|RPC_GSS_SET_CALLBACK(3)||Library Functions Manual||RPC_GSS_SET_CALLBACK(3)|
(*callback)(struct svc_req *req,
gss_cred_id_t deleg, gss_ctx_id_t
gss_context, rpc_gss_lock_t *lock,
DESCRIPTION¶Register a function which will be called when new security contexts are created on a server. This function will be called on the first RPC request which uses that context and has the opportunity of rejecting the request (for instance after matching the request credentials to an access control list). To accept the new security context, the callback should return
FALSE. If the callback accepts a context, it becomes responsible for the lifetime of the delegated client credentials (if any).
It is also possible to 'lock' the values of service and quality of protection used by the context. If a context is locked, any subsequent requests which use different values for service and quality of protection will be rejected.
- A structure containing the RPC program and version for this callback and a function which will be called when new contexts are created for the given RPC program and version
- The RPC request using the new context
- GSS-API delegated credentials (if any)
- The GSS-API context
- A structure used to enforce a particular QOP and service. Set
TRUEto lock the service and QOP values
- The callback function may set *cookie to any pointer
sized value. This value can be accessed during the lifetime of the context
TRUEif the callback was registered successfully or
rpc_gss_set_callback() function is part of libtirpc.
SEE ALSO¶rpc(3), gssapi(3), rpc_gss_getcred(3) rpcsec_gss(3)
AUTHORS¶This manual page was written by Doug Rabson ⟨dfr@FreeBSD.org⟩.
BUGS¶There is no mechanism for informing a server when a security context has been deleted. This makes it difficult to allocate resources (e.g. to return via the callback's cookie argument).
|January 26, 2010||Linux 4.19.0-6-amd64|