1.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/ 2.\" Authors: Doug Rabson <dfr@rabson.org> 3.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org> 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.Dd January 26, 2010 26.Dt RPC_GSS_SET_CALLBACK 3 27.Os 28.Sh NAME 29.Nm rpc_gss_set_callback 30.Nd "Register a security context creation callback" 31.Sh LIBRARY 32.Lb librpcsec_gss 33.Sh SYNOPSIS 34.In rpc/rpcsec_gss.h 35.Ft bool_t 36.Fo (*callback) 37.Fa "struct svc_req *req" 38.Fa "gss_cred_id_t deleg" 39.Fa "gss_ctx_id_t gss_context" 40.Fa "rpc_gss_lock_t *lock" 41.Fa "void **cookie" 42.Fc 43.Ft bool_t 44.Fn rpc_gss_set_callback "rpc_gss_callback_t *cb" 45.Sh DESCRIPTION 46Register a function which will be called when new security contexts 47are created on a server. 48This function will be called on the first RPC request which uses that 49context and has the opportunity of rejecting the request (for instance 50after matching the request credentials to an access control list). 51To accept the new security context, the callback should return 52.Dv TRUE , 53otherwise 54.Dv FALSE . 55If the callback accepts a context, it becomes responsible for the 56lifetime of the delegated client credentials (if any). 57.Pp 58It is also possible to 'lock' the values of service and quality of 59protection used by the context. 60If a context is locked, any subsequent requests which use different 61values for service and quality of protection will be rejected. 62.Sh PARAMETERS 63.Bl -tag -width ".It gss_context" 64.It cb 65A structure containing the RPC program and version for this callback 66and a function which will be called when new contexts are created for 67the given RPC program and version 68.It req 69The RPC request using the new context 70.It deleg 71GSS-API delegated credentials (if any) 72.It gss_context 73The GSS-API context 74.It lock 75A structure used to enforce a particular QOP and service. 76Set 77.Fa lock->locked 78to 79.Dv TRUE 80to lock the service and QOP values 81.It cookie 82The callback function may set 83.Fa *cookie 84to any pointer sized value. 85This value can be accessed during the lifetime of the context via 86.Fn rpc_gss_getcred . 87.El 88.Sh RETURN VALUES 89Returns 90.Dv TRUE 91if the callback was registered successfully or 92.Dv FALSE 93otherwise 94.Sh SEE ALSO 95.Xr gssapi 3 , 96.Xr rpc 3 , 97.Xr rpc_gss_getcred 3 , 98.Xr rpcsec_gss 3 99.Sh HISTORY 100The 101.Nm 102function first appeared in 103.Fx 8.0 . 104.Sh AUTHORS 105This 106manual page was written by 107.An Doug Rabson Aq Mt dfr@FreeBSD.org . 108.Sh BUGS 109There is no mechanism for informing a server when a security context 110has been deleted. 111This makes it difficult to allocate resources (e.g. to return via the 112callback's 113.Fa cookie 114argument). 115