PreviousNext

gssdce_extract_creds_from_sec_context(3sec)

Extracts a DCE credential from a GSSAPI security context

Synopsis

#include <dce/gssapi.h>

OM_uint32 gssdce_extract_creds_from_sec_context (
OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
rpc_authz_cred_handle_t output_cred);

Parameters

Input

context_handle
Specifies the handle of the security context containing the DCE credential.

Output

output_cred
Returns the DCE credential.

minor_status
Returns a status code from the security mechanism.

Description
The gssdce_extract_creds_from_sec_context( ) routine extracts the context initiator's DCE credential from a context acceptor's security context. Use this routine if the underlying mechanism type is DCE Security (GSSDCE_C_OID_DCE_KRBV5_DES).

The context acceptor calls the gssdce_extract_creds_from_sec_context( ) routine to get the DCE credential containing the privilege attributes of the context initiator. DCE Credentials are used by DCE ACL managers to determine whether the initiator has the right to access the object to which an ACL refers.

The principal contained in the DCE credential may not be the same as the src_name parameter value from the gss_accept_sec_context( ) routine. The principal in the DCE credential may be a compound principal.

If the context was established by calling the gss_init_set_context( ) routine and specifying GSSDCE_C_OID_KRBV5_DES to use Kerberos (instead of DCE security), the gssdce_extract_creds_from_sec_context( ) routine returns a major status of GSS_S_FAILURE and a minor status of gssdce_s_no_PAC_available.

Status Codes
The following describes a partial list of codes(messages) that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all messages. The following status codes can be returned:

GSS_S_COMPLETE The routine was completed successfully.
GSS_S_FAILURE The routine failed. Check the minor_status parameter for details.
GSS_S_NO_CONTEXT The routine could not access the security context.
Related Information
Functions: gss_init_sec_context(3sec)