|
Grid Community Toolkit
6.2.1629922860 (tag: v6.2.20210826)
|
|
Grid Community Toolkit
6.2.1629922860 (tag: v6.2.20210826)
|
Delegation Functions. More...
Functions | |
| OM_uint32 GSS_CALLCONV | gss_accept_delegation (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID_set extension_oids, const gss_buffer_set_t extension_buffers, const gss_buffer_t input_token, OM_uint32 req_flags, OM_uint32 time_req, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle, gss_OID *mech_type, gss_buffer_t output_token) |
| Accept a delegated credential. More... | |
| OM_uint32 GSS_CALLCONV | gss_init_delegation (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_cred_id_t cred_handle, const gss_OID desired_mech, const gss_OID_set extension_oids, const gss_buffer_set_t extension_buffers, const gss_buffer_t input_token, OM_uint32 req_flags, OM_uint32 time_req, gss_buffer_t output_token) |
| Initiate Delegation. More... | |
Delegation Functions.
Functions in this section allow delegation to occur outside of the context initiation handshake.
| OM_uint32 GSS_CALLCONV gss_accept_delegation | ( | OM_uint32 * | minor_status, |
| const gss_ctx_id_t | context_handle, | ||
| const gss_OID_set | extension_oids, | ||
| const gss_buffer_set_t | extension_buffers, | ||
| const gss_buffer_t | input_token, | ||
| OM_uint32 | req_flags, | ||
| OM_uint32 | time_req, | ||
| OM_uint32 * | time_rec, | ||
| gss_cred_id_t * | delegated_cred_handle, | ||
| gss_OID * | mech_type, | ||
| gss_buffer_t | output_token | ||
| ) |
Accept a delegated credential.
This functions drives the accepting side of the credential delegation process. It is expected to be called in tandem with the gss_init_delegation function.
| minor_status | The minor status returned by this function. This parameter will be 0 upon success. |
| context_handle | The security context over which the credential is delegated. |
| extension_oids | A set of extension OIDs corresponding to buffers in the extension_buffers parameter below. May be GSS_C_NO_BUFFER_SET. Currently not used. |
| extension_buffers | A set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET. Currently not used. |
| input_token | The token that was produced by a prior call to gss_init_delegation. |
| req_flags | Flags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE is checked for. This flag results in tokens that aren't wrapped. |
| time_req | The requested period of validity (seconds) of the delegated credential. Currently a NO-OP. |
| time_rec | This parameter will contain the received period of validity of the delegated credential upon success. May be NULL. |
| delegated_cred_handle | This parameter will contain the delegated credential upon success. |
| mech_type | Returns the security mechanism upon success. Currently not implemented. May be NULL. |
| output_token | A token that should be passed to gss_init_delegation if the return value is GSS_S_CONTINUE_NEEDED. |
| GSS_S_COMPLETE | Successful completion |
| GSS_S_CONTINUE_NEEDED | The function needs to be called again. |
| GSS_S_FAILURE | Failure |
| OM_uint32 GSS_CALLCONV gss_init_delegation | ( | OM_uint32 * | minor_status, |
| const gss_ctx_id_t | context_handle, | ||
| const gss_cred_id_t | cred_handle, | ||
| const gss_OID | desired_mech, | ||
| const gss_OID_set | extension_oids, | ||
| const gss_buffer_set_t | extension_buffers, | ||
| const gss_buffer_t | input_token, | ||
| OM_uint32 | req_flags, | ||
| OM_uint32 | time_req, | ||
| gss_buffer_t | output_token | ||
| ) |
Initiate Delegation.
This functions drives the initiating side of the credential delegation process. It is expected to be called in tandem with the gss_accept_delegation function.
| minor_status | The minor status returned by this function. This parameter will be 0 upon success. |
| context_handle | The security context over which the credential is delegated. |
| cred_handle | The credential to be delegated. May be GSS_C_NO_CREDENTIAL in which case the credential associated with the security context is used. |
| desired_mech | The desired security mechanism. Currently not used. May be GSS_C_NO_OID. |
| extension_oids | A set of extension OIDs corresponding to buffers in the extension_buffers parameter below. The extensions specified will be added to the delegated credential. May be GSS_C_NO_BUFFER_SET. |
| extension_buffers | A set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET. |
| input_token | The token that was produced by a prior call to gss_accept_delegation. This parameter will be ignored the first time this function is called. |
| req_flags | Flags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG are checked for. The GSS_C_GLOBUS_SSL_COMPATIBLE flag results in tokens that aren't wrapped and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG causes the delegated proxy to be limited (requires that no extensions are specified. |
| time_req | The requested period of validity (seconds) of the delegated credential. Passing a time_req of 0 cause the delegated credential to have the same lifetime as the credential that issued it. |
| output_token | A token that should be passed to gss_accept_delegation if the return value is GSS_S_CONTINUE_NEEDED. |
| GSS_S_COMPLETE | Success |
| GSS_S_CONTINUE_NEEDED | This function needs to be called again. |
| GSS_S_FAILURE | upon failure |
1.8.5
