NAME
gss_inquire_context() — obtain information about a security context
SYNOPSIS
#include <gssapi.h>
OM_uint32 gss_inquire_context (
OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
gss_name_t *src_name,
gss_name_t *target_name,
OM_uint32 *lifetime_rec,
gss_OID *mech_type)
OM_uint32 *ctx_flags,
int *locally_initiated,
int *open)
DESCRIPTION
The
gss_inquire_context()
routine provides information about the security context
to the calling application. The calling application must
first have called the
gss_acquire_cred()
routine for a handle
for the credential.
Input Parameters
- context_handle
A handle that refers to the security context.
Output Parameters
- src_name
The name of the context initiator. If the context was established
using anonymous authentication, and if the application invoking
gss_inquire_context()
is the context acceptor, an anonymous
name will be returned. Specify NULL if not required.
- context_handle
The name of the context acceptor. If the context acceptor did
not authenticate itself, and if the initiator did not specify
a target name in its call to
gss_init_sec_context(),
the value
GSS_C_NO_NAME
will be returned. Specify NULL if not required.
- lifetime_rec
Returns the number of seconds for which the credential will remain
valid. If the credential expired, the parameter returns a 0 (zero).
If there is no credential expiration, the parameter returns the value
GSS_C_INDEFINITE.
If an expiration time is not required, specify
NULL.
- targ_name
The name of the context acceptor. Storage associated with this name
must be freed by the application after use with a call to
gss_release_name().
- mech_type
The security mechanism providing the context. Specify NULL if not
required
- ctx_flags
Specifies independent flags, each of which requests that the
context support a service option. The following symbolic names are
provided to correspond to each flag. The symbolic names should be
logically ORed to form a bit-mask value.
GSS_C_DELEG_FLAG.
The True/False values are:
- True
Credentials were delegated to the context acceptor.
- False
No credentials were delegated.
GSS_C_MUTUAL_FLAG.
The True/False values are:
- True
The context acceptor has been asked to authenticate itself.
- False
The context initiator has not been asked to authenticates itself.
GSS_C_REPLAY_FLAG.
The True/False values are:
- True
Replayed signed or sealed messages will be
detected.
- False
Replayed messages will not be detected.
GSS_C_SEQUENCE_FLAG.
The True/False values are:
- True
Out-of-sequence signed or sealed messages will be detected.
- False
Out-of-sequence signed or sealed messages will not be detected.
GSS_C_CONF_FLAG.
The True/False values are:
- True
Request that confidentiality service be made available
- False
No per-message confidentiality service is required.
GSS_C_INTEG_FLAG.
The True/False values are:
- True
Request that integrity service be be made available
- False
No per-message integrity service is required.
GSS_C_ANON_FLAG.
The True/False values are:
- True
Do not reveal the initiator's identity to the acceptor.
- False
Authenticate normally.
- cred_usage
Returns one of the following values describing how the application can
use the credential:
GSS_C_INITIATE
GSS_C_ACCEPT
GSS_C_BOTH
If no usage information is required, specify NULL.
- mechs
returns a set of security mechanisms supported by the credential. Specify
NULL if not required.
- minor_status
Returns a status code from the security mechanism.
STATUS CODES
The following status codes can be returned:
- GSS_S_COMPLETE
The routine was completed successfully.
- GSS_S_NO_CONTEXT
The referenced context could not be accessed.
- GSS_S_DEFECTIVE_CREDENTIAL
The credentials were invalid.
- GSS_S_FAILURE
The routine failed. Check the
minor_status
parameter for details.
- GSS_S_NO_CRED
The routine could not access the credentials.
AUTHOR
gss_inquire_context()
was developed by Sun Microsystems, Inc.
SEE ALSO
gss_acquire_cred(3).
The manpages for DCE-GSSAPI are included with the DCE-CoreTools product.
To see those manpages add
/opt/dce/share/man
to
MANPATH.