gss_inquire_context(3) — Subroutines
NAME
gss_inquire_context − Obtain information about an existing security context.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_context(
OM_uint32 ∗ minor_status,
const gss_ctx_id_t context_handle,
gss_name_t ∗ src_name,
gss_name_t ∗ targ_name,
OM_uint32 ∗ lifetime_rec,
gss_OID ∗ mech_type,
OM_uint32 ∗ ctx_flags,
OM_uint32 ∗ locally_initiated,
OM_uint32 ∗ open );
PARAMETERS
minor_status
Kerberos 5 error code.
context_handle
Security context to be queried.
src_name
Internal form name of security context initiator. Specify NULL if this information is not required.
Storage associated with this name must be freed by the application after use with a call to gss_release_name().
targ_name
Internal form name of security context acceptor. Specify NULL if this information is not required.
Storage associated with this name must be freed by the application after use with a call to gss_release_name().
lifetime_rec
Number of seconds for which the security context remains valid. Since the HP implementation of the GSS-API does not support security context expiration, the value GSS_C_INDEFINITE is always returned. Specify NULL if this information is not required.
mech_type
Security mechanism providing the context that, in the HP implementation of the GSS-API, is Kerberos 5. Specify NULL if this information is not required.
The OID set returned via this parameter is a pointer to static storage that should be treated as read-only. The application should not attempt to free it.
ctx_flags
Flags that indicate the service options the context supports (or is expected to support, if open is false). Specify NULL if this information is not required.
Symbolic names are provided for each flag. (See Context Flag Constants for the definitions.) These names should be bitwise ANDed with the ctx_flags value to test whether a given option is supported by the context.
Note
To check whether the requested encryption is being used (DES3 or DES), call csf_gss_get_context_options().
The flags are:
•GSS_C_ANON_FLAG
Since the HP Application Security SDK does not support anonymous authentication, this value is always set to false.
•GSS_C_CONF_FLAG
True −− Confidentiality service may be invoked by calling the gss_wrap() function.
False −− No confidentiality service via gss_wrap() is available. The gss_wrap() function provides message encapsulation, data origin authentication, and integrity services only.
•GSS_C_DELEG_FLAG
True −− Credentials were delegated from the initiating application to the accepting application.
False −− No credentials were delegated.
•GSS_C_INTEG_FLAG
True −− Integrity service may be invoked by calling either gss_get_mic() or gss_wrap().
False −− Per-message integrity service is unavailable.
•GSS_C_MUTUAL_FLAG
True −− The accepting application was authenticated to the initiating application.
False −− The accepting application was not authenticated to the initiating application.
•GSS_C_PROT_READY_FLAG
True −− Protection services (as specified by the states of GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for use.
False −− Protection services (as specified by the states of GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available only if the context is fully established.
•GSS_C_REPLAY_FLAG
True −− Replay of protected messages will be detected.
False −− Replay of messages will not be detected.
•GSS_C_SEQUENCE_FLAG
True −− Out-of-sequence protected messages will be detected.
False −− Out-of-sequence messages will not be detected.
•GSS_C_TRANS_FLAG −− The value of this bit indicates the actual state at the time gss_accept_sec_context() returns, whether or not the context is fully established.
True −− The resulting security context may be transferred to other processes via a call to gss_export_sec_context().
False −− The security context is not transferable.
locally_initiated
Non-zero if the invoking application is the context initiator. Specify NULL if the information is not required.
openNon-zero if the context is fully established. Zero is returned if a context-establishment token is expected from the peer application. Specify NULL if the information is not required.
DESCRIPTION
The gss_inquire_context() function obtains information about a security context. The application must already have initiated the context, although the context need not be fully established.
When the application is finished using the names of the initiating and accepting applications, it must release the resources associated with src_name and targ_name with calls to gss_release_name().
RETURN VALUES
| GSS_S_CALL_INACCESSIBLE_READ | 01xxxxxx |
| GSS_S_CALL_INACCESSIBLE_WRITE | 02xxxxxx |
| GSS_S_COMPLETE | 00000000 |
| GSS_S_CONTEXT_EXPIRED | xx0Cxxxx |
| GSS_S_FAILURE | xx0Dxxxx |
| GSS_S_NO_CONTEXT | xx08xxxx |
PORTABILITY CONSIDERATIONS
The HP Application Security Toolkit does not support anonymous authentication or context expiration.
SEE ALSO
Functions: csf_gss_get_context_options(3), gss_accept_sec_context(3), gss_export_sec_context(3), gss_get_mic(3), gss_import_sec_context(3), gss_init_sec_context(3), gss_release_name(3), gss_wrap(3)