qkrb_build_spnego_init_token()--Build a SPNEGO Initiator Token

Syntax

 #include <qkrbspnego.h>

 OM_uint32 qkrb_build_spnego_init_token(
     gss_OID_set          supported_mechanisms,
     gss_flags_t        * context_flags,
     gss_buffer_desc    * token_for_first_mechanism,
     gss_buffer_desc    * mechanism_list_mic,
     OM_uint32            format_type, 
     gss_buffer_desc    * initiator_token);

  Service Program Name: QSYS/QKRBSPNEGO
  Default Public Authority: *USE

  Threadsafe: Yes

The qkrb_build_spnego_init_token() builds a Simple and Protected GSS-API Negotiation (SPNEGO) Initiator Token and returns the results to the caller.

Authorities

No authorities are required.

Parameters

supported_mechanisms (Input): A gss_OID_set that contains one or more security mechanisms supported by the initiator. Specify GSS_C_NO_OID_SET if there are no mechanisms to add.
context_flags (Input): The context flags that are required to establish the context. The context flags should be filled in from the req_flags parameter of gss_init_sec_context(). Specify NULL for this parameter if there are no context flags to send.

The following flags are supported. All other flags will be ignored.

GSS_C_ANON_FLAG (64)	The initiator identity will not be provided to the context acceptor.
GSS_C_CONF_FLAG (16)	Message confidentiality services are available.
GSS_C_DELEG_FLAG (1)	Delegated credentials will be available to the context acceptor.
GSS_C_INTEG_FLAG (32)	Message integrity services are available.
GSS_C_MUTUAL_FLAG (2)	Mutual authentication will be performed. The gss_accept_sec_context() routine will generate an output token which the context acceptor must return to the context initiator to complete the security context setup.
GSS_C_REPLAY_FLAG (4)	Message replay detection will be performed.
GSS_C_SEQUENCE_FLAG (8)	Message sequence checking will be performed.

token_for_first_mechanism (Input)

The security token associated with the first mechanism in the supported_mechanisms gss_OID_set. Specify GSS_C_NO_BUFFER if there is no token.

mechanism_list_mic (Input)

The mechanism list MIC to be added to the initiator token. Specify GSS_C_NO_BUFFER if there is no mechanism list MIC.

format_type (Input)

The format to follow when building the SPNEGO token. Possible values are:

GSS_SPNEGO_FORMAT_0 (0)	The format of the SPNEGO token built follows the syntax defined in RFC 2478.
GSS_SPNEGO_FORMAT_1 (1)	The format of the SPNEGO token built follows the syntax defined in RFC 2478 with one exception. The mechanism_list_mic is sent as SEQUENCE/GENERAL_STRING.

initiator_token (Output)

The initiator token built from the input information. The application should release the initiator token when it is no longer needed by calling the gss_release_buffer() routine.

Return Value

The return value is one of the following status codes:

GSS_SPNEGO_SUCCESS (0): The routine completed successfully.
GSS_SPNEGO_UNEXPECTED_ERR (1): The routine failed for unexpected reasons. Check the joblog for errors.
GSS_SPNEGO_NOMEM (2): Memory allocation failed.

Related Information

For a description of the SPNEGO protocol, see RFC 2478 on the RFC Pages Link outside information center for The Simple and Protected GSS-API Negotiation Mechanism.

API introduced: V5R4

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]