'\" te .\" Copyright (C) 2006, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH GSS_INIT_SEC_CONTEXT 3GSS "May 22, 2006" .SH NAME gss_init_sec_context \- initiate a GSS-API security context with a peer application .SH SYNOPSIS .LP .nf cc [ \fIflag\fR\&.\|.\|. ] \fIfile\fR\&.\|.\|. \fB-lgss\fR [ \fIlibrary\fR\&.\|.\|. ] #include \fBOM_uint32\fR \fBgss_init_sec_context\fR(\fBOM_uint32 *\fR\fIminor_status\fR, \fBconst gss_cred_id_t\fR \fIinitiator_cred_handle\fR, \fBgss_ctx_id_t *\fR\fIcontext_handle\fR, \fBconst gss_name_t *\fR\fItarget_name\fR, \fBconst gss_OID\fR \fImech_type\fR, \fBOM_uint32\fR \fIreq_flags\fR, \fBOM_uint32\fR \fItime_req\fR, \fBconst gss_channel_bindings_t\fR \fIinput_chan_bindings\fR, \fBconst gss_buffer_t\fR \fIinput_token\fR, \fBgss_OID *\fR\fIactual_mech_type\fR, \fBgss_buffer_t\fR \fIoutput_token\fR, \fBOM_uint32 *\fR\fIret_flags\fR, \fBOM_uint32 *\fR\fItime_rec\fR); .fi .SH PARAMETERS .sp .LP The parameter descriptions for \fBgss_init_sec_context()\fR follow: .sp .ne 2 .na \fB\fIminor_status\fR\fR .ad .RS 25n A mechanism specific status code. .RE .sp .ne 2 .na \fB\fIinitiator_cred_handle\fR\fR .ad .RS 25n The handle for the credentials claimed. Supply \fBGSS_C_NO_CREDENTIAL\fR to act as a default initiator principal. If no default initiator is defined, the function returns \fBGSS_S_NO_CRED\fR. .RE .sp .ne 2 .na \fB\fIcontext_handle\fR\fR .ad .RS 25n The context handle for a new context. Supply the value \fBGSS_C_NO_CONTEXT\fR for the first call, and use the value returned in any continuation calls. The resources associated with \fIcontext_handle\fR must be released by the application after use by a call to \fBgss_delete_sec_context\fR(3GSS). .RE .sp .ne 2 .na \fB\fItarget_name\fR\fR .ad .RS 25n The name of the context acceptor. .RE .sp .ne 2 .na \fB\fImech_type\fR\fR .ad .RS 25n The object \fBID\fR of the desired mechanism. To obtain a specific default, supply the value \fBGSS_C_NO_ID\fR. .RE .sp .ne 2 .na \fB\fIreq_flags\fR\fR .ad .RS 25n Contains independent flags, each of which will request that the context support a specific service option. A symbolic name is provided for each flag. Logically-\fBOR\fR the symbolic name to the corresponding required flag to form the bit-mask value. \fIreq_flags\fR may contain one of the following values: .sp .ne 2 .na \fB\fBGSS_C_DELEG_FLAG\fR\fR .ad .RS 23n If true, delegate credentials to a remote peer. Do not delegate the credentials if the value is false. .RE .sp .ne 2 .na \fB\fBGSS_C_MUTUAL_FLAG\fR\fR .ad .RS 23n If true, request that the peer authenticate itself. If false, authenticate to the remote peer only. .RE .sp .ne 2 .na \fB\fBGSS_C_REPLAY_FLAG\fR\fR .ad .RS 23n If true, enable replay detection for messages protected with \fBgss_wrap\fR(3GSS) or \fBgss_get_mic\fR(3GSS). Do not attempt to detect replayed messages if false. .RE .sp .ne 2 .na \fB\fBGSS_C_SEQUENCE_FLAG\fR\fR .ad .RS 23n If true, enable detection of out-of-sequence protected messages. Do not attempt to detect out-of-sequence messages if false. .RE .sp .ne 2 .na \fB\fBGSS_C_CONF_FLAG\fR\fR .ad .RS 23n If true, request that confidential service be made available by means of \fBgss_wrap\fR(3GSS). If false, no per-message confidential service is required. .RE .sp .ne 2 .na \fB\fBGSS_C_INTEG_FLAG\fR\fR .ad .RS 23n If true, request that integrity service be made available by means of \fBgss_wrap\fR(3GSS) or \fBgss_get_mic\fR(3GSS). If false, no per-message integrity service is required. .RE .sp .ne 2 .na \fB\fBGSS_C_ANON_FLAG\fR\fR .ad .RS 23n If true, do not reveal the initiator's identify to the acceptor. If false, authenticate normally. .RE .RE .sp .ne 2 .na \fB\fItime_req\fR\fR .ad .RS 25n The number of seconds for which the context will remain valid. Supply a zero value to \fItime_req\fR to request a default validity period. .RE .sp .ne 2 .na \fB\fIinput_chan_bindings\fR\fR .ad .RS 25n Optional application-specified bindings. Allows application to securely bind channel identification information to the security context. Set to \fBGSS_C_NO_CHANNEL_BINDINGS\fR if you do not want to use channel bindings. .RE .sp .ne 2 .na \fB\fIinput_token\fR\fR .ad .RS 25n Token received from the peer application. On the initial call, supply \fBGSS_C_NO_BUFFER\fR or a pointer to a buffer containing the value \fBGSS_C_EMPTY_BUFFER\fR. .RE .sp .ne 2 .na \fB\fIactual_mech_type\fR\fR .ad .RS 25n The actual mechanism used. The \fBOID\fR returned by means of this parameter will be pointer to static storage that should be treated as read-only. The application should not attempt to free it. To obtain a specific default, supply the value \fBGSS_C_NO_ID\fR. Specify \fBNULL\fR if the parameter is not required. .RE .sp .ne 2 .na \fB\fIoutput_token\fR\fR .ad .RS 25n The token to send to the peer application. If the length field of the returned buffer is zero, no token need be sent to the peer application. After use storage associated with this buffer must be freed by the application by a call to \fBgss_release_buffer\fR(3GSS). .RE .sp .ne 2 .na \fB\fIret_flags\fR\fR .ad .RS 25n Contains various independent flags, each of which indicates that the context supports a specific service option. If not needed, specify \fBNULL\fR. Test the returned bit-mask \fIret_flags\fR value against its symbolic name to determine if the given option is supported by the context. \fIret_flags\fR may contain one of the following values: .sp .ne 2 .na \fB\fBGSS_C_DELEG_FLAG\fR\fR .ad .RS 25n If true, credentials were delegated to the remote peer. If false, no credentials were delegated. .RE .sp .ne 2 .na \fB\fBGSS_C_MUTUAL_FLAG\fR\fR .ad .RS 25n If true, the remote peer authenticated itself. If false, the remote peer did not authenticate itself. .RE .sp .ne 2 .na \fB\fBGSS_C_REPLAY_FLAG\fR\fR .ad .RS 25n If true, replay of protected messages will be detected. If false, replayed messages will not be detected. .RE .sp .ne 2 .na \fB\fBGSS_C_SEQUENCE_FLAG\fR\fR .ad .RS 25n If true, out of sequence protected messages will be detected. If false, they will not be detected. .RE .sp .ne 2 .na \fB\fBGSS_C_CONF_FLAG\fR\fR .ad .RS 25n If true, confidential service may be invoked by calling the \fBgss_wrap()\fR routine. If false, no confidentiality service is available by means of \fBgss_wrap\fR(3GSS). \fBgss_wrap()\fR will provide message encapsulation, data-origin authentication and integrity services only. .RE .sp .ne 2 .na \fB\fBGSS_C_INTEG_FLAG\fR\fR .ad .RS 25n If true, integrity service may be invoked by calling either the \fBgss_wrap\fR(3GSS) or \fBgss_get_mic\fR(3GSS) routine. If false, per-message integrity service is not available. .RE .sp .ne 2 .na \fB\fBGSS_C_ANON_FLAG\fR\fR .ad .RS 25n If true, the initiator's identity has not been revealed; it will not be revealed if any emitted token is passed to the acceptor. If false, the initiator has been or will be authenticated normally. .RE .sp .ne 2 .na \fB\fBGSS_C_PROT_READY_FLAG\fR\fR .ad .RS 25n If true, the protection services specified by the states of \fBGSS_C_CONF_FLAG\fR and \fBGSS_C_INTEG_FLAG\fR are available if the accompanying major status return value is either \fBGSS_S_COMPLETE\fR or \fBGSS_S_CONTINUE_NEEDED\fR. If false, the protection services are available only if the accompanying major status return value is \fBGSS_S_COMPLETE\fR. .RE .sp .ne 2 .na \fB\fBGSS_C_TRANS_FLAG\fR\fR .ad .RS 25n If true, the resultant security context may be transferred to other processes by means of a call to \fBgss_export_sec_context\fR(3GSS). If false, the security context cannot be transferred. .RE .RE .sp .ne 2 .na \fB\fItime_rec\fR\fR .ad .RS 25n The number of seconds for which the context will remain valid. Specify \fBNULL\fR if the parameter is not required. .RE .SH DESCRIPTION .sp .LP The \fBgss_init_sec_context()\fR function initiates the establishment of a security context between the application and a remote peer. Initially, the \fIinput_token\fR parameter should be specified either as \fBGSS_C_NO_BUFFER\fR, or as a pointer to a \fBgss_buffer_desc\fR object with a \fBlength\fR field that contains a zero value. The routine may return a \fIoutput_token\fR, which should be transferred to the peer application, which will present it to \fBgss_accept_sec_context\fR(3GSS). If no token need be sent, \fBgss_init_sec_context()\fR will indicate this by setting the \fBlength\fR field of the \fIoutput_token\fR argument to zero. To complete context establishment, one or more reply tokens may be required from the peer application; if so, \fBgss_init_sec_context()\fR will return a status code that contains the supplementary information bit \fBGSS_S_CONTINUE_NEEDED\fR. In this case, make another call to \fBgss_init_sec_context()\fR when the reply token is received from the peer application and pass the reply token to \fBgss_init_sec_context()\fR by means of the \fIinput_token\fR parameter. .sp .LP Construct portable applications to use the token length and return status to determine whether to send or wait for a token. .sp .LP Whenever the routine returns a major status that includes the value \fBGSS_S_CONTINUE_NEEDED\fR, the context is not fully established, and the following restrictions apply to the output parameters: .RS +4 .TP .ie t \(bu .el o The value returned by means of the \fItime_rec\fR parameter is undefined. Unless the accompanying \fIret_flags\fR parameter contains the bit \fBGSS_C_PROT_READY_FLAG\fR, which indicates that per-message services may be applied in advance of a successful completion status, the value returned by means of the \fIactual_mech_type\fR parameter is undefined until the routine returns a major status value of \fBGSS_S_COMPLETE\fR. .RE .RS +4 .TP .ie t \(bu .el o The values of the \fBGSS_C_DELEG_FLAG\fR, \fBGSS_C_MUTUAL_FLAG\fR, \fBGSS_C_REPLAY_FLAG\fR, \fBGSS_C_SEQUENCE_FLAG\fR, \fBGSS_C_CONF_FLAG\fR, \fBGSS_C_INTEG_FLAG\fR and \fBGSS_C_ANON_FLAG\fR bits returned by the \fIret_flags\fR parameter contain values that will be valid if context establishment succeeds. For example, if the application requests a service such as delegation or anonymous authentication by means of the \fIreq_flags\fR argument, and the service is unavailable from the underlying mechanism, \fBgss_init_sec_context()\fR generates a token that will not provide the service, and it indicate by means of the \fIret_flags\fR argument that the service will not be supported. The application may choose to abort context establishment by calling \fBgss_delete_sec_context\fR(3GSS) if it cannot continue without the service, or if the service was merely desired but not mandatory, it may transmit the token and continue context establishment. .RE .RS +4 .TP .ie t \(bu .el o The values of the \fBGSS_C_PROT_READY_FLAG\fR and \fBGSS_C_TRANS_FLAG\fR bits within \fIret_flags\fR indicate the actual state at the time \fBgss_init_sec_context()\fR returns, whether or not the context is fully established. .RE .RS +4 .TP .ie t \(bu .el o The \fBGSS-API\fR sets the \fBGSS_C_PROT_READY_FLAG\fR in the final \fIret_flags\fR returned to a caller, for example, when accompanied by a \fBGSS_S_COMPLETE\fR status code. However, applications should not rely on this behavior, as the flag was not defined in Version 1 of the \fBGSS-API\fR. Instead, applications should determine what per-message services are available after a successful context establishment according to the \fBGSS_C_INTEG_FLAG\fR and \fBGSS_C_CONF_FLAG\fR values. .RE .RS +4 .TP .ie t \(bu .el o All other bits within the \fIret_flags\fR argument are set to zero. .RE .sp .LP If the initial call of \fBgss_init_sec_context()\fR fails, the \fBGSS-API\fR does not create a context object; it leaves the value of the \fIcontext_handle\fR parameter set to \fBGSS_C_NO_CONTEXT\fR to indicate this. In the event of failure on a subsequent call, the \fBGSS-API\fR leaves the security context untouched for the application to delete using \fBgss_delete_sec_context\fR(3GSS). .sp .LP During context establishment, the informational status bits \fBGSS_S_OLD_TOKEN\fR and \fBGSS_S_DUPLICATE_TOKEN\fR indicate fatal errors, and \fBGSS-API\fR mechanisms should always return them in association with a status code of \fBGSS_S_FAILURE\fR. This pairing requirement was not part of Version 1 of the GSS-API specification, so applications that wish to run on Version 1 implementations must special-case these codes. .SH ERRORS .sp .LP \fBgss_init_sec_context()\fR may return the following status codes: .sp .ne 2 .na \fB\fBGSS_S_COMPLETE\fR\fR .ad .RS 30n Successful completion. .RE .sp .ne 2 .na \fB\fBGSS_S_CONTINUE_NEEDED\fR\fR .ad .RS 30n A token from the peer application is required to complete the context, and \fBgss_init_sec_context()\fR must be called again with that token. .RE .sp .ne 2 .na \fB\fBGSS_S_DEFECTIVE_TOKEN\fR\fR .ad .RS 30n Consistency checks performed on the \fIinput_token\fR failed. .RE .sp .ne 2 .na \fB\fBGSS_S_DEFECTIVE_CREDENTIAL\fR\fR .ad .RS 30n Consistency checks performed on the credential failed. .RE .sp .ne 2 .na \fB\fBGSS_S_NO_CRED\fR\fR .ad .RS 30n The supplied credentials are not valid for context acceptance, or the credential handle does not reference any credentials. .RE .sp .ne 2 .na \fB\fBGSS_S_CREDENTIALS_EXPIRED\fR\fR .ad .RS 30n The referenced credentials have expired. .RE .sp .ne 2 .na \fB\fBGSS_S_BAD_BINDINGS\fR\fR .ad .RS 30n The \fIinput_token\fR contains different channel bindings than those specified by means of the \fIinput_chan_bindings\fR parameter. .RE .sp .ne 2 .na \fB\fBGSS_S_BAD_SIG\fR\fR .ad .RS 30n The \fIinput_token\fR contains an invalid \fBMIC\fR or a \fBMIC\fR that cannot be verified. .RE .sp .ne 2 .na \fB\fBGSS_S_OLD_TOKEN\fR\fR .ad .RS 30n The \fIinput_token\fR is too old. This is a fatal error while establishing context. .RE .sp .ne 2 .na \fB\fBGSS_S_DUPLICATE_TOKEN\fR\fR .ad .RS 30n The \fIinput_token\fR is valid, but it is a duplicate of a token already processed. This is a fatal error while establishing context. .RE .sp .ne 2 .na \fB\fBGSS_S_NO_CONTEXT\fR\fR .ad .RS 30n The supplied context handle does not refer to a valid context. .RE .sp .ne 2 .na \fB\fBGSS_S_BAD_NAMETYPE\fR\fR .ad .RS 30n The provided \fItarget_name\fR parameter contains an invalid or unsupported \fIname\fR type. .RE .sp .ne 2 .na \fB\fBGSS_S_BAD_NAME\fR\fR .ad .RS 30n The supplied \fItarget_name\fR parameter is ill-formed. .RE .sp .ne 2 .na \fB\fBGSS_S_BAD_MECH\fR\fR .ad .RS 30n The token received specifies a mechanism that is not supported by the implementation or the provided credential. .RE .sp .ne 2 .na \fB\fBGSS_S_FAILURE\fR\fR .ad .RS 30n The underlying mechanism detected an error for which no specific \fBGSS\fR status code is defined. The mechanism-specific status code reported by means of the \fIminor_status\fR parameter details the error condition. .RE .SH EXAMPLES .LP \fBExample 1 \fRInvoking \fBgss_init_sec_context()\fR Within a Loop .sp .LP A typical portable caller should always invoke \fBgss_init_sec_context()\fR within a loop: .sp .in +2 .nf int context_established = 0; gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; ... input_token->length = 0; while (!context_established) { maj_stat = gss_init_sec_context(&min_stat, cred_hdl, &context_hdl, target_name, desired_mech, desired_services, desired_time, input_bindings, input_token, &actual_mech, output_token, &actual_services, &actual_time); if (GSS_ERROR(maj_stat)) { report_error(maj_stat, min_stat); }; if (output_token->length != 0) { send_token_to_peer(output_token); gss_release_buffer(&min_stat, output_token) }; if (GSS_ERROR(maj_stat)) { if (context_hdl != GSS_C_NO_CONTEXT) gss_delete_sec_context(&min_stat, &context_hdl, GSS_C_NO_BUFFER); break; }; if (maj_stat & GSS_S_CONTINUE_NEEDED) { receive_token_from_peer(input_token); } else { context_established = 1; }; }; .fi .in -2 .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ MT-Level Safe .TE .SH SEE ALSO .sp .LP \fBgss_delete_sec_context\fR(3GSS), \fBgss_export_sec_context\fR(3GSS), \fBgss_get_mic\fR(3GSS), \fBgss_wrap\fR(3GSS), \fBattributes\fR(5) .sp .LP \fISolaris Security for Developers Guide\fR