.TH "GSS Req Flags" 3 "Mon Apr 30 2012" "Version 10.6" "globus gssapi gsi" \" -*- nroff -*- .ad l .nh .SH NAME GSS Req Flags \- .SS "Modules" .in +1c .ti -1c .RI "\fBGSS Ret Flags\fP" .br .in -1c .SS "Defines" .in +1c .ti -1c .RI "#define \fBGSS_C_GLOBUS_DONT_ACCEPT_LIMITED_PROXY_FLAG\fP 8192" .br .ti -1c .RI "#define \fBGSS_C_GLOBUS_DELEGATE_LIMITED_PROXY_FLAG\fP 4096" .br .ti -1c .RI "#define \fBGSS_C_GLOBUS_ACCEPT_PROXY_SIGNED_BY_LIMITED_PROXY_FLAG\fP 32768" .br .ti -1c .RI "#define \fBGSS_C_GLOBUS_ALLOW_MISSING_SIGNING_POLICY\fP 65536" .br .ti -1c .RI "#define \fBGSS_C_GLOBUS_FORCE_SSL3\fP 131072" .br .ti -1c .RI "#define \fBGSS_C_GLOBUS_LIMITED_PROXY_MANY_FLAG\fP 32768" .br .in -1c .SS "Functions" .in +1c .ti -1c .RI "OM_uint32 \fBgss_acquire_cred\fP (OM_uint32 *, const gss_name_t, OM_uint32, const gss_OID_set, gss_cred_usage_t, gss_cred_id_t *, gss_OID_set *, OM_uint32 *)" .br .ti -1c .RI "OM_uint32 \fBgss_release_cred\fP (OM_uint32 *, gss_cred_id_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_accept_sec_context\fP (OM_uint32 *, gss_ctx_id_t *, const gss_cred_id_t, const gss_buffer_t, const gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_delete_sec_context\fP (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_context_time\fP (OM_uint32 *, const gss_ctx_id_t, OM_uint32 *)" .br .ti -1c .RI "OM_uint32 \fBgss_get_mic\fP (OM_uint32 *, const gss_ctx_id_t, gss_qop_t, const gss_buffer_t, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_verify_mic\fP (OM_uint32 *, const gss_ctx_id_t, const gss_buffer_t, const gss_buffer_t, gss_qop_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_wrap\fP (OM_uint32 *, const gss_ctx_id_t, int, gss_qop_t, const gss_buffer_t, int *, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_unwrap\fP (OM_uint32 *, const gss_ctx_id_t, const gss_buffer_t, gss_buffer_t, int *, gss_qop_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_display_status\fP (OM_uint32 *, OM_uint32, int, const gss_OID, OM_uint32 *, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_indicate_mechs\fP (OM_uint32 *, gss_OID_set *)" .br .ti -1c .RI "OM_uint32 \fBgss_compare_name\fP (OM_uint32 *, const gss_name_t, const gss_name_t, int *)" .br .ti -1c .RI "OM_uint32 \fBgss_import_name\fP (OM_uint32 *, const gss_buffer_t, const gss_OID, gss_name_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_export_name\fP (OM_uint32 *, const gss_name_t, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_release_name\fP (OM_uint32 *, gss_name_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_release_buffer\fP (OM_uint32 *, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_release_oid_set\fP (OM_uint32 *, gss_OID_set *)" .br .ti -1c .RI "OM_uint32 \fBgss_inquire_cred\fP (OM_uint32 *, const gss_cred_id_t, gss_name_t *, OM_uint32 *, gss_cred_usage_t *, gss_OID_set *)" .br .ti -1c .RI "OM_uint32 \fBgss_inquire_context\fP (OM_uint32 *, const gss_ctx_id_t, gss_name_t *, gss_name_t *, OM_uint32 *, gss_OID *, OM_uint32 *, int *, int *)" .br .ti -1c .RI "OM_uint32 \fBgss_wrap_size_limit\fP (OM_uint32 *, const gss_ctx_id_t, int, gss_qop_t, OM_uint32, OM_uint32 *)" .br .ti -1c .RI "OM_uint32 \fBgss_export_sec_context\fP (OM_uint32 *, gss_ctx_id_t *, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_import_sec_context\fP (OM_uint32 *, const gss_buffer_t, gss_ctx_id_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_create_empty_oid_set\fP (OM_uint32 *, gss_OID_set *)" .br .ti -1c .RI "OM_uint32 \fBgss_add_oid_set_member\fP (OM_uint32 *, const gss_OID, gss_OID_set *)" .br .ti -1c .RI "OM_uint32 \fBgss_test_oid_set_member\fP (OM_uint32 *, const gss_OID, const gss_OID_set, int *)" .br .ti -1c .RI "OM_uint32 \fBgss_duplicate_name\fP (OM_uint32 *, const gss_name_t, gss_name_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_sign\fP (OM_uint32 *, gss_ctx_id_t, int, gss_buffer_t, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_verify\fP (OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *)" .br .ti -1c .RI "OM_uint32 \fBgss_unseal\fP (OM_uint32 *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, int *)" .br .ti -1c .RI "OM_uint32 \fBgss_create_empty_buffer_set\fP (OM_uint32 *, gss_buffer_set_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_add_buffer_set_member\fP (OM_uint32 *, const gss_buffer_t, gss_buffer_set_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_release_buffer_set\fP (OM_uint32 *, gss_buffer_set_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_import_cred\fP (OM_uint32 *, gss_cred_id_t *, const gss_OID, OM_uint32, const gss_buffer_t, OM_uint32, OM_uint32 *)" .br .ti -1c .RI "OM_uint32 \fBgss_export_cred\fP (OM_uint32 *, const gss_cred_id_t, const gss_OID, OM_uint32, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_init_delegation\fP (OM_uint32 *, const gss_ctx_id_t, const gss_cred_id_t, const gss_OID, const gss_OID_set, const gss_buffer_set_t, const gss_buffer_t, OM_uint32, OM_uint32, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_accept_delegation\fP (OM_uint32 *, const gss_ctx_id_t, const gss_OID_set, const gss_buffer_set_t, const gss_buffer_t, OM_uint32, OM_uint32, OM_uint32 *, gss_cred_id_t *, gss_OID *, gss_buffer_t)" .br .ti -1c .RI "OM_uint32 \fBgss_inquire_cred_by_oid\fP (OM_uint32 *, const gss_cred_id_t, const gss_OID, gss_buffer_set_t *)" .br .ti -1c .RI "OM_uint32 \fBgss_set_sec_context_option\fP (OM_uint32 *, gss_ctx_id_t *, const gss_OID, const gss_buffer_t)" .br .in -1c .SH "Detailed Description" .PP These macros set the REQUESTED type of context - these should be set (or not) in the context's req_flags (or in the context's ret_flags if accept_sec_context is being called) .SH "Define Documentation" .PP .SS "#define \fBGSS_C_GLOBUS_DONT_ACCEPT_LIMITED_PROXY_FLAG\fP 8192" .PP Set if you don't want a context to accept a limited proxy\&. If this flag is set, and a limited proxy is received, the call will not be successful and the context will not be set up .SS "#define \fBGSS_C_GLOBUS_DELEGATE_LIMITED_PROXY_FLAG\fP 4096" .PP Set if you wan the delegated proxy to be a limited proxy\&. .SS "#define \fBGSS_C_GLOBUS_ACCEPT_PROXY_SIGNED_BY_LIMITED_PROXY_FLAG\fP 32768" .PP Set if you want to accept proxies signed by limited proxies\&. \fBDeprecated\fP .RS 4 We now accept proxies signed by limited proxies if they are limited or independent\&. .RE .PP .SS "#define \fBGSS_C_GLOBUS_ALLOW_MISSING_SIGNING_POLICY\fP 65536" .PP Set if you want to allow CA certs without a signing policy to verify\&. .SS "#define \fBGSS_C_GLOBUS_FORCE_SSL3\fP 131072" .PP Set if you want to force SSLv3 instead of negotiating TLSv1 or SSLv3\&. .SS "#define \fBGSS_C_GLOBUS_LIMITED_PROXY_MANY_FLAG\fP 32768"\fBDeprecated\fP .RS 4 We now accept proxies signed by limited proxies if they are limited or independent\&. .RE .PP .SH "Function Documentation" .PP .SS "OM_uint32 \fBgss_acquire_cred\fP (OM_uint32 *minor_status, const gss_name_tdesired_name_P, OM_uint32time_req, const gss_OID_setdesired_mechs, gss_cred_usage_tcred_usage, gss_cred_id_t *output_cred_handle_P, gss_OID_set *actual_mechs, OM_uint32 *time_rec)" .PP GSSAPI routine to acquire the local credential\&. See the latest IETF draft/RFC on the GSS C bindings\&. .PP Gets the local credentials\&. The proxy_init_cred does most of the work of setting up the SSL_ctx, getting the user's cert, key, etc\&. .PP The globusid will be obtained from the certificate\&. (Minus and /CN=proxy entries\&.) .PP \fBParameters:\fP .RS 4 \fIminor_status\fP Mechanism specific status code\&. In this implementation, the minor_status is a cast from a globus_result_t value, which is either GLOBUS_SUCCESS or a globus error object ID if an error occurred\&. .br \fIdesired_name_P\fP Name of principle whose credentials should be acquired This parameter maps to the desired subject of the cert to be acquired as the credential\&. Possible values are: For a service cert: =''> For a host cert: For a proxy cert: =''> For a user cert: =''> This parameter can be NULL, in which case the cert is chosen using a default search order of: host, proxy, user, service .br \fItime_req\fP Number of seconds that credentials should remain valid\&. This value can be GSS_C_INDEFINITE for an unlimited lifetime\&. NOTE: in the current implementation, this parameter is ignored, since you can't change the expiration of a signed cert\&. .br \fIdesired_mechs\fP .br \fIcred_usage\fP .br \fIoutput_cred_handle_P\fP .br \fIactual_mechs\fP .br \fItime_rec\fP .RE .PP .SS "OM_uint32 \fBgss_release_cred\fP (OM_uint32 *minor_status, gss_cred_id_t *cred_handle_P)" .PP Release the GSS cred handle\&. \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status result - this is a globus_result_t cast to a OM_uint32\&. To access the globus error object use: globus_error_get((globus_result_t) *minor_status) .br \fIcred_handle_P\fP The gss cred handle to be released .RE .PP \fBReturns:\fP .RS 4 The major status - GSS_S_COMPLETE or GSS_S_FAILURE .RE .PP .SS "OM_uint32 \fBgss_accept_sec_context\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, const gss_cred_id_tacceptor_cred_handle, const gss_buffer_tinput_token, const gss_channel_bindings_tinput_chan_bindings, gss_name_t *src_name_P, gss_OID *mech_type, gss_buffer_toutput_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle_P)"\fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle_P\fP .br \fIacceptor_cred_handle\fP .br \fIinput_token\fP .br \fIinput_chan_bindings\fP .br \fIsrc_name_P\fP .br \fImech_type\fP .br \fIoutput_token\fP .br \fIret_flags\fP Also used as req_flags for other functions .br \fItime_rec\fP .br \fIdelegated_cred_handle_P\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_delete_sec_context\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, gss_buffer_toutput_token)" .PP Delete the GSS Security Context\&. \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status result - this is a globus_result_t cast to a OM_uint32\&. The .br \fIcontext_handle_P\fP The context handle to be deleted .br \fIoutput_token\fP The .RE .PP .SS "OM_uint32 \fBgss_context_time\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, OM_uint32 *time_rec)"\fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fItime_rec\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_get_mic\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, gss_qop_tqop_req, const gss_buffer_tmessage_buffer, gss_buffer_tmessage_token)" .PP Calculates a cryptographic MIC (message integrity check) over an application message, and returns that MIC in the token\&. The token and message can then be passed to the peer application which calls \fBgss_verify_mic\fP to verify the MIC\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIqop_req\fP .br \fImessage_buffer\fP .br \fImessage_token\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_verify_mic\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_buffer_tmessage_buffer, const gss_buffer_ttoken_buffer, gss_qop_t *qop_state)" .PP Check a MIC of the data\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fImessage_buffer\fP .br \fItoken_buffer\fP .br \fIqop_state\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_wrap\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, intconf_req_flag, gss_qop_tqop_req, const gss_buffer_tinput_message_buffer, int *conf_state, gss_buffer_toutput_message_buffer)" .PP Wrap a message for integretry and protection\&. We do this using the SSLv3 routines, by writing to the SSL bio, and pulling off the buffer from the back of the write BIO\&. But we can't do everything SSL might want, such as control messages, or segment the messages here, since we are forced to using the gssapi tokens, and can not communicate directly with our peer\&. So there maybe some failures which would work with true SSL\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIconf_req_flag\fP .br \fIqop_req\fP .br \fIinput_message_buffer\fP .br \fIconf_state\fP .br \fIoutput_message_buffer\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_unwrap\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_buffer_tinput_message_buffer, gss_buffer_toutput_message_buffer, int *conf_state, gss_qop_t *qop_state)" .PP GSSAPI routine to unwrap a buffer which may have been received and wraped by wrap\&.c\&. Return the data from the wrapped buffer\&. There may also be errors, such as integraty errors\&. Since we can not communicate directly with our peer, we can not do everything SSL could, i\&.e\&. return a token for example\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIinput_message_buffer\fP .br \fIoutput_message_buffer\fP .br \fIconf_state\fP .br \fIqop_state\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_display_status\fP (OM_uint32 *minor_status, OM_uint32status_value, intstatus_type, const gss_OIDmech_type, OM_uint32 *message_context, gss_buffer_tstatus_string)" .PP Calls the SSLeay error print routines to produce a printable message\&. This may need some work, as the SSLeay error messages are more of a trace, and my not be the best for the user\&. Also don't take advantage of being called in a loop\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIstatus_value\fP .br \fIstatus_type\fP .br \fImech_type\fP .br \fImessage_context\fP .br \fIstatus_string\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_indicate_mechs\fP (OM_uint32 *minor_status, gss_OID_set *mech_set)" .PP Passes back the mech set of available mechs\&. We only have one for now\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImech_set\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_compare_name\fP (OM_uint32 *minor_status, const gss_name_tname1_P, const gss_name_tname2_P, int *name_equal)" .PP Compare two names\&. GSSAPI names in this implementation are pointers to x509 names\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP currently is always set to GLOBUS_SUCCESS .br \fIname1_P\fP .br \fIname2_P\fP .br \fIname_equal\fP .RE .PP \fBReturns:\fP .RS 4 currently always returns GSS_S_COMPLETE .RE .PP .SS "OM_uint32 \fBgss_import_name\fP (OM_uint32 *minor_status, const gss_buffer_tinput_name_buffer, const gss_OIDinput_name_type, gss_name_t *output_name_P)" .PP Import a name into a gss_name_t .PP Creates a new gss_name_t which contains a mechanism-specific representation of the input name\&. GSSAPI OpenSSL implements the following name types, based on the input_name_type OID: .PP .IP "\(bu" 2 GSS_C_NT_ANONYMOUS (input_name_buffer is ignored) .IP "\(bu" 2 GSS_C_NT_HOSTBASED_SERVICE (input_name_buffer contains a string 'service@FQN' which will match /CN=service/FQDN) .IP "\(bu" 2 GSS_C_NT_EXPORT_NAME (input_name_buffer contains a string with the X509_oneline representation of a name) like '/X=Y/Z=A\&.\&.\&.') .IP "\(bu" 2 GSS_C_NO_OID or GSS_C_NT_USER_NAME (input_name_buffer contains an X\&.500 name formatted like '/X=Y/Z=A\&.\&.\&.') .IP "\(bu" 2 GLOBUS_GSS_C_NT_HOST_IP (input_name_buffer contains a string 'FQDN/ip-address' which will match names with the FQDN or the IP address) .IP "\(bu" 2 GLOBUS_SSS_C_NT_X509 (input buffer is an X509 struct from OpenSSL) .PP .PP \fBParameters:\fP .RS 4 \fIminor_status\fP Minor status .br \fIinput_name_buffer\fP Input name buffer which is interpreted based on the \fIinput_name_type\fP .br \fIinput_name_type\fP OID of the name .br \fIoutput_name_P\fP New gss_name_t value containing the name .RE .PP \fBReturn values:\fP .RS 4 \fIGSS_S_COMPLETE\fP indicates that a valid name representation is output in output_name and described by the type value in output_name_type\&. .br \fIGSS_S_BAD_NAMETYPE\fP indicates that the input_name_type is unsupported by the applicable underlying GSS-API mechanism(s), so the import operation could not be completed\&. .br \fIGSS_S_BAD_NAME\fP indicates that the provided input_name_string is ill-formed in terms of the input_name_type, so the import operation could not be completed\&. .br \fIGSS_S_BAD_MECH\fP indicates that the input presented for import was an exported name object and that its enclosed mechanism type was not recognized or was unsupported by the GSS-API implementation\&. .br \fIGSS_S_FAILURE\fP indicates that the requested operation could not be performed for reasons unspecified at the GSS-API level\&. .RE .PP .SS "OM_uint32 \fBgss_export_name\fP (OM_uint32 *minor_status, const gss_name_tinput_name_P, gss_buffer_texported_name)" .PP Produces a mechanism-independent exported name object\&. See section 3\&.2 of RFC 2743\&. .SS "OM_uint32 \fBgss_release_name\fP (OM_uint32 *minor_status, gss_name_t *name_P)" .PP Release the GSS Name\&. \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status result - this is a globus_result_t cast to a (OM_uint32 *)\&. .br \fIname_P\fP The gss name to be released .RE .PP \fBReturns:\fP .RS 4 The major status - GSS_S_COMPLETE or GSS_S_FAILURE .RE .PP .SS "OM_uint32 \fBgss_release_buffer\fP (OM_uint32 *minor_status, gss_buffer_tbuffer)"\fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIbuffer\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_release_oid_set\fP (OM_uint32 *minor_status, gss_OID_set *mech_set)" .PP Release the OID set\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImech_set\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_inquire_cred\fP (OM_uint32 *minor_status, const gss_cred_id_tcred_handle_P, gss_name_t *name, OM_uint32 *lifetime, gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms)" .PP Get information about the current credential\&. We will also allow the return of the proxy file name, if the minor_status is set to a value of 57056 0xdee0 This is done since there is no way to pass back the delegated credential file name\&. .PP When 57056 is seen, this will cause a new copy of this credential to be written, and it is the user's responsibility to free the file when done\&. The name will be a pointer to a char * of the file name which must be freeed\&. The minor_status will be set to 57057 0xdee1 to indicate this\&. .PP DEE - this is a kludge, till the GSSAPI get a better way to return the name\&. .PP If the minor status is not changed from 57056 to 57057 assume it is not this gssapi, and a gss name was returned\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcred_handle_P\fP .br \fIname\fP .br \fIlifetime\fP .br \fIcred_usage\fP .br \fImechanisms\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_inquire_context\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle_P, gss_name_t *src_name_P, gss_name_t *targ_name_P, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *open)"\fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle_P\fP .br \fIsrc_name_P\fP .br \fItarg_name_P\fP .br \fIlifetime_rec\fP .br \fImech_type\fP .br \fIctx_flags\fP .br \fIlocally_initiated\fP .br \fIopen\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_wrap_size_limit\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, intconf_req_flag, gss_qop_tqop_req, OM_uint32req_output_size, OM_uint32 *max_input_size)" .PP GSSAPI routine to take a buffer, calculate a MIC which is returned as a token\&. We will use the SSL protocol here\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIconf_req_flag\fP .br \fIqop_req\fP .br \fIreq_output_size\fP .br \fImax_input_size\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_export_sec_context\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle_P, gss_buffer_tinterprocess_token)" .PP Saves the important info about the session, converts it to a token, then deletes the context\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle_P\fP .br \fIinterprocess_token\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP For SSL handle We need to save: version of this routine\&. cred_usage, i\&.e\&. are we accept or initiate target/source or name Session: Protocol, cipher, and Master-Key Client-Random Server-Random tmp\&.key_block: client and server Mac_secrets write_sequence read_sequence write iv read iv .PP see SSL 3\&.0 draft http://wp.netscape.com/eng/ssl3/index.html .SS "OM_uint32 \fBgss_import_sec_context\fP (OM_uint32 *minor_status, const gss_buffer_tinterprocess_token, gss_ctx_id_t *context_handle_P)" .PP GSSAPI routine to import the security context based on the input token\&. See: .SS "OM_uint32 \fBgss_create_empty_oid_set\fP (OM_uint32 *minor_status, gss_OID_set *oid_set)" .PP Creates an object identifier set containing no object identifiers, to which members may be subsequently added using the GSS_Add_OID_set_member() routine\&. These routines are intended to be used to construct sets of mechanism object identifiers, for input to GSS_Acquire_cred()\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIoid_set\fP .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE indicates successful completion GSS_S_FAILURE indicates that the operation failed .RE .PP .SS "OM_uint32 \fBgss_add_oid_set_member\fP (OM_uint32 *minor_status, const gss_OIDmember_oid, gss_OID_set *oid_set)" .PP Adds an Object Identifier to an Object Identifier set\&. This routine is intended for use in conjunction with GSS_Create_empty_OID_set() when constructing a set of mechanism OIDs for input to GSS_Acquire_cred()\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImember_oid\fP .br \fIoid_set\fP .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE indicates successful completion GSS_S_FAILURE indicates that the operation failed .RE .PP .SS "OM_uint32 \fBgss_test_oid_set_member\fP (OM_uint32 *minor_status, const gss_OIDmember, const gss_OID_setset, int *present)" .PP Interrogates an Object Identifier set to determine whether a specified Object Identifier is a member\&. This routine is intended to be used with OID sets returned by GSS_Indicate_mechs(), GSS_Acquire_cred(), and GSS_Inquire_cred()\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fImember\fP .br \fIset\fP .br \fIpresent\fP .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE indicates successful completion GSS_S_FAILURE indicates that the operation failed .RE .PP .SS "OM_uint32 \fBgss_duplicate_name\fP (OM_uint32 *minor_status, const gss_name_tsrc_name, gss_name_t *dest_name)" .PP Copy a GSS name\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIsrc_name\fP .br \fIdest_name\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_sign\fP (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, intqop_req, gss_buffer_tmessage_buffer, gss_buffer_tmessage_token)" .PP Deprecated\&. Does the same thing as gss_get_mic for V1 compatability\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIqop_req\fP .br \fImessage_buffer\fP .br \fImessage_token\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_verify\fP (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, gss_buffer_tmessage_buffer, gss_buffer_ttoken_buffer, int *qop_state)" .PP Obsolete variant of gss_verify for V1 compatability Check a MIC of the date\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fImassage_buffer\fP .br \fItoken_buffer\fP .br \fIqop_state\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_unseal\fP (OM_uint32 *minor_status, gss_ctx_id_tcontext_handle, gss_buffer_tinput_message_buffer, gss_buffer_toutput_message_buffer, int *conf_state, int *qop_state)" .PP Obsolete variant of gss_wrap for V1 compatability allow for non 32 bit integer in qop_state\&. Return the data from the wrapped buffer\&. There may also be errors, such as integraty errors\&. Since we can not communicate directly with our peer, we can not do everything SSL could, i\&.e\&. return a token for example\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIinput_message_buffer\fP .br \fIoutput_message_buffer\fP .br \fIconf_state\fP .br \fIqop_state\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_create_empty_buffer_set\fP (OM_uint32 *minor_status, gss_buffer_set_t *buffer_set)" .PP Create a empty buffer set\&. This function allocates and initializes a empty buffer set\&. The memory allocated in this function should be freed by a call to gss_release_buffer_set\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status returned by this function\&. This paramter will be 0 upon success\&. .br \fIbuffer_set\fP Pointer to a buffer set structure\&. .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE upon success GSS_S_FAILURE failure .RE .PP \fBSee also:\fP .RS 4 \fBgss_add_buffer_set_member\fP .PP \fBgss_release_buffer_set\fP .RE .PP .SS "OM_uint32 \fBgss_add_buffer_set_member\fP (OM_uint32 *minor_status, const gss_buffer_tmember_buffer, gss_buffer_set_t *buffer_set)" .PP Add a buffer to a buffer set\&. This function allocates a new gss_buffer_t, intializes it with the values in the member_buffer parameter\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status returned by this function\&. This paramter will be 0 upon success\&. .br \fImember_buffer\fP Buffer to insert into the buffer set\&. .br \fIbuffer_set\fP Pointer to a initialized buffer set structure\&. .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE upon success GSS_S_FAILURE failure .RE .PP \fBSee also:\fP .RS 4 \fBgss_create_empty_buffer_set\fP .PP \fBgss_release_buffer_set\fP .RE .PP .SS "OM_uint32 \fBgss_release_buffer_set\fP (OM_uint32 *minor_status, gss_buffer_set_t *buffer_set)" .PP Free all memory associated with a buffer set\&. This function will free all memory associated with a buffer set\&. Note that it will also free all memory associated with the buffers int the buffer set\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status returned by this function\&. This paramter will be 0 upon success\&. .br \fIbuffer_set\fP Pointer to a buffer set structure\&. This pointer will point at a NULL value upon return\&. .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE upon success GSS_S_FAILURE failure .RE .PP \fBSee also:\fP .RS 4 \fBgss_create_empty_buffer_set\fP .PP \fBgss_add_buffer_set_member\fP .RE .PP .SS "OM_uint32 \fBgss_import_cred\fP (OM_uint32 *minor_status, gss_cred_id_t *output_cred_handle, const gss_OIDdesired_mech, OM_uint32option_req, const gss_buffer_timport_buffer, OM_uint32time_req, OM_uint32 *time_rec)" .PP Import a credential that was exported by \fBgss_export_cred()\fP\&. This function will import credentials exported by \fBgss_export_cred()\fP\&. It is intended to allow a multiple use application to checkpoint delegated credentials\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status returned by this function\&. This paramter will be 0 upon success\&. .br \fIoutput_cred_handle\fP Upon success, this paramter will contain the imported credential\&. When no longer needed this credential should be freed using \fBgss_release_cred()\fP\&. .br \fIdesired_mech\fP This paramter may be used to specify the desired security mechanism\&. May be GSS_C_NO_OID\&. .br \fIoption_req\fP This paramater indicates which option_req value was used to produce the import_buffer\&. .br \fIimport_buffer\fP A buffer produced by gss_export_credential()\&. .br \fItime_req\fP The requested period of validity (seconds) for the imported credential\&. May be NULL\&. .br \fItime_rec\fP This parameter will contain the received period of validity of the imported credential upon success\&. May be NULL\&. .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE upon successful completion GSS_S_BAD_MECH if the requested security mechanism is unavailable GSS_S_DEFECTIVE_TOKEN if the import_buffer is defective GSS_S_FAILURE upon general failure .RE .PP .SS "OM_uint32 \fBgss_export_cred\fP (OM_uint32 *minor_status, const gss_cred_id_tcred_handle, const gss_OIDdesired_mech, OM_uint32option_req, gss_buffer_texport_buffer)" .PP Saves the credential so it can be checkpointed and imported by gss_import_cred\&. \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcred_handle\fP .br \fIdesired_mech\fP Should either be \fBgss_mech_globus_gssapi_openssl\fP or NULL (in which case gss_mech_globus_gssapi_openssl is assumed)\&. .br \fIoption_req\fP .br \fIexport_buffer\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_init_delegation\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_cred_id_tcred_handle, const gss_OIDdesired_mech, const gss_OID_setextension_oids, const gss_buffer_set_textension_buffers, const gss_buffer_tinput_token, OM_uint32req_flags, OM_uint32time_req, gss_buffer_toutput_token)" .PP Initiate the delegation of a credential\&. This functions drives the initiating side of the credential delegation process\&. It is expected to be called in tandem with the gss_accept_delegation function\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status returned by this function\&. This paramter will be 0 upon success\&. .br \fIcontext_handle\fP The security context over which the credential is delegated\&. .br \fIcred_handle\fP The credential to be delegated\&. May be GSS_C_NO_CREDENTIAL in which case the credential associated with the security context is used\&. .br \fIdesired_mech\fP The desired security mechanism\&. Currently not used\&. May be GSS_C_NO_OID\&. .br \fIextension_oids\fP A set of extension oids corresponding to buffers in the extension_buffers parameter below\&. The extensions specified will be added to the delegated credential\&. May be GSS_C_NO_BUFFER_SET\&. .br \fIextension_buffers\fP A set of extension buffers corresponding to oids in the extension_oids paramter above\&. May be GSS_C_NO_BUFFER_SET\&. .br \fIinput_token\fP The token that was produced by a prior call to gss_accept_delegation\&. This parameter will be ignored the first time this function is called\&. .br \fIreq_flags\fP Flags that modify the behavior of the function\&. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG are checked for\&. The GSS_C_GLOBUS_SSL_COMPATIBLE flag results in tokens that aren't wrapped and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG causes the delegated proxy to be limited (requires that no extensions are specified\&. .br \fItime_req\fP The requested period of validity (seconds) of the delegated credential\&. Passing a time_req of 0 cause the delegated credential to have the same lifetime as the credential that issued it\&. .br \fIoutput_token\fP A token that should be passed to gss_accept_delegation if the return value is GSS_S_CONTINUE_NEEDED\&. .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE upon successful completion GSS_S_CONTINUE_NEEDED if the function needs to be called again\&. GSS_S_FAILURE upon failure .RE .PP .SS "OM_uint32 \fBgss_accept_delegation\fP (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_OID_setextension_oids, const gss_buffer_set_textension_buffers, const gss_buffer_tinput_token, OM_uint32req_flags, OM_uint32time_req, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle, gss_OID *mech_type, gss_buffer_toutput_token)" .PP Accept a delegated credential\&. This functions drives the accepting side of the credential delegation process\&. It is expected to be called in tandem with the gss_init_delegation function\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP The minor status returned by this function\&. This paramter will be 0 upon success\&. .br \fIcontext_handle\fP The security context over which the credential is delegated\&. .br \fIextension_oids\fP A set of extension oids corresponding to buffers in the extension_buffers paramter below\&. May be GSS_C_NO_BUFFER_SET\&. Currently not used\&. .br \fIextension_buffers\fP A set of extension buffers corresponding to oids in the extension_oids paramter above\&. May be GSS_C_NO_BUFFER_SET\&. Currently not used\&. .br \fIinput_token\fP The token that was produced by a prior call to gss_init_delegation\&. .br \fIreq_flags\fP Flags that modify the behavior of the function\&. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE is checked for\&. This flag results in tokens that aren't wrapped\&. .br \fItime_req\fP The requested period of validity (seconds) of the delegated credential\&. Currently a noop\&. .br \fItime_rec\fP This parameter will contain the received period of validity of the delegated credential upon success\&. May be NULL\&. .br \fIdelegated_cred_handle\fP This parameter will contain the delegated credential upon success\&. .br \fImech_type\fP Returns the security mechanism upon success\&. Currently not implemented\&. May be NULL\&. .br \fIoutput_token\fP A token that should be passed to gss_init_delegation if the return value is GSS_S_CONTINUE_NEEDED\&. .RE .PP \fBReturns:\fP .RS 4 GSS_S_COMPLETE upon successful completion GSS_S_CONTINUE_NEEDED if the function needs to be called again\&. GSS_S_FAILURE upon failure .RE .PP .SS "OM_uint32 \fBgss_inquire_cred_by_oid\fP (OM_uint32 *minor_status, const gss_cred_id_tcred_handle, const gss_OIDdesired_object, gss_buffer_set_t *data_set)" .PP NOTE: Checks both the cert in the credential and the certs in the cert chain for a valid extension that matches the desired OID\&. The first one found is used, starting with the endpoint cert, and then searching the cert chain\&. .PP \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcred_handle\fP .br \fIdesired_object\fP .br \fIdata_set\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SS "OM_uint32 \fBgss_set_sec_context_option\fP (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_OIDoption, const gss_buffer_tvalue)" .PP GSSAPI routine to initiate the sending of a security context See: \fBParameters:\fP .RS 4 \fIminor_status\fP .br \fIcontext_handle\fP .br \fIoption\fP .br \fIvalue\fP .RE .PP \fBReturns:\fP .RS 4 .RE .PP .SH "Author" .PP Generated automatically by Doxygen for globus gssapi gsi from the source code\&.