gss_inquire_context()--Get Information About Security Context

Syntax

 #include <gssapi.h>

 OM_uint32 gss_inquire_context (
     OM_uint32 *    minor_status,
     gss_ctx_id_t     context_handle,  
     gss_name_t *   source_name,
     gss_name_t *     target_name,
     OM_uint32 *    lifetime,
     gss_OID *      mech_type,
     gss_flags_t *    ret_flags,
     int *      local,
     int *      open);

  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_inquire_context() function returns information about a security context to the calling application.

Parameters

minor_status (Output)

A status code from the security mechanism.

context_handle (Input)

The handle for the security context.

source_name (Output)

The principal name associated with the context initiator. Specify NULL for this parameter if the principal name is not required.

target_name (Output)

The principal name associated with the context acceptor. Specify NULL for this parameter if the principal name is not required.

lifetime (Output)

The number of seconds for which the context remains valid. Specify NULL for this parameter if the context lifetime is not required. The returned value is GSS_C_INDEFINITE if the security mechanism does not support context expiration.

mech_type (Output)

The mechanism used to create the security context. The gss_OID value returned for this parameter points to read-only storage and must not be released by the application. Specify NULL for this parameter if the mechanism type is not required.

ret_flags (Output)

A bit mask containing independent flags indicating which GSS services are available for the context. Specify NULL for this parameter if the available service flags are not required. The following symbolic definitions are provided to test the individual flags and should be logically ANDed with the value of ret_flags to test whether the context supports the service options:

GSS_C_ANON_FLAG

The initiator identity will not be provided to the context acceptor.

GSS_C_CONF_FLAG

Message confidentiality services are available.

GSS_C_DELEG_FLAG

Delegated credentials will be available to the context acceptor.

GSS_C_INTEG_FLAG

Message integrity services are available.

GSS_C_MUTUAL_FLAG

Mutual authentication will be performed. The gss_accept_sec_context() routine will generate an output token which the context acceptor must return to the context initiator to complete the security context setup.

GSS_C_PROT_READY_FLAG

Protection services, as specified by the states of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, are available for use even if the context is not fully established. Otherwise, protection services are available for use only if value returned by the open parameter is TRUE.

GSS_C_REPLAY_FLAG

Message replay detection will be performed.

GSS_C_SEQUENCE_FLAG

Message sequence checking will be performed.

local (Output)

TRUE if the context was initiated locally and FALSE otherwise. Specify NULL for this parameter if the local indication is not required.

open (Output)

TRUE if context establishment has been completed and FALSE otherwise. Specify NULL for this parameter if the open indication is not required.

Return Value

The return value is one of the following status codes:

GSS_S_COMPLETE: The routine completed successfully.
GSS_S_CONTEXT_EXPIRED: The referenced context has expired.
GSS_S_FAILURE: The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.
GSS_S_NO_CONTEXT: The context handle provided by the caller does not refer to a valid security context.

Authorities

Object Referred to

Data Authority Required

Each directory in the path name preceding the configuration file

Configuration file

Error Messages

Message ID

Error Message Text

CPE3418 E

Possible APAR condition or hardware failure.

API introduced: V5R1

[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]