|
GSS_ACQUIRE_CRED(3)
Contents
|
gss_accept_sec_context, gss_acquire_cred, gss_add_cred,
gss_add_oid_set_member, gss_canonicalize_name, gss_compare_name,
gss_context_time, gss_create_empty_oid_set, gss_delete_sec_context,
gss_display_name, gss_display_status, gss_duplicate_name,
gss_export_name, gss_export_sec_context, gss_get_mic, gss_import_name,
gss_import_sec_context, gss_indicate_mechs, gss_init_sec_context,
gss_inquire_context, gss_inquire_cred, gss_inquire_cred_by_mech,
gss_inquire_mechs_for_name, gss_inquire_names_for_mech,
gss_krb5_copy_ccache, gss_krb5_compat_des3_mic,
gss_process_context_token, gss_release_buffer, gss_release_cred,
gss_release_name, gss_release_oid_set, gss_seal, gss_sign,
gss_test_oid_set_member, gss_unseal, gss_unwrap, gss_verify,
gss_verify_mic, gss_wrap, gss_wrap_size_limit -- Generic Security Service
Application Program Interface library
GSS-API library (libgssapi, -lgssapi)
#include <gssapi.h>
OM_uint32
gss_accept_sec_context(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name, gss_OID * mech_type,
gss_buffer_t output_token, OM_uint32 * ret_flags,
OM_uint32 * time_rec, gss_cred_id_t * delegated_cred_handle);
OM_uint32
gss_acquire_cred(OM_uint32 * minor_status, const gss_name_t desired_name,
OM_uint32 time_req, const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage, gss_cred_id_t * output_cred_handle,
gss_OID_set * actual_mechs, OM_uint32 * time_rec);
OM_uint32
gss_add_oid_set_member(OM_uint32 * minor_status,
const gss_OID member_oid, gss_OID_set * oid_set);
OM_uint32
gss_canonicalize_name(OM_uint32 * minor_status,
const gss_name_t input_name, const gss_OID mech_type,
gss_name_t * output_name);
OM_uint32
gss_compare_name(OM_uint32 * minor_status, const gss_name_t name1,
const gss_name_t name2, int * name_equal);
OM_uint32
gss_context_time(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle, OM_uint32 * time_rec);
OM_uint32
gss_create_empty_oid_set(OM_uint32 * minor_status,
gss_OID_set * oid_set);
OM_uint32
gss_delete_sec_context(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle, gss_buffer_t output_token);
OM_uint32
gss_display_name(OM_uint32 * minor_status, const gss_name_t input_name,
gss_buffer_t output_name_buffer, gss_OID * output_name_type);
OM_uint32
gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
int status_type, const gss_OID mech_type, OM_uint32 *message_context,
gss_buffer_t status_string);
OM_uint32
gss_duplicate_name(OM_uint32 * minor_status, const gss_name_t src_name,
gss_name_t * dest_name);
OM_uint32
gss_export_name(OM_uint32 * minor_status, const gss_name_t input_name,
gss_buffer_t exported_name);
OM_uint32
gss_export_sec_context(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle, gss_buffer_t interprocess_token);
OM_uint32
gss_get_mic(OM_uint32 * minor_status, const gss_ctx_id_t context_handle,
gss_qop_t qop_req, const gss_buffer_t message_buffer,
gss_buffer_t message_token);
OM_uint32
gss_import_name(OM_uint32 * minor_status,,
const gss_buffer_t input_name_buffer, const gss_OID input_name_type,
gss_name_t * output_name);
OM_uint32
gss_import_sec_context(OM_uint32 * minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t * context_handle);
OM_uint32
gss_indicate_mechs(OM_uint32 * minor_status, gss_OID_set * mech_set);
OM_uint32
gss_init_sec_context(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle, const gss_name_t target_name,
const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token, gss_OID * actual_mech_type,
gss_buffer_t output_token, OM_uint32 * ret_flags,
OM_uint32 * time_rec);
OM_uint32
gss_inquire_context(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle, gss_name_t * src_name,
gss_name_t * targ_name, OM_uint32 * lifetime_rec,
gss_OID * mech_type, OM_uint32 * ctx_flags, int * locally_initiated,
int * open_context);
OM_uint32
gss_inquire_cred(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle, gss_name_t * name,
OM_uint32 * lifetime, gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms);
OM_uint32
gss_inquire_cred_by_mech();
OM_uint32
gss_inquire_mechs_for_name();
OM_uint32
gss_inquire_names_for_mech();
OM_uint32
gss_krb5_copy_ccache(OM_uint32 *minor, gss_cred_id_t cred,
krb5_ccache out);
OM_uint32
gss_krb5_compat_des3_mic(OM_uint32 * minor_status,
gss_ctx_id_t context_handle, int onoff);
OM_uint32
gss_process_context_token();
OM_uint32
gss_release_buffer(OM_uint32 * minor_status, gss_buffer_t buffer);
OM_uint32
gss_release_cred(OM_uint32 * minor_status, gss_cred_id_t * cred_handle);
OM_uint32
gss_release_name(OM_uint32 * minor_status, gss_name_t * input_name);
gss_release_oid_set(OM_uint32 * minor_status, gss_OID_set * set);
OM_uint32
gss_seal(OM_uint32 * minor_status, gss_ctx_id_t context_handle,
int conf_req_flag, int qop_req, gss_buffer_t input_message_buffer,
int * conf_state, gss_buffer_t output_message_buffer);
OM_uint32
gss_sign(OM_uint32 * minor_status, gss_ctx_id_t context_handle,
int qop_req, gss_buffer_t message_buffer,
gss_buffer_t message_token);
OM_uint32
gss_test_oid_set_member(OM_uint32 * minor_status, const gss_OID member,
const gss_OID_set set, int * present);
OM_uint32
gss_unseal(OM_uint32 * minor_status, gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer, int * conf_state,
int * qop_state);
OM_uint32
gss_unwrap(OM_uint32 * minor_status, const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer, int * conf_state,
gss_qop_t * qop_state);
OM_uint32
gss_verify(OM_uint32 * minor_status, gss_ctx_id_t context_handle,
gss_buffer_t message_buffer, gss_buffer_t token_buffer,
int * qop_state);
OM_uint32
gss_verify_mic(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer, gss_qop_t * qop_state);
gss_wrap(OM_uint32 * minor_status, const gss_ctx_id_t context_handle,
int conf_req_flag, gss_qop_t qop_req,
const gss_buffer_t input_message_buffer, int * conf_state,
gss_buffer_t output_message_buffer);
OM_uint32
gss_wrap_size_limit(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle, int conf_req_flag,
gss_qop_t qop_req, OM_uint32 req_output_size,
OM_uint32 * max_input_size);
Generic Security Service API (GSS-API) version 2, and its C binding, is
described in RFC2743 and RFC2744. Version 1 (deprecated) of the C binding
is described in RFC1509.
Heimdals GSS-API implementation supports the following mechanisms
+o GSS_KRB5_MECHANISM
GSS-API have generic name types that all mechanism are supposed to implement
(if possible)
+o GSS_C_NT_USER_NAME
+o GSS_C_NT_MACHINE_UID_NAME
+o GSS_C_NT_STRING_UID_NAME
+o GSS_C_NT_HOSTBASED_SERVICE
+o GSS_C_NT_ANONYMOUS
+o GSS_C_NT_EXPORT_NAME
GSS-API implementations that supports Kerberos 5 have some additional
name types
+o GSS_KRB5_NT_PRINCIPAL_NAME
+o GSS_KRB5_NT_USER_NAME
+o GSS_KRB5_NT_MACHINE_UID_NAME
+o GSS_KRB5_NT_STRING_UID_NAME
gss_display_name() takes the gss name in input_name and put a printable
form in output_name_buffer. output_name_buffer should be freed when done
using gss_release_buffer(). output_name_type can either be NULL or a
pointer to a gss_OID and will in the later case contain the OID type of
the name. The name should only be used for printing. Access control
should be done with the result of gss_export_name().
gss_sign(), gss_verify(), gss_seal(), and gss_unseal() are part of the
GSS-API V1 interface and are obsolete. The functions should not be used
for new applications. They are provided so that version 1 applications
can link against the library.
gss_krb5_copy_ccache() is an extension to the GSS-API API. The function
will extract the krb5 credential that are transfered from the initiator
to the acceptor when using token delegation in the Kerberos mechanism.
The acceptor receives the delegated token in the last argument to
gss_accept_sec_context().
gss_krb5_compat_des3_mic turns on or off the compatibly with older version
of Heimdal using des3 get and verify mic, this is way to programmatically
set the [gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags
(see COMPATIBILITY section in gssapi(3)). If the CPP symbol
GSS_C_KRB5_COMPAT_DES3_MIC is present, gss_krb5_compat_des3_mic exists.
gss_krb5_compat_des3_mic will be removed in a later version of the GSSAPI
library.
krb5(3), krb5_ccache(3), gssapi(3), kerberos(8)
HEIMDAL April 2, 2003 HEIMDAL
[ Back ] |