1RPC_GSS_SET_CALLBACK(3)  BSD Library Functions Manual  RPC_GSS_SET_CALLBACK(3)
2

NAME

4     rpc_gss_set_callback — Register a security context creation callback
5

SYNOPSIS

7     #include <rpc/rpcsec_gss.h>
8
9     bool_t
10     (*callback)(struct svc_req *req, gss_cred_id_t deleg,
11         gss_ctx_id_t gss_context, rpc_gss_lock_t *lock, void **cookie);
12
13     bool_t
14     rpc_gss_set_callback(rpc_gss_callback_t *cb);
15

DESCRIPTION

17     Register a function which will be called when new security contexts are
18     created on a server.  This function will be called on the first RPC
19     request which uses that context and has the opportunity of rejecting the
20     request (for instance after matching the request credentials to an access
21     control list).  To accept the new security context, the callback should
22     return TRUE, otherwise FALSE.  If the callback accepts a context, it
23     becomes responsible for the lifetime of the delegated client credentials
24     (if any).
25
26     It is also possible to 'lock' the values of service and quality of pro‐
27     tection used by the context.  If a context is locked, any subsequent
28     requests which use different values for service and quality of protection
29     will be rejected.
30

PARAMETERS

32     cb           A structure containing the RPC program and version for this
33                  callback and a function which will be called when new con‐
34                  texts are created for the given RPC program and version
35
36     req          The RPC request using the new context
37
38     deleg        GSS-API delegated credentials (if any)
39
40     gss_context  The GSS-API context
41
42     lock         A structure used to enforce a particular QOP and service.
43                  Set lock->locked to TRUE to lock the service and QOP values
44
45     cookie       The callback function may set *cookie to any pointer sized
46                  value.  This value can be accessed during the lifetime of
47                  the context via rpc_gss_getcred().
48

RETURN VALUES

50     Returns TRUE if the callback was registered successfully or FALSE other‐
51     wise
52

AVAILABILITY

54     The rpc_gss_set_callback() function is part of libtirpc.
55

SEE ALSO

57     rpc(3), gssapi(3), rpc_gss_getcred(3) rpcsec_gss(3)
58

AUTHORS

60     This manual page was written by Doug Rabson <dfr@FreeBSD.org>.
61

BUGS

63     There is no mechanism for informing a server when a security context has
64     been deleted.  This makes it difficult to allocate resources (e.g. to
65     return via the callback's cookie argument).
66
67BSD                            January 26, 2010                            BSD
Impressum