xref: /freebsd/lib/libgssapi/gss_inquire_context.3 (revision c7d813a93eeb447470734c9bc0c140d90a54c271)
1.\" -*- nroff -*-
2.\"
3.\" Copyright (c) 2005 Doug Rabson
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.\"	$FreeBSD$
28.\"
29.\" The following commands are required for all man pages.
30.Dd January 26, 2010
31.Dt GSS_INQUIRE_CONTEXT 3 PRM
32.Os
33.Sh NAME
34.Nm gss_inquire_context
35.Nd Obtain information about a security context
36.\" This next command is for sections 2 and 3 only.
37.\" .Sh LIBRARY
38.Sh SYNOPSIS
39.In "gssapi/gssapi.h"
40.Ft OM_uint32
41.Fo gss_inquire_context
42.Fa "OM_uint32 *minor_status"
43.Fa "const gss_ctx_id_t context_handle"
44.Fa "gss_name_t *src_name"
45.Fa "gss_name_t *targ_name"
46.Fa "OM_uint32 *lifetime_rec"
47.Fa "gss_OID *mech_type"
48.Fa "OM_uint32 *ctx_flags"
49.Fa "int *locally_initiated"
50.Fa "int *open"
51.Fc
52.Sh DESCRIPTION
53Obtains information about a security context.
54The caller must already have obtained a handle that refers to the
55context,
56although the context need not be fully established.
57.Sh PARAMETERS
58.Bl -tag -width ".It locally_initiated"
59.It minor_status
60Mechanism specific status code.
61.It context_handle
62A handle that refers to the security context.
63.It src_name
64The name of the context initiator.
65If the context was established using anonymous authentication,
66and if the application invoking
67.Fn gss_inquire_context
68is the context acceptor,
69an anonymous name will be returned.
70Storage associated with this name must be freed by the application
71after use with a call to
72.Fn gss_release_name .
73Specify
74.Dv NULL
75if not required.
76.It targ_name
77The name of the context acceptor.
78Storage associated with this name must be freed by the application
79after use with a call to
80.Fn gss_release_name .
81If the context acceptor did not authenticate itself,
82and if the initiator did not specify a target name in its call to
83.Fn gss_init_sec_context ,
84the value
85.Dv GSS_C_NO_NAME
86will be returned.
87Specify
88.Dv NULL
89if not required.
90.It lifetime_rec
91The number of seconds for which the context will remain valid.
92If the context has expired,
93this parameter will be set to zero.
94If the implementation does not support context expiration,
95the value
96.Dv GSS_C_INDEFINITE
97will be returned.
98Specify
99.Dv NULL
100if not required.
101.It mech_type
102The security mechanism providing the context.
103The returned OID will be a pointer to static storage that should be
104treated as read-only by the application;
105in particular the application should not attempt to free it.
106Specify
107.Dv NULL
108if not required.
109.It ctx_flags
110Contains various independent flags,
111each of which indicates that the context supports
112(or is expected to support, if
113.Fa open
114is false)
115a specific service option.
116If not needed, specify
117.Dv NULL .
118Symbolic names are provided for each flag,
119and the symbolic names corresponding to the required flags should be
120logically-ANDed with the
121.Fa ctx_flags
122value to test whether a given option is supported by the context.
123The flags are:
124.Bl -tag -width "WW"
125.It GSS_C_DELEG_FLAG
126.Bl -tag -width "False"
127.It True
128Credentials were delegated from the initiator to the acceptor.
129.It False
130No credentials were delegated.
131.El
132.It GSS_C_MUTUAL_FLAG
133.Bl -tag -width "False"
134.It True
135The acceptor was authenticated to the initiator.
136.It False
137The acceptor did not authenticate itself.
138.El
139.It GSS_C_REPLAY_FLAG
140.Bl -tag -width "False"
141.It True
142Replay of protected messages will be detected.
143.It False
144Replayed messages will not be detected.
145.El
146.It GSS_C_SEQUENCE_FLAG
147.Bl -tag -width "False"
148.It True
149Out-of-sequence protected messages will be detected.
150.It False
151Out-of-sequence messages will not be detected.
152.El
153.It GSS_C_CONF_FLAG
154.Bl -tag -width "False"
155.It True
156Confidentiality service may be invoked by calling
157.Fn gss_wrap
158routine.
159.It False
160No confidentiality service
161(via
162.Fn gss_wrap )
163available.
164.Fn gss_wrap
165will provide message encapsulation,
166data-origin authentication and integrity services only.
167.El
168.It GSS_C_INTEG_FLAG
169.Bl -tag -width "False"
170.It True
171Integrity service may be invoked by calling either
172.Fn gss_get_mic
173or
174.Fn gss_wrap
175routines.
176.It False
177Per-message integrity service unavailable.
178.El
179.It GSS_C_ANON_FLAG
180.Bl -tag -width "False"
181.It True
182The initiator's identity will not be revealed to the acceptor.
183The
184.Fa src_name
185parameter (if requested) contains an anonymous internal name.
186.It False
187The initiator has been authenticated normally.
188.El
189.It GSS_C_PROT_READY_FLAG
190.Bl -tag -width "False"
191.It True
192Protection services
193(as specified by the states of the
194.Dv GSS_C_CONF_FLAG
195and
196.Dv GSS_C_INTEG_FLAG )
197are available for use.
198.It False
199Protection services
200(as specified by the states of the
201.Dv GSS_C_CONF_FLAG
202and
203.Dv GSS_C_INTEG_FLAG )
204are available only if the context is fully established
205(i.e. if the
206.Fa open
207parameter is non-zero).
208.El
209.It GSS_C_TRANS_FLAG
210.Bl -tag -width "False"
211.It True
212The security context may be transferred to other processes via a call to
213.Fn gss_export_sec_context .
214.It False
215The security context is not transferable.
216.El
217.El
218.It locally_initiated
219Non-zero if the invoking application is the context initiator.
220Specify
221.Dv NULL
222if not required.
223.It open
224Non-zero if the context is fully established;
225Zero if a context-establishment token is expected from the peer
226application.
227Specify
228.Dv NULL
229if not required.
230.El
231.Sh RETURN VALUES
232.Bl -tag -width ".It GSS_S_NO_CONTEXT"
233.It GSS_S_COMPLETE
234Successful completion
235.It GSS_S_NO_CONTEXT
236The referenced context could not be accessed
237.El
238.Sh SEE ALSO
239.Xr gss_export_sec_context 3 ,
240.Xr gss_get_mic 3 ,
241.Xr gss_init_sec_context 3 ,
242.Xr gss_release_name 3 ,
243.Xr gss_wrap 3
244.Sh STANDARDS
245.Bl -tag -width ".It RFC 2743"
246.It RFC 2743
247Generic Security Service Application Program Interface Version 2, Update 1
248.It RFC 2744
249Generic Security Service API Version 2 : C-bindings
250.El
251.Sh HISTORY
252The
253.Nm
254function first appeared in
255.Fx 7.0 .
256.Sh AUTHORS
257John Wray, Iris Associates
258.Sh COPYRIGHT
259Copyright (C) The Internet Society (2000).  All Rights Reserved.
260.Pp
261This document and translations of it may be copied and furnished to
262others, and derivative works that comment on or otherwise explain it
263or assist in its implementation may be prepared, copied, published
264and distributed, in whole or in part, without restriction of any
265kind, provided that the above copyright notice and this paragraph are
266included on all such copies and derivative works.  However, this
267document itself may not be modified in any way, such as by removing
268the copyright notice or references to the Internet Society or other
269Internet organizations, except as needed for the purpose of
270developing Internet standards in which case the procedures for
271copyrights defined in the Internet Standards process must be
272followed, or as required to translate it into languages other than
273English.
274.Pp
275The limited permissions granted above are perpetual and will not be
276revoked by the Internet Society or its successors or assigns.
277.Pp
278This document and the information contained herein is provided on an
279"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
280TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
281BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
282HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
283MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
284