NAME
gss_add_cred() — adds a credential-element to a credential
SYNOPSIS
#include <gssapi.h>
OM_uint32 gss_add_cred (
OM_uint32 *minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec);
DESCRIPTION
The
gss_add_cred()
routine adds a credential-element to a credential.
The credential-element is identified by the name of the principal
to which it refers.
If desired_name is
GSS_C_NO_NAME,
the call is interpreted as a
request to add a credential element that will invoke default behavior
when passed to
gss_init_sec_context()
or
gss_accept_sec_context().
This routine can be used to either compose a new credential
containing all credential-elements of the original in addition to the
newly-acquire credential-element, or to add the new credential-
element to an existing credential. If NULL is specified for the
output_cred_handle
arameter argument, the new credential-element
will be added to the credential identified by
input_cred_handle;
if a
valid pointer is specified for the
output_cred_handle
parameter, a
new credential handle will be created.
If
GSS_C_NO_CREDENTIAL
is specified as the
input_cred_handle,
gss_add_cred()
will compose a credential based on default behavior.
Input Parameters
- input_cred_handle
Specifies the handle to credential structure to which a
credential-element will be added. If
GSS_C_NO_CREDENTIAL
is specified, the routine will compose the new credential based
on default behavior
- desired_name
Specifies the principal name whose credential should be acquired.
- desired_mechs
Specifies the OID set for the security mechanism for which the new
credential may be used.
- initiator_time_req
Specifies the number of seconds that credentials remain valid.
for initiating security contexts. This argument is ignored if the
composed credentials are of type
GSS_C_ACCEPT.
Specify
GSS_C_INDEFINITE
to request that the credentials have the
maximum permitted initiator lifetime.
- acceptor_time_req
Specifies the number of seconds that credentials remain valid.
for accepting security contexts. This argument is ignored if the
composed credentials are of type
GSS_C_INITIATE.
Specify
GSS_C_INDEFINITE
to request that the credentials have the
maximum permitted acceptor lifetime.
- cred_usage
Specify one of the following:
- GSS_C_BOTH
Specifies credentials that the context initiator can use to either
initiate or accept security contexts.
- GSS_C_INITIATE
Specifies credentials that the context initiator can use only to initiate
security contexts.
- GSS_C_ACCEPT
Specifies credentials that the context initiator can use only to accept
security contexts.
Output Parameters
- output_cred_handle
The returned credential handle, containing the new credential-element and
all the credential-elements from input_cred_handle. If NULL is specified
for this parameter, the newly acquired credential-element will be added
to the credential identified by input_cred_handle.
- actual_mechs
Returns a set of mechanisms for which the credential is valid.
This information is optional. If you do not want a set of mechanisms
returned, specify NULL.
- initiator_time_rec
Specifies the actual number of seconds that credentials remain valid
for initiating security contexts using the specified mechanism.
If the implementation or mechanism does not support expiration of
credentials, the value
GSS_C_INDEFINITE
will be returned.
- acceptor_time_rec
Specifies the actual number of seconds that credentials remain valid
for accepting security contexts using the specified mechanism.
If the implementation or mechanism does not support expiration of
credentials, the value
GSS_C_INDEFINITE
will be returned.
- minor_status
Returns a status code from the security mechanism.
STATUS CODES
The following list explains the GSS status codes that can be returned:
- GSS_S_COMPLETE
The routine was completed successfully.
- GSS_S_BAD_MECH
The requested security mechanism is unsupported or unavailable.
- GSS_S_BAD_NAMETYPE
The name passed by the
desired_name
parameter is unsupported.
- GSS_S_BAD_NAME
An invalid name was passed by the
desired_name
parameter.
- GSS_S_DUPLICATE_ELEMENT
The credential already contains an element
for the requested mechanism with overlapping usage and validity period.
- GSS_S_CREDENTIALS_EXPIRED
The required credentials could not be added
because they have expired.
- GSS_S_NO_CRED
No credentials were found for the specified name.
AUTHOR
gss_add_cred()
was developed by Sun Microsystems, Inc.
SEE ALSO
gss_init_sec_context(3).
The manpages for DCE-GSSAPI are included with the DCE-CoreTools product.
To see those manpages add
/opt/dce/share/man
to
MANPATH.