gss_inquire_context()--Get Information About Security Context


  Syntax 
 #include <gssapi.h>

 OM_uint32 gss_inquire_context (
     OM_uint32 *    minor_status,
     gss_ctx_id_t     context_handle,  
     gss_name_t *   source_name,
     gss_name_t *     target_name,
     OM_uint32 *    lifetime,
     gss_OID *      mech_type,
     gss_flags_t *    ret_flags,
     int *      local,
     int *      open);
  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_inquire_context() function returns information about a security context to the calling application.


Parameters

minor_status  (Output)
A status code from the security mechanism.

context_handle  (Input)
The handle for the security context.

source_name  (Output)
The principal name associated with the context initiator. Specify NULL for this parameter if the principal name is not required.

target_name  (Output)
The principal name associated with the context acceptor. Specify NULL for this parameter if the principal name is not required.

lifetime  (Output)
The number of seconds for which the context remains valid. Specify NULL for this parameter if the context lifetime is not required. The returned value is GSS_C_INDEFINITE if the security mechanism does not support context expiration.

mech_type  (Output)
The mechanism used to create the security context. The gss_OID value returned for this parameter points to read-only storage and must not be released by the application. Specify NULL for this parameter if the mechanism type is not required.

ret_flags  (Output)
A bit mask containing independent flags indicating which GSS services are available for the context. Specify NULL for this parameter if the available service flags are not required. The following symbolic definitions are provided to test the individual flags and should be logically ANDed with the value of ret_flags to test whether the context supports the service options:

GSS_C_ANON_FLAG The initiator identity will not be provided to the context acceptor.
GSS_C_CONF_FLAG Message confidentiality services are available.
GSS_C_DELEG_FLAG Delegated credentials will be available to the context acceptor.
GSS_C_INTEG_FLAG Message integrity services are available.
GSS_C_MUTUAL_FLAG Mutual authentication will be performed. The gss_accept_sec_context() routine will generate an output token which the context acceptor must return to the context initiator to complete the security context setup.
GSS_C_PROT_READY_FLAG Protection services, as specified by the states of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, are available for use even if the context is not fully established. Otherwise, protection services are available for use only if value returned by the open parameter is TRUE.
GSS_C_REPLAY_FLAG Message replay detection will be performed.
GSS_C_SEQUENCE_FLAG Message sequence checking will be performed.


local  (Output)
TRUE if the context was initiated locally and FALSE otherwise. Specify NULL for this parameter if the local indication is not required.

open  (Output)
TRUE if context establishment has been completed and FALSE otherwise. Specify NULL for this parameter if the open indication is not required.

Return Value

The return value is one of the following status codes:

GSS_S_COMPLETE
The routine completed successfully.

GSS_S_CONTEXT_EXPIRED
The referenced context has expired.

GSS_S_FAILURE
The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.

GSS_S_NO_CONTEXT
The context handle provided by the caller does not refer to a valid security context.

Authorities

Object Referred to Data Authority Required
Each directory in the path name preceding the configuration file *X
Configuration file *R


Error Messages

Message ID Error Message Text
CPE3418 E Possible APAR condition or hardware failure.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]