (This BSD server uses AUTH_SYS
* for callbacks unless nfsrv_gsscallbackson is set non-zero.)
*/
int
nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
{
char principal[128];
int error;
if (args != NULL) {
error = copyinstr(args->principal, principal,
sizeof(principal), NULL);
if (error)
return (error);
} else {
principal[0] = '\0';
}
/*
* Only the first nfsd actually does any work. The RPC code
* adds threads to it as needed. Any extra processes offered
* by nfsd just exit. If nfsd is new enough, it will call us
* once with a structure that specifies how many threads to
* use.
*/
NFSD_LOCK();
if (nfs_numnfscbd == 0) {
nfs_numnfscbd++;
NFSD_UNLOCK();
if (principal[0] != '\0')
rpc_gss_set_svc_name_call(principal, "kerberosv5",
GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS);
nfscbd_pool->sp_minthreads = 4;
nfscbd_pool->sp_maxthreads = 4;
svc_run(nfscbd_pool);
rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS);
NFSD_LOCK();
nfs_numnfscbd--;
nfsrvd_cbinit(1);
}
NFSD_UNLOCK();
return (0);
}
