From 407751a5384bfe983e7752e003c7aa767ae7d6ee Mon Sep 17 00:00:00 2001
From: Chuck Lever <chuck.lever@oracle.com>
Date: Fri, 10 Jul 2015 10:02:34 -0400
Subject: man: /etc/gss/{mech, qop} are not used by this implementation

Replace text in the new rpc_gss man pages that refer to
/etc/gss/mech or /etc/gss/qop. The Linux libtirpc implementation
currently does not use these files.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
 man/rpc_gss_get_mech_info.3t | 27 ++++++++++++++++-----------
 man/rpc_gss_is_installed.3t  | 11 ++++++-----
 man/rpc_gss_mech_to_oid.3t   | 23 ++++++++++++++---------
 man/rpc_gss_qop_to_num.3t    | 29 ++++++++++++++++++-----------
 man/rpc_gss_seccreate.3t     | 10 +++++-----
 5 files changed, 59 insertions(+), 41 deletions(-)

(limited to 'man')

diff --git a/man/rpc_gss_get_mech_info.3t b/man/rpc_gss_get_mech_info.3t
index 1f3ba04..44f0df3 100644
--- a/man/rpc_gss_get_mech_info.3t
+++ b/man/rpc_gss_get_mech_info.3t
@@ -29,28 +29,33 @@
 .Os
 .Sh NAME
 .Nm rpc_gss_get_mech_info
-.Nd "Get extra information about a security mechanism"
+.Nd "Get Quality of Protection information for a security mechanism"
 .Sh SYNOPSIS
 .In rpc/rpcsec_gss.h
 .Ft const char **
 .Fn rpc_gss_get_mech_info "const char *mech" "rpc_gss_service_t *service"
 .Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech and queries it for its capabilities.
+This function returns the list of QOP names supported by the
+GSS_API mechanism named "mech".
 .Sh PARAMETERS
 .Bl -tag -width ".It service"
 .It mech
-The mechanism to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
 .It service
-If the mechanism is found, the maximum supported service type is
-returned in
-.Fa *service
+Buffer in which maximum service type is planted
 .El
 .Sh RETURN VALUES
-If the mechanism is found,
-a list of the supported qualities of protection is returned,
-otherwise
-.Dv NULL .
+If the named GSS_API mechanism is recognized,
+a list of the supported Qualities of Protection is returned.
+The maximum supported service type for the mechanism is returned in
+.Fa *service .
+Otherwise
+.Dv NULL
+is returned.
+.Pp
+Note: The returned QOP list is statically allocated memory.
+The caller must not free this array.
 .Sh AVAILABILITY
 The
 .Fn rpc_gss_get_mech_info
diff --git a/man/rpc_gss_is_installed.3t b/man/rpc_gss_is_installed.3t
index 274a1f0..d5f5e44 100644
--- a/man/rpc_gss_is_installed.3t
+++ b/man/rpc_gss_is_installed.3t
@@ -29,23 +29,24 @@
 .Os
 .Sh NAME
 .Nm rpc_gss_is_installed
-.Nd "Query for the presence os a security mechanism"
+.Nd "Query for the presence of a security mechanism"
 .Sh SYNOPSIS
 .In rpc/rpcsec_gss.h
 .Ft bool_t
 .Fn rpc_gss_is_installed "const char *mech"
 .Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech.
+This function indicates whether the GSS_API mechanism named "mech"
+is installed and enabled.
 .Sh PARAMETERS
 .Bl -tag -width ".It mech"
 .It mech
-The mechanism to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
 .El
 .Sh RETURN VALUES
 Returns
 .Dv TRUE
-if the mechanism is installed,
+if the named GSS_API mechanism is installed and enabled,
 .Dv FALSE
 otherwise.
 .Sh AVAILABILITY
diff --git a/man/rpc_gss_mech_to_oid.3t b/man/rpc_gss_mech_to_oid.3t
index 8bbe616..4a1b25d 100644
--- a/man/rpc_gss_mech_to_oid.3t
+++ b/man/rpc_gss_mech_to_oid.3t
@@ -35,22 +35,27 @@
 .Ft bool_t
 .Fn rpc_gss_mech_to_oid "const char *mech" "gss_OID *oid_ret"
 .Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech.
+This function returns the GSS OID associated with the GSS_API
+mechanism "mech".
 .Sh PARAMETERS
 .Bl -tag -width ".It oid_ret"
 .It mech
-The mechanism name to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
 .It oid_ret
-If the mechanism is found, the corresponding GSS-API oid is returned
-in
-.Fa *oid_ret
+Buffer in which to place the returned OID
 .El
 .Sh RETURN VALUES
-If the mechanism is found,
+If the GSS_API mechanism name is recognized,
 .Dv TRUE
-is returned, otherwise
-.Dv FALSE .
+is returned.
+The corresponding GSS-API oid is returned in
+.Fa *oid_ret .
+Otherwise
+.Dv FALSE
+is returned and
+.Fa *oid_ret
+is left untouched.
 .Sh AVAILABILITY
 The
 .Fn rpc_gss_mech_to_oid
diff --git a/man/rpc_gss_qop_to_num.3t b/man/rpc_gss_qop_to_num.3t
index 3968216..7ac1a4c 100644
--- a/man/rpc_gss_qop_to_num.3t
+++ b/man/rpc_gss_qop_to_num.3t
@@ -29,30 +29,37 @@
 .Os
 .Sh NAME
 .Nm rpc_gss_qop_to_num
-.Nd "Convert a quality of protection name to number"
+.Nd "Convert a Quality of Protection name to number"
 .Sh SYNOPSIS
 .In rpc/rpcsec_gss.h
 .Ft bool_t
 .Fn rpc_gss_qop_to_num "const char *qop" "const char *mech" "u_int *num_ret"
 .Sh DESCRIPTION
-This function looks up a quality of protection by name by reading the file
-/etc/gss/qop.
+This function returns the numeric QOP value associated with the
+GSS_API QOP "qop" and mechanism "mech."
 .Sh PARAMETERS
 .Bl -tag -width ".It number_ret"
 .It qop
-The quality of protection to search for
+The name of Quality of Protection associated with the
+GSS_API mechanism "mech".
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
 .It mech
-The mechanism name to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
 .It number_ret
-If the quality of protection is found, the corresponding number is
-returned in
-.Fa *num_ret
+Buffer in which to place the returned QOP number
 .El
 .Sh RETURN VALUES
-If the value is found,
+If the QOP and mechanism names are recognized,
 .Dv TRUE
-is returned, otherwise
-.Dv FALSE .
+is returned.
+The corresponding QOP number is returned in
+.Fa *num_ret .
+Otherwise
+.Dv FALSE
+is returned and
+.It number_ret
+is left untouched.
 .Sh AVAILABILITY
 The
 .Fn rpc_gss_qop_to_num
diff --git a/man/rpc_gss_seccreate.3t b/man/rpc_gss_seccreate.3t
index 9f526a6..b52df19 100644
--- a/man/rpc_gss_seccreate.3t
+++ b/man/rpc_gss_seccreate.3t
@@ -55,9 +55,8 @@ For instance, a principal such as
 .Qq nfs@server.example.com
 might be used by an application which needs to contact an NFS server
 .It mechanism
-The desired mechanism for this security context.
-The value of mechanism should be the name of one of the security
-mechanisms listed in /etc/gss/mech.
+The name of the GSS_API mechanism to use for the new security context.
+"kerberos_v5" is currently the only supported mechanism.
 .It service
 Type of service requested.
 .Bl -tag -width "rpc_gss_svc_integrity"
@@ -72,8 +71,9 @@ RPC headers and data are integrity protected by a checksum.
 RPC headers are integrity protected by a checksum and data is encrypted.
 .El
 .It qop
-Desired quality of protection or NULL for the default.
-Available values are listed in /etc/gss/qop
+The name of the Quality of Protection to use for the new security context,
+or NULL to use the default QOP.
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
 .It options_req
 Extra security context options to be passed to the underlying GSS-API
 mechanism.
-- 
cgit v1.2.1