2691 lines
97 KiB
Plaintext
2691 lines
97 KiB
Plaintext
|
||
|
||
|
||
|
||
|
||
|
||
Network Working Group J. Wray
|
||
Request for Comments: 1509 Digital Equipment Corporation
|
||
September 1993
|
||
|
||
|
||
Generic Security Service API : C-bindings
|
||
|
||
Status of this Memo
|
||
|
||
This RFC specifies an Internet standards track protocol for the
|
||
Internet community, and requests discussion and suggestions for
|
||
improvements. Please refer to the current edition of the "Internet
|
||
Official Protocol Standards" for the standardization state and status
|
||
of this protocol. Distribution of this memo is unlimited.
|
||
|
||
Abstract
|
||
|
||
This document specifies C language bindings for the Generic Security
|
||
Service Application Program Interface (GSS-API), which is described
|
||
at a language-independent conceptual level in other documents.
|
||
|
||
The Generic Security Service Application Programming Interface (GSS-
|
||
API) provides security services to its callers, and is intended for
|
||
implementation atop alternative underlying cryptographic mechanisms.
|
||
Typically, GSS-API callers will be application protocols into which
|
||
security enhancements are integrated through invocation of services
|
||
provided by the GSS-API. The GSS-API allows a caller application to
|
||
authenticate a principal identity associated with a peer application,
|
||
to delegate rights to a peer, and to apply security services such as
|
||
confidentiality and integrity on a per-message basis.
|
||
|
||
1. INTRODUCTION
|
||
|
||
The Generic Security Service Application Programming Interface [1]
|
||
provides security services to calling applications. It allows a
|
||
communicating application to authenticate the user associated with
|
||
another application, to delegate rights to another application, and
|
||
to apply security services such as confidentiality and integrity on a
|
||
per-message basis.
|
||
|
||
There are four stages to using the GSSAPI:
|
||
|
||
(a) The application acquires a set of credentials with which it may
|
||
prove its identity to other processes. The application's
|
||
credentials vouch for its global identity, which may or may not
|
||
be related to the local username under which it is running.
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 1]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
(b) A pair of communicating applications establish a joint security
|
||
context using their credentials. The security context is a
|
||
pair of GSSAPI data structures that contain shared state
|
||
information, which is required in order that per-message
|
||
security services may be provided. As part of the
|
||
establishment of a security context, the context initiator is
|
||
authenticated to the responder, and may require that the
|
||
responder is authenticated in turn. The initiator may
|
||
optionally give the responder the right to initiate further
|
||
security contexts. This transfer of rights is termed
|
||
delegation, and is achieved by creating a set of credentials,
|
||
similar to those used by the originating application, but which
|
||
may be used by the responder. To establish and maintain the
|
||
shared information that makes up the security context, certain
|
||
GSSAPI calls will return a token data structure, which is a
|
||
cryptographically protected opaque data type. The caller of
|
||
such a GSSAPI routine is responsible for transferring the token
|
||
to the peer application, which should then pass it to a
|
||
corresponding GSSAPI routine which will decode it and extract
|
||
the information.
|
||
|
||
(c) Per-message services are invoked to apply either:
|
||
|
||
(i) integrity and data origin authentication, or
|
||
|
||
(ii) confidentiality, integrity and data origin authentication
|
||
to application data, which are treated by GSSAPI as
|
||
arbitrary octet-strings. The application transmitting a
|
||
message that it wishes to protect will call the appropriate
|
||
GSSAPI routine (sign or seal) to apply protection, specifying
|
||
the appropriate security context, and send the result to the
|
||
receiving application. The receiver will pass the received
|
||
data to the corresponding decoding routine (verify or unseal)
|
||
to remove the protection and validate the data.
|
||
|
||
(d) At the completion of a communications session (which may extend
|
||
across several connections), the peer applications call GSSAPI
|
||
routines to delete the security context. Multiple contexts may
|
||
also be used (either successively or simultaneously) within a
|
||
single communications association.
|
||
|
||
2. GSSAPI Routines
|
||
|
||
This section lists the functions performed by each of the GSSAPI
|
||
routines and discusses their major parameters, describing how they
|
||
are to be passed to the routines. The routines are listed in figure
|
||
4-1.
|
||
|
||
|
||
|
||
|
||
Wray [Page 2]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Figure 4-1 GSSAPI Routines
|
||
|
||
|
||
Routine Function
|
||
|
||
gss_acquire_cred Assume a global identity
|
||
|
||
gss_release_cred Discard credentials
|
||
|
||
gss_init_sec_context Initiate a security context
|
||
with a peer application
|
||
|
||
gss_accept_sec_context Accept a security context
|
||
initiated by a peer
|
||
application
|
||
|
||
gss_process_context_token Process a token on a security
|
||
context from a peer
|
||
application
|
||
|
||
gss_delete_sec_context Discard a security context
|
||
|
||
gss_context_time Determine for how long a
|
||
context will remain valid
|
||
|
||
gss_sign Sign a message; integrity
|
||
service
|
||
|
||
gss_verify Check signature on a message
|
||
|
||
gss_seal Sign (optionally encrypt) a
|
||
message; confidentiality
|
||
service
|
||
|
||
gss_unseal Verify (optionally decrypt)
|
||
message
|
||
|
||
gss_display_status Convert an API status code
|
||
to text
|
||
|
||
gss_indicate_mechs Determine underlying
|
||
authentication mechanism
|
||
|
||
gss_compare_name Compare two internal-form
|
||
names
|
||
|
||
gss_display_name Convert opaque name to text
|
||
|
||
|
||
|
||
|
||
Wray [Page 3]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
gss_import_name Convert a textual name to
|
||
internal-form
|
||
|
||
gss_release_name Discard an internal-form
|
||
name
|
||
|
||
gss_release_buffer Discard a buffer
|
||
|
||
gss_release_oid_set Discard a set of object
|
||
identifiers
|
||
|
||
gss_inquire_cred Determine information about
|
||
a credential
|
||
|
||
Individual GSSAPI implementations may augment these routines by
|
||
providing additional mechanism-specific routines if required
|
||
functionality is not available from the generic forms. Applications
|
||
are encouraged to use the generic routines wherever possible on
|
||
portability grounds.
|
||
|
||
2.1. Data Types and Calling Conventions
|
||
|
||
The following conventions are used by the GSSAPI:
|
||
|
||
2.1.1. Structured data types
|
||
|
||
Wherever these GSSAPI C-bindings describe structured data, only
|
||
fields that must be provided by all GSSAPI implementation are
|
||
documented. Individual implementations may provide additional
|
||
fields, either for internal use within GSSAPI routines, or for use by
|
||
non-portable applications.
|
||
|
||
2.1.2. Integer types
|
||
|
||
GSSAPI defines the following integer data type:
|
||
|
||
OM_uint32 32-bit unsigned integer
|
||
|
||
Where guaranteed minimum bit-count is important, this portable data
|
||
type is used by the GSSAPI routine definitions. Individual GSSAPI
|
||
implementations will include appropriate typedef definitions to map
|
||
this type onto a built-in data type.
|
||
|
||
2.1.3. String and similar data
|
||
|
||
Many of the GSSAPI routines take arguments and return values that
|
||
describe contiguous multiple-byte data. All such data is passed
|
||
between the GSSAPI and the caller using the gss_buffer_t data type.
|
||
|
||
|
||
|
||
Wray [Page 4]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
This data type is a pointer to a buffer descriptor, which consists of
|
||
a length field that contains the total number of bytes in the datum,
|
||
and a value field which contains a pointer to the actual datum:
|
||
|
||
typedef struct gss_buffer_desc_struct {
|
||
size_t length;
|
||
void *value;
|
||
} gss_buffer_desc, *gss_buffer_t;
|
||
|
||
Storage for data passed to the application by a GSSAPI routine using
|
||
the gss_buffer_t conventions is allocated by the GSSAPI routine. The
|
||
application may free this storage by invoking the gss_release_buffer
|
||
routine. Allocation of the gss_buffer_desc object is always the
|
||
responsibility of the application; Unused gss_buffer_desc objects
|
||
may be initialized to the value GSS_C_EMPTY_BUFFER.
|
||
|
||
2.1.3.1. Opaque data types
|
||
|
||
Certain multiple-word data items are considered opaque data types at
|
||
the GSSAPI, because their internal structure has no significance
|
||
either to the GSSAPI or to the caller. Examples of such opaque data
|
||
types are the input_token parameter to gss_init_sec_context (which is
|
||
opaque to the caller), and the input_message parameter to gss_seal
|
||
(which is opaque to the GSSAPI). Opaque data is passed between the
|
||
GSSAPI and the application using the gss_buffer_t datatype.
|
||
|
||
2.1.3.2. Character strings
|
||
|
||
Certain multiple-word data items may be regarded as simple ISO
|
||
Latin-1 character strings. An example of this is the
|
||
input_name_buffer parameter to gss_import_name. Some GSSAPI routines
|
||
also return character strings. Character strings are passed between
|
||
the application and the GSSAPI using the gss_buffer_t datatype,
|
||
defined earlier.
|
||
|
||
2.1.4. Object Identifiers
|
||
|
||
Certain GSSAPI procedures take parameters of the type gss_OID, or
|
||
Object identifier. This is a type containing ISO-defined tree-
|
||
structured values, and is used by the GSSAPI caller to select an
|
||
underlying security mechanism. A value of type gss_OID has the
|
||
following structure:
|
||
|
||
typedef struct gss_OID_desc_struct {
|
||
OM_uint32 length;
|
||
void *elements;
|
||
} gss_OID_desc, *gss_OID;
|
||
|
||
|
||
|
||
|
||
Wray [Page 5]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
The elements field of this structure points to the first byte of an
|
||
octet string containing the ASN.1 BER encoding of the value of the
|
||
gss_OID. The length field contains the number of bytes in this
|
||
value. For example, the gss_OID value corresponding to {iso(1)
|
||
identified- oganization(3) icd-ecma(12) member-company(2) dec(1011)
|
||
cryptoAlgorithms(7) SPX(5)} meaning SPX (Digital's X.509
|
||
authentication mechanism) has a length field of 7 and an elements
|
||
field pointing to seven octets containing the following octal values:
|
||
53,14,2,207,163,7,5. GSSAPI implementations should provide constant
|
||
gss_OID values to allow callers to request any supported mechanism,
|
||
although applications are encouraged on portability grounds to accept
|
||
the default mechanism. gss_OID values should also be provided to
|
||
allow applications to specify particular name types (see section
|
||
2.1.10). Applications should treat gss_OID_desc values returned by
|
||
GSSAPI routines as read-only. In particular, the application should
|
||
not attempt to deallocate them. The gss_OID_desc datatype is
|
||
equivalent to the X/Open OM_object_identifier datatype [2].
|
||
|
||
2.1.5. Object Identifier Sets
|
||
|
||
Certain GSSAPI procedures take parameters of the type gss_OID_set.
|
||
This type represents one or more object identifiers (section 2.1.4).
|
||
A gss_OID_set object has the following structure:
|
||
|
||
typedef struct gss_OID_set_desc_struct {
|
||
int count;
|
||
gss_OID elements;
|
||
} gss_OID_set_desc, *gss_OID_set;
|
||
|
||
The count field contains the number of OIDs within the set. The
|
||
elements field is a pointer to an array of gss_OID_desc objects, each
|
||
of which describes a single OID. gss_OID_set values are used to name
|
||
the available mechanisms supported by the GSSAPI, to request the use
|
||
of specific mechanisms, and to indicate which mechanisms a given
|
||
credential supports. Storage associated with gss_OID_set values
|
||
returned to the application by the GSSAPI may be deallocated by the
|
||
gss_release_oid_set routine.
|
||
|
||
2.1.6. Credentials
|
||
|
||
A credential handle is a caller-opaque atomic datum that identifies a
|
||
GSSAPI credential data structure. It is represented by the caller-
|
||
opaque type gss_cred_id_t, which may be implemented as either an
|
||
arithmetic or a pointer type. Credentials describe a principal, and
|
||
they give their holder the ability to act as that principal. The
|
||
GSSAPI does not make the actual credentials available to
|
||
applications; instead the credential handle is used to identify a
|
||
particular credential, held internally by GSSAPI or underlying
|
||
|
||
|
||
|
||
Wray [Page 6]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
mechanism. Thus the credential handle contains no security-relavent
|
||
information, and requires no special protection by the application.
|
||
Depending on the implementation, a given credential handle may refer
|
||
to different credentials when presented to the GSSAPI by different
|
||
callers. Individual GSSAPI implementations should define both the
|
||
scope of a credential handle and the scope of a credential itself
|
||
(which must be at least as wide as that of a handle). Possibilities
|
||
for credential handle scope include the process that acquired the
|
||
handle, the acquiring process and its children, or all processes
|
||
sharing some local identification information (e.g., UID). If no
|
||
handles exist by which a given credential may be reached, the GSSAPI
|
||
may delete the credential.
|
||
|
||
Certain routines allow credential handle parameters to be omitted to
|
||
indicate the use of a default credential. The mechanism by which a
|
||
default credential is established and its scope should be defined by
|
||
the individual GSSAPI implementation.
|
||
|
||
2.1.7. Contexts
|
||
|
||
The gss_ctx_id_t data type contains a caller-opaque atomic value that
|
||
identifies one end of a GSSAPI security context. It may be
|
||
implemented as either an arithmetic or a pointer type. Depending on
|
||
the implementation, a given gss_ctx_id_t value may refer to different
|
||
GSSAPI security contexts when presented to the GSSAPI by different
|
||
callers. The security context holds state information about each end
|
||
of a peer communication, including cryptographic state information.
|
||
Individual GSSAPI implementations should define the scope of a
|
||
context. Since no way is provided by which a new gss_ctx_id_t value
|
||
may be obtained for an existing context, the scope of a context
|
||
should be the same as the scope of a gss_ctx_id_t.
|
||
|
||
2.1.8. Authentication tokens
|
||
|
||
A token is a caller-opaque type that GSSAPI uses to maintain
|
||
synchronization between the context data structures at each end of a
|
||
GSSAPI security context. The token is a cryptographically protected
|
||
bit-string, generated by the underlying mechanism at one end of a
|
||
GSSAPI security context for use by the peer mechanism at the other
|
||
end. Encapsulation (if required) and transfer of the token are the
|
||
responsibility of the peer applications. A token is passed between
|
||
the GSSAPI and the application using the gss_buffer_t conventions.
|
||
|
||
2.1.9. Status values
|
||
|
||
One or more status codes are returned by each GSSAPI routine. Two
|
||
distinct sorts of status codes are returned. These are termed GSS
|
||
status codes and Mechanism status codes.
|
||
|
||
|
||
|
||
Wray [Page 7]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
2.1.9.1. GSS status codes
|
||
|
||
GSSAPI routines return GSS status codes as their OM_uint32 function
|
||
value. These codes indicate errors that are independent of the
|
||
underlying mechanism used to provide the security service. The
|
||
errors that can be indicated via a GSS status code are either generic
|
||
API routine errors (errors that are defined in the GSSAPI
|
||
specification) or calling errors (errors that are specific to these
|
||
bindings).
|
||
|
||
A GSS status code can indicate a single fatal generic API error from
|
||
the routine and a single calling error. In addition, supplementary
|
||
status information may be indicated via the setting of bits in the
|
||
supplementary info field of a GSS status code.
|
||
|
||
These errors are encoded into the 32-bit GSS status code as follows:
|
||
|
||
MSB LSB
|
||
|------------------------------------------------------------|
|
||
| Calling Error | Routine Error | Supplementary Info |
|
||
|------------------------------------------------------------|
|
||
Bit 31 24 23 16 15 0
|
||
|
||
Hence if a GSSAPI routine returns a GSS status code whose upper 16
|
||
bits contain a non-zero value, the call failed. If the calling error
|
||
field is non-zero, the invoking application's call of the routine was
|
||
erroneous. Calling errors are defined in table 5-1. If the routine
|
||
error field is non-zero, the routine failed for one of the routine-
|
||
specific reasons listed below in table 5-2. Whether or not the upper
|
||
16 bits indicate a failure or a success, the routine may indicate
|
||
additional information by setting bits in the supplementary info
|
||
field of the status code. The meaning of individual bits is listed
|
||
below in table 5-3.
|
||
|
||
Table 5-1 Calling Errors
|
||
|
||
Name Value in Meaning
|
||
Field
|
||
GSS_S_CALL_INACCESSIBLE_READ 1 A required input
|
||
parameter could
|
||
not be read.
|
||
GSS_S_CALL_INACCESSIBLE_WRITE 2 A required output
|
||
parameter could
|
||
not be written.
|
||
GSS_S_CALL_BAD_STRUCTURE 3 A parameter was
|
||
malformed
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 8]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Table 5-2 Routine Errors
|
||
|
||
Name Value in Meaning
|
||
Field
|
||
|
||
GSS_S_BAD_MECH 1 An unsupported mechanism was
|
||
requested
|
||
GSS_S_BAD_NAME 2 An invalid name was supplied
|
||
GSS_S_BAD_NAMETYPE 3 A supplied name was of an
|
||
unsupported type
|
||
GSS_S_BAD_BINDINGS 4 Incorrect channel bindings
|
||
were supplied
|
||
GSS_S_BAD_STATUS 5 An invalid status code was
|
||
supplied
|
||
|
||
GSS_S_BAD_SIG 6 A token had an invalid
|
||
signature
|
||
GSS_S_NO_CRED 7 No credentials were supplied
|
||
GSS_S_NO_CONTEXT 8 No context has been
|
||
established
|
||
GSS_S_DEFECTIVE_TOKEN 9 A token was invalid
|
||
GSS_S_DEFECTIVE_CREDENTIAL 10 A credential was invalid
|
||
GSS_S_CREDENTIALS_EXPIRED 11 The referenced credentials
|
||
have expired
|
||
GSS_S_CONTEXT_EXPIRED 12 The context has expired
|
||
GSS_S_FAILURE 13 Miscellaneous failure
|
||
(see text)
|
||
|
||
Table 5-3 Supplementary Status Bits
|
||
|
||
Name Bit Number Meaning
|
||
GSS_S_CONTINUE_NEEDED 0 (LSB) The routine must be called
|
||
again to complete its
|
||
function.
|
||
See routine documentation for
|
||
detailed description.
|
||
GSS_S_DUPLICATE_TOKEN 1 The token was a duplicate of
|
||
an earlier token
|
||
GSS_S_OLD_TOKEN 2 The token's validity period
|
||
has expired
|
||
GSS_S_UNSEQ_TOKEN 3 A later token has already been
|
||
processed
|
||
|
||
The routine documentation also uses the name GSS_S_COMPLETE, which is
|
||
a zero value, to indicate an absence of any API errors or
|
||
supplementary information bits.
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 9]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
All GSS_S_xxx symbols equate to complete OM_uint32 status codes,
|
||
rather than to bitfield values. For example, the actual value of the
|
||
symbol GSS_S_BAD_NAMETYPE (value 3 in the routine error field) is 3
|
||
<< 16.
|
||
|
||
The macros GSS_CALLING_ERROR(), GSS_ROUTINE_ERROR() and
|
||
GSS_SUPPLEMENTARY_INFO() are provided, each of which takes a GSS
|
||
status code and removes all but the relevant field. For example, the
|
||
value obtained by applying GSS_ROUTINE_ERROR to a status code removes
|
||
the calling errors and supplementary info fields, leaving only the
|
||
routine errors field. The values delivered by these macros may be
|
||
directly compared with a GSS_S_xxx symbol of the appropriate type.
|
||
The macro GSS_ERROR() is also provided, which when applied to a GSS
|
||
status code returns a non-zero value if the status code indicated a
|
||
calling or routine error, and a zero value otherwise.
|
||
|
||
A GSSAPI implementation may choose to signal calling errors in a
|
||
platform-specific manner instead of, or in addition to the routine
|
||
value; routine errors and supplementary info should be returned via
|
||
routine status values only.
|
||
|
||
2.1.9.2. Mechanism-specific status codes
|
||
|
||
GSSAPI routines return a minor_status parameter, which is used to
|
||
indicate specialized errors from the underlying security mechanism.
|
||
This parameter may contain a single mechanism-specific error,
|
||
indicated by a OM_uint32 value.
|
||
|
||
The minor_status parameter will always be set by a GSSAPI routine,
|
||
even if it returns a calling error or one of the generic API errors
|
||
indicated above as fatal, although other output parameters may remain
|
||
unset in such cases. However, output parameters that are expected to
|
||
return pointers to storage allocated by a routine must always set set
|
||
by the routine, even in the event of an error, although in such cases
|
||
the GSSAPI routine may elect to set the returned parameter value to
|
||
NULL to indicate that no storage was actually allocated. Any length
|
||
field associated with such pointers (as in a gss_buffer_desc
|
||
structure) should also be set to zero in such cases.
|
||
|
||
The GSS status code GSS_S_FAILURE is used to indicate that the
|
||
underlying mechanism detected an error for which no specific GSS
|
||
status code is defined. The mechanism status code will provide more
|
||
details about the error.
|
||
|
||
2.1.10. Names
|
||
|
||
A name is used to identify a person or entity. GSSAPI authenticates
|
||
the relationship between a name and the entity claiming the name.
|
||
|
||
|
||
|
||
Wray [Page 10]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Two distinct representations are defined for names:
|
||
|
||
(a) A printable form, for presentation to a user
|
||
|
||
(b) An internal form, for presentation at the API
|
||
|
||
The syntax of a printable name is defined by the GSSAPI
|
||
implementation, and may be dependent on local system configuration,
|
||
or on individual user preference. The internal form provides a
|
||
canonical representation of the name that is independent of
|
||
configuration.
|
||
|
||
A given GSSAPI implementation may support names drawn from multiple
|
||
namespaces. In such an implementation, the internal form of the name
|
||
must include fields that identify the namespace from which the name
|
||
is drawn. The namespace from which a printable name is drawn is
|
||
specified by an accompanying object identifier.
|
||
|
||
Routines (gss_import_name and gss_display_name) are provided to
|
||
convert names between their printable representations and the
|
||
gss_name_t type. gss_import_name may support multiple syntaxes for
|
||
each supported namespace, allowing users the freedom to choose a
|
||
preferred name representation. gss_display_name should use an
|
||
implementation-chosen preferred syntax for each supported name-type.
|
||
|
||
Comparison of internal-form names is accomplished via the
|
||
gss_compare_names routine. This removes the need for the application
|
||
program to understand the syntaxes of the various printable names
|
||
that a given GSSAPI implementation may support.
|
||
|
||
Storage is allocated by routines that return gss_name_t values. A
|
||
procedure, gss_release_name, is provided to free storage associated
|
||
with a name.
|
||
|
||
2.1.11. Channel Bindings
|
||
|
||
GSSAPI supports the use of user-specified tags to identify a given
|
||
context to the peer application. These tags are used to identify the
|
||
particular communications channel that carries the context. Channel
|
||
bindings are communicated to the GSSAPI using the following
|
||
structure:
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 11]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
typedef struct gss_channel_bindings_struct {
|
||
OM_uint32 initiator_addrtype;
|
||
gss_buffer_desc initiator_address;
|
||
OM_uint32 acceptor_addrtype;
|
||
gss_buffer_desc acceptor_address;
|
||
gss_buffer_desc application_data;
|
||
} *gss_channel_bindings_t;
|
||
|
||
The initiator_addrtype and acceptor_addrtype fields denote the type
|
||
of addresses contained in the initiator_address and acceptor_address
|
||
buffers. The address type should be one of the following:
|
||
|
||
GSS_C_AF_UNSPEC Unspecified address type
|
||
GSS_C_AF_LOCAL Host-local address type
|
||
GSS_C_AF_INET DARPA Internet address type
|
||
GSS_C_AF_IMPLINK ARPAnet IMP address type (eg IP)
|
||
GSS_C_AF_PUP pup protocols (eg BSP) address type
|
||
GSS_C_AF_CHAOS MIT CHAOS protocol address type
|
||
GSS_C_AF_NS XEROX NS address type
|
||
GSS_C_AF_NBS nbs address type
|
||
GSS_C_AF_ECMA ECMA address type
|
||
GSS_C_AF_DATAKIT datakit protocols address type
|
||
GSS_C_AF_CCITT CCITT protocols (eg X.25)
|
||
GSS_C_AF_SNA IBM SNA address type
|
||
GSS_C_AF_DECnet DECnet address type
|
||
GSS_C_AF_DLI Direct data link interface address type
|
||
GSS_C_AF_LAT LAT address type
|
||
GSS_C_AF_HYLINK NSC Hyperchannel address type
|
||
GSS_C_AF_APPLETALK AppleTalk address type
|
||
GSS_C_AF_BSC BISYNC 2780/3780 address type
|
||
GSS_C_AF_DSS Distributed system services address type
|
||
GSS_C_AF_OSI OSI TP4 address type
|
||
GSS_C_AF_X25 X25
|
||
GSS_C_AF_NULLADDR No address specified
|
||
|
||
Note that these name address families rather than specific addressing
|
||
formats. For address families that contain several alternative
|
||
address forms, the initiator_address and acceptor_address fields must
|
||
contain sufficient information to determine which address form is
|
||
used. When not otherwise specified, addresses should be specified in
|
||
network byte-order.
|
||
|
||
Conceptually, the GSSAPI concatenates the initiator_addrtype,
|
||
initiator_address, acceptor_addrtype, acceptor_address and
|
||
application_data to form an octet string. The mechanism signs this
|
||
octet string, and binds the signature to the context establishment
|
||
token emitted by gss_init_sec_context. The same bindings are
|
||
presented by the context acceptor to gss_accept_sec_context, and a
|
||
|
||
|
||
|
||
Wray [Page 12]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
signature is calculated in the same way. The calculated signature is
|
||
compared with that found in the token, and if the signatures differ,
|
||
gss_accept_sec_context will return a GSS_S_BAD_BINDINGS error, and
|
||
the context will not be established. Some mechanisms may include the
|
||
actual channel binding data in the token (rather than just a
|
||
signature); applications should therefore not use confidential data
|
||
as channel-binding components. Individual mechanisms may impose
|
||
additional constraints on addresses and address types that may appear
|
||
in channel bindings. For example, a mechanism may verify that the
|
||
initiator_address field of the channel bindings presented to
|
||
gss_init_sec_context contains the correct network address of the host
|
||
system.
|
||
|
||
2.1.12. Optional parameters
|
||
|
||
Various parameters are described as optional. This means that they
|
||
follow a convention whereby a default value may be requested. The
|
||
following conventions are used for omitted parameters. These
|
||
conventions apply only to those parameters that are explicitly
|
||
documented as optional.
|
||
|
||
2.1.12.1. gss_buffer_t types
|
||
|
||
Specify GSS_C_NO_BUFFER as a value. For an input parameter this
|
||
signifies that default behavior is requested, while for an output
|
||
parameter it indicates that the information that would be returned
|
||
via the parameter is not required by the application.
|
||
|
||
2.1.12.2. Integer types (input)
|
||
|
||
Individual parameter documentation lists values to be used to
|
||
indicate default actions.
|
||
|
||
2.1.12.3. Integer types (output)
|
||
|
||
Specify NULL as the value for the pointer.
|
||
|
||
2.1.12.4. Pointer types
|
||
|
||
Specify NULL as the value.
|
||
|
||
2.1.12.5. Object IDs
|
||
|
||
Specify GSS_C_NULL_OID as the value.
|
||
|
||
2.1.12.6. Object ID Sets
|
||
|
||
Specify GSS_C_NULL_OID_SET as the value.
|
||
|
||
|
||
|
||
Wray [Page 13]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
2.1.12.7. Credentials
|
||
|
||
Specify GSS_C_NO_CREDENTIAL to use the default credential handle.
|
||
|
||
2.1.12.8. Channel Bindings
|
||
|
||
Specify GSS_C_NO_CHANNEL_BINDINGS to indicate that channel bindings
|
||
are not to be used.
|
||
|
||
3. GSSAPI routine descriptions
|
||
|
||
2.1. gss_acquire_cred
|
||
|
||
OM_uint32 gss_acquire_cred (
|
||
OM_uint32 * minor_status,
|
||
gss_name_t desired_name,
|
||
OM_uint32 time_req,
|
||
gss_OID_set desired_mechs,
|
||
int cred_usage,
|
||
gss_cred_id_t * output_cred_handle,
|
||
gss_OID_set * actual_mechs,
|
||
OM_int32 * time_rec)
|
||
Purpose:
|
||
|
||
Allows an application to acquire a handle for a pre-existing
|
||
credential by name. GSSAPI implementations must impose a local
|
||
access-control policy on callers of this routine to prevent
|
||
unauthorized callers from acquiring credentials to which they are not
|
||
entitled. This routine is not intended to provide a "login to the
|
||
network" function, as such a function would result in the creation of
|
||
new credentials rather than merely acquiring a handle to existing
|
||
credentials. Such functions, if required, should be defined in
|
||
implementation-specific extensions to the API.
|
||
|
||
If credential acquisition is time-consuming for a mechanism, the
|
||
mechanism may chooses to delay the actual acquisition until the
|
||
credential is required (e.g., by gss_init_sec_context or
|
||
gss_accept_sec_context). Such mechanism-specific implementation
|
||
decisions should be invisible to the calling application; thus a call
|
||
of gss_inquire_cred immediately following the call of
|
||
gss_acquire_cred must return valid credential data, and may therefore
|
||
incur the overhead of a deferred credential acquisition.
|
||
|
||
Parameters:
|
||
|
||
desired_name gss_name_t, read
|
||
Name of principal whose credential
|
||
should be acquired
|
||
|
||
|
||
|
||
Wray [Page 14]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
time_req integer, read
|
||
number of seconds that credentials
|
||
should remain valid
|
||
|
||
desired_mechs Set of Object IDs, read
|
||
set of underlying security mechanisms that
|
||
may be used. GSS_C_NULL_OID_SET may be used
|
||
to obtain an implementation-specific default.
|
||
|
||
cred_usage integer, read
|
||
GSS_C_BOTH - Credentials may be used
|
||
either to initiate or accept
|
||
security contexts.
|
||
GSS_C_INITIATE - Credentials will only be
|
||
used to initiate security
|
||
contexts.
|
||
GSS_C_ACCEPT - Credentials will only be used to
|
||
accept security contexts.
|
||
|
||
output_cred_handle gss_cred_id_t, modify
|
||
The returned credential handle.
|
||
|
||
actual_mechs Set of Object IDs, modify, optional
|
||
The set of mechanisms for which the
|
||
credential is valid. Specify NULL
|
||
if not required.
|
||
|
||
time_rec Integer, modify, optional
|
||
Actual number of seconds for which the
|
||
returned credentials will remain valid. If the
|
||
implementation does not support expiration of
|
||
credentials, the value GSS_C_INDEFINITE will
|
||
be returned. Specify NULL if not required
|
||
|
||
minor_status Integer, modify
|
||
Mechanism specific status code.
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_BAD_MECH Unavailable mechanism requested
|
||
|
||
GSS_S_BAD_NAMETYPE Type contained within desired_name parameter is
|
||
not supported
|
||
|
||
GSS_S_BAD_NAME Value supplied for desired_name parameter is
|
||
|
||
|
||
|
||
Wray [Page 15]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
ill-formed.
|
||
|
||
GSS_S_FAILURE Unspecified failure. The minor_status parameter
|
||
contains more detailed information
|
||
|
||
3.2. gss_release_cred
|
||
|
||
OM_uint32 gss_release_cred (
|
||
OM_uint32 * minor_status,
|
||
gss_cred_id_t * cred_handle)
|
||
|
||
Purpose:
|
||
|
||
Informs GSSAPI that the specified credential handle is no longer
|
||
required by the process. When all processes have released a
|
||
credential, it will be deleted.
|
||
|
||
Parameters:
|
||
|
||
cred_handle gss_cred_id_t, modify, optional
|
||
buffer containing opaque credential
|
||
handle. If GSS_C_NO_CREDENTIAL is supplied,
|
||
the default credential will be released
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_NO_CRED Credentials could not be accessed.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 16]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
3.3. gss_init_sec_context
|
||
|
||
OM_uint32 gss_init_sec_context (
|
||
OM_uint32 * minor_status,
|
||
gss_cred_id_t claimant_cred_handle,
|
||
gss_ctx_id_t * context_handle,
|
||
gss_name_t target_name,
|
||
gss_OID mech_type,
|
||
int req_flags,
|
||
int time_req,
|
||
gss_channel_bindings_t
|
||
input_chan_bindings,
|
||
gss_buffer_t input_token
|
||
gss_OID * actual_mech_type,
|
||
gss_buffer_t output_token,
|
||
int * ret_flags,
|
||
OM_uint32 * time_rec )
|
||
|
||
Purpose:
|
||
|
||
Initiates the establishment of a security context between the
|
||
application and a remote peer. Initially, the input_token parameter
|
||
should be specified as GSS_C_NO_BUFFER. The routine may return a
|
||
output_token which should be transferred to the peer application,
|
||
where the peer application will present it to gss_accept_sec_context.
|
||
If no token need be sent, gss_init_sec_context will indicate this by
|
||
setting the length field of the output_token argument to zero. To
|
||
complete the context establishment, one or more reply tokens may be
|
||
required from the peer application; if so, gss_init_sec_context will
|
||
return a status indicating GSS_S_CONTINUE_NEEDED in which case it
|
||
should be called again when the reply token is received from the peer
|
||
application, passing the token to gss_init_sec_context via the
|
||
input_token parameters.
|
||
|
||
The values returned via the ret_flags and time_rec parameters are not
|
||
defined unless the routine returns GSS_S_COMPLETE.
|
||
|
||
Parameters:
|
||
|
||
claimant_cred_handle gss_cred_id_t, read, optional
|
||
handle for credentials claimed. Supply
|
||
GSS_C_NO_CREDENTIAL to use default
|
||
credentials.
|
||
|
||
context_handle gss_ctx_id_t, read/modify
|
||
context handle for new context. Supply
|
||
GSS_C_NO_CONTEXT for first call; use value
|
||
returned by first call in continuation calls.
|
||
|
||
|
||
|
||
Wray [Page 17]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
target_name gss_name_t, read
|
||
Name of target
|
||
|
||
mech_type OID, read, optional
|
||
Object ID of desired mechanism. Supply
|
||
GSS_C_NULL_OID to obtain an implementation
|
||
specific default
|
||
|
||
req_flags bit-mask, read
|
||
Contains four independent flags, each of
|
||
which requests that the context support a
|
||
specific service option. Symbolic
|
||
names are provided for each flag, and the
|
||
symbolic names corresponding to the required
|
||
flags should be logically-ORed
|
||
together to form the bit-mask value. The
|
||
flags are:
|
||
|
||
GSS_C_DELEG_FLAG
|
||
True - Delegate credentials to remote peer
|
||
False - Don't delegate
|
||
GSS_C_MUTUAL_FLAG
|
||
True - Request that remote peer
|
||
authenticate itself
|
||
False - Authenticate self to remote peer
|
||
only
|
||
GSS_C_REPLAY_FLAG
|
||
True - Enable replay detection for signed
|
||
or sealed messages
|
||
False - Don't attempt to detect
|
||
replayed messages
|
||
GSS_C_SEQUENCE_FLAG
|
||
True - Enable detection of out-of-sequence
|
||
signed or sealed messages
|
||
False - Don't attempt to detect
|
||
out-of-sequence messages
|
||
|
||
time_req integer, read
|
||
Desired number of seconds for which context
|
||
should remain valid. Supply 0 to request a
|
||
default validity period.
|
||
|
||
input_chan_bindings channel bindings, read
|
||
Application-specified bindings. Allows
|
||
application to securely bind channel
|
||
identification information to the security
|
||
context.
|
||
|
||
|
||
|
||
|
||
Wray [Page 18]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
input_token buffer, opaque, read, optional (see text)
|
||
Token received from peer application.
|
||
Supply GSS_C_NO_BUFFER on initial call.
|
||
|
||
actual_mech_type OID, modify
|
||
actual mechanism used.
|
||
|
||
output_token buffer, opaque, modify
|
||
token to be sent to peer application. If
|
||
the length field of the returned buffer is
|
||
zero, no token need be sent to the peer
|
||
application.
|
||
|
||
ret_flags bit-mask, modify
|
||
Contains six independent flags, each of which
|
||
indicates that the context supports a specific
|
||
service option. Symbolic names are provided
|
||
for each flag, and the symbolic names
|
||
corresponding to the required flags should be
|
||
logically-ANDed with the ret_flags value to test
|
||
whether a given option is supported by the
|
||
context. The flags are:
|
||
|
||
GSS_C_DELEG_FLAG
|
||
True - Credentials were delegated to
|
||
the remote peer
|
||
False - No credentials were delegated
|
||
GSS_C_MUTUAL_FLAG
|
||
True - Remote peer has been asked to
|
||
authenticated itself
|
||
False - Remote peer has not been asked to
|
||
authenticate itself
|
||
GSS_C_REPLAY_FLAG
|
||
True - replay of signed or sealed messages
|
||
will be detected
|
||
False - replayed messages will not be
|
||
detected
|
||
GSS_C_SEQUENCE_FLAG
|
||
True - out-of-sequence signed or sealed
|
||
messages will be detected
|
||
False - out-of-sequence messages will not
|
||
be detected
|
||
GSS_C_CONF_FLAG
|
||
True - Confidentiality service may be
|
||
invoked by calling seal routine
|
||
False - No confidentiality service (via
|
||
seal) available. seal will provide
|
||
message encapsulation, data-origin
|
||
|
||
|
||
|
||
Wray [Page 19]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
authentication and integrity
|
||
services only.
|
||
GSS_C_INTEG_FLAG
|
||
True - Integrity service may be invoked by
|
||
calling either gss_sign or gss_seal
|
||
routines.
|
||
False - Per-message integrity service
|
||
unavailable.
|
||
|
||
time_rec integer, modify, optional
|
||
number of seconds for which the context
|
||
will remain valid. If the implementation does
|
||
not support credential expiration, the value
|
||
GSS_C_INDEFINITE will be returned. Specify
|
||
NULL if not required.
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_CONTINUE_NEEDED Indicates that a token from the peer
|
||
application is required to complete thecontext, and
|
||
that gss_init_sec_context must be called again with
|
||
that token.
|
||
|
||
GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on
|
||
the input_token failed
|
||
|
||
GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
|
||
performed on the credential failed.
|
||
|
||
GSS_S_NO_CRED The supplied credentials were not valid for context
|
||
initiation, or the credential handle did not
|
||
reference any credentials.
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired
|
||
|
||
GSS_S_BAD_BINDINGS The input_token contains different channel
|
||
bindings to those specified via the
|
||
input_chan_bindings parameter
|
||
|
||
GSS_S_BAD_SIG The input_token contains an invalid signature, or a
|
||
signature that could not be verified
|
||
|
||
|
||
|
||
Wray [Page 20]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
GSS_S_OLD_TOKEN The input_token was too old. This is a fatal error
|
||
during context establishment
|
||
|
||
GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of
|
||
a token already processed. This is a fatal error
|
||
during context establishment.
|
||
|
||
GSS_S_NO_CONTEXT Indicates that the supplied context handle did not
|
||
refer to a valid context
|
||
|
||
GSS_S_BAD_NAMETYPE The provided target_name parameter contained an
|
||
invalid or unsupported type of name
|
||
|
||
GSS_S_BAD_NAME The provided target_name parameter was ill-formed.
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information
|
||
|
||
3.4. gss_accept_sec_context
|
||
|
||
OM_uint32 gss_accept_sec_context (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t * context_handle,
|
||
gss_cred_id_t verifier_cred_handle,
|
||
gss_buffer_t input_token_buffer
|
||
gss_channel_bindings_t
|
||
input_chan_bindings,
|
||
gss_name_t * src_name,
|
||
gss_OID * mech_type,
|
||
gss_buffer_t output_token,
|
||
int * ret_flags,
|
||
OM_uint32 * time_rec,
|
||
gss_cred_id_t * delegated_cred_handle)
|
||
|
||
Purpose:
|
||
|
||
Allows a remotely initiated security context between the application
|
||
and a remote peer to be established. The routine may return a
|
||
output_token which should be transferred to the peer application,
|
||
where the peer application will present it to gss_init_sec_context.
|
||
If no token need be sent, gss_accept_sec_context will indicate this
|
||
by setting the length field of the output_token argument to zero. To
|
||
complete the context establishment, one or more reply tokens may be
|
||
required from the peer application; if so, gss_accept_sec_context
|
||
will return a status flag of GSS_S_CONTINUE_NEEDED, in which case it
|
||
should be called again when the reply token is received from the peer
|
||
application, passing the token to gss_accept_sec_context via the
|
||
input_token parameters.
|
||
|
||
|
||
|
||
|
||
Wray [Page 21]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
The values returned via the src_name, ret_flags, time_rec, and
|
||
delegated_cred_handle parameters are not defined unless the routine
|
||
returns GSS_S_COMPLETE.
|
||
|
||
Parameters:
|
||
|
||
context_handle gss_ctx_id_t, read/modify
|
||
context handle for new context. Supply
|
||
GSS_C_NO_CONTEXT for first call; use value
|
||
returned in subsequent calls.
|
||
|
||
verifier_cred_handle gss_cred_id_t, read, optional
|
||
Credential handle claimed by context
|
||
acceptor.
|
||
Specify GSS_C_NO_CREDENTIAL to use default
|
||
credentials. If GSS_C_NO_CREDENTIAL is
|
||
specified, but the caller has no default
|
||
credentials established, an
|
||
implementation-defined default credential
|
||
may be used.
|
||
|
||
input_token_buffer buffer, opaque, read
|
||
token obtained from remote application
|
||
|
||
input_chan_bindings channel bindings, read
|
||
Application-specified bindings. Allows
|
||
application to securely bind channel
|
||
identification information to the security
|
||
context.
|
||
|
||
src_name gss_name_t, modify, optional
|
||
Authenticated name of context initiator.
|
||
After use, this name should be deallocated by
|
||
passing it to gss_release_name. If not required,
|
||
specify NULL.
|
||
|
||
mech_type Object ID, modify
|
||
Security mechanism used. The returned
|
||
OID value will be a pointer into static
|
||
storage, and should be treated as read-only
|
||
by the caller.
|
||
|
||
output_token buffer, opaque, modify
|
||
Token to be passed to peer application. If the
|
||
length field of the returned token buffer is 0,
|
||
then no token need be passed to the peer
|
||
application.
|
||
|
||
|
||
|
||
|
||
Wray [Page 22]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
ret_flags bit-mask, modify
|
||
Contains six independent flags, each of
|
||
which indicates that the context supports a
|
||
specific service option. Symbolic names are
|
||
provided for each flag, and the symbolic names
|
||
corresponding to the required flags
|
||
should be logically-ANDed with the ret_flags
|
||
value to test whether a given option is
|
||
supported by the context. The flags are:
|
||
GSS_C_DELEG_FLAG
|
||
True - Delegated credentials are available
|
||
via the delegated_cred_handle
|
||
parameter
|
||
False - No credentials were delegated
|
||
GSS_C_MUTUAL_FLAG
|
||
True - Remote peer asked for mutual
|
||
authentication
|
||
False - Remote peer did not ask for mutual
|
||
authentication
|
||
GSS_C_REPLAY_FLAG
|
||
True - replay of signed or sealed messages
|
||
will be detected
|
||
False - replayed messages will not be
|
||
detected
|
||
GSS_C_SEQUENCE_FLAG
|
||
True - out-of-sequence signed or sealed
|
||
messages will be detected
|
||
False - out-of-sequence messages will not
|
||
be detected
|
||
GSS_C_CONF_FLAG
|
||
True - Confidentiality service may be
|
||
invoked by calling seal routine
|
||
False - No confidentiality service (via
|
||
seal) available. seal will
|
||
provide message encapsulation,
|
||
data-origin authentication and
|
||
integrity services only.
|
||
GSS_C_INTEG_FLAG
|
||
True - Integrity service may be invoked
|
||
by calling either gss_sign or
|
||
gss_seal routines.
|
||
False - Per-message integrity service
|
||
unavailable.
|
||
|
||
time_rec integer, modify, optional
|
||
number of seconds for which the context
|
||
will remain valid. Specify NULL if not required.
|
||
|
||
|
||
|
||
|
||
Wray [Page 23]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
delegated_cred_handle
|
||
gss_cred_id_t, modify
|
||
credential handle for credentials received from
|
||
context initiator. Only valid if deleg_flag in
|
||
ret_flags is true.
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_CONTINUE_NEEDED Indicates that a token from the peer
|
||
application is required to complete the context,
|
||
and that gss_accept_sec_context must be called
|
||
again with that token.
|
||
|
||
GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks
|
||
performed on the input_token failed.
|
||
|
||
GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks
|
||
performed on the credential failed.
|
||
|
||
GSS_S_NO_CRED The supplied credentials were not valid for
|
||
context acceptance, or the credential handle
|
||
did not reference any credentials.
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The referenced credentials have
|
||
expired.
|
||
|
||
GSS_S_BAD_BINDINGS The input_token contains different channel
|
||
bindings to those specified via the
|
||
input_chan_bindings parameter.
|
||
|
||
GSS_S_NO_CONTEXT Indicates that the supplied context handle did
|
||
not refer to a valid context.
|
||
|
||
GSS_S_BAD_SIG The input_token contains an invalid signature.
|
||
|
||
GSS_S_OLD_TOKEN The input_token was too old. This is a fatal
|
||
error during context establishment.
|
||
|
||
GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a
|
||
duplicate of a token already processed. This
|
||
is a fatal error during context establishment.
|
||
|
||
|
||
|
||
Wray [Page 24]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information.
|
||
|
||
3.5. gss_process_context_token
|
||
|
||
OM_uint32 gss_process_context_token (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t context_handle,
|
||
gss_buffer_t token_buffer)
|
||
|
||
Purpose:
|
||
|
||
Provides a way to pass a token to the security service. Usually,
|
||
tokens are associated either with context establishment (when they
|
||
would be passed to gss_init_sec_context or gss_accept_sec_context) or
|
||
with per-message security service (when they would be passed to
|
||
gss_verify or gss_unseal). Occasionally, tokens may be received at
|
||
other times, and gss_process_context_token allows such tokens to be
|
||
passed to the underlying security service for processing. At
|
||
present, such additional tokens may only be generated by
|
||
gss_delete_sec_context. GSSAPI implementation may use this service
|
||
to implement deletion of the security context.
|
||
|
||
Parameters:
|
||
|
||
context_handle gss_ctx_id_t, read
|
||
context handle of context on which token is to
|
||
be processed
|
||
|
||
token_buffer buffer, opaque, read
|
||
pointer to first byte of token to process
|
||
|
||
minor_status integer, modify
|
||
Implementation specific status code.
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks
|
||
performed on the token failed
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information
|
||
|
||
GSS_S_NO_CONTEXT The context_handle did not refer to a valid
|
||
context
|
||
|
||
|
||
|
||
|
||
Wray [Page 25]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
3.6. gss_delete_sec_context
|
||
|
||
OM_uint32 gss_delete_sec_context (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t * context_handle,
|
||
gss_buffer_t output_token)
|
||
|
||
Purpose:
|
||
|
||
Delete a security context. gss_delete_sec_context will delete the
|
||
local data structures associated with the specified security context,
|
||
and generate an output_token, which when passed to the peer
|
||
gss_process_context_token will instruct it to do likewise. No
|
||
further security services may be obtained using the context specified
|
||
by context_handle.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
context_handle gss_ctx_id_t, modify
|
||
context handle identifying context to delete.
|
||
|
||
output_token buffer, opaque, modify
|
||
token to be sent to remote application to
|
||
instruct it to also delete the context
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_FAILURE Failure, see minor_status for more information
|
||
|
||
GSS_S_NO_CONTEXT No valid context was supplied
|
||
|
||
3.7. gss_context_time
|
||
|
||
OM_uint32 gss_context_time (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t context_handle,
|
||
OM_uint32 * time_rec)
|
||
Purpose:
|
||
|
||
Determines the number of seconds for which the specified context will
|
||
remain valid.
|
||
|
||
|
||
|
||
Wray [Page 26]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Implementation specific status code.
|
||
|
||
context_handle gss_ctx_id_t, read
|
||
Identifies the context to be interrogated.
|
||
|
||
time_rec integer, modify
|
||
Number of seconds that the context will remain
|
||
valid. If the context has already expired,
|
||
zero will be returned.
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_CONTEXT_EXPIRED The context has already expired
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
|
||
associated credentials have expired
|
||
|
||
GSS_S_NO_CONTEXT The context_handle parameter did not identify a
|
||
valid context
|
||
|
||
3.8. gss_sign
|
||
|
||
OM_uint32 gss_sign (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t context_handle,
|
||
int qop_req,
|
||
gss_buffer_t message_buffer,
|
||
gss_buffer_t msg_token)
|
||
Purpose:
|
||
|
||
Generates a cryptographic signature for the supplied message, and
|
||
places the signature in a token for transfer to the peer application.
|
||
The qop_req parameter allows a choice between several cryptographic
|
||
algorithms, if supported by the chosen mechanism.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Implementation specific status code.
|
||
|
||
context_handle gss_ctx_id_t, read
|
||
identifies the context on which the message
|
||
|
||
|
||
|
||
Wray [Page 27]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
will be sent
|
||
|
||
qop_req integer, read, optional
|
||
Specifies requested quality of protection.
|
||
Callers are encouraged, on portability grounds,
|
||
to accept the default quality of protection
|
||
offered by the chosen mechanism, which may be
|
||
requested by specifying GSS_C_QOP_DEFAULT for
|
||
this parameter. If an unsupported protection
|
||
strength is requested, gss_sign will return a
|
||
major_status of GSS_S_FAILURE.
|
||
|
||
message_buffer buffer, opaque, read
|
||
message to be signed
|
||
|
||
msg_token buffer, opaque, modify
|
||
buffer to receive token
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_CONTEXT_EXPIRED The context has already expired
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
|
||
associated credentials have expired
|
||
|
||
GSS_S_NO_CONTEXT The context_handle parameter did not identify a
|
||
valid context
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information.
|
||
|
||
3.9. gss_verify
|
||
|
||
OM_uint32 gss_verify (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t context_handle,
|
||
gss_buffer_t message_buffer,
|
||
gss_buffer_t token_buffer,
|
||
int * qop_state)
|
||
Purpose:
|
||
|
||
Verifies that a cryptographic signature, contained in the token
|
||
parameter, fits the supplied message. The qop_state parameter allows
|
||
a message recipient to determine the strength of protection that was
|
||
applied to the message.
|
||
|
||
|
||
|
||
Wray [Page 28]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
context_handle gss_ctx_id_t, read
|
||
identifies the context on which the message
|
||
arrived
|
||
|
||
message_buffer buffer, opaque, read
|
||
message to be verified
|
||
|
||
token_buffer buffer, opaque, read
|
||
token associated with message
|
||
|
||
qop_state integer, modify
|
||
quality of protection gained from signature
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
|
||
|
||
GSS_S_BAD_SIG The signature was incorrect
|
||
|
||
GSS_S_DUPLICATE_TOKEN The token was valid, and contained a correct
|
||
signature for the message, but it had already
|
||
been processed
|
||
|
||
GSS_S_OLD_TOKEN The token was valid, and contained a correct
|
||
signature for the message, but it is too old
|
||
|
||
GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct
|
||
signature for the message, but has been
|
||
verified out of sequence; an earlier token has
|
||
been signed or sealed by the remote
|
||
application, but not yet been processed
|
||
locally.
|
||
|
||
GSS_S_CONTEXT_EXPIRED The context has already expired
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
|
||
associated credentials have expired
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 29]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
GSS_S_NO_CONTEXT The context_handle parameter did not identify a
|
||
valid context
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information.
|
||
|
||
3.10. gss_seal
|
||
|
||
OM_uint32 gss_seal (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t context_handle,
|
||
int conf_req_flag,
|
||
int qop_req
|
||
gss_buffer_t input_message_buffer,
|
||
int * conf_state,
|
||
gss_buffer_t output_message_buffer)
|
||
|
||
Purpose:
|
||
|
||
Cryptographically signs and optionally encrypts the specified
|
||
input_message. The output_message contains both the signature and
|
||
the message. The qop_req parameter allows a choice between several
|
||
cryptographic algorithms, if supported by the chosen mechanism.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
context_handle gss_ctx_id_t, read
|
||
identifies the context on which the message
|
||
will be sent
|
||
|
||
conf_req_flag boolean, read
|
||
True - Both confidentiality and integrity
|
||
services are requested
|
||
False - Only integrity service is requested
|
||
|
||
qop_req integer, read, optional
|
||
Specifies required quality of protection. A
|
||
mechanism-specific default may be requested by
|
||
setting qop_req to GSS_C_QOP_DEFAULT. If an
|
||
unsupported protection strength is requested,
|
||
gss_seal will return a major_status of
|
||
GSS_S_FAILURE.
|
||
|
||
input_message_buffer buffer, opaque, read
|
||
message to be sealed
|
||
|
||
|
||
|
||
|
||
Wray [Page 30]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
conf_state boolean, modify
|
||
True - Confidentiality, data origin
|
||
authentication and integrity services
|
||
have been applied
|
||
False - Integrity and data origin services only
|
||
has been applied.
|
||
|
||
output_message_buffer buffer, opaque, modify
|
||
buffer to receive sealed message
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_CONTEXT_EXPIRED The context has already expired
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
|
||
associated credentials have expired
|
||
|
||
GSS_S_NO_CONTEXT The context_handle parameter did not identify a
|
||
valid context
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information.
|
||
|
||
3.11. gss_unseal
|
||
|
||
OM_uint32 gss_unseal (
|
||
OM_uint32 * minor_status,
|
||
gss_ctx_id_t context_handle,
|
||
gss_buffer_t input_message_buffer,
|
||
gss_buffer_t output_message_buffer,
|
||
int * conf_state,
|
||
int * qop_state)
|
||
|
||
Purpose:
|
||
|
||
Converts a previously sealed message back to a usable form, verifying
|
||
the embedded signature. The conf_state parameter indicates whether
|
||
the message was encrypted; the qop_state parameter indicates the
|
||
strength of protection that was used to provide the confidentiality
|
||
and integrity services.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
|
||
|
||
Wray [Page 31]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
context_handle gss_ctx_id_t, read
|
||
identifies the context on which the message
|
||
arrived
|
||
|
||
input_message_buffer buffer, opaque, read
|
||
sealed message
|
||
|
||
output_message_buffer buffer, opaque, modify
|
||
buffer to receive unsealed message
|
||
|
||
conf_state boolean, modify
|
||
True - Confidentiality and integrity protection
|
||
were used
|
||
False - Inteegrity service only was used
|
||
|
||
qop_state integer, modify
|
||
quality of protection gained from signature
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_DEFECTIVE_TOKEN The token failed consistency checks
|
||
|
||
GSS_S_BAD_SIG The signature was incorrect
|
||
|
||
GSS_S_DUPLICATE_TOKEN The token was valid, and contained a
|
||
correct signature for the message, but it had
|
||
already been processed
|
||
|
||
GSS_S_OLD_TOKEN The token was valid, and contained a correct
|
||
signature for the message, but it is too old
|
||
|
||
GSS_S_UNSEQ_TOKEN The token was valid, and contained a correct
|
||
signature for the message, but has been
|
||
verified out of sequence; an earlier token has
|
||
been signed or sealed by the remote
|
||
application, but not yet been processed
|
||
locally.
|
||
|
||
GSS_S_CONTEXT_EXPIRED The context has already expired
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The context is recognized, but
|
||
associated credentials have expired
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 32]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
GSS_S_NO_CONTEXT The context_handle parameter did not identify a
|
||
valid context
|
||
|
||
GSS_S_FAILURE Failure. See minor_status for more information.
|
||
|
||
3.12. gss_display_status
|
||
|
||
OM_uint32 gss_display_status (
|
||
OM_uint32 * minor_status,
|
||
int status_value,
|
||
int status_type,
|
||
gss_OID mech_type,
|
||
int * message_context,
|
||
gss_buffer_t status_string)
|
||
|
||
Purpose:
|
||
|
||
Allows an application to obtain a textual representation of a GSSAPI
|
||
status code, for display to the user or for logging purposes. Since
|
||
some status values may indicate multiple errors, applications may
|
||
need to call gss_display_status multiple times, each call generating
|
||
a single text string. The message_context parameter is used to
|
||
indicate which error message should be extracted from a given
|
||
status_value; message_context should be initialized to 0, and
|
||
gss_display_status will return a non-zero value if there are further
|
||
messages to extract.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
status_value integer, read
|
||
Status value to be converted
|
||
|
||
status_type integer, read
|
||
GSS_C_GSS_CODE - status_value is a GSS status
|
||
code
|
||
GSS_C_MECH_CODE - status_value is a mechanism
|
||
status code
|
||
|
||
mech_type Object ID, read, optional
|
||
Underlying mechanism (used to interpret a
|
||
minor status value) Supply GSS_C_NULL_OID to
|
||
obtain the system default.
|
||
|
||
message_context integer, read/modify
|
||
Should be initialized to zero by caller
|
||
|
||
|
||
|
||
Wray [Page 33]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
on first call. If further messages are
|
||
contained in the status_value parameter,
|
||
message_context will be non-zero on return,
|
||
and this value should be passed back to
|
||
subsequent calls, along with the same
|
||
status_value, status_type and mech_type
|
||
parameters.
|
||
|
||
status_string buffer, character string, modify
|
||
textual interpretation of the status_value
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_BAD_MECH Indicates that translation in accordance with
|
||
an unsupported mechanism type was requested
|
||
|
||
GSS_S_BAD_STATUS The status value was not recognized, or the
|
||
status type was neither GSS_C_GSS_CODE nor
|
||
GSS_C_MECH_CODE.
|
||
|
||
|
||
3.13. gss_indicate_mechs
|
||
|
||
OM_uint32 gss_indicate_mechs (
|
||
OM_uint32 * minor_status,
|
||
gss_OID_set * mech_set)
|
||
|
||
Purpose:
|
||
|
||
Allows an application to determine which underlying security
|
||
mechanisms are available.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
mech_set set of Object IDs, modify
|
||
set of implementation-supported mechanisms.
|
||
The returned gss_OID_set value will be a
|
||
pointer into static storage, and should be
|
||
treated as read-only by the caller.
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 34]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
3.14. gss_compare_name
|
||
|
||
OM_uint32 gss_compare_name (
|
||
OM_uint32 * minor_status,
|
||
gss_name_t name1,
|
||
gss_name_t name2,
|
||
int * name_equal)
|
||
|
||
Purpose:
|
||
|
||
Allows an application to compare two internal-form names to determine
|
||
whether they refer to the same entity.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
name1 gss_name_t, read
|
||
internal-form name
|
||
|
||
name2 gss_name_t, read
|
||
internal-form name
|
||
|
||
name_equal boolean, modify
|
||
True - names refer to same entity
|
||
False - names refer to different entities
|
||
(strictly, the names are not known to
|
||
refer to the same identity).
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_BAD_NAMETYPE The type contained within either name1 or
|
||
name2 was unrecognized, or the names were of
|
||
incomparable types.
|
||
|
||
GSS_S_BAD_NAME One or both of name1 or name2 was ill-formed
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 35]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
3.15. gss_display_name
|
||
|
||
OM_uint32 gss_display_name (
|
||
OM_uint32 * minor_status,
|
||
gss_name_t input_name,
|
||
gss_buffer_t output_name_buffer,
|
||
gss_OID * output_name_type)
|
||
|
||
Purpose:
|
||
|
||
Allows an application to obtain a textual representation of an opaque
|
||
internal-form name for display purposes. The syntax of a printable
|
||
name is defined by the GSSAPI implementation.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code.
|
||
|
||
input_name gss_name_t, read
|
||
name to be displayed
|
||
|
||
output_name_buffer buffer, character-string, modify
|
||
buffer to receive textual name string
|
||
|
||
output_name_type Object ID, modify
|
||
The type of the returned name. The returned
|
||
gss_OID will be a pointer into static storage,
|
||
and should be treated as read-only by the caller
|
||
|
||
Function value:
|
||
|
||
GSS status code:
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_BAD_NAMETYPE The type of input_name was not recognized
|
||
|
||
GSS_S_BAD_NAME input_name was ill-formed
|
||
|
||
3.16. gss_import_name
|
||
|
||
OM_uint32 gss_import_name (
|
||
OM_uint32 * minor_status,
|
||
gss_buffer_t input_name_buffer,
|
||
gss_OID input_name_type,
|
||
gss_name_t * output_name)
|
||
|
||
|
||
|
||
|
||
Wray [Page 36]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Purpose:
|
||
|
||
Convert a printable name to internal form.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code
|
||
|
||
input_name_buffer buffer, character-string, read
|
||
buffer containing printable name to convert
|
||
|
||
input_name_type Object ID, read, optional
|
||
Object Id specifying type of printable
|
||
name. Applications may specify either
|
||
GSS_C_NULL_OID to use a local system-specific
|
||
printable syntax, or an OID registered by the
|
||
GSSAPI implementation to name a particular
|
||
namespace.
|
||
|
||
output_name gss_name_t, modify
|
||
returned name in internal form
|
||
|
||
Function value:
|
||
|
||
GSS status code
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_BAD_NAMETYPE The input_name_type was unrecognized
|
||
|
||
GSS_S_BAD_NAME The input_name parameter could not be
|
||
interpreted as a name of the specified type
|
||
|
||
3.17. gss_release_name
|
||
|
||
OM_uint32 gss_release_name (
|
||
OM_uint32 * minor_status,
|
||
gss_name_t * name)
|
||
|
||
Purpose:
|
||
|
||
Free GSSAPI-allocated storage associated with an internal form name.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code
|
||
|
||
|
||
|
||
Wray [Page 37]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
name gss_name_t, modify
|
||
The name to be deleted
|
||
|
||
Function value:
|
||
|
||
GSS status code
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_BAD_NAME The name parameter did not contain a valid name
|
||
|
||
3.18. gss_release_buffer
|
||
|
||
OM_uint32 gss_release_buffer (
|
||
OM_uint32 * minor_status,
|
||
gss_buffer_t buffer)
|
||
|
||
Purpose:
|
||
|
||
Free storage associated with a buffer format name. The storage must
|
||
have been allocated by a GSSAPI routine. In addition to freeing the
|
||
associated storage, the routine will zero the length field in the
|
||
buffer parameter.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code
|
||
|
||
buffer buffer, modify
|
||
The storage associated with the buffer will be
|
||
deleted. The gss_buffer_desc object will not
|
||
be freed, but its length field will be zeroed.
|
||
|
||
Function value:
|
||
|
||
GSS status code
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
3.19. gss_release_oid_set
|
||
|
||
OM_uint32 gss_release_oid_set (
|
||
OM_uint32 * minor_status,
|
||
gss_OID_set * set)
|
||
|
||
Purpose:
|
||
|
||
|
||
|
||
|
||
Wray [Page 38]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
Free storage associated with a gss_OID_set object. The storage must
|
||
have been allocated by a GSSAPI routine.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code
|
||
|
||
set Set of Object IDs, modify
|
||
The storage associated with the gss_OID_set
|
||
will be deleted.
|
||
|
||
Function value:
|
||
|
||
GSS status code
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
3.20. gss_inquire_cred
|
||
|
||
OM_uint32 gss_inquire_cred (
|
||
OM_uint32 * minor_status,
|
||
gss_cred_id_t cred_handle,
|
||
gss_name_t * name,
|
||
OM_uint32 * lifetime,
|
||
int * cred_usage,
|
||
gss_OID_set * mechanisms )
|
||
|
||
Purpose:
|
||
|
||
Obtains information about a credential. The caller must already have
|
||
obtained a handle that refers to the credential.
|
||
|
||
Parameters:
|
||
|
||
minor_status integer, modify
|
||
Mechanism specific status code
|
||
|
||
cred_handle gss_cred_id_t, read
|
||
A handle that refers to the target credential.
|
||
Specify GSS_C_NO_CREDENTIAL to inquire about
|
||
the default credential.
|
||
|
||
name gss_name_t, modify
|
||
The name whose identity the credential asserts.
|
||
Specify NULL if not required.
|
||
|
||
lifetime Integer, modify
|
||
|
||
|
||
|
||
Wray [Page 39]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
The number of seconds for which the credential
|
||
will remain valid. If the credential has
|
||
expired, this parameter will be set to zero.
|
||
If the implementation does not support
|
||
credential expiration, the value
|
||
GSS_C_INDEFINITE will be returned. Specify
|
||
NULL if not required.
|
||
|
||
cred_usage Integer, modify
|
||
How the credential may be used. One of the
|
||
following:
|
||
GSS_C_INITIATE
|
||
GSS_C_ACCEPT
|
||
GSS_C_BOTH
|
||
Specify NULL if not required.
|
||
|
||
mechanisms gss_OID_set, modify
|
||
Set of mechanisms supported by the credential.
|
||
Specify NULL if not required.
|
||
|
||
Function value:
|
||
|
||
GSS status code
|
||
|
||
GSS_S_COMPLETE Successful completion
|
||
|
||
GSS_S_NO_CRED The referenced credentials could not be
|
||
accessed.
|
||
|
||
GSS_S_DEFECTIVE_CREDENTIAL The referenced credentials were
|
||
invalid.
|
||
|
||
GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired.
|
||
If the lifetime parameter was not passed as
|
||
NULL, it will be set to 0.
|
||
|
||
|
||
#ifndef GSSAPI_H_
|
||
#define GSSAPI_H_
|
||
|
||
/*
|
||
* First, define the platform-dependent types.
|
||
*/
|
||
typedef <platform-specific> OM_uint32;
|
||
typedef <platform-specific> gss_ctx_id_t;
|
||
typedef <platform-specific> gss_cred_id_t;
|
||
typedef <platform-specific> gss_name_t;
|
||
|
||
|
||
|
||
|
||
Wray [Page 40]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
/*
|
||
* Note that a platform supporting the xom.h X/Open header file
|
||
* may make use of that header for the definitions of OM_uint32
|
||
* and the structure to which gss_OID_desc equates.
|
||
*/
|
||
|
||
typedef struct gss_OID_desc_struct {
|
||
OM_uint32 length;
|
||
void *elements;
|
||
} gss_OID_desc, *gss_OID;
|
||
|
||
typedef struct gss_OID_set_desc_struct {
|
||
int count;
|
||
gss_OID elements;
|
||
} gss_OID_set_desc, *gss_OID_set;
|
||
|
||
typedef struct gss_buffer_desc_struct {
|
||
size_t length;
|
||
void *value;
|
||
} gss_buffer_desc, *gss_buffer_t;
|
||
|
||
typedef struct gss_channel_bindings_struct {
|
||
OM_uint32 initiator_addrtype;
|
||
gss_buffer_desc initiator_address;
|
||
OM_uint32 acceptor_addrtype;
|
||
gss_buffer_desc acceptor_address;
|
||
gss_buffer_desc application_data;
|
||
} *gss_channel_bindings_t;
|
||
|
||
|
||
/*
|
||
* Six independent flags each of which indicates that a context
|
||
* supports a specific service option.
|
||
*/
|
||
#define GSS_C_DELEG_FLAG 1
|
||
#define GSS_C_MUTUAL_FLAG 2
|
||
#define GSS_C_REPLAY_FLAG 4
|
||
#define GSS_C_SEQUENCE_FLAG 8
|
||
#define GSS_C_CONF_FLAG 16
|
||
#define GSS_C_INTEG_FLAG 32
|
||
|
||
|
||
/*
|
||
* Credential usage options
|
||
*/
|
||
#define GSS_C_BOTH 0
|
||
#define GSS_C_INITIATE 1
|
||
#define GSS_C_ACCEPT 2
|
||
|
||
|
||
|
||
Wray [Page 41]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
/*
|
||
* Status code types for gss_display_status
|
||
*/
|
||
#define GSS_C_GSS_CODE 1
|
||
#define GSS_C_MECH_CODE 2
|
||
|
||
/*
|
||
* The constant definitions for channel-bindings address families
|
||
*/
|
||
#define GSS_C_AF_UNSPEC 0;
|
||
#define GSS_C_AF_LOCAL 1;
|
||
#define GSS_C_AF_INET 2;
|
||
#define GSS_C_AF_IMPLINK 3;
|
||
#define GSS_C_AF_PUP 4;
|
||
#define GSS_C_AF_CHAOS 5;
|
||
#define GSS_C_AF_NS 6;
|
||
#define GSS_C_AF_NBS 7;
|
||
#define GSS_C_AF_ECMA 8;
|
||
#define GSS_C_AF_DATAKIT 9;
|
||
#define GSS_C_AF_CCITT 10;
|
||
#define GSS_C_AF_SNA 11;
|
||
#define GSS_C_AF_DECnet 12;
|
||
#define GSS_C_AF_DLI 13;
|
||
#define GSS_C_AF_LAT 14;
|
||
#define GSS_C_AF_HYLINK 15;
|
||
#define GSS_C_AF_APPLETALK 16;
|
||
#define GSS_C_AF_BSC 17;
|
||
#define GSS_C_AF_DSS 18;
|
||
#define GSS_C_AF_OSI 19;
|
||
#define GSS_C_AF_X25 21;
|
||
|
||
#define GSS_C_AF_NULLADDR 255;
|
||
|
||
#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
|
||
#define GSS_C_NULL_OID ((gss_OID) 0)
|
||
#define GSS_C_NULL_OID_SET ((gss_OID_set) 0)
|
||
#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
|
||
#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
|
||
#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
|
||
#define GSS_C_EMPTY_BUFFER {0, NULL}
|
||
|
||
/*
|
||
* Define the default Quality of Protection for per-message
|
||
* services. Note that an implementation that offers multiple
|
||
* levels of QOP may either reserve a value (for example zero,
|
||
* as assumed here) to mean "default protection", or alternatively
|
||
* may simply equate GSS_C_QOP_DEFAULT to a specific explicit QOP
|
||
* value.
|
||
|
||
|
||
|
||
Wray [Page 42]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
*/
|
||
#define GSS_C_QOP_DEFAULT 0
|
||
|
||
/*
|
||
* Expiration time of 2^32-1 seconds means infinite lifetime for a
|
||
* credential or security context
|
||
*/
|
||
#define GSS_C_INDEFINITE 0xfffffffful
|
||
|
||
|
||
/* Major status codes */
|
||
|
||
#define GSS_S_COMPLETE 0
|
||
|
||
/*
|
||
* Some "helper" definitions to make the status code macros obvious.
|
||
*/
|
||
#define GSS_C_CALLING_ERROR_OFFSET 24
|
||
#define GSS_C_ROUTINE_ERROR_OFFSET 16
|
||
#define GSS_C_SUPPLEMENTARY_OFFSET 0
|
||
#define GSS_C_CALLING_ERROR_MASK 0377ul
|
||
#define GSS_C_ROUTINE_ERROR_MASK 0377ul
|
||
#define GSS_C_SUPPLEMENTARY_MASK 0177777ul
|
||
|
||
/*
|
||
* The macros that test status codes for error conditions
|
||
*/
|
||
#define GSS_CALLING_ERROR(x) \
|
||
(x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
|
||
#define GSS_ROUTINE_ERROR(x) \
|
||
(x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
|
||
#define GSS_SUPPLEMENTARY_INFO(x) \
|
||
(x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
|
||
#define GSS_ERROR(x) \
|
||
((GSS_CALLING_ERROR(x) != 0) || (GSS_ROUTINE_ERROR(x) != 0))
|
||
|
||
|
||
/*
|
||
* Now the actual status code definitions
|
||
*/
|
||
|
||
/*
|
||
* Calling errors:
|
||
*/
|
||
#define GSS_S_CALL_INACCESSIBLE_READ \
|
||
(1ul << GSS_C_CALLING_ERROR_OFFSET)
|
||
#define GSS_S_CALL_INACCESSIBLE_WRITE \
|
||
(2ul << GSS_C_CALLING_ERROR_OFFSET)
|
||
|
||
|
||
|
||
Wray [Page 43]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
#define GSS_S_CALL_BAD_STRUCTURE \
|
||
(3ul << GSS_C_CALLING_ERROR_OFFSET)
|
||
|
||
/*
|
||
* Routine errors:
|
||
*/
|
||
#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET)
|
||
|
||
/*
|
||
* Supplementary info bits:
|
||
*/
|
||
#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
|
||
#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
|
||
#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
|
||
#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
|
||
|
||
|
||
/*
|
||
* Finally, function prototypes for the GSSAPI routines.
|
||
*/
|
||
|
||
OM_uint32 gss_acquire_cred
|
||
(OM_uint32*, /* minor_status */
|
||
gss_name_t, /* desired_name */
|
||
OM_uint32, /* time_req */
|
||
gss_OID_set, /* desired_mechs */
|
||
int, /* cred_usage */
|
||
gss_cred_id_t*, /* output_cred_handle */
|
||
gss_OID_set*, /* actual_mechs */
|
||
OM_uint32* /* time_rec */
|
||
);
|
||
|
||
OM_uint32 gss_release_cred,
|
||
(OM_uint32*, /* minor_status */
|
||
gss_cred_id_t* /* cred_handle */
|
||
);
|
||
|
||
|
||
|
||
Wray [Page 44]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
OM_uint32 gss_init_sec_context
|
||
(OM_uint32*, /* minor_status */
|
||
gss_cred_id_t, /* claimant_cred_handle */
|
||
gss_ctx_id_t*, /* context_handle */
|
||
gss_name_t, /* target_name */
|
||
gss_OID, /* mech_type */
|
||
int, /* req_flags */
|
||
OM_uint32, /* time_req */
|
||
gss_channel_bindings_t,
|
||
/* input_chan_bindings */
|
||
gss_buffer_t, /* input_token */
|
||
gss_OID*, /* actual_mech_type */
|
||
gss_buffer_t, /* output_token */
|
||
int*, /* ret_flags */
|
||
OM_uint32* /* time_rec */
|
||
);
|
||
|
||
OM_uint32 gss_accept_sec_context
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t*, /* context_handle */
|
||
gss_cred_id_t, /* verifier_cred_handle */
|
||
gss_buffer_t, /* input_token_buffer */
|
||
gss_channel_bindings_t,
|
||
/* input_chan_bindings */
|
||
gss_name_t*, /* src_name */
|
||
gss_OID*, /* mech_type */
|
||
gss_buffer_t, /* output_token */
|
||
int*, /* ret_flags */
|
||
OM_uint32*, /* time_rec */
|
||
gss_cred_id_t* /* delegated_cred_handle */
|
||
);
|
||
|
||
OM_uint32 gss_process_context_token
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t, /* context_handle */
|
||
gss_buffer_t /* token_buffer */
|
||
);
|
||
|
||
OM_uint32 gss_delete_sec_context
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t*, /* context_handle */
|
||
gss_buffer_t /* output_token */
|
||
);
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 45]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
OM_uint32 gss_context_time
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t, /* context_handle */
|
||
OM_uint32* /* time_rec */
|
||
);
|
||
|
||
OM_uint32 gss_sign
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t, /* context_handle */
|
||
int, /* qop_req */
|
||
gss_buffer_t, /* message_buffer */
|
||
gss_buffer_t /* message_token */
|
||
);
|
||
|
||
OM_uitn32 gss_verify
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t, /* context_handle */
|
||
gss_buffer_t, /* message_buffer */
|
||
gss_buffer_t, /* token_buffer */
|
||
int* /* qop_state */
|
||
);
|
||
|
||
OM_uint32 gss_seal
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t, /* context_handle */
|
||
int, /* conf_req_flag */
|
||
int, /* qop_req */
|
||
gss_buffer_t, /* input_message_buffer */
|
||
int*, /* conf_state */
|
||
gss_buffer_t /* output_message_buffer */
|
||
);
|
||
|
||
OM_uint32 gss_unseal
|
||
(OM_uint32*, /* minor_status */
|
||
gss_ctx_id_t, /* context_handle */
|
||
gss_buffer_t, /* input_message_buffer */
|
||
gss_buffer_t, /* output_message_buffer */
|
||
int*, /* conf_state */
|
||
int* /* qop_state */
|
||
);
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 46]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
OM_uint32 gss_display_status
|
||
(OM_uint32*, /* minor_status */
|
||
OM_uint32, /* status_value */
|
||
int, /* status_type */
|
||
gss_OID, /* mech_type */
|
||
int*, /* message_context */
|
||
gss_buffer_t /* status_string */
|
||
);
|
||
|
||
OM_uint32 gss_indicate_mechs
|
||
(OM_uint32*, /* minor_status */
|
||
gss_OID_set* /* mech_set */
|
||
);
|
||
|
||
OM_uint32 gss_compare_name
|
||
(OM_uint32*, /* minor_status */
|
||
gss_name_t, /* name1 */
|
||
gss_name_t, /* name2 */
|
||
int* /* name_equal */
|
||
);
|
||
|
||
OM_uint32 gss_display_name,
|
||
(OM_uint32*, /* minor_status */
|
||
gss_name_t, /* input_name */
|
||
gss_buffer_t, /* output_name_buffer */
|
||
gss_OID* /* output_name_type */
|
||
);
|
||
|
||
OM_uint32 gss_import_name
|
||
(OM_uint32*, /* minor_status */
|
||
gss_buffer_t, /* input_name_buffer */
|
||
gss_OID, /* input_name_type */
|
||
gss_name_t* /* output_name */
|
||
);
|
||
|
||
OM_uint32 gss_release_name
|
||
(OM_uint32*, /* minor_status */
|
||
gss_name_t* /* input_name */
|
||
);
|
||
|
||
OM_uint32 gss_release_buffer
|
||
(OM_uint32*, /* minor_status */
|
||
gss_buffer_t /* buffer */
|
||
);
|
||
|
||
OM_uint32 gss_release_oid_set
|
||
(OM_uint32*, /* minor_status */
|
||
gss_OID_set* /* set */
|
||
|
||
|
||
|
||
Wray [Page 47]
|
||
|
||
RFC 1509 GSSAPI - Overview and C bindings September 1993
|
||
|
||
|
||
);
|
||
|
||
OM_uint32 gss_inquire_cred
|
||
(OM_uint32 *, /* minor_status */
|
||
gss_cred_id_t, /* cred_handle */
|
||
gss_name_t *, /* name */
|
||
OM_uint32 *, /* lifetime */
|
||
int *, /* cred_usage */
|
||
gss_OID_set * /* mechanisms */
|
||
);
|
||
|
||
|
||
|
||
#endif /* GSSAPI_H_ */
|
||
|
||
References
|
||
|
||
[1] Linn, J., "Generic Security Service Application Program
|
||
Interface", RFC 1508, Geer Zolot Associate, September 1993.
|
||
|
||
[2] "OSI Object Management API Specification, Version 2.0 t", X.400
|
||
API Association & X/Open Company Limited, August 24, 1990.
|
||
Specification of datatypes and routines for manipulating
|
||
information objects.
|
||
|
||
Security Considerations
|
||
|
||
Security issues are discussed throughout this memo.
|
||
|
||
Author's Address
|
||
|
||
John Wray
|
||
Digital Equipment Corporation
|
||
550 King Street, LKG2-2/AA6
|
||
Littleton, MA 01460
|
||
USA
|
||
|
||
Phone: +1-508-486-5210
|
||
EMail: Wray@tuxedo.enet.dec.com
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Wray [Page 48]
|
||
|