1.\" -*- nroff -*- 2.\" 3.\" Copyright (c) 2005 Doug Rabson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.\" The following commands are required for all man pages. 30.Dd October 30, 2007 31.Os 32.Dt GSS_INQUIRE_CONTEXT 3 PRM 33.Sh NAME 34.Nm gss_inquire_context 35.Nd Obtain information about a security context 36.\" This next command is for sections 2 and 3 only. 37.\" .Sh LIBRARY 38.Sh SYNOPSIS 39.In "gssapi/gssapi.h" 40.Ft OM_uint32 41.Fo gss_inquire_context 42.Fa "OM_uint32 *minor_status" 43.Fa "const gss_ctx_id_t context_handle" 44.Fa "gss_name_t *src_name" 45.Fa "gss_name_t *targ_name" 46.Fa "OM_uint32 *lifetime_rec" 47.Fa "gss_OID *mech_type" 48.Fa "OM_uint32 *ctx_flags" 49.Fa "int *locally_initiated" 50.Fa "int *open" 51.Fc 52.Sh DESCRIPTION 53Obtains information about a security context. 54The caller must already have obtained a handle that refers to the 55context, 56although the context need not be fully established. 57.Sh PARAMETERS 58.Bl -tag 59.It minor_status 60Mechanism specific status code. 61.It context_handle 62A handle that refers to the security context. 63.It src_name 64The name of the context initiator. 65If the context was established using anonymous authentication, 66and if the application invoking 67.Fn gss_inquire_context 68is the context acceptor, 69an anonymous name will be returned. 70Storage associated with this name must be freed by the application 71after use with a call to 72.Fn gss_release_name . 73Specify 74.Dv NULL 75if not required. 76.It targ_name 77The name of the context acceptor. 78Storage associated with this name must be freed by the application 79after use with a call to 80.Fn gss_release_name . 81If the context acceptor did not authenticate itself, 82and if the initiator did not specify a target name in its call to 83.Fn gss_init_sec_context , 84the value 85.Dv GSS_C_NO_NAME 86will be returned. 87Specify 88.Dv NULL 89if not required. 90.It lifetime_rec 91The number of seconds for which the context will remain valid. 92If the context has expired, 93this parameter will be set to zero. 94If the implementation does not support context expiration, 95the value 96.Dv GSS_C_INDEFINITE 97will be returned. 98Specify 99.Dv NULL 100if not required. 101.It mech_type 102The security mechanism providing the context. 103The returned OID will be a pointer to static storage that should be 104treated as read-only by the application; 105in particular the application should not attempt to free it. 106Specify 107.Dv NULL 108if not required. 109.It ctx_flags 110Contains various independent flags, 111each of which indicates that the context supports 112(or is expected to support, if 113.Fa open 114is false) 115a specific service option. 116If not needed, specify 117.Dv NULL . 118Symbolic names are provided for each flag, 119and the symbolic names corresponding to the required flags should be 120logically-ANDed with the 121.Fa ctx_flags 122value to test whether a given option is supported by the context. 123The flags are: 124.Bl -tag -width "WW" 125.It GSS_C_DELEG_FLAG 126.Bl -tag -width "False" 127.It True 128Credentials were delegated from the initiator to the acceptor. 129.It False 130No credentials were delegated. 131.El 132.It GSS_C_MUTUAL_FLAG 133.Bl -tag -width "False" 134.It True 135The acceptor was authenticated to the initiator. 136.It False 137The acceptor did not authenticate itself. 138.El 139.It GSS_C_REPLAY_FLAG 140.Bl -tag -width "False" 141.It True 142Replay of protected messages will be detected. 143.It False 144Replayed messages will not be detected. 145.El 146.It GSS_C_SEQUENCE_FLAG 147.Bl -tag -width "False" 148.It True 149Out-of-sequence protected messages will be detected. 150.It False 151Out-of-sequence messages will not be detected. 152.El 153.It GSS_C_CONF_FLAG 154.Bl -tag -width "False" 155.It True 156Confidentiality service may be invoked by calling 157.Fn gss_wrap 158routine. 159.It False 160No confidentiality service 161(via 162.Fn gss_wrap ) 163available. 164.Fn gss_wrap 165will provide message encapsulation, 166data-origin authentication and integrity services only. 167.El 168.It GSS_C_INTEG_FLAG 169.Bl -tag -width "False" 170.It True 171Integrity service may be invoked by calling either 172.Fn gss_get_mic 173or 174.Fn gss_wrap 175routines. 176.It False 177Per-message integrity service unavailable. 178.El 179.It GSS_C_ANON_FLAG 180.Bl -tag -width "False" 181.It True 182The initiator's identity will not be revealed to the acceptor. 183The 184.Fa src_name 185parameter (if requested) contains an anonymous internal name. 186.It False 187The initiator has been authenticated normally. 188.El 189.It GSS_C_PROT_READY_FLAG 190.Bl -tag -width "False" 191.It True 192Protection services 193(as specified by the states of the 194.Dv GSS_C_CONF_FLAG 195and 196.Dv GSS_C_INTEG_FLAG ) 197are available for use. 198.It False 199Protection services 200(as specified by the states of the 201.Dv GSS_C_CONF_FLAG 202and 203.Dv GSS_C_INTEG_FLAG ) 204are available only if the context is fully established 205(i.e. if the 206.Fa open 207parameter is non-zero). 208.El 209.It GSS_C_TRANS_FLAG 210.Bl -tag -width "False" 211.It True 212The security context may be transferred to other processes via a call to 213.Fn gss_export_sec_context . 214.It False 215The security context is not transferable. 216.El 217.El 218.It locally_initiated 219Non-zero if the invoking application is the context initiator. 220Specify 221.Dv NULL 222if not required. 223.It open 224Non-zero if the context is fully established; 225Zero if a context-establishment token is expected from the peer 226application. 227Specify 228.Dv NULL 229if not required. 230.El 231.Sh RETURN VALUES 232.Bl -tag 233.It GSS_S_COMPLETE 234Successful completion 235.It GSS_S_NO_CONTEXT 236The referenced context could not be accessed 237.El 238.Sh SEE ALSO 239.Xr gss_release_name 3 , 240.Xr gss_init_sec_context 3 , 241.Xr gss_wrap 3 , 242.Xr gss_get_mic 3 , 243.Xr gss_export_sec_context 3 244.Sh STANDARDS 245.Bl -tag 246.It RFC 2743 247Generic Security Service Application Program Interface Version 2, Update 1 248.It RFC 2744 249Generic Security Service API Version 2 : C-bindings 250.El 251.Sh HISTORY 252The 253.Nm 254manual page example first appeared in 255.Fx 7.0 . 256.Sh AUTHORS 257John Wray, Iris Associates 258.Sh COPYRIGHT 259Copyright (C) The Internet Society (2000). All Rights Reserved. 260.Pp 261This document and translations of it may be copied and furnished to 262others, and derivative works that comment on or otherwise explain it 263or assist in its implementation may be prepared, copied, published 264and distributed, in whole or in part, without restriction of any 265kind, provided that the above copyright notice and this paragraph are 266included on all such copies and derivative works. However, this 267document itself may not be modified in any way, such as by removing 268the copyright notice or references to the Internet Society or other 269Internet organizations, except as needed for the purpose of 270developing Internet standards in which case the procedures for 271copyrights defined in the Internet Standards process must be 272followed, or as required to translate it into languages other than 273English. 274.Pp 275The limited permissions granted above are perpetual and will not be 276revoked by the Internet Society or its successors or assigns. 277.Pp 278This document and the information contained herein is provided on an 279"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 280TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 281BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 282HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 283MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 284