RPC_GSS_SET_CALLBACK

Section: C Library Functions (3)
Page Index

BSD mandoc

NAME

rpc_gss_set_callback - Register a security context creation callback

SYNOPSIS

In rpc/rpcsec_gss.h Ft bool_t Fo (*callback) Fa struct svc_req *req Fa gss_cred_id_t deleg Fa gss_ctx_id_t gss_context Fa rpc_gss_lock_t *lock Fa void **cookie Fc Ft bool_t Fn rpc_gss_set_callback rpc_gss_callback_t *cb

DESCRIPTION

Register a function which will be called when new security contexts are created on a server. This function will be called on the first RPC request which uses that context and has the opportunity of rejecting the request (for instance after matching the request credentials to an access control list). To accept the new security context, the callback should return TRUE otherwise FALSE If the callback accepts a context, it becomes responsible for the lifetime of the delegated client credentials (if any).

It is also possible to 'lock' the values of service and quality of protection used by the context. If a context is locked, any subsequent requests which use different values for service and quality of protection will be rejected.

PARAMETERS

cb: A structure containing the RPC program and version for this callback and a function which will be called when new contexts are created for the given RPC program and version
req: The RPC request using the new context
deleg: GSS-API delegated credentials (if any)
gss_context: The GSS-API context
lock: A structure used to enforce a particular QOP and service. Set Fa lock->locked to TRUE to lock the service and QOP values
cookie: The callback function may set Fa *cookie to any pointer sized value. This value can be accessed during the lifetime of the context via Fn rpc_gss_getcred .

RETURN VALUES

Returns TRUE if the callback was registered successfully or FALSE otherwise

AVAILABILITY

The Fn rpc_gss_set_callback function is part of libtirpc.

AUTHORS

This manual page was written by An Doug Rabson Aq dfr@FreeBSD.org .

BUGS

There is no mechanism for informing a server when a security context has been deleted. This makes it difficult to allocate resources (e.g. to return via the callback's Fa cookie argument).