Delegation(3) Delegation Functions.

Functions


OM_uint32 GSS_CALLCONV gss_accept_delegation (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID_set extension_oids, const gss_buffer_set_t extension_buffers, const gss_buffer_t input_token, OM_uint32 req_flags, OM_uint32 time_req, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle, gss_OID *mech_type, gss_buffer_t output_token)
Accept a delegated credential.
OM_uint32 GSS_CALLCONV gss_init_delegation (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_cred_id_t cred_handle, const gss_OID desired_mech, const gss_OID_set extension_oids, const gss_buffer_set_t extension_buffers, const gss_buffer_t input_token, OM_uint32 req_flags, OM_uint32 time_req, gss_buffer_t output_token)
Initiate Delegation.

Detailed Description

Delegation Functions.

Functions in this section allow delegation to occur outside of the context initiation handshake.

Function Documentation

OM_uint32 GSS_CALLCONV gss_accept_delegation (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_OID_setextension_oids, const gss_buffer_set_textension_buffers, const gss_buffer_tinput_token, OM_uint32req_flags, OM_uint32time_req, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle, gss_OID *mech_type, gss_buffer_toutput_token)

Accept a delegated credential. This functions drives the accepting side of the credential delegation process. It is expected to be called in tandem with the gss_init_delegation function.

Parameters:

minor_status The minor status returned by this function. This parameter will be 0 upon success.
context_handle The security context over which the credential is delegated.
extension_oids A set of extension OIDs corresponding to buffers in the extension_buffers parameter below. May be GSS_C_NO_BUFFER_SET. Currently not used.
extension_buffers A set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET. Currently not used.
input_token The token that was produced by a prior call to gss_init_delegation.
req_flags Flags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE is checked for. This flag results in tokens that aren't wrapped.
time_req The requested period of validity (seconds) of the delegated credential. Currently a NO-OP.
time_rec This parameter will contain the received period of validity of the delegated credential upon success. May be NULL.
delegated_cred_handle This parameter will contain the delegated credential upon success.
mech_type Returns the security mechanism upon success. Currently not implemented. May be NULL.
output_token A token that should be passed to gss_init_delegation if the return value is GSS_S_CONTINUE_NEEDED.

Return values:

GSS_S_COMPLETE Successful completion
GSS_S_CONTINUE_NEEDED The function needs to be called again.
GSS_S_FAILURE Failure

OM_uint32 GSS_CALLCONV gss_init_delegation (OM_uint32 *minor_status, const gss_ctx_id_tcontext_handle, const gss_cred_id_tcred_handle, const gss_OIDdesired_mech, const gss_OID_setextension_oids, const gss_buffer_set_textension_buffers, const gss_buffer_tinput_token, OM_uint32req_flags, OM_uint32time_req, gss_buffer_toutput_token)

Initiate Delegation. This functions drives the initiating side of the credential delegation process. It is expected to be called in tandem with the gss_accept_delegation function.

Parameters:

minor_status The minor status returned by this function. This parameter will be 0 upon success.
context_handle The security context over which the credential is delegated.
cred_handle The credential to be delegated. May be GSS_C_NO_CREDENTIAL in which case the credential associated with the security context is used.
desired_mech The desired security mechanism. Currently not used. May be GSS_C_NO_OID.
extension_oids A set of extension OIDs corresponding to buffers in the extension_buffers parameter below. The extensions specified will be added to the delegated credential. May be GSS_C_NO_BUFFER_SET.
extension_buffers A set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET.
input_token The token that was produced by a prior call to gss_accept_delegation. This parameter will be ignored the first time this function is called.
req_flags Flags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG are checked for. The GSS_C_GLOBUS_SSL_COMPATIBLE flag results in tokens that aren't wrapped and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG causes the delegated proxy to be limited (requires that no extensions are specified.
time_req The requested period of validity (seconds) of the delegated credential. Passing a time_req of 0 cause the delegated credential to have the same lifetime as the credential that issued it.
output_token A token that should be passed to gss_accept_delegation if the return value is GSS_S_CONTINUE_NEEDED.

Return values:

GSS_S_COMPLETE Success
GSS_S_CONTINUE_NEEDED This function needs to be called again.
GSS_S_FAILURE upon failure

Author

Generated automatically by Doxygen for globus_gssapi_gsi from the source code.