Security Context Creation and Use. More...

Functions
OM_uint32	globus_gss_assist_accept_sec_context (OM_uint32 minor_status, gss_ctx_id_t context_handle, const gss_cred_id_t cred_handle, char *src_name_char, OM_uint32 ret_flags, int user_to_user_flag, int token_status, gss_cred_id_t delegated_cred_handle, int(gss_assist_get_token)(void , void , size_t ), void gss_assist_get_context, int(gss_assist_send_token)(void , void , size_t), void *gss_assist_send_context)
	Accept a Security Context. More...

OM_uint32	globus_gss_assist_accept_sec_context_async (OM_uint32 minor_status, gss_ctx_id_t context_handle, const gss_cred_id_t cred_handle, char *src_name_char, OM_uint32 ret_flags, int user_to_user_flag, void input_buffer, size_t input_buffer_len, void *output_bufferp, size_t output_buffer_lenp, gss_cred_id_t *delegated_cred_handle)
	Accept a Security Context Without Blocking. More...

OM_uint32	globus_gss_assist_export_sec_context (OM_uint32 minor_status, gss_ctx_id_t context_handle, int token_status, int fdp, FILE fperr)

OM_uint32	globus_gss_assist_import_sec_context (OM_uint32 minor_status, gss_ctx_id_t context_handle, int token_status, int fdp, FILE fperr)

OM_uint32	globus_gss_assist_init_sec_context (OM_uint32 minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t context_handle, char target_name_char, OM_uint32 req_flags, OM_uint32 ret_flags, int token_status, int(gss_assist_get_token)(void , void , size_t ), void gss_assist_get_context, int(gss_assist_send_token)(void , void , size_t), void *gss_assist_send_context)

OM_uint32	globus_gss_assist_init_sec_context_async (OM_uint32 minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t context_handle, char target_name_char, OM_uint32 req_flags, OM_uint32 ret_flags, void input_buffer, size_t input_buffer_len, void output_bufferp, size_t output_buffer_lenp)

OM_uint32	globus_gss_assist_will_handle_restrictions (OM_uint32 minor_status, gss_ctx_id_t context_handle)

OM_uint32	globus_gss_assist_get_unwrap (OM_uint32 minor_status, const gss_ctx_id_t context_handle, char data, size_t length, int token_status, int(gss_assist_get_token)(void , void , size_t ), void gss_assist_get_context, FILE fperr)
	Get Unwrap. More...

Detailed Description

Security Context Creation and Use.

The functions in this section are used to create security contexts and send and receive messages sent over them. They use the functions provided by Token Transport or user-supplied functions to communicate security tokens over the context, looping over continue results from the GSSAPI as needed.

Function Documentation

OM_uint32 globus_gss_assist_accept_sec_context	(	OM_uint32 *	minor_status,
		gss_ctx_id_t *	context_handle,
		const gss_cred_id_t	cred_handle,
		char **	src_name_char,
		OM_uint32 *	ret_flags,
		int *	user_to_user_flag,
		int *	token_status,
		gss_cred_id_t *	delegated_cred_handle,
		int()(void , void *, size_t )	gss_assist_get_token,
		void *	gss_assist_get_context,
		int()(void , void *, size_t)	gss_assist_send_token,
		void *	gss_assist_send_context
	)

Accept a Security Context.

This routine accepts a GSSAPI security context and is called by the gram_gatekeeper. It isolates the GSSAPI from the rest of the gram code.

Initialize a GSSAPI security connection. Used by the server. The context_handle is returned, and there is one for each connection. This routine will take cake of the looping and token processing, using the supplied get_token and send_token routines.

Parameters

minor_status	GSSAPI return code
context_handle	pointer to returned context.
cred_handle	the cred handle obtained by acquire_cred.
src_name_char	Pointer to char string representation of the client which contacted the server. Maybe NULL if not wanted. Should be freed when done.
ret_flags	Pointer to which services are available after the connection is established. Maybe NULL if not wanted. We will also use this to pass in flags to the globus version of GSSAPI
user_to_user_flag	Pointer to flag to be set if the src_name is the same as our name. (Following are particular to this assist routine)
token_status	assist routine get/send token status
delegated_cred_handle	pointer to be set to the credential delegated by the client if delegation occurs during the security handshake
gss_assist_get_token	a get token routine
gss_assist_get_context	first arg for the get token routine
gss_assist_send_token	a send token routine
gss_assist_send_context	first arg for the send token routine

Returns: GSS_S_COMPLETE on success Other GSSAPI errors on failure.

OM_uint32 globus_gss_assist_accept_sec_context_async	(	OM_uint32 *	minor_status,
		gss_ctx_id_t *	context_handle,
		const gss_cred_id_t	cred_handle,
		char **	src_name_char,
		OM_uint32 *	ret_flags,
		int *	user_to_user_flag,
		void *	input_buffer,
		size_t	input_buffer_len,
		void **	output_bufferp,
		size_t *	output_buffer_lenp,
		gss_cred_id_t *	delegated_cred_handle
	)

Accept a Security Context Without Blocking.

This is an asynchronous version of the globus_gss_assist_accept_sec_context() function. Instead of looping itself it passes in and out the read and written buffers and the calling application is responsible for doing the I/O directly.

Parameters

minor_status	GSSAPI return code
context_handle	pointer to returned context.
cred_handle	the cred handle obtained by acquire_cred.
src_name_char	Pointer to char string representation of the client which contacted the server. Maybe NULL if not wanted. Should be freed when done.
ret_flags	Pointer to which services are available after the connection is established. Maybe NULL if not wanted. We will also use this to pass in flags to the Globus version of GSSAPI
user_to_user_flag	Pointer to flag to be set if the src_name is the same as our name.
input_buffer	pointer to a buffer received from peer.
input_buffer_len	length of the buffer input_buffer.
output_bufferp	pointer to a pointer which will be filled in with a pointer to an allocated block of memory. If non-NULL the contents of this block should be written to the peer where they will be fed into the globus_gss_assist_init_sec_context_async() function.
output_buffer_lenp	pointer to an integer which will be filled in with the length of the allocated output buffer pointed to by *output_bufferp.
delegated_cred_handle	pointer to be set to the credential delegated by the client if delegation occurs during the security handshake

Returns: GSS_S_COMPLETE on successful completion when this function does not need to be called again.

GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new input_buffer read and this function called again.

Other GSSAPI errors on failure.

OM_uint32 globus_gss_assist_export_sec_context	(	OM_uint32 *	minor_status,
		gss_ctx_id_t *	context_handle,
		int *	token_status,
		int	fdp,
		FILE *	fperr
	)

Export the security context from a file

Parameters

minor_status	GSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an error has occurred, the resulting error (from calling globus_error_get on this variable) needs to be freed by the caller
context_handle	The context to export
token_status	Errors that occurred while reading from the file
fdp	the file descriptor pointing to a file containing the security context
fperr	FILE * to write error messages

Returns: the major status

OM_uint32 globus_gss_assist_get_unwrap	(	OM_uint32 *	minor_status,
		const gss_ctx_id_t	context_handle,
		char **	data,
		size_t *	length,
		int *	token_status,
		int()(void , void *, size_t )	gss_assist_get_token,
		void *	gss_assist_get_context,
		FILE *	fperr
	)

Get Unwrap.

Gets a token using the specific tokenizing functions, and performs the GSS unwrap of that token

See Also: gss_unwrap

Parameters

minor_status GSSAPI return code,

See Also: gss_unwrap

Parameters

context_handle	the context
data	pointer to be set to the unwrapped application data. This must be freed by the caller.
length	pointer to be set to the length of the data byte array.
token_status	assist routine get/send token status
gss_assist_get_token	a detokenizing routine
gss_assist_get_context	first arg for above routine
fperr	error stream to print to

Returns: GSS_S_COMPLETE on success Other gss errors on failure.

OM_uint32 globus_gss_assist_import_sec_context	(	OM_uint32 *	minor_status,
		gss_ctx_id_t *	context_handle,
		int *	token_status,
		int	fdp,
		FILE *	fperr
	)

Import the security context from a file

Parameters

minor_status	GSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an error has occurred, the resulting error (from calling globus_error_get on this variable) needs to be freed by the caller
context_handle	The imported context
token_status	Errors that occurred while reading from the file
fdp	the file descriptor pointing to a file containing the security context
fperr	FILE * to write error messages

Returns: the major status

OM_uint32 globus_gss_assist_init_sec_context	(	OM_uint32 *	minor_status,
		const gss_cred_id_t	cred_handle,
		gss_ctx_id_t *	context_handle,
		char *	target_name_char,
		OM_uint32	req_flags,
		OM_uint32 *	ret_flags,
		int *	token_status,
		int()(void , void *, size_t )	gss_assist_get_token,
		void *	gss_assist_get_context,
		int()(void , void *, size_t)	gss_assist_send_token,
		void *	gss_assist_send_context
	)

Initialize a GSSAPI security connection. Used by the client. The context_handle is returned, and there is one for each connection. This routine will take cake of the looping and token processing, using the supplied get_token and send_token routines.

Parameters

minor_status	GSSAPI return code. The new minor_status is a globus_result_t cast to an OM_uint32. If the call was successful, the minor status is equivalent to GLOBUS_SUCCESS. Otherwise, it is a globus error object ID that can be passed to globus_error_get to get the error object. The error object needs to be freed with globus_object_free.
cred_handle	the cred handle obtained by acquire_cred.
context_handle	pointer to returned context.
target_name_char	char string representation of the server to be contacted.
req_flags	request flags, such as GSS_C_DELEG_FLAG for delegation and the GSS_C_MUTUAL_FLAG for mutual authentication.
ret_flags	Pointer to which services are available after the connection is established. Maybe NULL if not wanted.

The following are particular to this assist routine:

Parameters

token_status	the assist routine's get/send token status
gss_assist_get_token	function pointer for getting the token
gss_assist_get_context	first argument passed to the gss_assist_get_token function
gss_assist_send_token	function pointer for setting the token
gss_assist_send_context	first argument passed to the gss_assist_set_token function pointer

Returns: The major status

OM_uint32 globus_gss_assist_init_sec_context_async	(	OM_uint32 *	minor_status,
		const gss_cred_id_t	cred_handle,
		gss_ctx_id_t *	context_handle,
		char *	target_name_char,
		OM_uint32	req_flags,
		OM_uint32 *	ret_flags,
		void *	input_buffer,
		size_t	input_buffer_len,
		void **	output_bufferp,
		size_t *	output_buffer_lenp
	)

This is an asynchronous version of the globus_gss_assist_init_sec_context() function. Instead of looping itself it passes in and out the read and written buffers and the calling application is responsible for doing the I/O directly.

Parameters

minor_status	GSSAPI return code. The new minor status is a globus_result_t cast to a OM_uint32. If an error occurred (GSS_ERROR(major_status)) the minor_status is a globus error object id. The error object can be obtained via globus_error_get and should be destroyed with globus_object_free when no longer needed. If no error occurred, the minor status is equal to GLOBUS_SUCCESS.
cred_handle	the cred handle obtained by acquire_cred.
context_handle	pointer to returned context.
target_name_char	char string representation of the server to be contacted.
req_flags	request flags, such as GSS_C_DELEG_FLAG for delegation and the GSS_C_MUTUAL_FLAG for mutual authentication.
ret_flags	Pointer to which services are available after the connection is established. Maybe NULL if not wanted.
input_buffer	pointer to a buffer received from peer. Should be NULL on first call.
input_buffer_len	length of the buffer input_buffer. Should be zero on first call.
output_bufferp	pointer to a pointer which will be filled in with a pointer to an allocated block of memory. If non-NULL the contents of this block should be written to the peer where they will be fed into the globus_gss_assist_accept_sec_context_async() function.
output_buffer_lenp	pointer to an integer which will be filled in with the length of the allocated output buffer pointed to by *output_bufferp.

Returns: GSS_S_COMPLETE on successful completion when this function does not need to be called again.

GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new input_buffer read and this function called again.

Other gss errors on failure.

OM_uint32 globus_gss_assist_will_handle_restrictions	(	OM_uint32 *	minor_status,
		gss_ctx_id_t *	context_handle
	)

Sets the context to handle restrictions

Parameters

minor_status	the resulting minor status from setting the context handle
context_handle	the context handle to set the minor status of

Returns: the major status from setting the context

Functions

Detailed Description

Function Documentation