xref: /freebsd/lib/librpcsec_gss/rpc_gss_set_callback.3 (revision e1c4c8dd8d2d10b6104f06856a77bd5b4813a801)
1.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/
2.\" Authors: Doug Rabson <dfr@rabson.org>
3.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org>
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24.\" SUCH DAMAGE.
25.Dd January 26, 2010
26.Dt RPC_GSS_SET_CALLBACK 3
27.Os
28.Sh NAME
29.Nm rpc_gss_set_callback
30.Nd "Register a security context creation callback"
31.Sh LIBRARY
32.Lb librpcsec_gss
33.Sh SYNOPSIS
34.In rpc/rpcsec_gss.h
35.Ft bool_t
36.Fo (*callback)
37.Fa "struct svc_req *req"
38.Fa "gss_cred_id_t deleg"
39.Fa "gss_ctx_id_t gss_context"
40.Fa "rpc_gss_lock_t *lock"
41.Fa "void **cookie"
42.Fc
43.Ft bool_t
44.Fn rpc_gss_set_callback "rpc_gss_callback_t *cb"
45.Sh DESCRIPTION
46Register a function which will be called when new security contexts
47are created on a server.
48This function will be called on the first RPC request which uses that
49context and has the opportunity of rejecting the request (for instance
50after matching the request credentials to an access control list).
51To accept the new security context, the callback should return
52.Dv TRUE ,
53otherwise
54.Dv FALSE .
55If the callback accepts a context, it becomes responsible for the
56lifetime of the delegated client credentials (if any).
57.Pp
58It is also possible to 'lock' the values of service and quality of
59protection used by the context.
60If a context is locked, any subsequent requests which use different
61values for service and quality of protection will be rejected.
62.Sh PARAMETERS
63.Bl -tag -width ".It gss_context"
64.It cb
65A structure containing the RPC program and version for this callback
66and a function which will be called when new contexts are created for
67the given RPC program and version
68.It req
69The RPC request using the new context
70.It deleg
71GSS-API delegated credentials (if any)
72.It gss_context
73The GSS-API context
74.It lock
75A structure used to enforce a particular QOP and service.
76Set
77.Fa lock->locked
78to
79.Dv TRUE
80to lock the service and QOP values
81.It cookie
82The callback function may set
83.Fa *cookie
84to any pointer sized value.
85This value can be accessed during the lifetime of the context via
86.Fn rpc_gss_getcred .
87.El
88.Sh RETURN VALUES
89Returns
90.Dv TRUE
91if the callback was registered successfully or
92.Dv FALSE
93otherwise
94.Sh SEE ALSO
95.Xr gssapi 3 ,
96.Xr rpc 3 ,
97.Xr rpc_gss_getcred 3 ,
98.Xr rpcsec_gss 3
99.Sh HISTORY
100The
101.Nm
102function first appeared in
103.Fx 8.0 .
104.Sh AUTHORS
105This
106manual page was written by
107.An Doug Rabson Aq Mt dfr@FreeBSD.org .
108.Sh BUGS
109There is no mechanism for informing a server when a security context
110has been deleted.
111This makes it difficult to allocate resources (e.g. to return via the
112callback's
113.Fa cookie
114argument).
115