Grid Community Toolkit  6.2.1705709074 (tag: v6.2.20240202)
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Functions
Security Context Management

Security Context Creation and Use. More...

Functions

OM_uint32 globus_gss_assist_accept_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t cred_handle, char **src_name_char, OM_uint32 *ret_flags, int *user_to_user_flag, int *token_status, gss_cred_id_t *delegated_cred_handle, int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context, int(*gss_assist_send_token)(void *, void *, size_t), void *gss_assist_send_context)
 Accept a Security Context. More...
 
OM_uint32 globus_gss_assist_accept_sec_context_async (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t cred_handle, char **src_name_char, OM_uint32 *ret_flags, int *user_to_user_flag, void *input_buffer, size_t input_buffer_len, void **output_bufferp, size_t *output_buffer_lenp, gss_cred_id_t *delegated_cred_handle)
 Accept a Security Context Without Blocking. More...
 
OM_uint32 globus_gss_assist_export_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, int *token_status, int fdp, FILE *fperr)
 
OM_uint32 globus_gss_assist_import_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, int *token_status, int fdp, FILE *fperr)
 
OM_uint32 globus_gss_assist_init_sec_context (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, char *target_name_char, OM_uint32 req_flags, OM_uint32 *ret_flags, int *token_status, int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context, int(*gss_assist_send_token)(void *, void *, size_t), void *gss_assist_send_context)
 
OM_uint32 globus_gss_assist_init_sec_context_async (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, char *target_name_char, OM_uint32 req_flags, OM_uint32 *ret_flags, void *input_buffer, size_t input_buffer_len, void **output_bufferp, size_t *output_buffer_lenp)
 
OM_uint32 globus_gss_assist_will_handle_restrictions (OM_uint32 *minor_status, gss_ctx_id_t *context_handle)
 
OM_uint32 globus_gss_assist_get_unwrap (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, char **data, size_t *length, int *token_status, int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context, FILE *fperr)
 Get Unwrap. More...
 

Detailed Description

Security Context Creation and Use.

The functions in this section are used to create security contexts and send and receive messages sent over them. They use the functions provided by Token Transport or user-supplied functions to communicate security tokens over the context, looping over continue results from the GSSAPI as needed.

Function Documentation

OM_uint32 globus_gss_assist_accept_sec_context ( OM_uint32 *  minor_status,
gss_ctx_id_t *  context_handle,
const gss_cred_id_t  cred_handle,
char **  src_name_char,
OM_uint32 *  ret_flags,
int *  user_to_user_flag,
int *  token_status,
gss_cred_id_t *  delegated_cred_handle,
int(*)(void *, void **, size_t *)  gss_assist_get_token,
void *  gss_assist_get_context,
int(*)(void *, void *, size_t)  gss_assist_send_token,
void *  gss_assist_send_context 
)

Accept a Security Context.

This routine accepts a GSSAPI security context and is called by the gram_gatekeeper. It isolates the GSSAPI from the rest of the gram code.

Initialize a GSSAPI security connection. Used by the server. The context_handle is returned, and there is one for each connection. This routine will take cake of the looping and token processing, using the supplied get_token and send_token routines.

Parameters
minor_statusGSSAPI return code
context_handlepointer to returned context.
cred_handlethe cred handle obtained by acquire_cred.
src_name_charPointer to char string representation of the client which contacted the server. Maybe NULL if not wanted. Should be freed when done.
ret_flagsPointer to which services are available after the connection is established. Maybe NULL if not wanted. We will also use this to pass in flags to the globus version of GSSAPI
user_to_user_flagPointer to flag to be set if the src_name is the same as our name. (Following are particular to this assist routine)
token_statusassist routine get/send token status
delegated_cred_handlepointer to be set to the credential delegated by the client if delegation occurs during the security handshake
gss_assist_get_tokena get token routine
gss_assist_get_contextfirst arg for the get token routine
gss_assist_send_tokena send token routine
gss_assist_send_contextfirst arg for the send token routine
Returns
GSS_S_COMPLETE on success Other GSSAPI errors on failure.
OM_uint32 globus_gss_assist_accept_sec_context_async ( OM_uint32 *  minor_status,
gss_ctx_id_t *  context_handle,
const gss_cred_id_t  cred_handle,
char **  src_name_char,
OM_uint32 *  ret_flags,
int *  user_to_user_flag,
void *  input_buffer,
size_t  input_buffer_len,
void **  output_bufferp,
size_t *  output_buffer_lenp,
gss_cred_id_t *  delegated_cred_handle 
)

Accept a Security Context Without Blocking.

This is an asynchronous version of the globus_gss_assist_accept_sec_context() function. Instead of looping itself it passes in and out the read and written buffers and the calling application is responsible for doing the I/O directly.

Parameters
minor_statusGSSAPI return code
context_handlepointer to returned context.
cred_handlethe cred handle obtained by acquire_cred.
src_name_charPointer to char string representation of the client which contacted the server. Maybe NULL if not wanted. Should be freed when done.
ret_flagsPointer to which services are available after the connection is established. Maybe NULL if not wanted. We will also use this to pass in flags to the Globus version of GSSAPI
user_to_user_flagPointer to flag to be set if the src_name is the same as our name.
input_bufferpointer to a buffer received from peer.
input_buffer_lenlength of the buffer input_buffer.
output_bufferppointer to a pointer which will be filled in with a pointer to an allocated block of memory. If non-NULL the contents of this block should be written to the peer where they will be fed into the globus_gss_assist_init_sec_context_async() function.
output_buffer_lenppointer to an integer which will be filled in with the length of the allocated output buffer pointed to by *output_bufferp.
delegated_cred_handlepointer to be set to the credential delegated by the client if delegation occurs during the security handshake
Returns
GSS_S_COMPLETE on successful completion when this function does not need to be called again.

GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new input_buffer read and this function called again.

Other GSSAPI errors on failure.

OM_uint32 globus_gss_assist_export_sec_context ( OM_uint32 *  minor_status,
gss_ctx_id_t *  context_handle,
int *  token_status,
int  fdp,
FILE *  fperr 
)

Export the security context from a file

Parameters
minor_statusGSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an error has occurred, the resulting error (from calling globus_error_get on this variable) needs to be freed by the caller
context_handleThe context to export
token_statusErrors that occurred while reading from the file
fdpthe file descriptor pointing to a file containing the security context
fperrFILE * to write error messages
Returns
the major status
OM_uint32 globus_gss_assist_get_unwrap ( OM_uint32 *  minor_status,
const gss_ctx_id_t  context_handle,
char **  data,
size_t *  length,
int *  token_status,
int(*)(void *, void **, size_t *)  gss_assist_get_token,
void *  gss_assist_get_context,
FILE *  fperr 
)

Get Unwrap.

Gets a token using the specific tokenizing functions, and performs the GSS unwrap of that token

See Also
gss_unwrap
Parameters
minor_statusGSSAPI return code,
See Also
gss_unwrap
Parameters
context_handlethe context
datapointer to be set to the unwrapped application data. This must be freed by the caller.
lengthpointer to be set to the length of the data byte array.
token_statusassist routine get/send token status
gss_assist_get_tokena detokenizing routine
gss_assist_get_contextfirst arg for above routine
fperrerror stream to print to
Returns
GSS_S_COMPLETE on success Other gss errors on failure.
OM_uint32 globus_gss_assist_import_sec_context ( OM_uint32 *  minor_status,
gss_ctx_id_t *  context_handle,
int *  token_status,
int  fdp,
FILE *  fperr 
)

Import the security context from a file

Parameters
minor_statusGSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an error has occurred, the resulting error (from calling globus_error_get on this variable) needs to be freed by the caller
context_handleThe imported context
token_statusErrors that occurred while reading from the file
fdpthe file descriptor pointing to a file containing the security context
fperrFILE * to write error messages
Returns
the major status
OM_uint32 globus_gss_assist_init_sec_context ( OM_uint32 *  minor_status,
const gss_cred_id_t  cred_handle,
gss_ctx_id_t *  context_handle,
char *  target_name_char,
OM_uint32  req_flags,
OM_uint32 *  ret_flags,
int *  token_status,
int(*)(void *, void **, size_t *)  gss_assist_get_token,
void *  gss_assist_get_context,
int(*)(void *, void *, size_t)  gss_assist_send_token,
void *  gss_assist_send_context 
)

Initialize a GSSAPI security connection. Used by the client. The context_handle is returned, and there is one for each connection. This routine will take cake of the looping and token processing, using the supplied get_token and send_token routines.

Parameters
minor_statusGSSAPI return code. The new minor_status is a globus_result_t cast to an OM_uint32. If the call was successful, the minor status is equivalent to GLOBUS_SUCCESS. Otherwise, it is a globus error object ID that can be passed to globus_error_get to get the error object. The error object needs to be freed with globus_object_free.
cred_handlethe cred handle obtained by acquire_cred.
context_handlepointer to returned context.
target_name_charchar string representation of the server to be contacted.
req_flagsrequest flags, such as GSS_C_DELEG_FLAG for delegation and the GSS_C_MUTUAL_FLAG for mutual authentication.
ret_flagsPointer to which services are available after the connection is established. Maybe NULL if not wanted.

The following are particular to this assist routine:

Parameters
token_statusthe assist routine's get/send token status
gss_assist_get_tokenfunction pointer for getting the token
gss_assist_get_contextfirst argument passed to the gss_assist_get_token function
gss_assist_send_tokenfunction pointer for setting the token
gss_assist_send_contextfirst argument passed to the gss_assist_set_token function pointer
Returns
The major status
OM_uint32 globus_gss_assist_init_sec_context_async ( OM_uint32 *  minor_status,
const gss_cred_id_t  cred_handle,
gss_ctx_id_t *  context_handle,
char *  target_name_char,
OM_uint32  req_flags,
OM_uint32 *  ret_flags,
void *  input_buffer,
size_t  input_buffer_len,
void **  output_bufferp,
size_t *  output_buffer_lenp 
)

This is an asynchronous version of the globus_gss_assist_init_sec_context() function. Instead of looping itself it passes in and out the read and written buffers and the calling application is responsible for doing the I/O directly.

Parameters
minor_statusGSSAPI return code. The new minor status is a globus_result_t cast to a OM_uint32. If an error occurred (GSS_ERROR(major_status)) the minor_status is a globus error object id. The error object can be obtained via globus_error_get and should be destroyed with globus_object_free when no longer needed. If no error occurred, the minor status is equal to GLOBUS_SUCCESS.
cred_handlethe cred handle obtained by acquire_cred.
context_handlepointer to returned context.
target_name_charchar string representation of the server to be contacted.
req_flagsrequest flags, such as GSS_C_DELEG_FLAG for delegation and the GSS_C_MUTUAL_FLAG for mutual authentication.
ret_flagsPointer to which services are available after the connection is established. Maybe NULL if not wanted.
input_bufferpointer to a buffer received from peer. Should be NULL on first call.
input_buffer_lenlength of the buffer input_buffer. Should be zero on first call.
output_bufferppointer to a pointer which will be filled in with a pointer to an allocated block of memory. If non-NULL the contents of this block should be written to the peer where they will be fed into the globus_gss_assist_accept_sec_context_async() function.
output_buffer_lenppointer to an integer which will be filled in with the length of the allocated output buffer pointed to by *output_bufferp.
Returns
GSS_S_COMPLETE on successful completion when this function does not need to be called again.

GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new input_buffer read and this function called again.

Other gss errors on failure.

OM_uint32 globus_gss_assist_will_handle_restrictions ( OM_uint32 *  minor_status,
gss_ctx_id_t *  context_handle 
)

Sets the context to handle restrictions

Parameters
minor_statusthe resulting minor status from setting the context handle
context_handlethe context handle to set the minor status of
Returns
the major status from setting the context