Man Linux: Main Page and Category List

NAME

       gss_accept_sec_context - API function

SYNOPSIS

       #include <gss.h>

       OM_uint32 gss_accept_sec_context(OM_uint32 * minor_status, gss_ctx_id_t
       *  context_handle,  const  gss_cred_id_t  acceptor_cred_handle,   const
       gss_buffer_t     input_token_buffer,    const    gss_channel_bindings_t
       input_chan_bindings,  gss_name_t  *  src_name,  gss_OID  *   mech_type,
       gss_buffer_t output_token, OM_uint32 * ret_flags, OM_uint32 * time_rec,
       gss_cred_id_t * delegated_cred_handle);

ARGUMENTS

       OM_uint32 * minor_status
                   (Integer, modify) Mechanism specific status code.

       gss_ctx_id_t * context_handle
                   (gss_ctx_id_t, read/modify) Context handle for new
                     context.  Supply GSS_C_NO_CONTEXT  for  first  call;  use
                   value
                     returned       in       subsequent      calls.       Once
                   gss_accept_sec_context() has
                     returned a value via this parameter, resources have  been
                   assigned
                     to the corresponding context, and must be freed by the
                     application     after     use     with    a    call    to
                   gss_delete_sec_context().

       const gss_cred_id_t acceptor_cred_handle
                   (gss_cred_id_t, read) Credential handle
                     claimed by context acceptor. Specify  GSS_C_NO_CREDENTIAL
                   to
                     accept the context as a default principal.  If
                     GSS_C_NO_CREDENTIAL is specified, but no default acceptor
                     principal is defined, GSS_S_NO_CRED will be returned.

       const gss_buffer_t input_token_buffer
                   (buffer, opaque, read) Token obtained from
                     remote application.

       const gss_channel_bindings_t input_chan_bindings
                   (channel bindings, read, optional)
                     Application- specified bindings.  Allows  application  to
                   securely
                     bind  channel  identification information to the security
                   context.
                     If channel bindings are not used, specify
                     GSS_C_NO_CHANNEL_BINDINGS.

       gss_name_t * src_name
                   (gss_name_t, modify, optional) Authenticated name of
                     context  initiator.   After  use,  this  name  should  be
                   deallocated by
                     passing  it  to  gss_release_name().   If  not  required,
                   specify NULL.

       gss_OID * mech_type
                   (Object ID, modify, optional) Security mechanism used.
                     The returned OID value will  be  a  pointer  into  static
                   storage, and
                     should   be  treated  as  read-only  by  the  caller  (in
                   particular, it
                     does not need to be freed).   If  not  required,  specify
                   NULL.

       gss_buffer_t output_token
                   (buffer, opaque, modify) Token to be passed to peer
                     application.   If  the length field of the returned token
                   buffer is
                     0, then no token need be passed to the peer  application.
                   If a
                     non-  zero  length  field  is  returned,  the  associated
                   storage must
                     be freed after use by the application with a call to
                     gss_release_buffer().

       OM_uint32 * ret_flags
                   (bit-mask, modify, optional) Contains various
                     independent flags,  each  of  which  indicates  that  the
                   context
                     supports  a  specific  service  option.   If  not needed,
                   specify NULL.
                     Symbolic names  are  provided  for  each  flag,  and  the
                   symbolic names
                     corresponding   to   the   required   flags   should   be
                   logically-ANDed
                     with the ret_flags value to test whether a  given  option
                   is
                     supported by the context.  See below for the flags.

       OM_uint32 * time_rec
                   (Integer, modify, optional) Number of seconds for which
                     the  context  will  remain  valid.  Specify  NULL  if not
                   required.

       gss_cred_id_t * delegated_cred_handle
                   (gss_cred_id_t, modify, optional
                     credential) Handle for credentials received from context
                     initiator.  Only valid  if  deleg_flag  in  ret_flags  is
                   true, in
                     which case an explicit credential handle (i.e. not
                     GSS_C_NO_CREDENTIAL)  will  be returned; if deleg_flag is
                   false,
                     gss_accept_sec_context() will set this parameter to
                     GSS_C_NO_CREDENTIAL.  If a credential handle is returned,
                   the
                     associated  resources must be released by the application
                   after
                     use with a call to gss_release_cred().  Specify  NULL  if
                   not
                     required.

DESCRIPTION

       Allows  a  remotely  initiated security context between the application
       and a remote  peer  to  be  established.   The  routine  may  return  a
       output_token which should be transferred to the peer application, where
       the peer application will present it to  gss_init_sec_context.   If  no
       token  need  be  sent,  gss_accept_sec_context  will  indicate  this by
       setting the length field of the  output_token  argument  to  zero.   To
       complete  the  context  establishment,  one or more reply tokens may be
       required from the peer application; if so, gss_accept_sec_context  will
       return  a status flag of GSS_S_CONTINUE_NEEDED, in which case it should
       be called again  when  the  reply  token  is  received  from  the  peer
       application,  passing  the  token  to  gss_accept_sec_context  via  the
       input_token parameters.

       Portable applications should be constructed to use the token length and
       return  status  to determine whether a token needs to be sent or waited
       for.   Thus  a   typical   portable   caller   should   always   invoke
       gss_accept_sec_context within a loop:

       ---------------------------------------------------        gss_ctx_id_t
       context_hdl = GSS_C_NO_CONTEXT;

       do {
         receive_token_from_peer(input_token);
         maj_stat = gss_accept_sec_context(&min_stat,
                                           &context_hdl,
                                           cred_hdl,
                                           input_token,
                                           input_bindings,
                                           &client_name,
                                           &mech_type,
                                           output_token,
                                           &ret_flags,
                                           &time_rec,
                                           &deleg_cred);
         if (GSS_ERROR(maj_stat)) {
           report_error(maj_stat, min_stat);
         };
         if (output_token->length != 0) {
           send_token_to_peer(output_token);

           gss_release_buffer(&min_stat, output_token);
         };
         if (GSS_ERROR(maj_stat)) {
           if (context_hdl != GSS_C_NO_CONTEXT)
             gss_delete_sec_context(&min_stat,
                                    &context_hdl,
                                    GSS_C_NO_BUFFER);
           break;
         };     }     while      (maj_stat      &      GSS_S_CONTINUE_NEEDED);
       ---------------------------------------------------

       Whenever  the  routine  returns  a major status that includes the value
       GSS_S_CONTINUE_NEEDED, the context is not  fully  established  and  the
       following restrictions apply to the output parameters:

       The  value  returned via the time_rec parameter is undefined Unless the
       accompanying     ret_flags     parameter     contains      the      bit
       GSS_C_PROT_READY_FLAG,  indicating  that  per-message  services  may be
       applied in  advance  of  a  successful  completion  status,  the  value
       returned via the mech_type parameter may be undefined until the routine
       returns a major status value of GSS_S_COMPLETE.

       The          values          of          the          GSS_C_DELEG_FLAG,
       GSS_C_MUTUAL_FLAG,GSS_C_REPLAY_FLAG,               GSS_C_SEQUENCE_FLAG,
       GSS_C_CONF_FLAG,GSS_C_INTEG_FLAG and GSS_C_ANON_FLAG bits returned  via
       the   ret_flags   parameter   should   contain   the  values  that  the
       implementation expects would be valid if context establishment were  to
       succeed.

       The  values  of  the  GSS_C_PROT_READY_FLAG  and  GSS_C_TRANS_FLAG bits
       within  ret_flags  should  indicate  the  actual  state  at  the   time
       gss_accept_sec_context  returns,  whether  or  not the context is fully
       established.

       Although  this  requires   that   GSS-API   implementations   set   the
       GSS_C_PROT_READY_FLAG in the final ret_flags returned to a caller (i.e.
       when accompanied by a GSS_S_COMPLETE status code), applications  should
       not  rely  on this behavior as the flag was not defined in Version 1 of
       the  GSS-API.  Instead,  applications  should  be   prepared   to   use
       per-message   services   after   a  successful  context  establishment,
       according to the GSS_C_INTEG_FLAG and GSS_C_CONF_FLAG values.

       All other bits within the ret_flags argument should  be  set  to  zero.
       While  the  routine  returns GSS_S_CONTINUE_NEEDED, the values returned
       via  the  ret_flags   argument   indicate   the   services   that   the
       implementation expects to be available from the established context.

       If   the   initial   call   of   gss_accept_sec_context()   fails,  the
       implementation should not create a context object, and should leave the
       value  of  the  context_handle  parameter  set  to  GSS_C_NO_CONTEXT to
       indicate this.  In the event of a failure on  a  subsequent  call,  the
       implementation is permitted to delete the "half-built" security context
       (in  which  case  it  should  set  the  context_handle   parameter   to
       GSS_C_NO_CONTEXT),  but the preferred behavior is to leave the security
       context  (and  the  context_handle   parameter)   untouched   for   the
       application to delete (using gss_delete_sec_context).

       During   context   establishment,   the   informational   status   bits
       GSS_S_OLD_TOKEN and GSS_S_DUPLICATE_TOKEN indicate  fatal  errors,  and
       GSS-API  mechanisms  should  always  return  them in association with a
       routine error of GSS_S_FAILURE.  This requirement for pairing  did  not
       exist  in  version 1 of the GSS-API specification, so applications that
       wish to run over version  1  implementations  must  special-case  these
       codes.

       The ‘ret_flags‘ values:

       ‘GSS_C_DELEG_FLAG‘::  -  True - Delegated credentials are available via
       the delegated_cred_handle parameter.  - False  -  No  credentials  were
       delegated.

       ‘GSS_C_MUTUAL_FLAG‘::   -   True   -   Remote  peer  asked  for  mutual
       authentication.   -  False  -  Remote  peer  did  not  ask  for  mutual
       authentication.

       ‘GSS_C_REPLAY_FLAG‘::  -  True  -  replay of protected messages will be
       detected.  - False - replayed messages will not be detected.

       ‘GSS_C_SEQUENCE_FLAG‘:: - True  -  out-of-sequence  protected  messages
       will  be  detected.   -  False  -  out-of-sequence messages will not be
       detected.

       ‘GSS_C_CONF_FLAG‘:: - True - Confidentiality service may be invoked  by
       calling  the  gss_wrap  routine.   - False - No confidentiality service
       (via gss_wrap) available. gss_wrap will provide message  encapsulation,
       data-origin authentication and integrity services only.

       ‘GSS_C_INTEG_FLAG‘::  -  True  -  Integrity  service  may be invoked by
       calling either gss_get_mic or gss_wrap routines.  - False - Per-message
       integrity service unavailable.

       ‘GSS_C_ANON_FLAG‘::  -  True  -  The  initiator  does  not  wish  to be
       authenticated;  the  src_name  parameter  (if  requested)  contains  an
       anonymous   internal   name.    -   False  -  The  initiator  has  been
       authenticated normally.

       ‘GSS_C_PROT_READY_FLAG‘:: - True - Protection services (as specified by
       the  states  of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available
       if the accompanying major status return value is either  GSS_S_COMPLETE
       or  GSS_S_CONTINUE_NEEDED.  - False - Protection services (as specified
       by  the  states  of  the  GSS_C_CONF_FLAG  and  GSS_C_INTEG_FLAG)   are
       available  only  if  the  accompanying  major  status  return  value is
       GSS_S_COMPLETE.

       ‘GSS_C_TRANS_FLAG‘:: - True - The resultant  security  context  may  be
       transferred  to other processes via a call to gss_export_sec_context().
       - False - The security context is not transferable.

       All other bits should be set to zero.

RETURN VALUE

       ‘GSS_S_CONTINUE_NEEDED‘:  Indicates  that  a  token   from   the   peer
       application   is   required   to   complete   the   context,  and  that
       gss_accept_sec_context must be called again with that token.

       ‘GSS_S_DEFECTIVE_TOKEN‘: Indicates that consistency checks performed on
       the input_token failed.

       ‘GSS_S_DEFECTIVE_CREDENTIAL‘:   Indicates   that   consistency   checks
       performed on the credential failed.

       ‘GSS_S_NO_CRED‘: The supplied credentials were not  valid  for  context
       acceptance, or the credential handle did not reference any credentials.

       ‘GSS_S_CREDENTIALS_EXPIRED‘: The referenced credentials have expired.

       ‘GSS_S_BAD_BINDINGS‘:  The  input_token  contains   different   channel
       bindings to those specified via the input_chan_bindings parameter.

       ‘GSS_S_NO_CONTEXT‘:  Indicates that the supplied context handle did not
       refer to a valid context.

       ‘GSS_S_BAD_SIG‘: The input_token contains an invalid MIC.

       ‘GSS_S_OLD_TOKEN‘: The input_token was too old.  This is a fatal  error
       during context establishment.

       ‘GSS_S_DUPLICATE_TOKEN‘:  The  input_token is valid, but is a duplicate
       of a token already processed.  This is a  fatal  error  during  context
       establishment.

       ‘GSS_S_BAD_MECH‘:  The received token specified a mechanism that is not
       supported by the implementation or the provided credential.

REPORTING BUGS

       Report bugs to <bug-gss@gnu.org>.  GNU Generic  Security  Service  home
       page: http://www.gnu.org/software/gss/ General help using GNU software:
       http://www.gnu.org/gethelp/

COPYRIGHT

       Copyright © 2003-2010 Simon Josefsson.
       Copying and distribution of this file, with  or  without  modification,
       are  permitted  in  any  medium  without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO

       The full documentation for gss is maintained as a Texinfo  manual.   If
       the  info  and  gss  programs  are properly installed at your site, the
       command

              info gss

       should give you access to the complete manual.