📄 rfc1509.txt
字号:
will remain valid. Specify NULL if not required.Wray [Page 23]
RFC 1509 GSSAPI - Overview and C bindings September 1993 delegated_cred_handle gss_cred_id_t, modify credential handle for credentials received from context initiator. Only valid if deleg_flag in ret_flags is true. minor_status integer, modify Mechanism specific status code. Function value: GSS status code: GSS_S_COMPLETE Successful completion GSS_S_CONTINUE_NEEDED Indicates that a token from the peer application is required to complete the context, and that gss_accept_sec_context must be called again with that token. GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on the input_token failed. GSS_S_DEFECTIVE_CREDENTIAL Indicates that consistency checks performed on the credential failed. GSS_S_NO_CRED The supplied credentials were not valid for context acceptance, or the credential handle did not reference any credentials. GSS_S_CREDENTIALS_EXPIRED The referenced credentials have expired. GSS_S_BAD_BINDINGS The input_token contains different channel bindings to those specified via the input_chan_bindings parameter. GSS_S_NO_CONTEXT Indicates that the supplied context handle did not refer to a valid context. GSS_S_BAD_SIG The input_token contains an invalid signature. GSS_S_OLD_TOKEN The input_token was too old. This is a fatal error during context establishment. GSS_S_DUPLICATE_TOKEN The input_token is valid, but is a duplicate of a token already processed. This is a fatal error during context establishment.Wray [Page 24]
RFC 1509 GSSAPI - Overview and C bindings September 1993 GSS_S_FAILURE Failure. See minor_status for more information.3.5. gss_process_context_token OM_uint32 gss_process_context_token ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_buffer_t token_buffer) Purpose: Provides a way to pass a token to the security service. Usually, tokens are associated either with context establishment (when they would be passed to gss_init_sec_context or gss_accept_sec_context) or with per-message security service (when they would be passed to gss_verify or gss_unseal). Occasionally, tokens may be received at other times, and gss_process_context_token allows such tokens to be passed to the underlying security service for processing. At present, such additional tokens may only be generated by gss_delete_sec_context. GSSAPI implementation may use this service to implement deletion of the security context. Parameters: context_handle gss_ctx_id_t, read context handle of context on which token is to be processed token_buffer buffer, opaque, read pointer to first byte of token to process minor_status integer, modify Implementation specific status code. Function value: GSS status code: GSS_S_COMPLETE Successful completion GSS_S_DEFECTIVE_TOKEN Indicates that consistency checks performed on the token failed GSS_S_FAILURE Failure. See minor_status for more information GSS_S_NO_CONTEXT The context_handle did not refer to a valid contextWray [Page 25]
RFC 1509 GSSAPI - Overview and C bindings September 19933.6. gss_delete_sec_context OM_uint32 gss_delete_sec_context ( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token) Purpose: Delete a security context. gss_delete_sec_context will delete the local data structures associated with the specified security context, and generate an output_token, which when passed to the peer gss_process_context_token will instruct it to do likewise. No further security services may be obtained using the context specified by context_handle. Parameters: minor_status integer, modify Mechanism specific status code. context_handle gss_ctx_id_t, modify context handle identifying context to delete. output_token buffer, opaque, modify token to be sent to remote application to instruct it to also delete the context Function value: GSS status code: GSS_S_COMPLETE Successful completion GSS_S_FAILURE Failure, see minor_status for more information GSS_S_NO_CONTEXT No valid context was supplied3.7. gss_context_time OM_uint32 gss_context_time ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, OM_uint32 * time_rec) Purpose: Determines the number of seconds for which the specified context will remain valid.Wray [Page 26]
RFC 1509 GSSAPI - Overview and C bindings September 1993 Parameters: minor_status integer, modify Implementation specific status code. context_handle gss_ctx_id_t, read Identifies the context to be interrogated. time_rec integer, modify Number of seconds that the context will remain valid. If the context has already expired, zero will be returned. Function value: GSS status code: GSS_S_COMPLETE Successful completion GSS_S_CONTEXT_EXPIRED The context has already expired GSS_S_CREDENTIALS_EXPIRED The context is recognized, but associated credentials have expired GSS_S_NO_CONTEXT The context_handle parameter did not identify a valid context3.8. gss_sign OM_uint32 gss_sign ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, int qop_req, gss_buffer_t message_buffer, gss_buffer_t msg_token) Purpose: Generates a cryptographic signature for the supplied message, and places the signature in a token for transfer to the peer application. The qop_req parameter allows a choice between several cryptographic algorithms, if supported by the chosen mechanism. Parameters: minor_status integer, modify Implementation specific status code. context_handle gss_ctx_id_t, read identifies the context on which the messageWray [Page 27]
RFC 1509 GSSAPI - Overview and C bindings September 1993 will be sent qop_req integer, read, optional Specifies requested quality of protection. Callers are encouraged, on portability grounds, to accept the default quality of protection offered by the chosen mechanism, which may be requested by specifying GSS_C_QOP_DEFAULT for this parameter. If an unsupported protection strength is requested, gss_sign will return a major_status of GSS_S_FAILURE. message_buffer buffer, opaque, read message to be signed msg_token buffer, opaque, modify buffer to receive token Function value: GSS status code: GSS_S_COMPLETE Successful completion GSS_S_CONTEXT_EXPIRED The context has already expired GSS_S_CREDENTIALS_EXPIRED The context is recognized, but associated credentials have expired GSS_S_NO_CONTEXT The context_handle parameter did not identify a valid context GSS_S_FAILURE Failure. See minor_status for more information.3.9. gss_verify OM_uint32 gss_verify ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_buffer_t message_buffer, gss_buffer_t token_buffer, int * qop_state) Purpose: Verifies that a cryptographic signature, contained in the token parameter, fits the supplied message. The qop_state parameter allows a message recipient to determine the strength of protection that was applied to the message.Wray [Page 28]
RFC 1509 GSSAPI - Overview and C bindings September 1993 Parameters: minor_status integer, modify Mechanism specific status code. context_handle gss_ctx_id_t, read identifies the context on which the message arrived message_buffer buffer, opaque, read message to be verified token_buffer buffer, opaque, read token associated with message qop_state integer, modify quality of protection gained from signature Function value: GSS status code: GSS_S_COMPLETE Successful completion GSS_S_DEFECTIVE_TOKEN The token failed consistency checks GSS_S_BAD_SIG The signature was incor⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -