Grid Community Toolkit
6.2.1705709074 (tag: v6.2.20240202)
|
Security Context Creation and Use. More...
Functions | |
OM_uint32 | globus_gss_assist_accept_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t cred_handle, char **src_name_char, OM_uint32 *ret_flags, int *user_to_user_flag, int *token_status, gss_cred_id_t *delegated_cred_handle, int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context, int(*gss_assist_send_token)(void *, void *, size_t), void *gss_assist_send_context) |
Accept a Security Context. More... | |
OM_uint32 | globus_gss_assist_accept_sec_context_async (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t cred_handle, char **src_name_char, OM_uint32 *ret_flags, int *user_to_user_flag, void *input_buffer, size_t input_buffer_len, void **output_bufferp, size_t *output_buffer_lenp, gss_cred_id_t *delegated_cred_handle) |
Accept a Security Context Without Blocking. More... | |
OM_uint32 | globus_gss_assist_export_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, int *token_status, int fdp, FILE *fperr) |
OM_uint32 | globus_gss_assist_import_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, int *token_status, int fdp, FILE *fperr) |
OM_uint32 | globus_gss_assist_init_sec_context (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, char *target_name_char, OM_uint32 req_flags, OM_uint32 *ret_flags, int *token_status, int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context, int(*gss_assist_send_token)(void *, void *, size_t), void *gss_assist_send_context) |
OM_uint32 | globus_gss_assist_init_sec_context_async (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, char *target_name_char, OM_uint32 req_flags, OM_uint32 *ret_flags, void *input_buffer, size_t input_buffer_len, void **output_bufferp, size_t *output_buffer_lenp) |
OM_uint32 | globus_gss_assist_will_handle_restrictions (OM_uint32 *minor_status, gss_ctx_id_t *context_handle) |
OM_uint32 | globus_gss_assist_get_unwrap (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, char **data, size_t *length, int *token_status, int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context, FILE *fperr) |
Get Unwrap. More... | |
Security Context Creation and Use.
The functions in this section are used to create security contexts and send and receive messages sent over them. They use the functions provided by Token Transport or user-supplied functions to communicate security tokens over the context, looping over continue results from the GSSAPI as needed.
OM_uint32 globus_gss_assist_accept_sec_context | ( | OM_uint32 * | minor_status, |
gss_ctx_id_t * | context_handle, | ||
const gss_cred_id_t | cred_handle, | ||
char ** | src_name_char, | ||
OM_uint32 * | ret_flags, | ||
int * | user_to_user_flag, | ||
int * | token_status, | ||
gss_cred_id_t * | delegated_cred_handle, | ||
int(*)(void *, void **, size_t *) | gss_assist_get_token, | ||
void * | gss_assist_get_context, | ||
int(*)(void *, void *, size_t) | gss_assist_send_token, | ||
void * | gss_assist_send_context | ||
) |
Accept a Security Context.
This routine accepts a GSSAPI security context and is called by the gram_gatekeeper. It isolates the GSSAPI from the rest of the gram code.
Initialize a GSSAPI security connection. Used by the server. The context_handle is returned, and there is one for each connection. This routine will take cake of the looping and token processing, using the supplied get_token and send_token routines.
minor_status | GSSAPI return code |
context_handle | pointer to returned context. |
cred_handle | the cred handle obtained by acquire_cred. |
src_name_char | Pointer to char string representation of the client which contacted the server. Maybe NULL if not wanted. Should be freed when done. |
ret_flags | Pointer to which services are available after the connection is established. Maybe NULL if not wanted. We will also use this to pass in flags to the globus version of GSSAPI |
user_to_user_flag | Pointer to flag to be set if the src_name is the same as our name. (Following are particular to this assist routine) |
token_status | assist routine get/send token status |
delegated_cred_handle | pointer to be set to the credential delegated by the client if delegation occurs during the security handshake |
gss_assist_get_token | a get token routine |
gss_assist_get_context | first arg for the get token routine |
gss_assist_send_token | a send token routine |
gss_assist_send_context | first arg for the send token routine |
OM_uint32 globus_gss_assist_accept_sec_context_async | ( | OM_uint32 * | minor_status, |
gss_ctx_id_t * | context_handle, | ||
const gss_cred_id_t | cred_handle, | ||
char ** | src_name_char, | ||
OM_uint32 * | ret_flags, | ||
int * | user_to_user_flag, | ||
void * | input_buffer, | ||
size_t | input_buffer_len, | ||
void ** | output_bufferp, | ||
size_t * | output_buffer_lenp, | ||
gss_cred_id_t * | delegated_cred_handle | ||
) |
Accept a Security Context Without Blocking.
This is an asynchronous version of the globus_gss_assist_accept_sec_context() function. Instead of looping itself it passes in and out the read and written buffers and the calling application is responsible for doing the I/O directly.
minor_status | GSSAPI return code |
context_handle | pointer to returned context. |
cred_handle | the cred handle obtained by acquire_cred. |
src_name_char | Pointer to char string representation of the client which contacted the server. Maybe NULL if not wanted. Should be freed when done. |
ret_flags | Pointer to which services are available after the connection is established. Maybe NULL if not wanted. We will also use this to pass in flags to the Globus version of GSSAPI |
user_to_user_flag | Pointer to flag to be set if the src_name is the same as our name. |
input_buffer | pointer to a buffer received from peer. |
input_buffer_len | length of the buffer input_buffer. |
output_bufferp | pointer to a pointer which will be filled in with a pointer to an allocated block of memory. If non-NULL the contents of this block should be written to the peer where they will be fed into the globus_gss_assist_init_sec_context_async() function. |
output_buffer_lenp | pointer to an integer which will be filled in with the length of the allocated output buffer pointed to by *output_bufferp. |
delegated_cred_handle | pointer to be set to the credential delegated by the client if delegation occurs during the security handshake |
GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new input_buffer read and this function called again.
Other GSSAPI errors on failure.
OM_uint32 globus_gss_assist_export_sec_context | ( | OM_uint32 * | minor_status, |
gss_ctx_id_t * | context_handle, | ||
int * | token_status, | ||
int | fdp, | ||
FILE * | fperr | ||
) |
Export the security context from a file
minor_status | GSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an error has occurred, the resulting error (from calling globus_error_get on this variable) needs to be freed by the caller |
context_handle | The context to export |
token_status | Errors that occurred while reading from the file |
fdp | the file descriptor pointing to a file containing the security context |
fperr | FILE * to write error messages |
OM_uint32 globus_gss_assist_get_unwrap | ( | OM_uint32 * | minor_status, |
const gss_ctx_id_t | context_handle, | ||
char ** | data, | ||
size_t * | length, | ||
int * | token_status, | ||
int(*)(void *, void **, size_t *) | gss_assist_get_token, | ||
void * | gss_assist_get_context, | ||
FILE * | fperr | ||
) |
Get Unwrap.
Gets a token using the specific tokenizing functions, and performs the GSS unwrap of that token
minor_status | GSSAPI return code, |
context_handle | the context |
data | pointer to be set to the unwrapped application data. This must be freed by the caller. |
length | pointer to be set to the length of the data byte array. |
token_status | assist routine get/send token status |
gss_assist_get_token | a detokenizing routine |
gss_assist_get_context | first arg for above routine |
fperr | error stream to print to |
OM_uint32 globus_gss_assist_import_sec_context | ( | OM_uint32 * | minor_status, |
gss_ctx_id_t * | context_handle, | ||
int * | token_status, | ||
int | fdp, | ||
FILE * | fperr | ||
) |
Import the security context from a file
minor_status | GSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an error has occurred, the resulting error (from calling globus_error_get on this variable) needs to be freed by the caller |
context_handle | The imported context |
token_status | Errors that occurred while reading from the file |
fdp | the file descriptor pointing to a file containing the security context |
fperr | FILE * to write error messages |
OM_uint32 globus_gss_assist_init_sec_context | ( | OM_uint32 * | minor_status, |
const gss_cred_id_t | cred_handle, | ||
gss_ctx_id_t * | context_handle, | ||
char * | target_name_char, | ||
OM_uint32 | req_flags, | ||
OM_uint32 * | ret_flags, | ||
int * | token_status, | ||
int(*)(void *, void **, size_t *) | gss_assist_get_token, | ||
void * | gss_assist_get_context, | ||
int(*)(void *, void *, size_t) | gss_assist_send_token, | ||
void * | gss_assist_send_context | ||
) |
Initialize a GSSAPI security connection. Used by the client. The context_handle is returned, and there is one for each connection. This routine will take cake of the looping and token processing, using the supplied get_token and send_token routines.
minor_status | GSSAPI return code. The new minor_status is a globus_result_t cast to an OM_uint32. If the call was successful, the minor status is equivalent to GLOBUS_SUCCESS. Otherwise, it is a globus error object ID that can be passed to globus_error_get to get the error object. The error object needs to be freed with globus_object_free. |
cred_handle | the cred handle obtained by acquire_cred. |
context_handle | pointer to returned context. |
target_name_char | char string representation of the server to be contacted. |
req_flags | request flags, such as GSS_C_DELEG_FLAG for delegation and the GSS_C_MUTUAL_FLAG for mutual authentication. |
ret_flags | Pointer to which services are available after the connection is established. Maybe NULL if not wanted. |
The following are particular to this assist routine:
token_status | the assist routine's get/send token status |
gss_assist_get_token | function pointer for getting the token |
gss_assist_get_context | first argument passed to the gss_assist_get_token function |
gss_assist_send_token | function pointer for setting the token |
gss_assist_send_context | first argument passed to the gss_assist_set_token function pointer |
OM_uint32 globus_gss_assist_init_sec_context_async | ( | OM_uint32 * | minor_status, |
const gss_cred_id_t | cred_handle, | ||
gss_ctx_id_t * | context_handle, | ||
char * | target_name_char, | ||
OM_uint32 | req_flags, | ||
OM_uint32 * | ret_flags, | ||
void * | input_buffer, | ||
size_t | input_buffer_len, | ||
void ** | output_bufferp, | ||
size_t * | output_buffer_lenp | ||
) |
This is an asynchronous version of the globus_gss_assist_init_sec_context() function. Instead of looping itself it passes in and out the read and written buffers and the calling application is responsible for doing the I/O directly.
minor_status | GSSAPI return code. The new minor status is a globus_result_t cast to a OM_uint32. If an error occurred (GSS_ERROR(major_status)) the minor_status is a globus error object id. The error object can be obtained via globus_error_get and should be destroyed with globus_object_free when no longer needed. If no error occurred, the minor status is equal to GLOBUS_SUCCESS. |
cred_handle | the cred handle obtained by acquire_cred. |
context_handle | pointer to returned context. |
target_name_char | char string representation of the server to be contacted. |
req_flags | request flags, such as GSS_C_DELEG_FLAG for delegation and the GSS_C_MUTUAL_FLAG for mutual authentication. |
ret_flags | Pointer to which services are available after the connection is established. Maybe NULL if not wanted. |
input_buffer | pointer to a buffer received from peer. Should be NULL on first call. |
input_buffer_len | length of the buffer input_buffer. Should be zero on first call. |
output_bufferp | pointer to a pointer which will be filled in with a pointer to an allocated block of memory. If non-NULL the contents of this block should be written to the peer where they will be fed into the globus_gss_assist_accept_sec_context_async() function. |
output_buffer_lenp | pointer to an integer which will be filled in with the length of the allocated output buffer pointed to by *output_bufferp. |
GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new input_buffer read and this function called again.
Other gss errors on failure.
OM_uint32 globus_gss_assist_will_handle_restrictions | ( | OM_uint32 * | minor_status, |
gss_ctx_id_t * | context_handle | ||
) |
Sets the context to handle restrictions
minor_status | the resulting minor status from setting the context handle |
context_handle | the context handle to set the minor status of |