gss_inquire_contGenericSSecurity Services API Librarygss_inquire_context(3GSS)NAMEgss_inquire_context - obtain information about a security context
SYNOPSIS
cc -flag ... file ...-lgss [library ...]
#include <gssapi/gssapi.h>
OM_uint32 gss_inquire_context(OM_uint32 *minor_status, const
gss_ctx_id_t context_handle, gss_name_t *src_name, gss_name_t
*targ_name, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32
*ctx_flags, int *locally_initiated, int *open);
DESCRIPTION
The gss_inquire_context() function obtains information about a security
context. The caller must already have obtained a handle that refers to
the context, although the context need not be fully established.
PARAMETERS
The parameter descriptions for gss_inquire_context() are as follows:
minor_status A mechanism-specific status code.
context_handle A handle that refers to the security context.
src_name The name of the context initiator. If the context was
established using anonymous authentication, and if the
application invoking gss_inquire_context() is the con‐
text acceptor, an anonymous name is returned. Storage
associated with this name must be freed by the applica‐
tion after use with a call to gss_release_name(). Spec‐
ify NULL if the parameter is not required.
targ_name The name of the context acceptor. Storage associated
with this name must be freed by the application after
use with a call to gss_release_name(). If the context
acceptor did not authenticate itself, and if the ini‐
tiator did not specify a target name in its call to
gss_init_sec_context(), the value GSS_C_NO_NAME is
returned. Specify NULL if the parameter is not
required.
lifetime_rec The number of seconds for which the context will remain
valid. If the context has expired, this parameter will
be set to zero. Specify NULL if the parameter is not
required.
mech_type The security mechanism providing the context. The
returned OID is a pointer to static storage that should
be treated as read-only by the application; in particu‐
lar, the application should not attempt to free it.
Specify NULL if the parameter is not required.
ctx_flags Contains various independent flags, each of which indi‐
cates that the context supports (or is expected to sup‐
port, if ctx_open is false) a specific service option.
If not needed, specify NULL. Symbolic names are pro‐
vided for each flag, and the symbolic names correspond‐
ing to the required flags should be logically ANDed
with the ret_flags value to test whether a given option
is supported by the context. The flags are:
GSS_C_DELEG_FLAG
If true, credentials were delegated from the ini‐
tiator to the acceptor. If false, no credentials
were delegated.
GSS_C_MUTUAL_FLAG
If true, the acceptor was authenticated to the ini‐
tiator. If false, the acceptor did not authenticate
itself.
GSS_C_REPLAY_FLAG
If true, the replay of protected messages will be
detected. If false, replayed messages will not be
detected.
GSS_C_SEQUENCE_FLAG
If true, out-of-sequence protected messages will be
detected. If false, out-of-sequence messages will
not be detected.
GSS_C_CONF_FLAG
If true, confidential service may be invoked by
calling the gss_wrap(3GSS) routine. If false, no
confidential service is available through
gss_wrap(). gss_wrap() provides message encapsula‐
tion, data-origin authentication, and integrity
services only.
GSS_C_INTEG_FLAG
If true, integrity service can be invoked by call‐
ing either the gss_get_mic() or the gss_wrap() rou‐
tine. If false, per-message integrity service is
unavailable.
GSS_C_ANON_FLAG
If true, the initiator's identity is not revealed
to the acceptor. The src_name parameter, if
requested, contains an anonymous internal name. If
false, the initiator has been authenticated nor‐
mally.
GSS_C_PROT_READY_FLAG
If true, the protection services, as specified by
the states of the GSS_C_CONF_FLAG and
GSS_C_INTEG_FLAG, are available for use. If false,
they are available only if the context is fully
established, that is, if the open parameter is non-
zero.
GSS_C_TRANS_FLAG
If true, resultant security context can be trans‐
ferred to other processes through a call to
gss_export_sec_context(). If false, the security
context is not transferable.
locally_initiateNon-zero if the invoking application is the context
initiator. Specify NULL if the parameter is not
required.
open Non-zero if the context is fully established; zero if a
context-establishment token is expected from the peer
application. Specify NULL if the parameter is not
required.
ERRORSgss_inquire_context() returns one of the following status codes:
GSS_S_COMPLETE Successful completion.
GSS_S_NO_CONTEXT The referenced context could not be accessed.
GSS_S_FAILURE The underlying mechanism detected an error for
which no specific GSS status code is defined.
The mechanism-specific status code reported by
means of the minor_status parameter details the
error condition.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWgss (32-bit) │
├─────────────────────────────┼─────────────────────────────┤
│ │SUNWgssx (64-bit) │
├─────────────────────────────┼─────────────────────────────┤
│MT-Level │Safe │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOgss_accept_sec_context(3GSS), gss_context_time(3GSS),
gss_delete_sec_context(3GSS), gss_export_sec_context(3GSS),
gss_import_sec_context(3GSS), gss_init_sec_context(3GSS),
gss_process_context_token(3GSS), gss_wrap(3GSS),
gss_wrap_size_limit(3GSS), attributes(5)
Solaris Security for Developers Guide
SunOS 5.10 17 Jan 2003 gss_inquire_context(3GSS)