Functions | |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_add_oid_set_member (OM_uint32 *minor_status, const gss_OID member_oid, gss_OID_set *oid_set) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_wrap_iov (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_unwrap_iov (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_wrap_iov_length (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_release_iov_buffer (OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_canonicalize_name (OM_uint32 *minor_status, gss_const_name_t input_name, const gss_OID mech_type, gss_name_t *output_name) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_display_status (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32 *message_context, gss_buffer_t status_string) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_export_name (OM_uint32 *minor_status, gss_const_name_t input_name, gss_buffer_t exported_name) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_import_name (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_init_sec_context (OM_uint32 *minor_status, gss_const_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, gss_const_name_t target_name, const gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_inquire_saslname_for_mech (OM_uint32 *minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_inquire_attrs_for_mech (OM_uint32 *minor_status, gss_const_OID mech, gss_OID_set *mech_attr, gss_OID_set *known_mech_attrs) |
| GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL | gss_oid_equal (gss_const_OID a, gss_const_OID b) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_release_cred (OM_uint32 *minor_status, gss_cred_id_t *cred_handle) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_release_name (OM_uint32 *minor_status, gss_name_t *input_name) |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL | gss_wrap (OM_uint32 *minor_status, gss_const_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) |
Variables | |
| gss_OID_desc GSSAPI_LIB_FUNCTION | __gss_c_attr_stream_sizes_oid_desc |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member | ( | OM_uint32 * | minor_status, |
| const gss_OID | member_oid, | ||
| gss_OID_set * | oid_set | ||
| ) |
Add a oid to the oid set, function does not make a copy of the oid, so the pointer to member_oid needs to be stable for the whole time oid_set is used.
If there is a duplicate member of the oid, the new member is not added to to the set.
| minor_status | minor status code. |
| member_oid | member to add to the oid set |
| oid_set | oid set to add the member too |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name | ( | OM_uint32 * | minor_status, |
| gss_const_name_t | input_name, | ||
| const gss_OID | mech_type, | ||
| gss_name_t * | output_name | ||
| ) |
gss_canonicalize_name takes a Internal Name (IN) and converts in into a mechanism specific Mechanism Name (MN).
The input name may multiple name, or generic name types.
If the input_name if of the GSS_C_NT_USER_NAME, and the Kerberos mechanism is specified, the resulting MN type is a GSS_KRB5_NT_PRINCIPAL_NAME.
For more information about Internal names and mechanism names.
| minor_status | minor status code. |
| input_name | name to covert, unchanged by gss_canonicalize_name(). |
| mech_type | the type to convert Name too. |
| output_name | the resulting type, release with gss_release_name(), independent of input_name. |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_status | ( | OM_uint32 * | minor_status, |
| OM_uint32 | status_value, | ||
| int | status_type, | ||
| const gss_OID | mech_type, | ||
| OM_uint32 * | message_context, | ||
| gss_buffer_t | status_string | ||
| ) |
Convert a GSS-API status code to text
| minor_status | minor status code |
| status_value | status value to convert |
| status_type | One of: GSS_C_GSS_CODE - status_value is a GSS status code, GSS_C_MECH_CODE - status_value is a mechanism status code |
| mech_type | underlying mechanism. Use GSS_C_NO_OID to obtain the system default. |
| message_context | state information to extract further messages from the status_value |
| status_string | the allocated text representation. Release with gss_release_buffer() |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name | ( | OM_uint32 * | minor_status, |
| gss_const_name_t | input_name, | ||
| gss_buffer_t | exported_name | ||
| ) |
Convert a GGS-API name from internal form to contiguous string.
| minor_status | minor status code |
| input_name | input name in internal name form |
| exported_name | output name in contiguos string form |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name | ( | OM_uint32 * | minor_status, |
| const gss_buffer_t | input_name_buffer, | ||
| const gss_OID | input_name_type, | ||
| gss_name_t * | output_name | ||
| ) |
Convert a GGS-API name from contiguous string to internal form.
Type of name and their format:
| minor_status | minor status code |
| input_name_buffer | import name buffer |
| input_name_type | type of the import name buffer |
| output_name | the resulting type, release with gss_release_name(), independent of input_name |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context | ( | OM_uint32 * | minor_status, |
| gss_const_cred_id_t | initiator_cred_handle, | ||
| gss_ctx_id_t * | context_handle, | ||
| gss_const_name_t | target_name, | ||
| const gss_OID | input_mech_type, | ||
| OM_uint32 | req_flags, | ||
| OM_uint32 | time_req, | ||
| const gss_channel_bindings_t | input_chan_bindings, | ||
| const gss_buffer_t | input_token, | ||
| gss_OID * | actual_mech_type, | ||
| gss_buffer_t | output_token, | ||
| OM_uint32 * | ret_flags, | ||
| OM_uint32 * | time_rec | ||
| ) |
As the initiator build a context with an acceptor.
Returns in the major
| minor_status | minor status code. |
| initiator_cred_handle | the credential to use when building the context, if GSS_C_NO_CREDENTIAL is passed, the default credential for the mechanism will be used. |
| context_handle | a pointer to a context handle, will be returned as long as there is not an error. |
| target_name | the target name of acceptor, created using gss_import_name(). The name is can be of any name types the mechanism supports, check supported name types with gss_inquire_names_for_mech(). |
| input_mech_type | mechanism type to use, if GSS_C_NO_OID is used, Kerberos (GSS_KRB5_MECHANISM) will be tried. Other available mechanism are listed in the GSS-API mechanisms section. |
| req_flags | flags using when building the context, see Context creation flags |
| time_req | time requested this context should be valid in seconds, common used value is GSS_C_INDEFINITE |
| input_chan_bindings | Channel bindings used, if not exepected otherwise, used GSS_C_NO_CHANNEL_BINDINGS |
| input_token | input token sent from the acceptor, for the initial packet the buffer of { NULL, 0 } should be used. |
| actual_mech_type | the actual mech used, MUST NOT be freed since it pointing to static memory. |
| output_token | if there is an output token, regardless of complete, continue_needed, or error it should be sent to the acceptor |
| ret_flags | return what flags was negotitated, caller should check if they are accetable. For example, if GSS_C_MUTUAL_FLAG was negotiated with the acceptor or not. |
| time_rec | amount of time this context is valid for |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_attrs_for_mech | ( | OM_uint32 * | minor_status, |
| gss_const_OID | mech, | ||
| gss_OID_set * | mech_attr, | ||
| gss_OID_set * | known_mech_attrs | ||
| ) |
List support attributes for a mech and/or all mechanisms.
| minor_status | minor status code |
| mech | given together with mech_attr will return the list of attributes for mechanism, can optionally be GSS_C_NO_OID. |
| mech_attr | see mech parameter, can optionally be NULL, release with gss_release_oid_set(). |
| known_mech_attrs | all attributes for mechanisms supported, release with gss_release_oid_set(). |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_saslname_for_mech | ( | OM_uint32 * | minor_status, |
| const gss_OID | desired_mech, | ||
| gss_buffer_t | sasl_mech_name, | ||
| gss_buffer_t | mech_name, | ||
| gss_buffer_t | mech_description | ||
| ) |
Returns different protocol names and description of the mechanism.
| minor_status | minor status code |
| desired_mech | mech list query |
| sasl_mech_name | SASL GS2 protocol name |
| mech_name | gssapi protocol name |
| mech_description | description of gssapi mech |
| GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL gss_oid_equal | ( | gss_const_OID | a, |
| gss_const_OID | b | ||
| ) |
Compare two GSS-API OIDs with each other.
GSS_C_NO_OID matches nothing, not even it-self.
| a | first oid to compare |
| b | second oid to compare |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred | ( | OM_uint32 * | minor_status, |
| gss_cred_id_t * | cred_handle | ||
| ) |
Release a credentials
Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will return a GSS_S_COMPLETE error code. On return cred_handle is set ot GSS_C_NO_CREDENTIAL.
Example:
| minor_status | minor status return code, mech specific |
| cred_handle | a pointer to the credential too release |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_iov_buffer | ( | OM_uint32 * | minor_status, |
| gss_iov_buffer_desc * | iov, | ||
| int | iov_count | ||
| ) |
Free all buffer allocated by gss_wrap_iov() or gss_unwrap_iov() by looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag.
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name | ( | OM_uint32 * | minor_status, |
| gss_name_t * | input_name | ||
| ) |
Free a name
import_name can point to NULL or be NULL, or a pointer to a gss_name_t structure. If it was a pointer to gss_name_t, the pointer will be set to NULL on success and failure.
| minor_status | minor status code |
| input_name | name to free |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap_iov | ( | OM_uint32 * | minor_status, |
| gss_ctx_id_t | context_handle, | ||
| int * | conf_state, | ||
| gss_qop_t * | qop_state, | ||
| gss_iov_buffer_desc * | iov, | ||
| int | iov_count | ||
| ) |
Decrypt or verifies the signature on the data.
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap | ( | OM_uint32 * | minor_status, |
| gss_const_ctx_id_t | context_handle, | ||
| int | conf_req_flag, | ||
| gss_qop_t | qop_req, | ||
| const gss_buffer_t | input_message_buffer, | ||
| int * | conf_state, | ||
| gss_buffer_t | output_message_buffer | ||
| ) |
Wrap a message using either confidentiality (encryption + signature) or sealing (signature).
| minor_status | minor status code. |
| context_handle | context handle. |
| conf_req_flag | if non zero, confidentiality is requestd. |
| qop_req | type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in. |
| input_message_buffer | messages to wrap |
| conf_state | returns non zero if confidentiality was honoured. |
| output_message_buffer | the resulting buffer, release with gss_release_buffer(). |
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov | ( | OM_uint32 * | minor_status, |
| gss_ctx_id_t | context_handle, | ||
| int | conf_req_flag, | ||
| gss_qop_t | qop_req, | ||
| int * | conf_state, | ||
| gss_iov_buffer_desc * | iov, | ||
| int | iov_count | ||
| ) |
Encrypts or sign the data.
This is a more complicated version of gss_wrap(), it allows the caller to use AEAD data (signed header/trailer) and allow greater controll over where the encrypted data is placed.
The maximum packet size is gss_context_stream_sizes.max_msg_size.
The caller needs provide the folloing buffers when using in conf_req_flag=1 mode:
HEADER, PADDING, TRAILER will be shrunken to the size required to transmit any of them too large.
To generate gss_wrap() compatible packets, use: HEADER | DATA | PADDING | TRAILER
When used in conf_req_flag=0,
The input sizes of HEADER, PADDING and TRAILER can be fetched using gss_wrap_iov_length() or gss_context_query_attributes().
| GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length | ( | OM_uint32 * | minor_status, |
| gss_ctx_id_t | context_handle, | ||
| int | conf_req_flag, | ||
| gss_qop_t | qop_req, | ||
| int * | conf_state, | ||
| gss_iov_buffer_desc * | iov, | ||
| int | iov_count | ||
| ) |
Update the length fields in iov buffer for the types:
Consider using gss_context_query_attributes() to fetch the data instead.
| gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc |
Query the context for parameters.
SSPI equivalent if this function is QueryContextAttributes.
1.8.13