GSS_INQUIRE_CONTEXT(3GSS) Generic Security Services API Library Functions GSS_INQUIRE_CONTEXT(3GSS)

gss_inquire_context - obtain information about a security context

cc [ flag... ] file... -lgss  [ library... ]
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_context(OM_uint32 *minor_status,


     const gss_ctx_id_t context_handle,gss_name_t *src_name,


     gss_name_t *targ_name, OM_uint32 *lifetime_rec,


     gss_OID *mech_type, OM_uint32 *ctx_flags,


     int *locally_initiated, int *open);

The gss_inquire_context() function obtains information about a security context. The caller must already have obtained a handle that refers to the context, although the context need not be fully established.

The parameter descriptions for gss_inquire_context() are as follows:

minor_status

A mechanism-specific status code.

context_handle

A handle that refers to the security context.

src_name

The name of the context initiator. If the context was established using anonymous authentication, and if the application invoking gss_inquire_context() is the context acceptor, an anonymous name is returned. Storage associated with this name must be freed by the application after use with a call to gss_release_name(). Specify NULL if the parameter is not required.

targ_name

The name of the context acceptor. Storage associated with this name must be freed by the application after use with a call to gss_release_name(). If the context acceptor did not authenticate itself, and if the initiator did not specify a target name in its call to gss_init_sec_context(), the value GSS_C_NO_NAME is returned. Specify NULL if the parameter is not required.

lifetime_rec

The number of seconds for which the context will remain valid. If the context has expired, this parameter will be set to zero. Specify NULL if the parameter is not required.

mech_type

The security mechanism providing the context. The returned OID is a pointer to static storage that should be treated as read-only by the application; in particular, the application should not attempt to free it. Specify NULL if the parameter is not required.

ctx_flags

Contains various independent flags, each of which indicates that the context supports (or is expected to support, if ctx_open is false) a specific service option. If not needed, specify NULL. Symbolic names are provided for each flag, and the symbolic names corresponding to the required flags should be logically ANDed with the ret_flags value to test whether a given option is supported by the context. The flags are:

GSS_C_DELEG_FLAG

If true, credentials were delegated from the initiator to the acceptor. If false, no credentials were delegated.

GSS_C_MUTUAL_FLAG

If true, the acceptor was authenticated to the initiator. If false, the acceptor did not authenticate itself.

GSS_C_REPLAY_FLAG

If true, the replay of protected messages will be detected. If false, replayed messages will not be detected.

GSS_C_SEQUENCE_FLAG

If true, out-of-sequence protected messages will be detected. If false, out-of-sequence messages will not be detected.

GSS_C_CONF_FLAG

If true, confidential service may be invoked by calling the gss_wrap(3GSS) routine. If false, no confidential service is available through gss_wrap(). gss_wrap() provides message encapsulation, data-origin authentication, and integrity services only.

GSS_C_INTEG_FLAG

If true, integrity service can be invoked by calling either the gss_get_mic() or the gss_wrap() routine. If false, per-message integrity service is unavailable.

GSS_C_ANON_FLAG

If true, the initiator's identity is not revealed to the acceptor. The src_name parameter, if requested, contains an anonymous internal name. If false, the initiator has been authenticated normally.

GSS_C_PROT_READY_FLAG

If true, the protection services, as specified by the states of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, are available for use. If false, they are available only if the context is fully established, that is, if the open parameter is non-zero.

GSS_C_TRANS_FLAG

If true, resultant security context can be transferred to other processes through a call to gss_export_sec_context(). If false, the security context is not transferable.

locally_initiated

Non-zero if the invoking application is the context initiator. Specify NULL if the parameter is not required.

open

Non-zero if the context is fully established; zero if a context-establishment token is expected from the peer application. Specify NULL if the parameter is not required.

gss_inquire_context() returns one of the following status codes:

GSS_S_COMPLETE

Successful completion.

GSS_S_NO_CONTEXT

The referenced context could not be accessed.

GSS_S_FAILURE

The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism-specific status code reported by means of the minor_status parameter details the error condition.

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
MT-Level Safe

gss_accept_sec_context(3GSS), gss_context_time(3GSS), gss_delete_sec_context(3GSS), gss_export_sec_context(3GSS), gss_import_sec_context(3GSS), gss_init_sec_context(3GSS), gss_process_context_token(3GSS), gss_wrap(3GSS), gss_wrap_size_limit(3GSS), attributes(7)

Solaris Security for Developers Guide

January 17, 2003 OmniOS