1.\" -*- nroff -*- 2.\" 3.\" Copyright (c) 2005 Doug Rabson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.\" Copyright (C) The Internet Society (2000). All Rights Reserved. 30.\" 31.\" This document and translations of it may be copied and furnished to 32.\" others, and derivative works that comment on or otherwise explain it 33.\" or assist in its implementation may be prepared, copied, published 34.\" and distributed, in whole or in part, without restriction of any 35.\" kind, provided that the above copyright notice and this paragraph are 36.\" included on all such copies and derivative works. However, this 37.\" document itself may not be modified in any way, such as by removing 38.\" the copyright notice or references to the Internet Society or other 39.\" Internet organizations, except as needed for the purpose of 40.\" developing Internet standards in which case the procedures for 41.\" copyrights defined in the Internet Standards process must be 42.\" followed, or as required to translate it into languages other than 43.\" English. 44.\" 45.\" The limited permissions granted above are perpetual and will not be 46.\" revoked by the Internet Society or its successors or assigns. 47.\" 48.\" This document and the information contained herein is provided on an 49.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 50.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 51.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 52.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 53.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 54.\" 55.\" The following commands are required for all man pages. 56.Dd November 12, 2005 57.Os 58.Dt GSS_ACCEPT_SEC_CONTEXT 3 PRM 59.Sh NAME 60.Nm gss_accept_sec_context 61.Nd Accept a security context initiated by a peer application 62.\" This next command is for sections 2 and 3 only. 63.\" .Sh LIBRARY 64.Sh SYNOPSIS 65.In "gssapi/gssapi.h" 66.Ft OM_uint32 67.Fo gss_accept_sec_context 68.Fa "OM_uint32 *minor_status 69.Fa "gss_ctx_id_t *context_handle" 70.Fa "const gss_cred_id_t acceptor_cred_handle" 71.Fa "const gss_buffer_t input_token_buffer" 72.Fa "const gss_channel_bindings_t input_chan_bindings" 73.Fa "const gss_name_t *src_name" 74.Fa "gss_OID *mech_type" 75.Fa "gss_buffer_t output_token" 76.Fa "OM_uint32 *ret_flags" 77.Fa "OM_uint32 *time_rec" 78.Fa "gss_cred_id_t *delegated_cred_handle" 79.Fc 80.Sh DESCRIPTION 81Allows a remotely initiated security context between the application 82and a remote peer to be established. The routine may return a 83.Fa output_token 84which should be transferred to the peer application, 85where the peer application will present it to 86.Xr gss_init_sec_context 3 . 87If no token need be sent, 88.Fn gss_accept_sec_context 89will indicate this 90by setting the length field of the 91.Fa output_token 92argument to zero. 93To complete the context establishment, one or more reply tokens may be 94required from the peer application; if so, 95.Fn gss_accept_sec_context 96will return a status flag of 97.Dv GSS_S_CONTINUE_NEEDED , in which case it 98should be called again when the reply token is received from the peer 99application, passing the token to 100.Fn gss_accept_sec_context 101via the 102.Fa input_token 103parameters. 104.Pp 105Portable applications should be constructed to use the token length 106and return status to determine whether a token needs to be sent or 107waited for. Thus a typical portable caller should always invoke 108.Fn gss_accept_sec_context 109within a loop: 110.Bd -literal 111gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; 112 113do { 114 receive_token_from_peer(input_token); 115 maj_stat = gss_accept_sec_context(&min_stat, 116 &context_hdl, 117 cred_hdl, 118 input_token, 119 input_bindings, 120 &client_name, 121 &mech_type, 122 output_token, 123 &ret_flags, 124 &time_rec, 125 &deleg_cred); 126 if (GSS_ERROR(maj_stat)) { 127 report_error(maj_stat, min_stat); 128 }; 129 if (output_token->length != 0) { 130 send_token_to_peer(output_token); 131 132 gss_release_buffer(&min_stat, output_token); 133 }; 134 if (GSS_ERROR(maj_stat)) { 135 if (context_hdl != GSS_C_NO_CONTEXT) 136 gss_delete_sec_context(&min_stat, 137 &context_hdl, 138 GSS_C_NO_BUFFER); 139 break; 140 }; 141} while (maj_stat & GSS_S_CONTINUE_NEEDED); 142.Ed 143.Pp 144Whenever the routine returns a major status that includes the value 145.Dv GSS_S_CONTINUE_NEEDED , the context is not fully established and the 146following restrictions apply to the output parameters: 147.Pp 148The value returned via the 149.Fa time_rec 150parameter is undefined Unless the 151accompanying 152.Fa ret_flags 153parameter contains the bit 154.Dv GSS_C_PROT_READY_FLAG , indicating that per-message services may be 155applied in advance of a successful completion status, the value 156returned via the 157.Fa mech_type 158parameter may be undefined until the 159routine returns a major status value of 160.Dv GSS_S_COMPLETE . 161.Pp 162The values of the 163.Dv GSS_C_DELEG_FLAG , 164.Dv GSS_C_MUTUAL_FLAG , 165.Dv GSS_C_REPLAY_FLAG , 166.Dv GSS_C_SEQUENCE_FLAG , 167.Dv GSS_C_CONF_FLAG , 168.Dv GSS_C_INTEG_FLAG 169and 170.Dv GSS_C_ANON_FLAG bits returned 171via the 172.Fa ret_flags 173parameter should contain the values that the 174implementation expects would be valid if context establishment were 175to succeed. 176.Pp 177The values of the 178.Dv GSS_C_PROT_READY_FLAG 179and 180.Dv GSS_C_TRANS_FLAG bits 181within 182.Fa ret_flags 183should indicate the actual state at the time 184.Fn gss_accept_sec_context 185returns, whether or not the context is fully established. 186.Pp 187Although this requires that GSS-API implementations set the 188.Dv GSS_C_PROT_READY_FLAG 189in the final 190.Fa ret_flags 191returned to a caller 192(i.e. when accompanied by a 193.Dv GSS_S_COMPLETE 194status code), applications 195should not rely on this behavior as the flag was not defined in 196Version 1 of the GSS-API. Instead, applications should be prepared to 197use per-message services after a successful context establishment, 198according to the 199.Dv GSS_C_INTEG_FLAG 200and 201.Dv GSS_C_CONF_FLAG values. 202.Pp 203All other bits within the 204.Fa ret_flags 205argument should be set to zero. 206While the routine returns 207.Dv GSS_S_CONTINUE_NEEDED , the values returned 208via the 209.Fa ret_flags 210argument indicate the services that the 211implementation expects to be available from the established context. 212.Pp 213If the initial call of 214.Fn gss_accept_sec_context 215fails, the 216implementation should not create a context object, and should leave 217the value of the context_handle parameter set to 218.Dv GSS_C_NO_CONTEXT to 219indicate this. In the event of a failure on a subsequent call, the 220implementation is permitted to delete the "half-built" security 221context (in which case it should set the 222.Fa context_handle 223parameter to 224.Dv GSS_C_NO_CONTEXT ), but the preferred behavior is to leave the 225security context (and the context_handle parameter) untouched for the 226application to delete (using 227.Xr gss_delete_sec_context 3 ). 228.Pp 229During context establishment, the informational status bits 230.Dv GSS_S_OLD_TOKEN 231and 232.Dv GSS_S_DUPLICATE_TOKEN 233indicate fatal errors, and 234GSS-API mechanisms should always return them in association with a 235routine error of 236.Dv GSS_S_FAILURE . This requirement for pairing did not 237exist in version 1 of the GSS-API specification, so applications that 238wish to run over version 1 implementations must special-case these 239codes. 240.Sh PARAMETERS 241.Bl -tag 242.It context_handle 243Context handle for new context. 244Supply 245.Dv GSS_C_NO_CONTEXT for first 246call; use value returned in subsequent calls. 247Once 248.Fn gss_accept_sec_context 249has returned a 250value via this parameter, resources have been 251assigned to the corresponding context, and must 252be freed by the application after use with a 253call to 254.Xr gss_delete_sec_context 3 . 255.It acceptor_cred_handle 256Credential handle claimed by context acceptor. 257Specify 258.Dv GSS_C_NO_CREDENTIAL to accept the context as a 259default principal. 260If 261.Dv GSS_C_NO_CREDENTIAL is 262specified, but no default acceptor principal is 263defined, 264.Dv GSS_S_NO_CRED will be returned. 265.It input_token_buffer 266Token obtained from remote application. 267.It input_chan_bindings 268Application-specified bindings. 269Allows application to securely bind channel identification information 270to the security context. 271If channel bindings are not used, specify 272.Dv GSS_C_NO_CHANNEL_BINDINGS . 273.It src_name 274Authenticated name of context initiator. 275After use, this name should be deallocated by passing it to 276.Xr gss_release_name 3 . 277If not required, specify 278.Dv NULL . 279.It mech_type 280Security mechanism used. 281The returned OID value will be a pointer into static storage, 282and should be treated as read-only by the caller 283(in particular, it does not need to be freed). 284If not required, specify 285.Dv NULL . 286.It output_token 287Token to be passed to peer application. 288If the length field of the returned token buffer is 0, 289then no token need be passed to the peer application. 290If a non-zero length field is returned, 291the associated storage must be freed after use by the 292application with a call to 293.Xr gss_release_buffer 3 . 294.It ret_flags 295Contains various independent flags, 296each of which indicates that the context supports a specific service option. 297If not needed, specify 298.Dv NULL . 299Symbolic names are provided for each flag, 300and the symbolic names corresponding to the required flags should be 301logically-ANDed with the 302.Fa ret_flags 303value to test whether a given option is supported by the context. 304The flags are: 305.Bl -tag -width "WW" 306.It GSS_C_DELEG_FLAG 307.Bl -tag -width "False" 308.It True 309Delegated credentials are available via the delegated_cred_handle parameter 310.It False 311No credentials were delegated 312.El 313.It GSS_C_MUTUAL_FLAG 314.Bl -tag -width "False" 315.It True 316Remote peer asked for mutual authentication 317.It False 318Remote peer did not ask for mutual authentication 319.El 320.It GSS_C_REPLAY_FLAG 321.Bl -tag -width "False" 322.It True 323Replay of protected messages will be detected 324.It False 325Replayed messages will not be detected 326.El 327.It GSS_C_SEQUENCE_FLAG 328.Bl -tag -width "False" 329.It True 330Out-of-sequence protected messages will be detected 331.It False 332Out-of-sequence messages will not be detected 333.El 334.It GSS_C_CONF_FLAG 335.Bl -tag -width "False" 336.It True 337Confidentiality service may be invoked by calling the 338.Xr gss_wrap 3 339routine 340.It False 341No confidentiality service (via 342.Xr gss_wrap 3 ) 343available. 344.Xr gss_wrap 3 345will provide message encapsulation, 346data-origin authentication and integrity services only. 347.El 348.It GSS_C_INTEG_FLAG 349.Bl -tag -width "False" 350.It True 351Integrity service may be invoked by calling either 352.Xr gss_get_mic 3 353or 354.Xr gss_wrap 3 355routines. 356.It False 357Per-message integrity service unavailable. 358.El 359.It GSS_C_ANON_FLAG 360.Bl -tag -width "False" 361.It True 362The initiator does not wish to be authenticated; the 363.Fa src_name 364parameter (if requested) contains an anonymous internal name. 365.It False 366The initiator has been authenticated normally. 367.El 368.It GSS_C_PROT_READY_FLAG 369.Bl -tag -width "False" 370.It True 371Protection services (as specified by the states of the 372.Dv GSS_C_CONF_FLAG 373and 374.Dv GSS_C_INTEG_FLAG ) 375are available if the accompanying major status return value is either 376.Dv GSS_S_COMPLETE 377or 378.Dv GSS_S_CONTINUE_NEEDED. 379.It False 380Protection services (as specified by the states of the 381.Dv GSS_C_CONF_FLAG 382and 383.Dv GSS_C_INTEG_FLAG ) 384are available only if the accompanying major status return value is 385.Dv GSS_S_COMPLETE . 386.El 387.It GSS_C_TRANS_FLAG 388.Bl -tag -width "False" 389.It True 390The resultant security context may be transferred to other processes 391via a call to 392.Xr gss_export_sec_context 3 . 393.It False 394The security context is not transferable. 395.El 396.El 397.Pp 398All other bits should be set to zero. 399.It time_rec 400Number of seconds for which the context will remain valid. 401Specify 402.Dv NULL 403if not required. 404.It delegated_cred_handle 405Credential 406handle for credentials received from context initiator. 407Only valid if 408.Dv GSS_C_DELEG_FLAG 409in 410.Fa ret_flags 411is true, 412in which case an explicit credential handle 413(i.e. not 414.Dv GSS_C_NO_CREDENTIAL ) 415will be returned; if false, 416.Fn gss_accept_context 417will set this parameter to 418.Dv GSS_C_NO_CREDENTIAL . 419If a credential handle is returned, 420the associated resources must be released by the application after use 421with a call to 422.Xr gss_release_cred 3 . 423Specify 424.Dv NULL if not required. 425.It minor_status 426Mechanism specific status code. 427.El 428.Sh RETURN VALUES 429.Bl -tag 430.It GSS_S_CONTINUE_NEEDED 431Indicates that a token from the peer application is required to 432complete the context, 433and that gss_accept_sec_context must be called again with that token. 434.It GSS_S_DEFECTIVE_TOKEN 435Indicates that consistency checks performed on the input_token failed. 436.It GSS_S_DEFECTIVE_CREDENTIAL 437Indicates that consistency checks performed on the credential failed. 438.It GSS_S_NO_CRED 439The supplied credentials were not valid for context acceptance, 440or the credential handle did not reference any credentials. 441.It GSS_S_CREDENTIALS_EXPIRED 442The referenced credentials have expired. 443.It GSS_S_BAD_BINDINGS 444The input_token contains different channel bindings to those specified via the 445input_chan_bindings parameter. 446.It GSS_S_NO_CONTEXT 447Indicates that the supplied context handle did not refer to a valid context. 448.It GSS_S_BAD_SIG 449The input_token contains an invalid MIC. 450.It GSS_S_OLD_TOKEN 451The input_token was too old. 452This is a fatal error during context establishment. 453.It GSS_S_DUPLICATE_TOKEN 454The input_token is valid, 455but is a duplicate of a token already processed. 456This is a fatal error during context establishment. 457.It GSS_S_BAD_MECH 458The received token specified a mechanism that is not supported by 459the implementation or the provided credential. 460.El 461.Sh SEE ALSO 462.Xr gss_delete_sec_context 3 , 463.Xr gss_export_sec_context 3 , 464.Xr gss_get_mic 3 , 465.Xr gss_init_sec_context 3 , 466.Xr gss_release_buffer 3 , 467.Xr gss_release_cred 3 , 468.Xr gss_release_name 3 , 469.Xr gss_wrap 3 470.Sh STANDARDS 471.Bl -tag 472.It RFC 2743 473Generic Security Service Application Program Interface Version 2, Update 1 474.It RFC 2744 475Generic Security Service API Version 2 : C-bindings 476.El 477.\" .Sh HISTORY 478.Sh HISTORY 479The 480.Nm 481manual page example first appeared in 482.Fx 7.0 . 483.Sh AUTHORS 484John Wray, Iris Associates 485