1.\" -*- nroff -*- 2.\" 3.\" Copyright (c) 2005 Doug Rabson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.\" Copyright (C) The Internet Society (2000). All Rights Reserved. 30.\" 31.\" This document and translations of it may be copied and furnished to 32.\" others, and derivative works that comment on or otherwise explain it 33.\" or assist in its implementation may be prepared, copied, published 34.\" and distributed, in whole or in part, without restriction of any 35.\" kind, provided that the above copyright notice and this paragraph are 36.\" included on all such copies and derivative works. However, this 37.\" document itself may not be modified in any way, such as by removing 38.\" the copyright notice or references to the Internet Society or other 39.\" Internet organizations, except as needed for the purpose of 40.\" developing Internet standards in which case the procedures for 41.\" copyrights defined in the Internet Standards process must be 42.\" followed, or as required to translate it into languages other than 43.\" English. 44.\" 45.\" The limited permissions granted above are perpetual and will not be 46.\" revoked by the Internet Society or its successors or assigns. 47.\" 48.\" This document and the information contained herein is provided on an 49.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 50.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 51.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 52.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 53.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 54.\" 55.\" The following commands are required for all man pages. 56.Dd November 12, 2005 57.Os 58.Dt GSS_UNWRAP 3 PRM 59.Sh NAME 60.Nm gss_unwrap , 61.Nm gss_unseal 62.Nd Convert a message previously protected by 63.Xr gss_wrap 3 64back to a usable form 65.\" This next command is for sections 2 and 3 only. 66.\" .Sh LIBRARY 67.Sh SYNOPSIS 68.In "gssapi/gssapi.h" 69.Ft OM_uint32 70.Fo gss_unwrap 71.Fa "OM_uint32 *minor_status" 72.Fa "const gss_ctx_id_t context_handle" 73.Fa "const gss_buffer_t input_message_buffer" 74.Fa "gss_buffer_t output_message_buffer" 75.Fa "int *conf_state" 76.Fa "gss_qop_t *qop_state" 77.Fc 78.Ft OM_uint32 79.Fo gss_unseal 80.Fa "OM_uint32 *minor_status" 81.Fa "gss_ctx_id_t context_handle" 82.Fa "gss_buffer_t input_message_buffer" 83.Fa "gss_buffer_t output_message_buffer" 84.Fa "int *conf_state" 85.Fa "gss_qop_t *qop_state" 86.Fc 87.Sh DESCRIPTION 88Converts a message previously protected by 89.Xr gss_wrap 3 90back to a usable form, 91verifying the embedded MIC. 92The 93.Dv conf_state 94parameter indicates whether the message was encrypted; 95the 96.Dv qop_state 97parameter indicates the strength of protection that was used to provide the 98confidentiality and integrity services. 99.Pp 100Since some application-level protocols may wish to use tokens emitted 101by 102.Xr gss_wrap 3 103to provide "secure framing", 104implementations must support the wrapping and unwrapping of 105zero-length messages. 106.Pp 107The 108.Fn gss_unseal 109routine is an obsolete variant of 110.Fn gss_unwrap . 111It is 112provided for backwards 113compatibility with applications using the GSS-API V1 interface. 114A distinct entrypoint (as opposed to #define) is provided, 115both to allow GSS-API V1 applications to link 116and to retain the slight parameter type differences between the 117obsolete versions of this routine and its current form. 118.Sh PARAMETERS 119.Bl -tag 120.It minor_status 121Mechanism specific status code. 122.It context_handle 123Identifies the context on which the message arrived. 124.It input_message_buffer 125Protected message. 126.It output_message_buffer 127Buffer to receive unwrapped message. 128Storage associated with this buffer must 129be freed by the application after use use 130with a call to 131.Xr gss_release_buffer 3 . 132.It conf_state 133.Bl -tag -width "Non-zero" 134.It Non-zero 135Confidentiality and integrity protection were used. 136.It Zero 137Integrity service only was used. 138.El 139.Pp 140Specify NULL if not required. 141.It qop_state 142Quality of protection provided. Specify NULL if not required. 143.El 144.Sh RETURN VALUES 145.Bl -tag 146.It GSS_S_COMPLETE 147Successful completion. 148.It GSS_S_DEFECTIVE_TOKEN 149The token failed consistency checks. 150.It GSS_S_BAD_SIG 151The MIC was incorrect 152.It GSS_S_DUPLICATE_TOKEN 153The token was valid, and contained a correct 154MIC for the message, but it had already been 155processed. 156.It GSS_S_OLD_TOKEN 157The token was valid, and contained a correct MIC 158for the message, but it is too old to check for 159duplication. 160.It GSS_S_UNSEQ_TOKEN 161The token was valid, and contained a correct MIC 162for the message, but has been verified out of 163sequence; a later token has already been 164received. 165.It GSS_S_GAP_TOKEN 166The token was valid, and contained a correct MIC 167for the message, but has been verified out of 168sequence; an earlier expected token has not yet 169been received. 170.It GSS_S_CONTEXT_EXPIRED 171The context has already expired. 172.It GSS_S_NO_CONTEXT 173The context_handle parameter did not identify a valid context. 174.El 175.Sh SEE ALSO 176.Xr gss_wrap 3 , 177.Xr gss_release_buffer 3 178.Sh STANDARDS 179.Bl -tag 180.It RFC 2743 181Generic Security Service Application Program Interface Version 2, Update 1 182.It RFC 2744 183Generic Security Service API Version 2 : C-bindings 184.\" .Sh HISTORY 185.Sh HISTORY 186The 187.Nm 188manual page example first appeared in 189.Fx 7.0 . 190.Sh AUTHORS 191John Wray, Iris Associates 192