gss_inquire_context(3)gss_inquire_context(3)NAMEgss_inquire_context - Obtain information about an existing security
context.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_context(
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
gss_OID * mech_type,
OM_uint32 * ctx_flags,
OM_uint32 * locally_initiated,
OM_uint32 * open );
PARAMETERS
Kerberos 5 error code. Security context to be queried. Internal form
name of security context initiator. Specify NULL if this information is
not required.
Storage associated with this name must be freed by the applica‐
tion after use with a call to gss_release_name(). Internal form
name of security context acceptor. Specify NULL if this informa‐
tion is not required.
Storage associated with this name must be freed by the applica‐
tion after use with a call to gss_release_name(). Number of
seconds for which the security context remains valid. Since the
HP implementation of the GSS-API does not support security con‐
text expiration, the value GSS_C_INDEFINITE is always returned.
Specify NULL if this information is not required. Security
mechanism providing the context that, in the HP implementation
of the GSS-API, is Kerberos 5. Specify NULL if this information
is not required.
The OID set returned via this parameter is a pointer to static
storage that should be treated as read-only. The application
should not attempt to free it. Flags that indicate the service
options the context supports (or is expected to support, if open
is false). Specify NULL if this information is not required.
Symbolic names are provided for each flag. (See Context Flag
Constants for the definitions.) These names should be bitwise
ANDed with the ctx_flags value to test whether a given option is
supported by the context.
Note
To check whether the requested encryption is being used (DES3 or
DES), call csf_gss_get_context_options().
The flags are: GSS_C_ANON_FLAG
Since the HP Application Security SDK does not support anonymous
authentication, this value is always set to false.
GSS_C_CONF_FLAG
True -- Confidentiality service may be invoked by calling the
gss_wrap() function.
False -- No confidentiality service via gss_wrap() is available.
The gss_wrap() function provides message encapsulation, data
origin authentication, and integrity services only.
GSS_C_DELEG_FLAG
True -- Credentials were delegated from the initiating applica‐
tion to the accepting application.
False -- No credentials were delegated. GSS_C_INTEG_FLAG
True -- Integrity service may be invoked by calling either
gss_get_mic() or gss_wrap().
False -- Per-message integrity service is unavailable.
GSS_C_MUTUAL_FLAG
True -- The accepting application was authenticated to the ini‐
tiating application.
False -- The accepting application was not authenticated to the
initiating application. GSS_C_PROT_READY_FLAG
True -- Protection services (as specified by the states of
GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available for use.
False -- Protection services (as specified by the states of
GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG) are available only if the
context is fully established. GSS_C_REPLAY_FLAG
True -- Replay of protected messages will be detected.
False -- Replay of messages will not be detected.
GSS_C_SEQUENCE_FLAG
True -- Out-of-sequence protected messages will be detected.
False -- Out-of-sequence messages will not be detected.
GSS_C_TRANS_FLAG -- The value of this bit indicates the actual
state at the time gss_accept_sec_context() returns, whether or
not the context is fully established.
True -- The resulting security context may be transferred to
other processes via a call to gss_export_sec_context().
False -- The security context is not transferable. Non-zero if
the invoking application is the context initiator. Specify NULL
if the information is not required. Non-zero if the context is
fully established. Zero is returned if a context-establishment
token is expected from the peer application. Specify NULL if the
information is not required.
DESCRIPTION
The gss_inquire_context() function obtains information about a security
context. The application must already have initiated the context,
although the context need not be fully established.
When the application is finished using the names of the initiating and
accepting applications, it must release the resources associated with
src_name and targ_name with calls to gss_release_name().
RETURN VALUES
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_CONTEXT_EXPIRED xx0Cxxxx
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CONTEXT xx08xxxx
PORTABILITY CONSIDERATIONS
The HP Application Security Toolkit does not support anonymous authen‐
tication or context expiration.
SEE ALSO
Functions: csf_gss_get_context_options(3), gss_accept_sec_context(3),
gss_export_sec_context(3), gss_get_mic(3), gss_import_sec_context(3),
gss_init_sec_context(3), gss_release_name(3), gss_wrap(3)gss_inquire_context(3)