Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Modules | Functions
GSSAPI Extensions

Extensions. More...

Modules

 Buffer Set Utilities
 Buffer Set Utilities.
 
 Delegation
 Delegation Functions.
 

Functions

OM_uint32 GSS_CALLCONV gss_export_cred (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_mech, OM_uint32 option_req, gss_buffer_t export_buffer)
 Export a GSSAPI credential. More...
 
OM_uint32 GSS_CALLCONV gss_import_cred (OM_uint32 *minor_status, gss_cred_id_t *output_cred_handle, const gss_OID desired_mech, OM_uint32 option_req, const gss_buffer_t import_buffer, OM_uint32 time_req, OM_uint32 *time_rec)
 Import a credential. More...
 
OM_uint32 GSS_CALLCONV gss_inquire_cred_by_oid (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, gss_buffer_set_t *data_set)
 Inquire Cred By OID. More...
 
OM_uint32 GSS_CALLCONV gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set)
 Inquire Sec Context by OID.
 
OM_uint32 GSS_CALLCONV gss_set_sec_context_option (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_OID option, const gss_buffer_t value)
 Set Security Context Option. More...
 

Detailed Description

Extensions.

Experimental GSSAPI routines are defined here. These may change, and we will be looking at adding these to Kerberos as mods, and submitting them to the IETF.

These extensions are more fully documented in GSS-API Extensions

Function Documentation

OM_uint32 GSS_CALLCONV gss_export_cred ( OM_uint32 *  minor_status,
const gss_cred_id_t  cred_handle,
const gss_OID  desired_mech,
OM_uint32  option_req,
gss_buffer_t  export_buffer 
)

Export a GSSAPI credential.

Saves the credential so it can be checkpointed and imported by gss_import_cred

Parameters
minor_status
cred_handle
desired_mechShould either be gss_mech_globus_gssapi_openssl or NULL (in which case gss_mech_globus_gssapi_openssl is assumed).
option_req
export_buffer
Returns
OM_uint32 GSS_CALLCONV gss_import_cred ( OM_uint32 *  minor_status,
gss_cred_id_t *  output_cred_handle,
const gss_OID  desired_mech,
OM_uint32  option_req,
const gss_buffer_t  import_buffer,
OM_uint32  time_req,
OM_uint32 *  time_rec 
)

Import a credential.

This function will import credentials exported by gss_export_cred(). It is intended to allow a multiple use application to checkpoint delegated credentials.

Parameters
minor_statusThe minor status returned by this function. This parameter will be 0 upon success.
output_cred_handleUpon success, this parameter will contain the imported credential. When no longer needed this credential should be freed using gss_release_cred().
desired_mechThis parameter may be used to specify the desired security mechanism. May be GSS_C_NO_OID.
option_reqThis parameter indicates which option_req value was used to produce the import_buffer.
import_bufferA buffer produced by gss_export_credential().
time_reqThe requested period of validity (seconds) for the imported credential. May be NULL.
time_recThis parameter will contain the received period of validity of the imported credential upon success. May be NULL.
Return values
GSS_S_COMPLETESuccess
GSS_S_BAD_MECHRequested security mechanism is unavailable
GSS_S_DEFECTIVE_TOKENimport_buffer is defective
GSS_S_FAILUREGeneral failure
OM_uint32 GSS_CALLCONV gss_inquire_cred_by_oid ( OM_uint32 *  minor_status,
const gss_cred_id_t  cred_handle,
const gss_OID  desired_object,
gss_buffer_set_t *  data_set 
)

Inquire Cred By OID.

NOTE: Checks both the cert in the credential and the certs in the cert chain for a valid extension that matches the desired OID. The first one found is used, starting with the endpoint cert, and then searching the cert chain.

Parameters
minor_status
cred_handle
desired_object
data_set
Returns
OM_uint32 GSS_CALLCONV gss_set_sec_context_option ( OM_uint32 *  minor_status,
gss_ctx_id_t *  context_handle,
const gss_OID  option,
const gss_buffer_t  value 
)

Set Security Context Option.

GSSAPI routine to initiate the sending of a security context See: <draft-ietf-cat-gssv2-cbind-04.txt>

Parameters
minor_status
context_handle
option
value
Returns