OM_uint32GSS_CALLCONVgss_accept_sec_context(OM_uint32*minor_status,gss_ctx_id_t*context_handle_P,constgss_cred_id_tacceptor_cred_handle,constgss_buffer_tinput_token,constgss_channel_bindings_tinput_chan_bindings,gss_name_t*src_name_P,gss_OID*mech_type,gss_buffer_toutput_token,OM_uint32*ret_flags,OM_uint32*time_rec,gss_cred_id_t*delegated_cred_handle_P)
GSS Accept Security Context.
Parametersminor_statuscontext_handle_Pacceptor_cred_handleinput_tokeninput_chan_bindingssrc_name_Pmech_typeoutput_tokenret_flags Also used as req_flags for other functions
time_recdelegated_cred_handle_PReturnsOM_uint32GSS_CALLCONVgss_acquire_cred(OM_uint32*minor_status,constgss_name_tdesired_name_P,OM_uint32time_req,constgss_OID_setdesired_mechs,gss_cred_usage_tcred_usage,gss_cred_id_t*output_cred_handle_P,gss_OID_set*actual_mechs,OM_uint32*time_rec)
Acquire Credential. GSSAPI routine to acquire the local credential.
See the latest IETF draft/RFC on the GSSAPI C bindings.
Gets the local credentials. The proxy_init_cred does most of the work of setting up the SSL_ctx, getting
the user's cert, key, etc.
The globusid will be obtained from the certificate. (Minus and /CN=proxy entries.)
Parametersminor_status Mechanism specific status code. In this implementation, the minor_status is a cast from
a globus_result_t value, which is either GLOBUS_SUCCESS or a globus error object ID if an error
occurred.
desired_name_P Name of principle whose credentials should be acquired This parameter maps to the
desired subject of the cert to be acquired as the credential. Possible values are:
• For a service cert: servicename@fqdn
• For a host cert: fqdn
• For a proxy cert: subjectname
• For a user cert: subjectname This parameter can be NULL, in which case the cert is chosen using a
default search order of: host, proxy, user, service
time_req Number of seconds that credentials should remain valid. This value can be GSS_C_INDEFINITE
for an unlimited lifetime. NOTE: in the current implementation, this parameter is ignored, since you
can't change the expiration of a signed cert.
desired_mechscred_usageoutput_cred_handle_Pactual_mechstime_recOM_uint32GSS_CALLCONVgss_add_oid_set_member(OM_uint32*minor_status,constgss_OIDmember_oid,gss_OID_set*oid_set)
Add OID Set Member. Adds an Object Identifier to an Object Identifier set. This routine is intended for
use in conjunction with GSS_Create_empty_OID_set() when constructing a set of mechanism OIDs for input to
GSS_Acquire_cred().
Parametersminor_statusmember_oidoid_setReturnvaluesGSS_S_COMPLETE Success
GSS_S_FAILURE Operation failed
OM_uint32GSS_CALLCONVgss_compare_name(OM_uint32*minor_status,constgss_name_tname1_P,constgss_name_tname2_P,int*name_equal)
Compare Name. Compare two names. GSSAPI names in this implementation are pointers to X.509 names.
Parametersminor_status currently is always set to GLOBUS_SUCCESS
name1_Pname2_Pname_equalReturns
currently always returns GSS_S_COMPLETE
OM_uint32GSS_CALLCONVgss_context_time(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle,OM_uint32*time_rec)
Context Time.
Parametersminor_statuscontext_handletime_recReturnsOM_uint32GSS_CALLCONVgss_create_empty_oid_set(OM_uint32*minor_status,gss_OID_set*oid_set)
Create Empty OID Set. Creates an object identifier set containing no object identifiers, to which members
may be subsequently added using the GSS_Add_OID_set_member() routine. These routines are intended to be
used to construct sets of mechanism object identifiers, for input to GSS_Acquire_cred().
Parametersminor_statusoid_setReturnvaluesGSS_S_COMPLETE Success
GSS_S_FAILURE Operation failed
OM_uint32GSS_CALLCONVgss_delete_sec_context(OM_uint32*minor_status,gss_ctx_id_t*context_handle_P,gss_buffer_toutput_token)
Delete Security Context. Delete the GSS Security Context
Parametersminor_status The minor status result - this is a globus_result_t cast to a OM_uint32.
context_handle_P The context handle to be deleted
output_token A token created upon destroying the context. If non-empty, this should be sent to the
peer of the context to indicate that the context is closed.
Returns
This function always returns GSS_S_COMPLETE
OM_uint32GSS_CALLCONVgss_display_name(OM_uint32*minor_status,constgss_name_tinput_name_P,gss_buffer_toutput_name,gss_OID*output_name_type)
Display Name. Produces a single line version of the internal X.509 name
Parametersminor_statusinput_name_Poutput_nameoutput_name_typeReturnsOM_uint32GSS_CALLCONVgss_display_status(OM_uint32*minor_status,OM_uint32status_value,intstatus_type,constgss_OIDmech_type,OM_uint32*message_context,gss_buffer_tstatus_string)
Display Status
Calls the OpenSSL error print routines to produce a printable message. This may need some work, as the
OpenSSL error messages are more of a trace, and my not be the best for the user. Also don't take
advantage of being called in a loop.
Parametersminor_statusstatus_valuestatus_typemech_typemessage_contextstatus_stringReturnsOM_uint32GSS_CALLCONVgss_duplicate_name(OM_uint32*minor_status,constgss_name_tsrc_name,gss_name_t*dest_name)
Duplicate Name. Copy a GSSAPI name.
Parametersminor_statussrc_namedest_nameReturnsOM_uint32GSS_CALLCONVgss_export_name(OM_uint32*minor_status,constgss_name_tinput_name_P,gss_buffer_texported_name)
Export Name. Produces a mechanism-independent exported name object. See section 3.2 of RFC 2743.
OM_uint32GSS_CALLCONVgss_get_mic(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle,gss_qop_tqop_req,constgss_buffer_tmessage_buffer,gss_buffer_tmessage_token)
Get MIC
Calculates a cryptographic MIC (message integrity check) over an application message, and returns that
MIC in the token. The token and message can then be passed to the peer application which calls
gss_verify_mic to verify the MIC.
Parametersminor_statuscontext_handleqop_reqmessage_buffermessage_tokenReturnsOM_uint32GSS_CALLCONVgss_import_name(OM_uint32*minor_status,constgss_buffer_tinput_name_buffer,constgss_OIDinput_name_type,gss_name_t*output_name_P)
Import a name into a gss_name_t
Creates a new gss_name_t which contains a mechanism-specific representation of the input name. GSSAPI
OpenSSL implements the following name types, based on the input_name_type OID:
• GSS_C_NT_ANONYMOUS (input_name_buffer is ignored)
• GSS_C_NT_HOSTBASED_SERVICE (input_name_buffer contains a string 'service@FQN' which will match
/CN=service/FQDN)
• GSS_C_NT_EXPORT_NAME (input_name_buffer contains a string with the X509_oneline representation of a
name) like '/X=Y/Z=A...')
• GSS_C_NO_OID or GSS_C_NT_USER_NAME (input_name_buffer contains an X.500 name formatted like
'/X=Y/Z=A...')
• GLOBUS_GSS_C_NT_HOST_IP (input_name_buffer contains a string 'FQDN/ip-address' which will match names
with the FQDN or the IP address)
• GLOBUS_SSS_C_NT_X509 (input buffer is an X509 struct from OpenSSL)
Parametersminor_status Minor status
input_name_buffer Input name buffer which is interpreted based on the input_name_typeinput_name_type OID of the name
output_name_P New gss_name_t value containing the name
ReturnvaluesGSS_S_COMPLETE indicates that a valid name representation is output in output_name and described by
the type value in output_name_type.
GSS_S_BAD_NAMETYPE indicates that the input_name_type is unsupported by the applicable underlying
GSS-API mechanism(s), so the import operation could not be completed.
GSS_S_BAD_NAME indicates that the provided input_name_string is ill-formed in terms of the
input_name_type, so the import operation could not be completed.
GSS_S_BAD_MECH indicates that the input presented for import was an exported name object and that its
enclosed mechanism type was not recognized or was unsupported by the GSS-API implementation.
GSS_S_FAILURE indicates that the requested operation could not be performed for reasons unspecified
at the GSS-API level.
OM_uint32GSS_CALLCONVgss_indicate_mechs(OM_uint32*minor_status,gss_OID_set*mech_set)
Indicate Mechs. Passes back the mech set of available mechs. We only have one for now.
Parametersminor_statusmech_setOM_uint32GSS_CALLCONVgss_inquire_context(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle_P,gss_name_t*src_name_P,gss_name_t*targ_name_P,OM_uint32*lifetime_rec,gss_OID*mech_type,OM_uint32*ctx_flags,int*locally_initiated,int*open)
Inquire Context.
Parametersminor_statuscontext_handle_Psrc_name_Ptarg_name_Plifetime_recmech_typectx_flagslocally_initiatedopenReturnsOM_uint32GSS_CALLCONVgss_inquire_cred(OM_uint32*minor_status,constgss_cred_id_tcred_handle_P,gss_name_t*name,OM_uint32*lifetime,gss_cred_usage_t*cred_usage,gss_OID_set*mechanisms)
Inquire Cred. We will also allow the return of the proxy file name, if the minor_status is set to a value
of 57056 0xdee0 This is done since there is no way to pass back the delegated credential file name.
When 57056 is seen, this will cause a new copy of this credential to be written, and it is the user's
responsibility to free the file when done. The name will be a pointer to a char * of the file name which
must be freeed. The minor_status will be set to 57057 0xdee1 to indicate this.
DEE - this is a kludge, till the GSSAPI get a better way to return the name.
If the minor status is not changed from 57056 to 57057 assume it is not this gssapi, and a gss name was
returned.
Parametersminor_statuscred_handle_Pnamelifetimecred_usagemechanismsReturnsOM_uint32GSS_CALLCONVgss_release_buffer(OM_uint32*minor_status,gss_buffer_tbuffer)
Release Buffer.
Parametersminor_statusbufferReturnvaluesGSS_S_COMPLETE Success
OM_uint32GSS_CALLCONVgss_release_cred(OM_uint32*minor_status,gss_cred_id_t*cred_handle_P)
Release Credential. Release the GSSAPI credential handle
Parametersminor_status The minor status result - this is a globus_result_t cast to a OM_uint32. To access the
globus error object use: globus_error_get((globus_result_t) *minor_status)
cred_handle_P The gss cred handle to be released
ReturnvaluesGSS_S_COMPLETE Success
OM_uint32GSS_CALLCONVgss_release_name(OM_uint32*minor_status,gss_name_t*name_P)
GSS Release Name. Release the GSS Name
Parametersminor_status The minor status result - this is a globus_result_t cast to a (OM_uint32 *).
name_P The GSSAPI name to be released
ReturnvaluesGSS_S_COMPLETE Success
GSS_S_FAILURE Failure
OM_uint32GSS_CALLCONVgss_release_oid_set(OM_uint32*minor_status,gss_OID_set*mech_set)
Release OID Set. Release the OID set.
Parametersminor_statusmech_setReturnvaluesGSS_S_COMPLETE Success
OM_uint32GSS_CALLCONVgss_seal(OM_uint32*minor_status,gss_ctx_id_tcontext_handle,intconf_req_flag,intqop_req,gss_buffer_tinput_message_buffer,int*conf_state,gss_buffer_toutput_message_buffer)
Seal. Obsolete variant of gss_wrap for V1 compatibility
Parametersminor_statuscontext_handleconf_req_flagqop_reqinput_message_bufferconf_stateoutput_message_bufferReturnsOM_uint32GSS_CALLCONVgss_sign(OM_uint32*minor_status,gss_ctx_id_tcontext_handle,intqop_req,gss_buffer_tmessage_buffer,gss_buffer_tmessage_token)
Sign. Deprecated. Does the same thing as gss_get_mic for V1 compatibility.
Parametersminor_statuscontext_handleqop_reqmessage_buffermessage_tokenReturnsOM_uint32GSS_CALLCONVgss_test_oid_set_member(OM_uint32*minor_status,constgss_OIDmember,constgss_OID_setset,int*present)
Test OID Set Member. Interrogates an Object Identifier set to determine whether a specified Object
Identifier is a member. This routine is intended to be used with OID sets returned by
GSS_Indicate_mechs(), GSS_Acquire_cred(), and GSS_Inquire_cred().
Parametersminor_statusmembersetpresentReturnvaluesGSS_S_COMPLETE Success
GSS_S_FAILURE Operation failed
OM_uint32GSS_CALLCONVgss_unseal(OM_uint32*minor_status,gss_ctx_id_tcontext_handle,gss_buffer_tinput_message_buffer,gss_buffer_toutput_message_buffer,int*conf_state,int*qop_state)
Unseal. Obsolete variant of gss_wrap for V1 compatibility allow for non 32 bit integer in qop_state.
Return the data from the wrapped buffer. There may also be errors, such as integrity errors. Since we can
not communicate directly with our peer, we can not do everything SSL could, i.e. return a token for
example.
Parametersminor_statuscontext_handleinput_message_bufferoutput_message_bufferconf_stateqop_stateOM_uint32GSS_CALLCONVgss_unwrap(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle,constgss_buffer_tinput_message_buffer,gss_buffer_toutput_message_buffer,int*conf_state,gss_qop_t*qop_state)
Unwrap. GSSAPI routine to unwrap a buffer which may have been received and wraped by wrap.c
Return the data from the wrapped buffer. There may also be errors, such as integrity errors. Since we can
not communicate directly with our peer, we can not do everything SSL could, i.e. return a token for
example.
Parametersminor_statuscontext_handleinput_message_bufferoutput_message_bufferconf_stateqop_stateOM_uint32GSS_CALLCONVgss_verify(OM_uint32*minor_status,gss_ctx_id_tcontext_handle,gss_buffer_tmessage_buffer,gss_buffer_ttoken_buffer,int*qop_state)
Verify. Obsolete variant of gss_verify for V1 compatibility Check a MIC of the date
Parametersminor_statuscontext_handlemessage_buffertoken_bufferqop_stateReturnsOM_uint32GSS_CALLCONVgss_verify_mic(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle,constgss_buffer_tmessage_buffer,constgss_buffer_ttoken_buffer,gss_qop_t*qop_state)
Verify MIC. Check a MIC of the data
Parametersminor_statuscontext_handlemessage_buffertoken_bufferqop_stateReturnsOM_uint32GSS_CALLCONVgss_wrap(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle,intconf_req_flag,gss_qop_tqop_req,constgss_buffer_tinput_message_buffer,int*conf_state,gss_buffer_toutput_message_buffer)
Wrap. Wrap a message for integrity and protection. We do this using the SSLv3 routines, by writing to the
SSL bio, and pulling off the buffer from the back of the write BIO. But we can't do everything SSL might
want, such as control messages, or segment the messages here, since we are forced to using the GSSAPI
tokens, and can not communicate directly with our peer. So there maybe some failures which would work
with true SSL.
Parametersminor_statuscontext_handleconf_req_flagqop_reqinput_message_bufferconf_stateoutput_message_bufferReturnsOM_uint32GSS_CALLCONVgss_wrap_size_limit(OM_uint32*minor_status,constgss_ctx_id_tcontext_handle,intconf_req_flag,gss_qop_tqop_req,OM_uint32req_output_size,OM_uint32*max_input_size)
Wrap Size Limit. GSSAPI routine to take a buffer, calculate a MIC which is returned as a token. We will
use the SSL protocol here.
Parametersminor_statuscontext_handleconf_req_flagqop_reqreq_output_sizemax_input_size
Install Now
PNG Icons
