rpcsec_gss(3N)rpcsec_gss(3N)NAME
rpcsec_gss: rpc_gss_seccreate, rpc_gss_set_defaults,
rpc_gss_get_principal_name, rpc_gss_get_mechanisms,
rpc_gss_get_mech_info, rpc_gss_get_versions, rpc_gss_is_installed,
rpc_gss_set_svc_name, rpc_gss_set_callback, rpc_gss_getcred,
rpc_gss_mech_to_oid, rpc_gss_qop_to_num, rpc_gss_max_data_length,
rpc_gss_svc_max_data_length, rpc_gss_get_error - library routines for
supporing RPCSEC_GSS flavour of RPC authentication
DESCRIPTION
The following call-through entry points are available in libc on Irix
starting from 6.5.24. The actual implementation is in rpcsec.so.1 module
which is installed by nfs.sw.rpcsec. Unless this subsystem is installed,
the call-through routines will return FALSE, 0 or NULL and
rpc_gss_get_error would return RPC_GSS_ER_SYSTEMERROR and ENOTSUP.
#include <rpc/rpcsec_gss.h>
AUTH* rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
rpc_gss_service_t service_type, char *qop,
rpc_gss_options_req_t *options_req,
rpc_gss_options_ret_t *options_ret);
This function could be used by an RPC client application to get an
authentication handle which will allow use of RPCSEC_GSS
authentication for the calls made from the client. Please note that
while client handle is passed into the function call by pointer, the
cl_auth pointer is not updated on successful return from
rpc_gss_seccreate, it is upto the application to change the
authentication handle in the client.
bool_t rpc_gss_set_defaults(AUTH *auth, rpc_gss_service_t service,
char *qop);
This function allows an RPC client application to change parameters
associated with an authentication handle, created earlier.
bool_t rpc_gss_get_principal_name(rpc_gss_principal_t *principal,
char *mechanism, char *user_name, char *node, char *secdomain);
This function could be used by an RPC server to translate from
opaque representatation of client's principal to the text form which
could be used to logging or for translating from principal's name to
UID.
char** rpc_gss_get_mechanisms(void);
Returns list of supported GSS mechanisms as NULL-terminated list of
character strings. Note that on Irix the list of mechanisms is
compiled in and cannot be changed.
Page 1
rpcsec_gss(3N)rpcsec_gss(3N)
char** rpc_gss_get_mech_info(char *mechanism, rpc_gss_service_t *service);
Returns list of supported Quality of Protection (QOPs) for a
specified mechanism and service as NULL-terminated list of character
strings. The strings can be used by an application to pass into
functions like rpc_gss_seccreate. If this function returns NULL or
empty list, the mechanism only support default QOP.
bool_t rpc_gss_get_versions(u_int *vers_hi, u_int *vers_lo);
Returns the highest and lowest versions of supported RPCSEC_GSS
protocol.
bool_t rpc_gss_is_installed(char *mechanism);
Returns TRUE is specified mechanism is installed and FALSE
otherwise.
bool_t rpc_gss_set_svc_name(char *principal, char *mechanism,
u_int req_time, u_int program, u_int version);
This function must be used by RPC server to set the name of the
principal the server will represent. If server represents more then
one principal, handles more then one RPC program/version combination
or handles more then one mechanism, this function must be called for
each principal for each mechanism for each program/version.
bool_t rpc_gss_set_callback(rpc_gss_callback_t *cb);
This function can be used to RPC server to track the use of
particular security context - the callback routine will be invoked
the first time a context is going to be used for data exchange.
bool_t rpc_gss_getcred(struct svc_req *req, rpc_gss_rawcred_t **rcred,
rpc_gss_ucred_t **ucred, void **cookie);
This function can be used by RPC server to retrive client's
credentials either in raw RPCSEC_GSS form or by translating them to
UNIX credentials. Each pointer argument could be set to NULL if
server does not need particular form of credentials.
bool_t rpc_gss_mech_to_oid(char *mech, rpc_gss_OID *oid);
Translate textual representation of mechanism's name into GSS Object
IDentifier.
bool_t rpc_gss_qop_to_num(char *qop, char *mech, u_int *num);
Translate textual representation of QOP string for a particular
mechanism to a numeric representation.
Page 2
rpcsec_gss(3N)rpcsec_gss(3N)
int rpc_gss_max_data_length(AUTH *rpcgss_handle, int max_tp_unit_len);
This function can be used by an RPC client application to check the
limit on size of message which can be safely transmitted using
RPCSEC_GSS authentication.
int rpc_gss_svc_max_data_length(struct svc_req *req, int max_tp_unit_len);
This function can be used by an RPC server application to check the
limit on size of message which can be safely transmitted using
RPCSEC_GSS authentication.
void rpc_gss_get_error(rpc_gss_error_t *error);
This function is used to retrive an rpc_gss_error_t structure in
case previous call to an RPCSEC_GSS routine has failed.
SEE ALSOrpcsec_gss(7)
Page 3