gss_inquire_context()--Get Information About Security Context
Syntax
#include <gssapi.h> OM_uint32 gss_inquire_context ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_name_t * source_name, gss_name_t * target_name, OM_uint32 * lifetime, gss_OID * mech_type, gss_flags_t * ret_flags, int * local, int * open);Service Program Name: QSYS/QKRBGSS
Default public authority: *USE
Threadsafe: Yes
The gss_inquire_context() function returns information about a security context to the calling application.
Parameters
- minor_status (Output)
- A status code from the security mechanism.
- context_handle (Input)
- The handle for the security context.
- source_name (Output)
- The principal name associated with the context initiator. Specify
NULL for this parameter if the principal name is not
required.
- target_name (Output)
- The principal name associated with the context acceptor. Specify
NULL for this parameter if the principal name is not
required.
- lifetime (Output)
- The number of seconds for which the context remains valid. Specify
NULL for this parameter if the context lifetime is not
required. The returned value is GSS_C_INDEFINITE if the
security mechanism does not support context expiration.
- mech_type (Output)
- The mechanism used to create the security context. The gss_OID value
returned for this parameter points to read-only storage and must not be
released by the application. Specify NULL for this parameter
if the mechanism type is not required.
- ret_flags (Output)
- A bit mask containing independent flags indicating which GSS services are
available for the context. Specify NULL for this parameter if
the available service flags are not required. The following symbolic
definitions are provided to test the individual flags and should be logically
ANDed with the value of ret_flags to test whether the context supports
the service options:
GSS_C_ANON_FLAG The initiator identity will not be provided to the context acceptor. GSS_C_CONF_FLAG Message confidentiality services are available. GSS_C_DELEG_FLAG Delegated credentials will be available to the context acceptor. GSS_C_INTEG_FLAG Message integrity services are available. GSS_C_MUTUAL_FLAG Mutual authentication will be performed. The gss_accept_sec_context() routine will generate an output token which the context acceptor must return to the context initiator to complete the security context setup. GSS_C_PROT_READY_FLAG Protection services, as specified by the states of the GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, are available for use even if the context is not fully established. Otherwise, protection services are available for use only if value returned by the open parameter is TRUE. GSS_C_REPLAY_FLAG Message replay detection will be performed. GSS_C_SEQUENCE_FLAG Message sequence checking will be performed.
- local (Output)
- TRUE if the context was initiated locally and
FALSE otherwise. Specify NULL for this
parameter if the local indication is not required.
- open (Output)
- TRUE if context establishment has been completed and FALSE otherwise. Specify NULL for this parameter if the open indication is not required.
Return Value
The return value is one of the following status codes:
- GSS_S_COMPLETE
- The routine completed successfully.
- GSS_S_CONTEXT_EXPIRED
- The referenced context has expired.
- GSS_S_FAILURE
- The routine failed for reasons that are not defined at the GSS level. The
minor_status return parameter contains a mechanism-dependent error
code describing the reason for the failure.
- GSS_S_NO_CONTEXT
- The context handle provided by the caller does not refer to a valid security context.
Authorities
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the configuration file | *X |
Configuration file | *R |
Error Messages
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
API introduced: V5R1
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]