 |
Index for
Section 3 |
|
 |
Alphabetical
listing for G |
|
 |
Bottom of
page |
|
gss_inquire_context(3)
NAME
gss_inquire_context - Obtain information about an existing security
context.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_context(
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
gss_OID * mech_type,
OM_uint32 * ctx_flags,
OM_uint32 * locally_initiated,
OM_uint32 * open );
PARAMETERS
minor_status
Kerberos 5 error code.
context_handle
Security context to be queried.
src_name
Internal form name of security context initiator. Specify NULL if
this information is not required.
Storage associated with this name must be freed by the application
after use with a call to gss_release_name().
targ_name
Internal form name of security context acceptor. Specify NULL if
this information is not required.
Storage associated with this name must be freed by the application
after use with a call to gss_release_name().
lifetime_rec
Number of seconds for which the security context remains valid.
Since the HP implementation of the GSS-API does not support
security context expiration, the value GSS_C_INDEFINITE is always
returned. Specify NULL if this information is not required.
mech_type
Security mechanism providing the context that, in the HP
implementation of the GSS-API, is Kerberos 5. Specify NULL if this
information is not required.
The OID set returned via this parameter is a pointer to static
storage that should be treated as read-only. The application should
not attempt to free it.
ctx_flags
Flags that indicate the service options the context supports (or is
expected to support, if open is false). Specify NULL if this
information is not required.
Symbolic names are provided for each flag. (See Context Flag
Constants for the definitions.) These names should be bitwise ANDed
with the ctx_flags value to test whether a given option is
supported by the context.
Note
To check whether the requested encryption is being used (DES3 or
DES), call csf_gss_get_context_options().
The flags are:
· GSS_C_ANON_FLAG
Since the HP Application Security SDK does not support
anonymous authentication, this value is always set to false.
· GSS_C_CONF_FLAG
True -- Confidentiality service may be invoked by calling the
gss_wrap() function.
False -- No confidentiality service via gss_wrap() is
available. The gss_wrap() function provides message
encapsulation, data origin authentication, and integrity
services only.
· GSS_C_DELEG_FLAG
True -- Credentials were delegated from the initiating
application to the accepting application.
False -- No credentials were delegated.
· GSS_C_INTEG_FLAG
True -- Integrity service may be invoked by calling either
gss_get_mic() or gss_wrap().
False -- Per-message integrity service is unavailable.
· GSS_C_MUTUAL_FLAG
True -- The accepting application was authenticated to the
initiating application.
False -- The accepting application was not authenticated to
the initiating application.
· GSS_C_PROT_READY_FLAG
True -- Protection services (as specified by the states of
GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for use.
False -- Protection services (as specified by the states of
GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available only if
the context is fully established.
· GSS_C_REPLAY_FLAG
True -- Replay of protected messages will be detected.
False -- Replay of messages will not be detected.
· GSS_C_SEQUENCE_FLAG
True -- Out-of-sequence protected messages will be detected.
False -- Out-of-sequence messages will not be detected.
· GSS_C_TRANS_FLAG -- The value of this bit indicates the actual
state at the time gss_accept_sec_context() returns, whether or
not the context is fully established.
True -- The resulting security context may be transferred to
other processes via a call to gss_export_sec_context().
False -- The security context is not transferable.
locally_initiated
Non-zero if the invoking application is the context initiator.
Specify NULL if the information is not required.
open Non-zero if the context is fully established. Zero is returned if a
context-establishment token is expected from the peer application.
Specify NULL if the information is not required.
DESCRIPTION
The gss_inquire_context() function obtains information about a security
context. The application must already have initiated the context, although
the context need not be fully established.
When the application is finished using the names of the initiating and
accepting applications, it must release the resources associated with
src_name and targ_name with calls to gss_release_name().
RETURN VALUES
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_CONTEXT_EXPIRED xx0Cxxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CONTEXT xx08xxxx
PORTABILITY CONSIDERATIONS
The HP Application Security Toolkit does not support anonymous
authentication or context expiration.
SEE ALSO
Functions: csf_gss_get_context_options(3), gss_accept_sec_context(3),
gss_export_sec_context(3), gss_get_mic(3), gss_import_sec_context(3),
gss_init_sec_context(3), gss_release_name(3), gss_wrap(3)
|
Index for
Section 3 |
|
|
Alphabetical
listing for G |
|
 |
Top of
page |
|