1.\" -*- nroff -*- 2.\" 3.\" Copyright (c) 2005 Doug Rabson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.\" Copyright (C) The Internet Society (2000). All Rights Reserved. 30.\" 31.\" This document and translations of it may be copied and furnished to 32.\" others, and derivative works that comment on or otherwise explain it 33.\" or assist in its implementation may be prepared, copied, published 34.\" and distributed, in whole or in part, without restriction of any 35.\" kind, provided that the above copyright notice and this paragraph are 36.\" included on all such copies and derivative works. However, this 37.\" document itself may not be modified in any way, such as by removing 38.\" the copyright notice or references to the Internet Society or other 39.\" Internet organizations, except as needed for the purpose of 40.\" developing Internet standards in which case the procedures for 41.\" copyrights defined in the Internet Standards process must be 42.\" followed, or as required to translate it into languages other than 43.\" English. 44.\" 45.\" The limited permissions granted above are perpetual and will not be 46.\" revoked by the Internet Society or its successors or assigns. 47.\" 48.\" This document and the information contained herein is provided on an 49.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 50.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 51.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 52.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 53.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 54.\" 55.\" The following commands are required for all man pages. 56.Dd November 12, 2005 57.Os 58.Dt GSS_INQUIRE_CONTEXT 3 PRM 59.Sh NAME 60.Nm gss_inquire_context 61.Nd Obtain information about a security context 62.\" This next command is for sections 2 and 3 only. 63.\" .Sh LIBRARY 64.Sh SYNOPSIS 65.In "gssapi/gssapi.h" 66.Ft OM_uint32 67.Fo gss_inquire_context 68.Fa "OM_uint32 *minor_status" 69.Fa "const gss_ctx_id_t context_handle" 70.Fa "gss_name_t *src_name" 71.Fa "gss_name_t *targ_name" 72.Fa "OM_uint32 *lifetime_rec" 73.Fa "gss_OID *mech_type" 74.Fa "OM_uint32 *ctx_flags" 75.Fa "int *locally_initiated" 76.Fa "int *open" 77.Fc 78.Sh DESCRIPTION 79Obtains information about a security context. 80The caller must already have obtained a handle that refers to the 81context, 82although the context need not be fully established. 83.Sh PARAMETERS 84.Bl -tag 85.It minor_status 86Mechanism specific status code. 87.It context_handle 88A handle that refers to the security context. 89.It src_name 90The name of the context initiator. 91If the context was established using anonymous authentication, 92and if the application invoking 93.Fn gss_inquire_context 94is the context acceptor, 95an anonymous name will be returned. 96Storage associated with this name must be freed by the application 97after use with a call to 98.Fn gss_release_name . 99Specify 100.Dv NULL 101if not required. 102.It targ_name 103The name of the context acceptor. 104Storage associated with this name must be freed by the application 105after use with a call to 106.Fn gss_release_name . 107If the context acceptor did not authenticate itself, 108and if the initiator did not specify a target name in its call to 109.Fn gss_init_sec_context , 110the value 111.Dv GSS_C_NO_NAME 112will be returned. 113Specify 114.Dv NULL 115if not required. 116.It lifetime_rec 117The number of seconds for which the context will remain valid. 118If the context has expired, 119this parameter will be set to zero. 120If the implementation does not support context expiration, 121the value 122.Dv GSS_C_INDEFINITE 123will be returned. 124Specify 125.Dv NULL 126if not required. 127.It mech_type 128The security mechanism providing the context. 129The returned OID will be a pointer to static storage that should be 130treated as read-only by the application; 131in particular the application should not attempt to free it. 132Specify 133.Dv NULL 134if not required. 135.It ctx_flags 136Contains various independent flags, 137each of which indicates that the context supports 138(or is expected to support, if 139.Fa open 140is false) 141a specific service option. 142If not needed, specify 143.Dv NULL . 144Symbolic names are provided for each flag, 145and the symbolic names corresponding to the required flags should be 146logically-ANDed with the 147.Fa ctx_flags 148value to test whether a given option is supported by the context. 149The flags are: 150.Bl -tag -width "WW" 151.It GSS_C_DELEG_FLAG 152.Bl -tag -width "False" 153.It True 154Credentials were delegated from the initiator to the acceptor. 155.It False 156No credentials were delegated. 157.El 158.It GSS_C_MUTUAL_FLAG 159.Bl -tag -width "False" 160.It True 161The acceptor was authenticated to the initiator. 162.It False 163The acceptor did not authenticate itself. 164.El 165.It GSS_C_REPLAY_FLAG 166.Bl -tag -width "False" 167.It True 168Replay of protected messages will be detected. 169.It False 170Replayed messages will not be detected. 171.El 172.It GSS_C_SEQUENCE_FLAG 173.Bl -tag -width "False" 174.It True 175Out-of-sequence protected messages will be detected. 176.It False 177Out-of-sequence messages will not be detected. 178.El 179.It GSS_C_CONF_FLAG 180.Bl -tag -width "False" 181.It True 182Confidentiality service may be invoked by calling 183.Fn gss_wrap 184routine. 185.It False 186No confidentiality service 187(via 188.Fn gss_wrap ) 189available. 190.Fn gss_wrap 191will provide message encapsulation, 192data-origin authentication and integrity services only. 193.El 194.It GSS_C_INTEG_FLAG 195.Bl -tag -width "False" 196.It True 197Integrity service may be invoked by calling either 198.Fn gss_get_mic 199or 200.Fn gss_wrap 201routines. 202.It False 203Per-message integrity service unavailable. 204.El 205.It GSS_C_ANON_FLAG 206.Bl -tag -width "False" 207.It True 208The initiator's identity will not be revealed to the acceptor. 209The 210.Fa src_name 211parameter (if requested) contains an anonymous internal name. 212.It False 213The initiator has been authenticated normally. 214.El 215.It GSS_C_PROT_READY_FLAG 216.Bl -tag -width "False" 217.It True 218Protection services 219(as specified by the states of the 220.Dv GSS_C_CONF_FLAG 221and 222.Dv GSS_C_INTEG_FLAG ) 223are available for use. 224.It False 225Protection services 226(as specified by the states of the 227.Dv GSS_C_CONF_FLAG 228and 229.Dv GSS_C_INTEG_FLAG ) 230are available only if the context is fully established 231(i.e. if the 232.Fa open 233parameter is non-zero). 234.El 235.It GSS_C_TRANS_FLAG 236.Bl -tag -width "False" 237.It True 238The security context may be transferred to other processes via a call to 239.Fn gss_export_sec_context . 240.It False 241The security context is not transferable. 242.El 243.El 244.It locally_initiated 245Non-zero if the invoking application is the context initiator. 246Specify 247.Dv NULL 248if not required. 249.It open 250Non-zero if the context is fully established; 251Zero if a context-establishment token is expected from the peer 252application. 253Specify 254.Dv NULL 255if not required. 256.El 257.Sh RETURN VALUES 258.Bl -tag 259.It GSS_S_COMPLETE 260Successful completion 261.It GSS_S_NO_CONTEXT 262The referenced context could not be accessed 263.El 264.Sh SEE ALSO 265.Xr gss_release_name 3 , 266.Xr gss_init_sec_context 3 , 267.Xr gss_wrap 3 , 268.Xr gss_get_mic 3 , 269.Xr gss_export_sec_context 3 270.Sh STANDARDS 271.Bl -tag 272.It RFC 2743 273Generic Security Service Application Program Interface Version 2, Update 1 274.It RFC 2744 275Generic Security Service API Version 2 : C-bindings 276.\" .Sh HISTORY 277.El 278.Sh HISTORY 279The 280.Nm 281manual page example first appeared in 282.Fx 7.0 . 283.Sh AUTHORS 284John Wray, Iris Associates 285