Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ gss_inquire_context(3) — Tru64 UNIX 5.1b

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Functions:  csf_gss_get_context_options(3)

gss_accept_sec_context(3)

gss_export_sec_context(3)

gss_get_mic(3)

gss_import_sec_context(3)

gss_init_sec_context(3)

gss_release_name(3)

gss_wrap(3)

gss_inquire_context(3)  —  Subroutines

NAME

gss_inquire_context − Obtain information about an existing security context. 

SYNOPSIS

#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_context(
        OM_uint32 ∗ minor_status,
        const gss_ctx_id_t context_handle,
        gss_name_t ∗ src_name,
        gss_name_t ∗ targ_name,
        OM_uint32 ∗ lifetime_rec,
        gss_OID ∗ mech_type,
        OM_uint32 ∗ ctx_flags,
        OM_uint32 ∗ locally_initiated,
        OM_uint32 ∗ open );

PARAMETERS

minor_status
Kerberos 5 error code.

context_handle
Security context to be queried.

src_name
Internal form name of security context initiator. Specify NULL if this information is not required. 

Storage associated with this name must be freed by the application after use with a call to gss_release_name(). 

targ_name
Internal form name of security context acceptor. Specify NULL if this information is not required. 

Storage associated with this name must be freed by the application after use with a call to gss_release_name(). 

lifetime_rec
Number of seconds for which the security context remains valid. Since the HP implementation of the GSS-API does not support security context expiration, the value GSS_C_INDEFINITE is always returned. Specify NULL if this information is not required. 

mech_type
Security mechanism providing the context that, in the HP implementation of the GSS-API, is Kerberos 5. Specify NULL if this information is not required. 

The OID set returned via this parameter is a pointer to static storage that should be treated as read-only. The application should not attempt to free it. 

ctx_flags
Flags that indicate the service options the context supports (or is expected to support, if open is false). Specify NULL if this information is not required. 

Symbolic names are provided for each flag. (See Context Flag Constants for the definitions.) These names should be bitwise ANDed with the ctx_flags value to test whether a given option is supported by the context. 

Note

To check whether the requested encryption is being used (DES3 or DES), call csf_gss_get_context_options(). 

The flags are:

       •GSS_C_ANON_FLAG

Since the HP Application Security SDK does not support anonymous authentication, this value is always set to false. 

       •GSS_C_CONF_FLAG

True −− Confidentiality service may be invoked by calling the gss_wrap() function. 

False −− No confidentiality service via gss_wrap() is available. The gss_wrap() function provides message encapsulation, data origin authentication, and integrity services only. 

       •GSS_C_DELEG_FLAG

True −− Credentials were delegated from the initiating application to the accepting application. 

False −− No credentials were delegated. 

       •GSS_C_INTEG_FLAG

True −− Integrity service may be invoked by calling either gss_get_mic() or gss_wrap(). 

False −− Per-message integrity service is unavailable. 

       •GSS_C_MUTUAL_FLAG

True −− The accepting application was authenticated to the initiating application. 

False −− The accepting application was not authenticated to the initiating application. 

       •GSS_C_PROT_READY_FLAG

True −− Protection services (as specified by the states of GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for use. 

False −− Protection services (as specified by the states of GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available only if the context is fully established. 

       •GSS_C_REPLAY_FLAG

True −− Replay of protected messages will be detected. 

False −− Replay of messages will not be detected. 

       •GSS_C_SEQUENCE_FLAG

True −− Out-of-sequence protected messages will be detected. 

False −− Out-of-sequence messages will not be detected. 

       •GSS_C_TRANS_FLAG −− The value of this bit indicates the actual state at the time gss_accept_sec_context() returns, whether or not the context is fully established. 

True −− The resulting security context may be transferred to other processes via a call to gss_export_sec_context(). 

False −− The security context is not transferable. 

locally_initiated
Non-zero if the invoking application is the context initiator. Specify NULL if the information is not required. 

openNon-zero if the context is fully established. Zero is returned if a context-establishment token is expected from the peer application. Specify NULL if the information is not required. 

DESCRIPTION

The gss_inquire_context() function obtains information about a security context. The application must already have initiated the context, although the context need not be fully established. 

When the application is finished using the names of the initiating and accepting applications, it must release the resources associated with src_name and targ_name with calls to gss_release_name(). 

RETURN VALUES

GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_CONTEXT_EXPIRED xx0Cxxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CONTEXT xx08xxxx

PORTABILITY CONSIDERATIONS

The HP Application Security Toolkit does not support anonymous authentication or context expiration. 

SEE ALSO

Functions:  csf_gss_get_context_options(3), gss_accept_sec_context(3), gss_export_sec_context(3), gss_get_mic(3), gss_import_sec_context(3), gss_init_sec_context(3), gss_release_name(3), gss_wrap(3)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026