Grid Community Toolkit  6.2.1541705016
Functions

Delegation Functions. More...

Functions

OM_uint32 GSS_CALLCONV gss_accept_delegation (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID_set extension_oids, const gss_buffer_set_t extension_buffers, const gss_buffer_t input_token, OM_uint32 req_flags, OM_uint32 time_req, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle, gss_OID *mech_type, gss_buffer_t output_token)
 Accept a delegated credential. More...
 
OM_uint32 GSS_CALLCONV gss_init_delegation (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_cred_id_t cred_handle, const gss_OID desired_mech, const gss_OID_set extension_oids, const gss_buffer_set_t extension_buffers, const gss_buffer_t input_token, OM_uint32 req_flags, OM_uint32 time_req, gss_buffer_t output_token)
 Initiate Delegation. More...
 

Detailed Description

Delegation Functions.

Functions in this section allow delegation to occur outside of the context initiation handshake.

Function Documentation

◆ gss_accept_delegation()

OM_uint32 GSS_CALLCONV gss_accept_delegation ( OM_uint32 *  minor_status,
const gss_ctx_id_t  context_handle,
const gss_OID_set  extension_oids,
const gss_buffer_set_t  extension_buffers,
const gss_buffer_t  input_token,
OM_uint32  req_flags,
OM_uint32  time_req,
OM_uint32 *  time_rec,
gss_cred_id_t *  delegated_cred_handle,
gss_OID *  mech_type,
gss_buffer_t  output_token 
)

Accept a delegated credential.

This functions drives the accepting side of the credential delegation process. It is expected to be called in tandem with the gss_init_delegation function.

Parameters
minor_statusThe minor status returned by this function. This parameter will be 0 upon success.
context_handleThe security context over which the credential is delegated.
extension_oidsA set of extension OIDs corresponding to buffers in the extension_buffers parameter below. May be GSS_C_NO_BUFFER_SET. Currently not used.
extension_buffersA set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET. Currently not used.
input_tokenThe token that was produced by a prior call to gss_init_delegation.
req_flagsFlags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE is checked for. This flag results in tokens that aren't wrapped.
time_reqThe requested period of validity (seconds) of the delegated credential. Currently a NO-OP.
time_recThis parameter will contain the received period of validity of the delegated credential upon success. May be NULL.
delegated_cred_handleThis parameter will contain the delegated credential upon success.
mech_typeReturns the security mechanism upon success. Currently not implemented. May be NULL.
output_tokenA token that should be passed to gss_init_delegation if the return value is GSS_S_CONTINUE_NEEDED.
Return values
GSS_S_COMPLETESuccessful completion
GSS_S_CONTINUE_NEEDEDThe function needs to be called again.
GSS_S_FAILUREFailure

◆ gss_init_delegation()

OM_uint32 GSS_CALLCONV gss_init_delegation ( OM_uint32 *  minor_status,
const gss_ctx_id_t  context_handle,
const gss_cred_id_t  cred_handle,
const gss_OID  desired_mech,
const gss_OID_set  extension_oids,
const gss_buffer_set_t  extension_buffers,
const gss_buffer_t  input_token,
OM_uint32  req_flags,
OM_uint32  time_req,
gss_buffer_t  output_token 
)

Initiate Delegation.

This functions drives the initiating side of the credential delegation process. It is expected to be called in tandem with the gss_accept_delegation function.

Parameters
minor_statusThe minor status returned by this function. This parameter will be 0 upon success.
context_handleThe security context over which the credential is delegated.
cred_handleThe credential to be delegated. May be GSS_C_NO_CREDENTIAL in which case the credential associated with the security context is used.
desired_mechThe desired security mechanism. Currently not used. May be GSS_C_NO_OID.
extension_oidsA set of extension OIDs corresponding to buffers in the extension_buffers parameter below. The extensions specified will be added to the delegated credential. May be GSS_C_NO_BUFFER_SET.
extension_buffersA set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET.
input_tokenThe token that was produced by a prior call to gss_accept_delegation. This parameter will be ignored the first time this function is called.
req_flagsFlags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG are checked for. The GSS_C_GLOBUS_SSL_COMPATIBLE flag results in tokens that aren't wrapped and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG causes the delegated proxy to be limited (requires that no extensions are specified.
time_reqThe requested period of validity (seconds) of the delegated credential. Passing a time_req of 0 cause the delegated credential to have the same lifetime as the credential that issued it.
output_tokenA token that should be passed to gss_accept_delegation if the return value is GSS_S_CONTINUE_NEEDED.
Return values
GSS_S_COMPLETESuccess
GSS_S_CONTINUE_NEEDEDThis function needs to be called again.
GSS_S_FAILUREupon failure