| RPC_GSS_SET_CALLBACK(3) | Library Functions Manual | RPC_GSS_SET_CALLBACK(3) |
rpc_gss_set_callback —
Register a security context creation callback
#include
<rpc/rpcsec_gss.h>
bool_t
(*callback)(struct svc_req *req,
gss_cred_id_t deleg, gss_ctx_id_t
gss_context, rpc_gss_lock_t *lock,
void **cookie);
bool_t
rpc_gss_set_callback(rpc_gss_callback_t
*cb);
Register a function which will be called when new security
contexts are created on a server. This function will be called on the first
RPC request which uses that context and has the opportunity of rejecting the
request (for instance after matching the request credentials to an access
control list). To accept the new security context, the callback should
return TRUE, otherwise
FALSE. If the callback accepts a context, it becomes
responsible for the lifetime of the delegated client credentials (if
any).
It is also possible to 'lock' the values of service and quality of protection used by the context. If a context is locked, any subsequent requests which use different values for service and quality of protection will be rejected.
TRUE to
lock the service and QOP valuesrpc_gss_getcred().Returns TRUE if the callback was
registered successfully or FALSE otherwise
The
rpc_gss_set_callback()
function is part of libtirpc.
This manual page was written by Doug Rabson ⟨dfr@FreeBSD.org⟩.
There is no mechanism for informing a server when a security context has been deleted. This makes it difficult to allocate resources (e.g. to return via the callback's cookie argument).
| January 26, 2010 | Debian |