18f55a568SDoug Rabson.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 28f55a568SDoug Rabson.\" Authors: Doug Rabson <dfr@rabson.org> 38f55a568SDoug Rabson.\" Developed with Red Inc: Alfred Perlstein <alfred@freebsd.org> 48f55a568SDoug Rabson.\" 58f55a568SDoug Rabson.\" Redistribution and use in source and binary forms, with or without 68f55a568SDoug Rabson.\" modification, are permitted provided that the following conditions 78f55a568SDoug Rabson.\" are met: 88f55a568SDoug Rabson.\" 1. Redistributions of source code must retain the above copyright 98f55a568SDoug Rabson.\" notice, this list of conditions and the following disclaimer. 108f55a568SDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright 118f55a568SDoug Rabson.\" notice, this list of conditions and the following disclaimer in the 128f55a568SDoug Rabson.\" documentation and/or other materials provided with the distribution. 138f55a568SDoug Rabson.\" 148f55a568SDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 158f55a568SDoug Rabson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 168f55a568SDoug Rabson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 178f55a568SDoug Rabson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 188f55a568SDoug Rabson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 198f55a568SDoug Rabson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 208f55a568SDoug Rabson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 218f55a568SDoug Rabson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 228f55a568SDoug Rabson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 238f55a568SDoug Rabson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 248f55a568SDoug Rabson.\" SUCH DAMAGE. 258f55a568SDoug Rabson.\" 268f55a568SDoug Rabson.\" $FreeBSD$ 278f55a568SDoug Rabson.Dd July 4, 2008 288f55a568SDoug Rabson.Dt RPC_GSS_SET_CALLBACK 3 298f55a568SDoug Rabson.Os 308f55a568SDoug Rabson.Sh NAME 318f55a568SDoug Rabson.Nm rpc_gss_set_callback 328f55a568SDoug Rabson.Nd "Register a security context creation callback" 338f55a568SDoug Rabson.Sh LIBRARY 348f55a568SDoug Rabson.Lb librpcsec_gss 358f55a568SDoug Rabson.Sh SYNOPSIS 368f55a568SDoug Rabson.In rpc/rpcsec_gss.h 378f55a568SDoug Rabson.Ft bool_t 388f55a568SDoug Rabson.Fo (*callback) 398f55a568SDoug Rabson.Fa "struct svc_req *req" 408f55a568SDoug Rabson.Fa "gss_cred_id_t deleg" 418f55a568SDoug Rabson.Fa "gss_ctx_id_t gss_context" 428f55a568SDoug Rabson.Fa "rpc_gss_lock_t *lock" 438f55a568SDoug Rabson.Fa "void **cookie" 448f55a568SDoug Rabson.Fc 458f55a568SDoug Rabson.Ft bool_t 468f55a568SDoug Rabson.Fn rpc_gss_set_callback "rpc_gss_callback_t *cb" 478f55a568SDoug Rabson.Sh DESCRIPTION 488f55a568SDoug RabsonRegister a function which will be called when new security contexts 498f55a568SDoug Rabsonare created on a server. 508f55a568SDoug RabsonThis function will be called on the first RPC request which uses that 518f55a568SDoug Rabsoncontext and has the opportunity of rejecting the request (for instance 528f55a568SDoug Rabsonafter matching the request credentials to an access control list). 538f55a568SDoug RabsonTo accept the new security context, the callback should return 548f55a568SDoug Rabson.Dv TRUE , 558f55a568SDoug Rabsonotherwise 568f55a568SDoug Rabson.Dv FALSE . 578f55a568SDoug RabsonIf the callback accepts a context, it becomes responsible for the 588f55a568SDoug Rabsonlifetime of the delegated client credentials (if any). 598f55a568SDoug Rabson.Pp 608f55a568SDoug RabsonIt is also possible to 'lock' the values of service and quality of 618f55a568SDoug Rabsonprotection used by the context. 628f55a568SDoug RabsonIf a context is locked, any subsequent requests which use different 638f55a568SDoug Rabsonvalues for service and quality of protection will be rejected. 648f55a568SDoug Rabson.Sh PARAMETERS 658f55a568SDoug Rabson.Bl -tag 668f55a568SDoug Rabson.It cb 678f55a568SDoug RabsonA structure containing the RPC program and version for this callback 688f55a568SDoug Rabsonand a function which will be called when new contexts are created for 698f55a568SDoug Rabsonths given RPC program and version 708f55a568SDoug Rabson.It req 718f55a568SDoug RabsonThe RPC request using the new context 728f55a568SDoug Rabson.It deleg 738f55a568SDoug RabsonGSS-APi delegated credentials (if any) 748f55a568SDoug Rabson.It gss_context 758f55a568SDoug RabsonThe GSS-API context 768f55a568SDoug Rabson.It lock 778f55a568SDoug RabsonA structure used to enforce a particular QOP and service. Set 788f55a568SDoug Rabson.Fa lock->locked 798f55a568SDoug Rabsonto 808f55a568SDoug Rabson.Dv TRUE 818f55a568SDoug Rabsonto lock the service and QOP values 828f55a568SDoug Rabson.It cookie 838f55a568SDoug RabsonThe callback function may set 848f55a568SDoug Rabson.Fa *cookie 858f55a568SDoug Rabsonto any pointer sized value. 868f55a568SDoug RabsonThis value can be accessed during the lifetime of the context via 878f55a568SDoug Rabson.Fn rpc_gss_getcred . 888f55a568SDoug Rabson.El 898f55a568SDoug Rabson.Sh RETURN VALUES 908f55a568SDoug RabsonReturns 918f55a568SDoug Rabson.Dv TRUE 928f55a568SDoug Rabsonif the callback was registered successfully or 938f55a568SDoug Rabson.Dv FALSE 948f55a568SDoug Rabsonotherwise 958f55a568SDoug Rabson.Sh SEE ALSO 968f55a568SDoug Rabson.Xr rpc 3 , 978f55a568SDoug Rabson.Xr gssapi 3 , 988f55a568SDoug Rabson.Xr rpc_gss_getcred 3 998f55a568SDoug Rabson.Xr rpcset_gss 3 1008f55a568SDoug Rabson.Sh HISTORY 1018f55a568SDoug RabsonThe 1028f55a568SDoug Rabson.Nm 1038f55a568SDoug Rabsonmanual page example first appeared in 1048f55a568SDoug Rabson.Fx 8.0 . 1058f55a568SDoug Rabson.Sh AUTHORS 1068f55a568SDoug RabsonThis 1078f55a568SDoug Rabsonmanual page was written by 1088f55a568SDoug Rabson.An Doug Rabson Aq dfr@FreeBSD.org . 1098f55a568SDoug Rabson.Sh BUGS 1108f55a568SDoug RabsonThere is no mechanism for informing a server when a security context 1118f55a568SDoug Rabsonhas been deleted. 1128f55a568SDoug RabsonThis makes it difficult to allocate resources (e.g. to return via the 1138f55a568SDoug Rabsoncallback's 1148f55a568SDoug Rabson.Fa cookie 1158f55a568SDoug Rabsonargument). 116