.TH "Globus GSSAPI" 3 "Mon Oct 5 2015" "Version 11.13" "globus_gssapi_gsi" \" -*- nroff -*- .ad l .nh .SH NAME Globus GSSAPI \- .PP GSI Implementation Details\&. .SS "Modules" .in +1c .ti -1c .RI "\fBConstants\fP" .br .RI "\fIImplementation-specific Constants\&. \fP" .ti -1c .RI "\fBActivation\fP" .br .RI "\fIModule Activation\&. \fP" .ti -1c .RI "\fBRequest Flags\fP" .br .RI "\fIRequest Flags\&. \fP" .ti -1c .RI "\fBReturn Flags\fP" .br .RI "\fIReturn Flags\&. \fP" .ti -1c .RI "\fBGSSAPI Extensions\fP" .br .RI "\fIextensions \fP" .in -1c .SS "Functions" .in +1c .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_accept_sec_context\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t input_token, const gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name_P, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle_P)" .br .RI "\fIGSS Accept Security Context\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_acquire_cred\fP (OM_uint32 *minor_status, const gss_name_t desired_name_P, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle_P, gss_OID_set *actual_mechs, OM_uint32 *time_rec)" .br .RI "\fIAcquire Credential\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_compare_name\fP (OM_uint32 *minor_status, const gss_name_t name1_P, const gss_name_t name2_P, int *name_equal)" .br .RI "\fICompare Name\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_delete_sec_context\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, gss_buffer_t output_token)" .br .RI "\fIDelete Security Context\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_display_name\fP (OM_uint32 *minor_status, const gss_name_t input_name_P, gss_buffer_t output_name, gss_OID *output_name_type)" .br .RI "\fIDisplay Name\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_display_status\fP (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string)" .br .RI "\fIDisplay Status .PP Calls the OpenSSL error print routines to produce a printable message\&. This may need some work, as the OpenSSL error messages are more of a trace, and my not be the best for the user\&. Also don't take advantage of being called in a loop\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_duplicate_name\fP (OM_uint32 *minor_status, const gss_name_t src_name, gss_name_t *dest_name)" .br .RI "\fIDuplicate Name\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_export_name\fP (OM_uint32 *minor_status, const gss_name_t input_name_P, gss_buffer_t exported_name)" .br .RI "\fIExport Name\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_export_sec_context\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, gss_buffer_t interprocess_token)" .br .RI "\fIExport Security Context\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_get_mic\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token)" .br .RI "\fIGet MIC .PP Calculates a cryptographic MIC (message integrity check) over an application message, and returns that MIC in the token\&. The token and message can then be passed to the peer application which calls \fBgss_verify_mic\fP to verify the MIC\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_sign\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int qop_req, gss_buffer_t message_buffer, gss_buffer_t message_token)" .br .RI "\fISign\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_import_name\fP (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name_P)" .br .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_import_sec_context\fP (OM_uint32 *minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle_P)" .br .RI "\fIImport Security Context .PP GSSAPI routine to import the security context based on the input token\&. See: \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_init_sec_context\fP (OM_uint32 *minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle_P, const gss_name_t target_name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec)" .br .RI "\fIInit Sec Context\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_inquire_context\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle_P, gss_name_t *src_name_P, gss_name_t *targ_name_P, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *open)" .br .RI "\fIInquire Context\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_context_time\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, OM_uint32 *time_rec)" .br .RI "\fIContext Time\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_inquire_cred\fP (OM_uint32 *minor_status, const gss_cred_id_t cred_handle_P, gss_name_t *name, OM_uint32 *lifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms)" .br .RI "\fIInquire Cred\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_add_oid_set_member\fP (OM_uint32 *minor_status, const gss_OID member_oid, gss_OID_set *oid_set)" .br .RI "\fIAdd OID Set Member\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_create_empty_oid_set\fP (OM_uint32 *minor_status, gss_OID_set *oid_set)" .br .RI "\fICreate Empty OID Set .PP Creates an object identifier set containing no object identifiers, to which members may be subsequently added using the GSS_Add_OID_set_member() routine\&. These routines are intended to be used to construct sets of mechanism object identifiers, for input to GSS_Acquire_cred()\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_indicate_mechs\fP (OM_uint32 *minor_status, gss_OID_set *mech_set)" .br .RI "\fIIndicate Mechs\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_release_oid_set\fP (OM_uint32 *minor_status, gss_OID_set *mech_set)" .br .RI "\fIRelease OID Set\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_test_oid_set_member\fP (OM_uint32 *minor_status, const gss_OID member, const gss_OID_set set, int *present)" .br .RI "\fITest OID Set Member\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_release_buffer\fP (OM_uint32 *minor_status, gss_buffer_t buffer)" .br .RI "\fIRelease Buffer\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_release_cred\fP (OM_uint32 *minor_status, gss_cred_id_t *cred_handle_P)" .br .RI "\fIRelease Credential\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_release_name\fP (OM_uint32 *minor_status, gss_name_t *name_P)" .br .RI "\fIGSS Release Name\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_unwrap\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state)" .br .RI "\fIUnwrap\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_unseal\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, int *qop_state)" .br .RI "\fIUnseal\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_verify_mic\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t *qop_state)" .br .RI "\fIVerify MIC\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_verify\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t message_buffer, gss_buffer_t token_buffer, int *qop_state)" .br .RI "\fIVerify\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_wrap_size_limit\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 *max_input_size)" .br .RI "\fIWrap Size Limit\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_wrap\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer)" .br .RI "\fIWrap\&. \fP" .ti -1c .RI "OM_uint32 GSS_CALLCONV \fBgss_seal\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, int qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer)" .br .RI "\fISeal\&. \fP" .in -1c .SH "Detailed Description" .PP GSI Implementation Details\&. The Globus GSI GSSAPI is an implementation of \fCGSS API C Bindings\fP using OpenSSL\&. This API documentation is intended to explain implementation-specific behavior of this GSSAPI implementation, as well as GSSAPI extensions\&. .PP The API documentation is divided into sections covering: .IP "\(bu" 2 \fBGlobus GSSAPI\fP .IP "\(bu" 2 \fBActivation\fP .IP "\(bu" 2 \fBConstants\fP .IP "\(bu" 2 \fBRequest Flags\fP .IP "\(bu" 2 \fBReturn Flags\fP .IP "\(bu" 2 \fBGSSAPI Extensions\fP .IP "\(bu" 2 \fBDelegation\fP .PP .SH "Function Documentation" .PP .SS "OM_uint32 GSS_CALLCONV gss_accept_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, const gss_cred_id_tacceptor_cred_handle, const gss_buffer_tinput_token, const gss_channel_bindings_tinput_chan_bindings, gss_name_t *src_name_P, gss_OID *mech_type, gss_buffer_toutput_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle_P)" .PP GSS Accept Security Context\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle_P\fP .br \fIacceptor_cred_handle\fP .br \fIinput_token\fP .br \fIinput_chan_bindings\fP .br \fIsrc_name_P\fP .br \fImech_type\fP .br \fIoutput_token\fP .br \fIret_flags\fP Also used as req_flags for other functions .br \fItime_rec\fP .br \fIdelegated_cred_handle_P\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_acquire_cred (OM_uint32 *minor_status, const gss_name_tdesired_name_P, OM_uint32time_req, const gss_OID_setdesired_mechs, gss_cred_usage_tcred_usage, gss_cred_id_t *output_cred_handle_P, gss_OID_set *actual_mechs, OM_uint32 *time_rec)" .PP Acquire Credential\&. GSSAPI routine to acquire the local credential\&. See the latest IETF draft/RFC on the GSSAPI C bindings\&. .PP Gets the local credentials\&. The proxy_init_cred does most of the work of setting up the SSL_ctx, getting the user's cert, key, etc\&. .PP The globusid will be obtained from the certificate\&. (Minus and /CN=proxy entries\&.) .PP \fBParameters:\fP .RS 4 \fIminor_status\fP Mechanism specific status code\&. In this implementation, the minor_status is a cast from a globus_result_t value, which is either GLOBUS_SUCCESS or a globus error object ID if an error occurred\&. .br \fIdesired_name_P\fP Name of principle whose credentials should be acquired This parameter maps to the desired subject of the cert to be acquired as the credential\&. Possible values are: .IP "\(bu" 2 For a service cert: \fIservice name\fP@\fIfqdn\fP .IP "\(bu" 2 For a host cert: \fIfqdn\fP .IP "\(bu" 2 For a proxy cert: \fIsubject name\fP .IP "\(bu" 2 For a user cert: \fIsubject name\fP This parameter can be NULL, in which case the cert is chosen using a default search order of: host, proxy, user, service .PP .br \fItime_req\fP Number of seconds that credentials should remain valid\&. This value can be GSS_C_INDEFINITE for an unlimited lifetime\&. NOTE: in the current implementation, this parameter is ignored, since you can't change the expiration of a signed cert\&. .br \fIdesired_mechs\fP .br \fIcred_usage\fP .br \fIoutput_cred_handle_P\fP .br \fIactual_mechs\fP .br \fItime_rec\fP .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_add_oid_set_member (OM_uint32 *minor_status, const gss_OIDmember_oid, gss_OID_set *oid_set)" .PP Add OID Set Member\&. Adds an Object Identifier to an Object Identifier set\&. This routine is intended for use in conjunction with GSS_Create_empty_OID_set() when constructing a set of mechanism OIDs for input to GSS_Acquire_cred()\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImember_oid\fP .br \fIoid_set\fP .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .br \fIGSS_S_FAILURE\fP Operation failed .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_compare_name (OM_uint32 *minor_status, const gss_name_tname1_P, const gss_name_tname2_P, int *name_equal)" .PP Compare Name\&. Compare two names\&. GSSAPI names in this implementation are pointers to X\&.509 names\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP currently is always set to GLOBUS_SUCCESS .br \fIname1_P\fP .br \fIname2_P\fP .br \fIname_equal\fP .RE .PP \fBReturns:\fP .RS 4 currently always returns GSS_S_COMPLETE .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_context_time (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, OM_uint32 *time_rec)" .PP Context Time\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fItime_rec\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_create_empty_oid_set (OM_uint32 *minor_status, gss_OID_set *oid_set)" .PP Create Empty OID Set .PP Creates an object identifier set containing no object identifiers, to which members may be subsequently added using the GSS_Add_OID_set_member() routine\&. These routines are intended to be used to construct sets of mechanism object identifiers, for input to GSS_Acquire_cred()\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIoid_set\fP .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .br \fIGSS_S_FAILURE\fP Operation failed .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_delete_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, gss_buffer_toutput_token)" .PP Delete Security Context\&. Delete the GSS Security Context .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status result - this is a globus_result_t cast to a OM_uint32\&. .br \fIcontext_handle_P\fP The context handle to be deleted .br \fIoutput_token\fP A token created upon destroying the context\&. If non-empty, this should be sent to the peer of the context to indicate that the context is closed\&. .RE .PP \fBReturns:\fP .RS 4 This function always returns GSS_S_COMPLETE .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_display_name (OM_uint32 *minor_status, const gss_name_tinput_name_P, gss_buffer_toutput_name, gss_OID *output_name_type)" .PP Display Name\&. Produces a single line version of the internal X\&.509 name .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIinput_name_P\fP .br \fIoutput_name\fP .br \fIoutput_name_type\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_display_status (OM_uint32 *minor_status, OM_uint32status_value, intstatus_type, const gss_OIDmech_type, OM_uint32 *message_context, gss_buffer_tstatus_string)" .PP Display Status .PP Calls the OpenSSL error print routines to produce a printable message\&. This may need some work, as the OpenSSL error messages are more of a trace, and my not be the best for the user\&. Also don't take advantage of being called in a loop\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIstatus_value\fP .br \fIstatus_type\fP .br \fImech_type\fP .br \fImessage_context\fP .br \fIstatus_string\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_duplicate_name (OM_uint32 *minor_status, const gss_name_tsrc_name, gss_name_t *dest_name)" .PP Duplicate Name\&. Copy a GSSAPI name\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIsrc_name\fP .br \fIdest_name\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_export_name (OM_uint32 *minor_status, const gss_name_tinput_name_P, gss_buffer_texported_name)" .PP Export Name\&. Produces a mechanism-independent exported name object\&. See section 3\&.2 of RFC 2743\&. .SS "OM_uint32 GSS_CALLCONV gss_export_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, gss_buffer_tinterprocess_token)" .PP Export Security Context\&. Saves the important info about the session, converts it to a token, then deletes the context\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle_P\fP .br \fIinterprocess_token\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP For SSL handle We need to save: version of this routine\&. cred_usage, i\&.e\&. are we accept or initiate target/source or name Session: Protocol, cipher, and Master-Key Client-Random Server-Random tmp\&.key_block: client and server Mac_secrets write_sequence read_sequence write iv read iv .PP see SSL 3\&.0 draft http://wp.netscape.com/eng/ssl3/index.html .SS "OM_uint32 GSS_CALLCONV gss_get_mic (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, gss_qop_tqop_req, const gss_buffer_tmessage_buffer, gss_buffer_tmessage_token)" .PP Get MIC .PP Calculates a cryptographic MIC (message integrity check) over an application message, and returns that MIC in the token\&. The token and message can then be passed to the peer application which calls \fBgss_verify_mic\fP to verify the MIC\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIqop_req\fP .br \fImessage_buffer\fP .br \fImessage_token\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_import_name (OM_uint32 *minor_status, const gss_buffer_tinput_name_buffer, const gss_OIDinput_name_type, gss_name_t *output_name_P)" Import a name into a gss_name_t .PP Creates a new gss_name_t which contains a mechanism-specific representation of the input name\&. GSSAPI OpenSSL implements the following name types, based on the input_name_type OID: .PP .IP "\(bu" 2 GSS_C_NT_ANONYMOUS (input_name_buffer is ignored) .IP "\(bu" 2 GSS_C_NT_HOSTBASED_SERVICE (input_name_buffer contains a string 'service@FQN' which will match /CN=service/FQDN) .IP "\(bu" 2 GSS_C_NT_EXPORT_NAME (input_name_buffer contains a string with the X509_oneline representation of a name) like '/X=Y/Z=A\&.\&.\&.') .IP "\(bu" 2 GSS_C_NO_OID or GSS_C_NT_USER_NAME (input_name_buffer contains an X\&.500 name formatted like '/X=Y/Z=A\&.\&.\&.') .IP "\(bu" 2 GLOBUS_GSS_C_NT_HOST_IP (input_name_buffer contains a string 'FQDN/ip-address' which will match names with the FQDN or the IP address) .IP "\(bu" 2 GLOBUS_SSS_C_NT_X509 (input buffer is an X509 struct from OpenSSL) .PP .PP \fBParameters:\fP .RS 4 \fIminor_status\fP Minor status .br \fIinput_name_buffer\fP Input name buffer which is interpreted based on the \fIinput_name_type\fP .br \fIinput_name_type\fP OID of the name .br \fIoutput_name_P\fP New gss_name_t value containing the name .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP indicates that a valid name representation is output in output_name and described by the type value in output_name_type\&. .br \fIGSS_S_BAD_NAMETYPE\fP indicates that the input_name_type is unsupported by the applicable underlying GSS-API mechanism(s), so the import operation could not be completed\&. .br \fIGSS_S_BAD_NAME\fP indicates that the provided input_name_string is ill-formed in terms of the input_name_type, so the import operation could not be completed\&. .br \fIGSS_S_BAD_MECH\fP indicates that the input presented for import was an exported name object and that its enclosed mechanism type was not recognized or was unsupported by the GSS-API implementation\&. .br \fIGSS_S_FAILURE\fP indicates that the requested operation could not be performed for reasons unspecified at the GSS-API level\&. .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_indicate_mechs (OM_uint32 *minor_status, gss_OID_set *mech_set)" .PP Indicate Mechs\&. Passes back the mech set of available mechs\&. We only have one for now\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImech_set\fP .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_inquire_context (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle_P, gss_name_t *src_name_P, gss_name_t *targ_name_P, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *open)" .PP Inquire Context\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle_P\fP .br \fIsrc_name_P\fP .br \fItarg_name_P\fP .br \fIlifetime_rec\fP .br \fImech_type\fP .br \fIctx_flags\fP .br \fIlocally_initiated\fP .br \fIopen\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_inquire_cred (OM_uint32 *minor_status, const gss_cred_id_tcred_handle_P, gss_name_t *name, OM_uint32 *lifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms)" .PP Inquire Cred\&. We will also allow the return of the proxy file name, if the minor_status is set to a value of 57056 0xdee0 This is done since there is no way to pass back the delegated credential file name\&. .PP When 57056 is seen, this will cause a new copy of this credential to be written, and it is the user's responsibility to free the file when done\&. The name will be a pointer to a char * of the file name which must be freeed\&. The minor_status will be set to 57057 0xdee1 to indicate this\&. .PP DEE - this is a kludge, till the GSSAPI get a better way to return the name\&. .PP If the minor status is not changed from 57056 to 57057 assume it is not this gssapi, and a gss name was returned\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcred_handle_P\fP .br \fIname\fP .br \fIlifetime\fP .br \fIcred_usage\fP .br \fImechanisms\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_release_buffer (OM_uint32 *minor_status, gss_buffer_tbuffer)" .PP Release Buffer\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIbuffer\fP .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_release_cred (OM_uint32 *minor_status, gss_cred_id_t *cred_handle_P)" .PP Release Credential\&. Release the GSSAPI credential handle .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status result - this is a globus_result_t cast to a OM_uint32\&. To access the globus error object use: globus_error_get((globus_result_t) *minor_status) .br \fIcred_handle_P\fP The gss cred handle to be released .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_release_name (OM_uint32 *minor_status, gss_name_t *name_P)" .PP GSS Release Name\&. Release the GSS Name .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status result - this is a globus_result_t cast to a (OM_uint32 *)\&. .br \fIname_P\fP The GSSAPI name to be released .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .br \fIGSS_S_FAILURE\fP Failure .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_release_oid_set (OM_uint32 *minor_status, gss_OID_set *mech_set)" .PP Release OID Set\&. Release the OID set\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImech_set\fP .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_seal (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, intconf_req_flag, intqop_req, gss_buffer_tinput_message_buffer, int *conf_state, gss_buffer_toutput_message_buffer)" .PP Seal\&. Obsolete variant of gss_wrap for V1 compatibility .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIconf_req_flag\fP .br \fIqop_req\fP .br \fIinput_message_buffer\fP .br \fIconf_state\fP .br \fIoutput_message_buffer\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_sign (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, intqop_req, gss_buffer_tmessage_buffer, gss_buffer_tmessage_token)" .PP Sign\&. Deprecated\&. Does the same thing as gss_get_mic for V1 compatibility\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIqop_req\fP .br \fImessage_buffer\fP .br \fImessage_token\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_test_oid_set_member (OM_uint32 *minor_status, const gss_OIDmember, const gss_OID_setset, int *present)" .PP Test OID Set Member\&. Interrogates an Object Identifier set to determine whether a specified Object Identifier is a member\&. This routine is intended to be used with OID sets returned by GSS_Indicate_mechs(), GSS_Acquire_cred(), and GSS_Inquire_cred()\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImember\fP .br \fIset\fP .br \fIpresent\fP .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP Success .br \fIGSS_S_FAILURE\fP Operation failed .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_unseal (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, gss_buffer_tinput_message_buffer, gss_buffer_toutput_message_buffer, int *conf_state, int *qop_state)" .PP Unseal\&. Obsolete variant of gss_wrap for V1 compatibility allow for non 32 bit integer in qop_state\&. .PP Return the data from the wrapped buffer\&. There may also be errors, such as integrity errors\&. Since we can not communicate directly with our peer, we can not do everything SSL could, i\&.e\&. return a token for example\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIinput_message_buffer\fP .br \fIoutput_message_buffer\fP .br \fIconf_state\fP .br \fIqop_state\fP .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_unwrap (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_buffer_tinput_message_buffer, gss_buffer_toutput_message_buffer, int *conf_state, gss_qop_t *qop_state)" .PP Unwrap\&. GSSAPI routine to unwrap a buffer which may have been received and wraped by wrap\&.c .PP Return the data from the wrapped buffer\&. There may also be errors, such as integrity errors\&. Since we can not communicate directly with our peer, we can not do everything SSL could, i\&.e\&. return a token for example\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIinput_message_buffer\fP .br \fIoutput_message_buffer\fP .br \fIconf_state\fP .br \fIqop_state\fP .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_verify (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, gss_buffer_tmessage_buffer, gss_buffer_ttoken_buffer, int *qop_state)" .PP Verify\&. Obsolete variant of gss_verify for V1 compatibility Check a MIC of the date .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fImessage_buffer\fP .br \fItoken_buffer\fP .br \fIqop_state\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_verify_mic (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_buffer_tmessage_buffer, const gss_buffer_ttoken_buffer, gss_qop_t *qop_state)" .PP Verify MIC\&. Check a MIC of the data .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fImessage_buffer\fP .br \fItoken_buffer\fP .br \fIqop_state\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_wrap (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, intconf_req_flag, gss_qop_tqop_req, const gss_buffer_tinput_message_buffer, int *conf_state, gss_buffer_toutput_message_buffer)" .PP Wrap\&. Wrap a message for integrity and protection\&. We do this using the SSLv3 routines, by writing to the SSL bio, and pulling off the buffer from the back of the write BIO\&. But we can't do everything SSL might want, such as control messages, or segment the messages here, since we are forced to using the GSSAPI tokens, and can not communicate directly with our peer\&. So there maybe some failures which would work with true SSL\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIconf_req_flag\fP .br \fIqop_req\fP .br \fIinput_message_buffer\fP .br \fIconf_state\fP .br \fIoutput_message_buffer\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 GSS_CALLCONV gss_wrap_size_limit (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, intconf_req_flag, gss_qop_tqop_req, OM_uint32req_output_size, OM_uint32 *max_input_size)" .PP Wrap Size Limit\&. GSSAPI routine to take a buffer, calculate a MIC which is returned as a token\&. We will use the SSL protocol here\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIconf_req_flag\fP .br \fIqop_req\fP .br \fIreq_output_size\fP .br \fImax_input_size\fP .RE .PP .SH "Author" .PP Generated automatically by Doxygen for globus_gssapi_gsi from the source code\&.