From 5ab47e210de76d29cffbc9ea47800775a3627210 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Sun, 24 Nov 2024 13:04:34 -0800
Subject: Remove the NNG_OPT_IPC_SECURITY_DESCRIPTOR option.

This is now replaced with nng_listener_set_security_descriptor
and nng_stream_listener_set_security_descriptor functions.  We
may elect to remove these entirely, but for named pipe users they
are probably still quite useful.  Moving towards UNIX domain sockets
would obsolete this functionality.
---
 docs/ref/migrate/nng1.md | 11 +++++++++++
 docs/ref/tran/ipc.md     | 25 ++++++++++---------------
 docs/ref/xref.md         |  1 +
 3 files changed, 22 insertions(+), 15 deletions(-)

(limited to 'docs/ref')

diff --git a/docs/ref/migrate/nng1.md b/docs/ref/migrate/nng1.md
index eac60379..152c464b 100644
--- a/docs/ref/migrate/nng1.md
+++ b/docs/ref/migrate/nng1.md
@@ -209,4 +209,15 @@ accessors functions are provided:
 - `u_host` is removed - use [`nng_url_hostname`] and [`nng_url_port`] to construct if needed
 - `u_rawurl` is removed - a "cooked" URL can be obtained from the new [`nng_url_sprintf`] function.
 
+## Security Descriptors (Windows Only)
+
+The `NNG_OPT_IPC_SECURITY_DESCRIPTOR` option is removed, and replaced
+with the functions [`nng_listener_get_security_descriptor`] and
+[`nng_stream_listener_get_security_descriptor`].
+
+Security descriptor support is only relevant to Windows,
+and is presently only supported for IPC when Named Pipes are used.
+Planned future changes to switch to UNIX domain sockets may eliminate
+support for security descriptors altogether in NNG.
+
 {{#include ../xref.md}}
diff --git a/docs/ref/tran/ipc.md b/docs/ref/tran/ipc.md
index c186cadd..ec0a2700 100644
--- a/docs/ref/tran/ipc.md
+++ b/docs/ref/tran/ipc.md
@@ -67,9 +67,9 @@ prevent unauthorized access, or that checks against the peer credentials are mad
 
 ### Socket Address
 
-When using an [`nng_sockaddr`][sockaddr] structure,
-the actual structure is of type [`nng_sockaddr_ipc`][sockaddr_ipc],
-except for abstract sockets, which use [`nng_sockaddr_abstract`][sockaddr_abstract].
+When using an [`nng_sockaddr`] structure,
+the actual structure is of type [`nng_sockaddr_ipc`],
+except for abstract sockets, which use [`nng_sockaddr_abstract`].
 
 ### Transport Options
 
@@ -77,7 +77,6 @@ The following transport options are supported by this transport,
 where supported by the underlying platform.
 
 - [`NNG_OPT_IPC_PERMISSIONS`][NNG_OPT_IPC_PERMISSIONS]
-- [`NNG_OPT_IPC_SECURITY_DESCRIPTOR`][NNG_OPT_IPC_SECURITY_DESCRIPTOR]
 - [`NNG_OPT_LOCADDR`][NNG_OPT_LOCADDR]
 - [`NNG_OPT_REMADDR`][NNG_OPT_REMADDR]
 - [`NNG_OPT_PEER_GID`][NNG_OPT_PEER_GID]
@@ -85,14 +84,10 @@ where supported by the underlying platform.
 - [`NNG_OPT_PEER_UID`][NNG_OPT_PEER_UID]
 - [`NNG_OPT_PEER_ZONEID`][NNG_OPT_PEER_ZONEID]
 
-[NNG_OPT_IPC_PERMISSIONS]: TODO.md
-[NNG_OPT_IPC_SECURITY_DESCRIPTOR]: TODO.md
-[NNG_OPT_LOCADDR]: TODO.md
-[NNG_OPT_REMADDR]: TODO.md
-[NNG_OPT_PEER_GID]: TODO.md
-[NNG_OPT_PEER_PID]: TODO.md
-[NNG_OPT_PEER_UID]: TODO.md
-[NNG_OPT_PEER_ZONEID]: TODO.md
-[sockaddr]: TODO.md
-[sockaddr_ipc]: TODO.md
-[sockaddr_abstract]: TODO.md
+### Other Configuration Parameters
+
+On Windows systems, the security descriptor for the listener,
+which can be used to control access, can be set using the function
+[`nng_listener_set_security_descriptor`].
+
+{{#include ../xref.md}}
diff --git a/docs/ref/xref.md b/docs/ref/xref.md
index 5e030bed..d5b7c9f0 100644
--- a/docs/ref/xref.md
+++ b/docs/ref/xref.md
@@ -100,6 +100,7 @@
 [`nng_dialer_get_url`]: /TODO.md
 [`nng_tls_config`]: /TODO.md
 [`nng_tls_config_own_cert`]: /TODO.md
+[`nng_listener_set_security_descriptor`]: /TODO.md
 
 <!-- Macros -->
 
-- 
cgit v1.2.3-70-g09d2