packages icon



 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



 NAME
      Heimdal GSS-API functions -

    Functions
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member
          (OM_uint32 *minor_status, const gss_OID member_oid, gss_OID_set
          *oid_set)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov (OM_uint32
          *minor_status, gss_ctx_id_t context_handle, int conf_req_flag,
          gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int
          iov_count)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap_iov
          (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int
          *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int
          iov_count)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length
          (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int
          conf_req_flag, gss_qop_t qop_req, int *conf_state,
          gss_iov_buffer_desc *iov, int iov_count)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_iov_buffer
          (OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name
          (OM_uint32 *minor_status, const gss_name_t input_name, const
          gss_OID mech_type, gss_name_t *output_name)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name
          (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer,
          const gss_OID input_name_type, gss_name_t *output_name)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context
          (OM_uint32 *minor_status, const gss_cred_id_t
          initiator_cred_handle, gss_ctx_id_t *context_handle, const
          gss_name_t target_name, const gss_OID input_mech_type, OM_uint32
          req_flags, OM_uint32 time_req, const gss_channel_bindings_t
          input_chan_bindings, const gss_buffer_t input_token, gss_OID
          *actual_mech_type, gss_buffer_t output_token, OM_uint32
          *ret_flags, OM_uint32 *time_rec)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
          gss_inquire_saslname_for_mech (OM_uint32 *minor_status, const
          gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t
          mech_name, gss_buffer_t mech_description)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
          gss_inquire_attrs_for_mech (OM_uint32 *minor_status, gss_const_OID
          mech, gss_OID_set *mech_attr, gss_OID_set *known_mech_attrs)
      GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL gss_oid_equal (gss_const_OID
          a, gss_const_OID b)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred
          (OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name
          (OM_uint32 *minor_status, gss_name_t *input_name)
      GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap (OM_uint32



                                    - 1 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



          *minor_status, const gss_ctx_id_t context_handle, int
          conf_req_flag, gss_qop_t qop_req, const gss_buffer_t
          input_message_buffer, int *conf_state, gss_buffer_t
          output_message_buffer)

    Variables
      gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc

 Detailed Description
 Function Documentation
    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member
      (OM_uint32 * minor_status, const gss_OID member_oid, gss_OID_set *
      oid_set)
      Add a oid to the oid set, function does not make a copy of the oid, so
      the pointer to member_oid needs to be stable for the whole time
      oid_set is used.

      If there is a duplicate member of the oid, the new member is not added
      to to the set.

      Parameters:
          minor_status minor status code.
          member_oid member to add to the oid set
          oid_set oid set to add the member too

      Returns:
          a gss_error code, see gss_display_status() about printing the
          error code.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name
      (OM_uint32 * minor_status, const gss_name_t input_name, const gss_OID
      mech_type, gss_name_t * output_name)
      gss_canonicalize_name takes a Internal Name (IN) and converts in into
      a mechanism specific Mechanism Name (MN).

      The input name may multiple name, or generic name types.

      If the input_name if of the GSS_C_NT_USER_NAME, and the Kerberos
      mechanism is specified, the resulting MN type is a
      GSS_KRB5_NT_PRINCIPAL_NAME.

      For more information about internalVSmechname.

      Parameters:
          minor_status minor status code.
          input_name name to covert, unchanged by gss_canonicalize_name().
          mech_type the type to convert Name too.
          output_name the resulting type, release with gss_release_name(),
          independent of input_name.



                                    - 2 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



      Returns:
          a gss_error code, see gss_display_status() about printing the
          error code.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name (OM_uint32
      * minor_status, const gss_buffer_t input_name_buffer, const gss_OID
      input_name_type, gss_name_t * output_name)
      Import a name internal or mechanism name

      Type of name and their format:

      + GSS_C_NO_OID

      + GSS_C_NT_USER_NAME

      + GSS_C_NT_HOSTBASED_SERVICE

      + GSS_C_NT_EXPORT_NAME

      + GSS_C_NT_ANONYMOUS

      + GSS_KRB5_NT_PRINCIPAL_NAME

      For more information about internalVSmechname.

      Parameters:
          minor_status minor status code
          input_name_buffer import name buffer
          input_name_type type of the import name buffer
          output_name the resulting type, release with gss_release_name(),
          independent of input_name

      Returns:
          a gss_error code, see gss_display_status() about printing the
          error code.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context
      (OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle,
      gss_ctx_id_t * context_handle, const gss_name_t target_name, const
      gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req,
      const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t
      input_token, gss_OID * actual_mech_type, gss_buffer_t output_token,
      OM_uint32 * ret_flags, OM_uint32 * time_rec)
      As the initiator build a context with an acceptor.

      Returns in the major

      + GSS_S_COMPLETE - if the context if build




                                    - 3 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



      + GSS_S_CONTINUE_NEEDED - if the caller needs to continue another
        round of gss_i nit_sec_context

      + error code - any other error code

      Parameters:
          minor_status minor status code.
          initiator_cred_handle the credential to use when building the
          context, if GSS_C_NO_CREDENTIAL is passed, the default credential
          for the mechanism will be used.
          context_handle a pointer to a context handle, will be returned as
          long as there is not an error.
          target_name the target name of acceptor, created using
          gss_import_name(). The name is can be of any name types the
          mechanism supports, check supported name types with
          gss_inquire_names_for_mech().
          input_mech_type mechanism type to use, if GSS_C_NO_OID is used,
          Kerberos (GSS_KRB5_MECHANISM) will be tried. Other available
          mechanism are listed in the GSS-API mechanisms section.
          req_flags flags using when building the context, see Context
          creation flags
          time_req time requested this context should be valid in seconds,
          common used value is GSS_C_INDEFINITE
          input_chan_bindings Channel bindings used, if not exepected
          otherwise, used GSS_C_NO_CHANNEL_BINDINGS
          input_token input token sent from the acceptor, for the initial
          packet the buffer of { NULL, 0 } should be used.
          actual_mech_type the actual mech used, MUST NOT be freed since it
          pointing to static memory.
          output_token if there is an output token, regardless of complete,
          continue_needed, or error it should be sent to the acceptor
          ret_flags return what flags was negotitated, caller should check
          if they are accetable. For example, if GSS_C_MUTUAL_FLAG was
          negotiated with the acceptor or not.
          time_rec amount of time this context is valid for

      Returns:
          a gss_error code, see gss_display_status() about printing the
          error code.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_attrs_for_mech
      (OM_uint32 * minor_status, gss_const_OID mech, gss_OID_set *
      mech_attr, gss_OID_set * known_mech_attrs)
      List support attributes for a mech and/or all mechanisms.

      Parameters:
          minor_status minor status code
          mech given together with mech_attr will return the list of
          attributes for mechanism, can optionally be GSS_C_NO_OID.



                                    - 4 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



          mech_attr see mech parameter, can optionally be NULL, release with
          gss_release_oid_set().
          known_mech_attrs all attributes for mechanisms supported, release
          with gss_release_oid_set().

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
      gss_inquire_saslname_for_mech (OM_uint32 * minor_status, const gss_OID
      desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name,
      gss_buffer_t mech_description)
      Returns different protocol names and description of the mechanism.

      Parameters:
          minor_status minor status code
          desired_mech mech list query
          sasl_mech_name SASL GS2 protocol name
          mech_name gssapi protocol name
          mech_description description of gssapi mech

      Returns:
          returns GSS_S_COMPLETE or a error code.

    GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL gss_oid_equal (gss_const_OID a,
      gss_const_OID b)
      Compare two GSS-API OIDs with each other.

      GSS_C_NO_OID matches nothing, not even it-self.

      Parameters:
          a first oid to compare
          b second oid to compare

      Returns:
          non-zero when both oid are the same OID, zero when they are not
          the same.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred
      (OM_uint32 * minor_status, gss_cred_id_t * cred_handle)
      Release a credentials

      Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will
      return a GSS_S_COMPLETE error code. On return cred_handle is set ot
      GSS_C_NO_CREDENTIAL.

      Example:

       gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
       major = gss_release_cred(&minor, &cred);

      Parameters:



                                    - 5 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



          minor_status minor status return code, mech specific
          cred_handle a pointer to the credential too release

      Returns:
          an gssapi error code

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_iov_buffer
      (OM_uint32 * minor_status, gss_iov_buffer_desc * iov, int iov_count)

      Free all buffer allocated by gss_wrap_iov() or gss_unwrap_iov() by
      looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name
      (OM_uint32 * minor_status, gss_name_t * input_name)
      Free a name

      import_name can point to NULL or be NULL, or a pointer to a gss_name_t
      structure. If it was a pointer to gss_name_t, the pointer will be set
      to NULL on success and failure.

      Parameters:
          minor_status minor status code
          input_name name to free

      Returns:
          a gss_error code, see gss_display_status() about printing the
          error code.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap_iov (OM_uint32
      * minor_status, gss_ctx_id_t context_handle, int * conf_state,
      gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count)
      Decrypt or verifies the signature on the data.

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap (OM_uint32 *
      minor_status, const gss_ctx_id_t context_handle, int conf_req_flag,
      gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *
      conf_state, gss_buffer_t output_message_buffer)
      Wrap a message using either confidentiality (encryption + signature)
      or sealing (signature).

      Parameters:
          minor_status minor status code.
          context_handle context handle.
          conf_req_flag if non zero, confidentiality is requestd.
          qop_req type of protection needed, in most cases it
          GSS_C_QOP_DEFAULT should be passed in.
          input_message_buffer messages to wrap
          conf_state returns non zero if confidentiality was honoured.
          output_message_buffer the resulting buffer, release with



                                    - 6 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



          gss_release_buffer().

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov (OM_uint32 *
      minor_status, gss_ctx_id_t context_handle, int conf_req_flag,
      gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int
      iov_count)
      Encrypts or sign the data.

      This is a more complicated version of gss_wrap(), it allows the caller
      to use AEAD data (signed header/trailer) and allow greater controll
      over where the encrypted data is placed.

      The maximum packet size is gss_context_stream_sizes.max_msg_size.

      The caller needs provide the folloing buffers when using in
      conf_req_flag=1 mode:

      + HEADER (of size gss_context_stream_sizes.header) { DATA or SIGN_ONLY
        } (optional, zero or more) PADDING (of size
        gss_context_stream_sizes.blocksize, if zero padding is zero, can be
        omitted) TRAILER (of size gss_context_stream_sizes.trailer)

      + on DCE-RPC mode, the caller can skip PADDING and TRAILER if the DATA
        elements is padded to a block bountry and header is of at least size
        gss_context_stream_sizes.header + gss_context_stream_sizes.trailer.

      HEADER, PADDING, TRAILER will be shrunken to the size required to
      transmit any of them too large.

      To generate gss_wrap() compatible packets, use: HEADER | DATA |
      PADDING | TRAILER

      When used in conf_req_flag=0,

      + HEADER (of size gss_context_stream_sizes.header) { DATA or SIGN_ONLY
        } (optional, zero or more) PADDING (of size
        gss_context_stream_sizes.blocksize, if zero padding is zero, can be
        omitted) TRAILER (of size gss_context_stream_sizes.trailer)

      The input sizes of HEADER, PADDING and TRAILER can be fetched using
      gss_wrap_iov_length() or gss_context_query_attributes().

    GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length
      (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int
      conf_req_flag, gss_qop_t qop_req, int * conf_state,
      gss_iov_buffer_desc * iov, int iov_count)
      Update the length fields in iov buffer for the types:

      + GSS_IOV_BUFFER_TYPE_HEADER



                                    - 7 -         Formatted:  March 28, 2024






 Heimdal GSS-API functions(3)   Version 1.5.2   Heimdal GSS-API functions(3)
 HeimdalGSS-APIlibrary                                 HeimdalGSS-APIlibrary

                                 11 Jan 2012



      + GSS_IOV_BUFFER_TYPE_PADDING

      + GSS_IOV_BUFFER_TYPE_TRAILER

      Consider using gss_context_query_attributes() to fetch the data
      instead.

 Variable Documentation
    gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc
      Initial value:

          {10, rk_UNCONST('
      .fi
      Query the context for parameters.

      SSPI equivalent if this function is QueryContextAttributes.

      + GSS_C_ATTR_STREAM_SIZES data is a gss_context_stream_sizes.































                                    - 8 -         Formatted:  March 28, 2024