Generic Security Services API Library Functions
gssinquirecontext(3GS)
NAME
gssinquirecontext - obtain information about a security
context
SYNOPSIS
cc [ flag... ] file... -lgss [ library... ]
#include
OMuint32 gssinquirecontext(OMuint32 *minorstatus,
const gssctxidt contexthandle,gssnamet *srcname,
gssnamet *targname, OMuint32 *lifetimerec,
gssOID *mechtype, OMuint32 *ctxflags,
int *locallyinitiated, int *open);
DESCRIPTION
The gssinquirecontext() function obtains information about
a security context. The caller must already have obtained a
handle that refers to the context, although the context need
not be fully established.
PARAMETERS
The parameter descriptions for gssinquirecontext() are as
follows:
minorstatus A mechanism-specific status code.
contexthandle A handle that refers to the security
context.
srcname The name of the context initiator. If
the context was established using
anonymous authentication, and if the
application invoking
gssinquirecontext() is the context
acceptor, an anonymous name is
returned. Storage associated with this
name must be freed by the application
after use with a call to
gssreleasename(). Specify NUL if the
parameter is not required.
targname The name of the context acceptor.
Storage associated with this name must
be freed by the application after use
with a call to gssreleasename(). If
the context acceptor did not authenti-
cate itself, and if the initiator did
SunOS 5.11 Last change: 17 Jan 2003 1
Generic Security Services API Library Functions
gssinquirecontext(3GS)
not specify a target name in its call
to gssinitseccontext(), the value
GSCNONAME is returned. Specify NUL
if the parameter is not required.
lifetimerec The number of seconds for which the
context will remain valid. If the con-
text has expired, this parameter will
be set to zero. Specify NUL if the
parameter is not required.
mechtype The security mechanism providing the
context. The returned OID is a pointer
to static storage that should be
treated as read-only by the applica-
tion; in particular, the application
should not attempt to free it. Specify
NUL if the parameter is not required.
ctxflags Contains various independent flags,
each of which indicates that the con-
text supports (or is expected to sup-
port, if ctxopen is false) a specific
service option. If not needed, specify
NUL. Symbolic names are provided for
each flag, and the symbolic names
corresponding to the required flags
should be logically ANDed with the
retflags value to test whether a given
option is supported by the context.
The flags are:
GSCDELEGFLAG If true,
credentials
were delegated
from the ini-
tiator to the
acceptor. If
false, no
credentials
were
delegated.
GSCMUTUALFLAG If true, the
acceptor was
authenticated
to the
SunOS 5.11 Last change: 17 Jan 2003 2
Generic Security Services API Library Functions
gssinquirecontext(3GS)
initiator. If
false, the
acceptor did
not authenti-
cate itself.
GSCREPLAYFLAG If true, the
replay of pro-
tected mes-
sages will be
detected. If
false,
replayed mes-
sages will not
be detected.
GSCSEQUENCEFLAG If true, out-
of-sequence
protected mes-
sages will be
detected. If
false, out-
of-sequence
messages will
not be
detected.
GSCONFLAG If true, con-
fidential ser-
vice may be
invoked by
calling the
gsswrap(3GS)
routine. If
false, no con-
fidential ser-
vice is avail-
able through
gsswrap().
gsswrap()
provides mes-
sage encapsu-
lation, data-
origin authen-
tication, and
integrity ser-
vices only.
SunOS 5.11 Last change: 17 Jan 2003 3
Generic Security Services API Library Functions
gssinquirecontext(3GS)
GSCINTEGFLAG If true,
integrity ser-
vice can be
invoked by
calling either
the
gssgetmic()
or the
gsswrap()
routine. If
false, per-
message
integrity ser-
vice is una-
vailable.
GSCANONFLAG If true, the
initiator's
identity is
not revealed
to the accep-
tor. The
srcname
parameter, if
requested,
contains an
anonymous
internal name.
If false, the
initiator has
been authenti-
cated nor-
mally.
GSCPROTREADYFLAG If true, the
protection
services, as
specified by
the states of
the
GSCONFLAG
and
GSCINTEGFLAG,
are available
for use. If
false, they
are available
only if the
context is
SunOS 5.11 Last change: 17 Jan 2003 4
Generic Security Services API Library Functions
gssinquirecontext(3GS)
fully esta-
blished, that
is, if the
open parameter
is non-zero.
GSCTRANSFLAG If true,
resultant
security con-
text can be
transferred to
other
processes
through a call
to
gssexportseccontext().
If false, the
security con-
text is not
transferable.
locallyinitiated Non-zero if the invoking application is
the context initiator. Specify NUL if
the parameter is not required.
open Non-zero if the context is fully esta-
blished; zero if a context-
establishment token is expected from
the peer application. Specify NUL if
the parameter is not required.
ERORS
gssinquirecontext() returns one of the following status
codes:
GSCOMPLETE Successful completion.
GSNOCONTEXT The referenced context could not be
accessed.
GSFAILURE The underlying mechanism detected an
error for which no specific GS status
code is defined. The mechanism-specific
status code reported by means of the
SunOS 5.11 Last change: 17 Jan 2003 5
Generic Security Services API Library Functions
gssinquirecontext(3GS)
minorstatus parameter details the error
condition.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWgss (32-bit)
SUNWgssx (64-bit)
MT-Level Safe
SEE ALSO
gssacceptseccontext(3GS), gsscontexttime(3GS),
gssdeleteseccontext(3GS), gssexportseccontext(3GS),
gssimportseccontext(3GS), gssinitseccontext(3GS),
gssprocesscontexttoken(3GS), gsswrap(3GS),
gsswrapsizelimit(3GS), attributes(5)
Solaris Security for Developers Guide
SunOS 5.11 Last change: 17 Jan 2003 6
Generic Security Services API Library Functions
gssinquirecontext(3GS)
SunOS 5.11 Last change: 17 Jan 2003 7
|
