Provided by: libglobus-gss-assist-doc_9.0-1_all 
NAME
Utility Functions -
Macros
#define GlobusGssAssistFreeDNArray(dn_a)
#define NI_MAXHOST 255
Functions
int globus_gss_assist_gridmap (char *globusidp, char **useridp)
int globus_gss_assist_userok (char *globusid, char *userid)
int globus_gss_assist_map_local_user (char *local_user, char **globusidp)
globus_result_t globus_gss_assist_lookup_all_globusid (char *username, char **dns[], int
*dn_count)
globus_result_t globus_gss_assist_map_and_authorize (gss_ctx_id_t context, char *service,
char *desired_identity, char *identity_buffer, unsigned int identity_buffer_length)
globus_result_t globus_gss_assist_map_and_authorize_sharing (char
*shared_user_certificate, gss_ctx_id_t context, char *desired_identity, char
*identity_buffer, unsigned int identity_buffer_length)
Accept Security Context
OM_uint32 globus_gss_assist_accept_sec_context (OM_uint32 *minor_status, gss_ctx_id_t
*context_handle, const gss_cred_id_t cred_handle, char **src_name_char, OM_uint32
*ret_flags, int *user_to_user_flag, int *token_status, gss_cred_id_t
*delegated_cred_handle, int(*gss_assist_get_token)(void *, void **, size_t *), void
*gss_assist_get_context, int(*gss_assist_send_token)(void *, void *, size_t), void
*gss_assist_send_context)
Accept Security Context Asyncronous
OM_uint32 globus_gss_assist_accept_sec_context_async (OM_uint32 *minor_status,
gss_ctx_id_t *context_handle, const gss_cred_id_t cred_handle, char **src_name_char,
OM_uint32 *ret_flags, int *user_to_user_flag, void *input_buffer, size_t
input_buffer_len, void **output_bufferp, size_t *output_buffer_lenp, gss_cred_id_t
*delegated_cred_handle)
Acquire Credential
OM_uint32 globus_gss_assist_acquire_cred (OM_uint32 *minor_status, gss_cred_usage_t
cred_usage, gss_cred_id_t *output_cred_handle)
Acquire Credential Extension
OM_uint32 globus_gss_assist_acquire_cred_ext (OM_uint32 *minor_status, char
*desired_name_char, OM_uint32 time_req, const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set
*actual_mechs, OM_uint32 *time_rec)
Display Status
OM_uint32 globus_gss_assist_display_status (FILE *fp, char *comment, OM_uint32
major_status, OM_uint32 minor_status, int token_status)
Display Status String
OM_uint32 globus_gss_assist_display_status_str (char **str, char *comment, OM_uint32
major_status, OM_uint32 minor_status, int token_status)
OM_uint32 globus_gss_assist_import_sec_context (OM_uint32 *minor_status, gss_ctx_id_t
*context_handle, int *token_status, int fdp, FILE *fperr)
Init Security Context
OM_uint32 globus_gss_assist_init_sec_context (OM_uint32 *minor_status, const gss_cred_id_t
cred_handle, gss_ctx_id_t *context_handle, char *target_name_char, OM_uint32
req_flags, OM_uint32 *ret_flags, int *token_status, int(*gss_assist_get_token)(void *,
void **, size_t *), void *gss_assist_get_context, int(*gss_assist_send_token)(void *,
void *, size_t), void *gss_assist_send_context)
Init Security Context Async
OM_uint32 globus_gss_assist_init_sec_context_async (OM_uint32 *minor_status, const
gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, char *target_name_char,
OM_uint32 req_flags, OM_uint32 *ret_flags, void *input_buffer, size_t
input_buffer_len, void **output_bufferp, size_t *output_buffer_lenp)
Will Handle Restrictions
OM_uint32 globus_gss_assist_will_handle_restrictions (OM_uint32 *minor_status,
gss_ctx_id_t *context_handle)
Get Unwrap
OM_uint32 globus_gss_assist_get_unwrap (OM_uint32 *minor_status, const gss_ctx_id_t
context_handle, char **data, size_t *length, int *token_status,
int(*gss_assist_get_token)(void *, void **, size_t *), void *gss_assist_get_context,
FILE *fperr)
Wrap
OM_uint32 globus_gss_assist_wrap_send (OM_uint32 *minor_status, const gss_ctx_id_t
context_handle, char *data, size_t length, int *token_status,
int(*gss_assist_send_token)(void *, void *, size_t), void *gss_assist_send_context,
FILE *fperr)
Detailed Description
Utility functions for GSSAPI.
Macro Definition Documentation
#define GlobusGssAssistFreeDNArray(dn_a)
Free array of distinguished names. Free the contents of a name array created during a
successful call to globus_gss_assist_lookup_all_globusid()
Parameters:
dn_a Array of names to free.
Return values:
void
#define NI_MAXHOST 255
Create a GSS Name structure from the given hostname. This function tries to resolve the
given host name string to the canonical DNS name for the host.
Parameters:
hostname The host name or numerical address to be resolved and transform into a GSS
Name
authorization_hostname The resulting GSS Name
Returns:
GLOBUS_SUCCESS on successful completion, a error object otherwise
Function Documentation
OM_uint32 globus_gss_assist_accept_sec_context (OM_uint32 *minor_status, gss_ctx_id_t
*context_handle, const gss_cred_id_tcred_handle, char **src_name_char, OM_uint32
*ret_flags, int *user_to_user_flag, int *token_status, gss_cred_id_t
*delegated_cred_handle, int(*)(void *, void **, size_t *)gss_assist_get_token, void
*gss_assist_get_context, int(*)(void *, void *, size_t)gss_assist_send_token, void
*gss_assist_send_context)
This routine accepts a GSSAPI security context and is called by the gram_gatekeeper. It
isolates the GSSAPI from the rest of the gram code.
Initialize a gssapi security connection. Used by the server. The context_handle is
returned, and there is one for each connection. This routine will take cake of the looping
and token processing, using the supplied get_token and send_token routines.
Parameters:
minor_status gssapi return code
context_handle pointer to returned context.
cred_handle the cred handle obtained by acquire_cred.
src_name_char Pointer to char string repersentation of the client which contacted the
server. Maybe NULL if not wanted. Should be freed when done.
ret_flags Pointer to which services are available after the connection is established.
Maybe NULL if not wanted. We will also use this to pass in flags to the globus version
of gssapi_ssleay
user_to_user_flag Pointer to flag to be set if the src_name is the same as our name.
(Follwing are particular to this assist routine)
token_status assist routine get/send token status
delegated_cred_handle pointer to be set to the credential delegated by the client if
delegation occurs during the security handshake
gss_assist_get_token a get token routine
gss_assist_get_context first arg for the get token routine
gss_assist_send_token a send token routine
gss_assist_send_context first arg for the send token routine
Returns:
GSS_S_COMPLETE on sucess Other gss errors on failure.
OM_uint32 globus_gss_assist_accept_sec_context_async (OM_uint32 *minor_status, gss_ctx_id_t
*context_handle, const gss_cred_id_tcred_handle, char **src_name_char, OM_uint32
*ret_flags, int *user_to_user_flag, void *input_buffer, size_tinput_buffer_len, void
**output_bufferp, size_t *output_buffer_lenp, gss_cred_id_t *delegated_cred_handle)
This is a asynchronous version of the globus_gss_assist_accept_sec_context() function.
Instead of looping itself it passes in and out the read and written buffers and the
calling application is responsible for doing the I/O directly.
Parameters:
minor_status gssapi return code
context_handle pointer to returned context.
cred_handle the cred handle obtained by acquire_cred.
src_name_char Pointer to char string repersentation of the client which contacted the
server. Maybe NULL if not wanted. Should be freed when done.
ret_flags Pointer to which services are available after the connection is established.
Maybe NULL if not wanted. We will also use this to pass in flags to the globus version
of gssapi_ssleay
user_to_user_flag Pointer to flag to be set if the src_name is the same as our name.
input_buffer pointer to a buffer received from peer.
input_buffer_len length of the buffer input_buffer.
output_bufferp pointer to a pointer which will be filled in with a pointer to a
allocated block of memory. If non-NULL the contents of this block should be written to
the peer where they will be fed into the gss_assist_init_sec_context_async() function.
output_buffer_lenp pointer to an integer which will be filled in with the length of
the allocated output buffer pointed to by *output_bufferp.
delegated_cred_handle pointer to be set to the credential delegated by the client if
delegation occurs during the security handshake
Returns:
GSS_S_COMPLETE on successful completion when this function does not need to be called
again.
GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new
input_buffer read and this function called again.
Other gss errors on failure.
OM_uint32 globus_gss_assist_acquire_cred (OM_uint32 *minor_status, gss_cred_usage_tcred_usage,
gss_cred_id_t *output_cred_handle)
Called once at the start of the process, to obtain the credentials the process is running
under. The
Parameters:
minor_status pointer for return code
cred_usage GSS_C_INITIATE, GSS_C_ACCEPT, or GSS_C_BOTH
output_cred_handle Pointer to the returned handle. This needs to be passed to many gss
routines.
Returns:
GSS_S_COMPLETE on sucess Other GSS return codes
References globus_gss_assist_acquire_cred_ext().
OM_uint32 globus_gss_assist_acquire_cred_ext (OM_uint32 *minor_status, char
*desired_name_char, OM_uint32time_req, const gss_OID_setdesired_mechs,
gss_cred_usage_tcred_usage, gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs,
OM_uint32 *time_rec)
Called once at the start of the process, to obtain the credentials the process is running
under. All the parameters of the gss_acquire_cred, except the desired_name is a string of
the form: [type:]name. This will be imported with the type.
Returns:
GSS_S_COMPLETE on sucess Other GSS return codes
See Also:
globus_gsi_gss_acquire_cred
References globus_gss_assist_display_status().
OM_uint32 globus_gss_assist_display_status (FILE *fp, char *comment, OM_uint32major_status,
OM_uint32minor_status, inttoken_status)
Display the messages for the major and minor status on the file pointed at by fp. Takes
care of the overloaded major_status if there was a problem with the get_token or
send_token routines.
Parameters:
fp a file pointer
comment String to print out before other error messages.
major_status The major status to display
minor_status The minor status to display
token_status token status to display
Returns:
0
References globus_gss_assist_display_status_str().
OM_uint32 globus_gss_assist_display_status_str (char **str, char *comment,
OM_uint32major_status, OM_uint32minor_status, inttoken_status)
Display the messages for the major and minor status and return a string with the messages.
Takes care of the overloaded major_status if there was a problem with the get_token or
send_token routines.
Parameters:
str pointer to char * for returned string. Must be freed
comment String to print out before other error messages.
major_status The major status to display
minor_status The minor status to display
token_status token status to display
Returns:
0
int globus_gss_assist_gridmap (char *globusidp, char **useridp)
Look up the default mapping for a Grid identity in a gridmap file. The
globus_gss_assist_gridmap() function parses the default gridmap file and modifies its
useridp parameter to point to a copy of the string containing the default local identity
that the grid identity is mapped to. If successful, the caller is responsible for freeing
the string pointed to by useridp.
By default, globus_gss_assist_gridmap() looks for the default gridmap file defined by the
value of the GRIDMAP environment variable. If that is not set, it falls back to
$HOME/.gridmap.
Parameters:
globusidp The GSSAPI name string of the identity who requested authorization
useridp A pointer to a string to be set to the default user ID for the local system.
No validation is done to check that such a user exists.
Returns:
On success, globus_gss_assist_gridmap() returns 0 and modifies the the string pointed
to by the useridp parameter. If an error occurs, a non-zero value is returned and the
value pointed to by useridp is undefined.
Return values:
GLOBUS_SUCCESS Success
1 Error
References GLOBUS_GSI_GSS_ASSIST_ERROR_IN_GRIDMAP_NO_USER_ENTRY,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS, and GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP.
int globus_gss_assist_userok (char *globusid, char *userid)
Gridmap entry existence check. The globus_gss_assist_userok() function parses the default
gridmap file and checks whether any mapping exists for the grid identity passed as the
globusid parameter and the local user identity passed as the @ userid parameter.
By default, globus_gss_assist_userok() looks for the default gridmap file defined by the
value of the GRIDMAP environment variable. If that is not set, it falls back to
$HOME/.gridmap.
Parameters:
globusid The GSSAPI name string of the identity who requested authorization
userid The local account name that access is sought for.
Returns:
If globus_gss_assist_userok() is able to find a mapping between globusid and userid,
it returns 0; otherwise it returns 1.
Return values:
GLOBUS_SUCCESS Success
1 Error
References GLOBUS_GSI_GSS_ASSIST_ERROR_IN_GRIDMAP_NO_USER_ENTRY,
GLOBUS_GSI_GSS_ASSIST_ERROR_USER_ID_DOESNT_MATCH,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS, and GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP.
int globus_gss_assist_map_local_user (char *local_user, char **globusidp)
Look up the default Grid identity associated with a local user name. The
globus_gss_assist_map_local_user() function parses the gridmap file to determine a if the
user name passed as the local_user parameter is the default local user for a Grid ID in
the gridmap file. If so, it modifies globusidp to point to a copy of that ID. Otherwise,
it searches the gridmap file for a Grid ID that has a non-default mapping for local_user
and modifies globusidp to point to a copy of that ID. If successful, the caller is
responsible for freeing the string pointed to by the globusidp pointer.
By default, globus_gss_assist_map_local_user() looks for the default gridmap file defined
by the value of the GRIDMAP environment variable. If that is not set, it falls back to
$HOME/.gridmap.
Parameters:
local_user The local username to find a Grid ID for
globusidp A Grid ID that maps from the local_user.
Returns:
On success, globus_gss_assist_map_local_user() returns 0 and modifies globusidp to
point to a Grid ID that maps to local_user; otherwise,
globus_gss_assist_map_local_user() returns 1 and the value pointed to by globusidp is
undefined.
Return values:
GLOBUS_SUCCESS Success
1 Error
References GLOBUS_GSI_GSS_ASSIST_ERROR_IN_GRIDMAP_NO_USER_ENTRY,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS, and GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP.
globus_result_t globus_gss_assist_lookup_all_globusid (char *username, char **dns[], int
*dn_count)
Look up all Grid IDs associated with a local user ID. The
globus_gss_assist_lookup_all_globusid() function parses a gridmap file and finds all Grid
IDs that map to a local user ID. The dns parameter is modified to point to an array of
Grid ID strings from the gridmap file, and the dn_count parameter is modified to point to
the number of Grid ID strings in the array. The caller is responsible for freeing the
array using the macro GlobusGssAssistFreeDNArray().
By default, globus_gss_assist_lookup_all_globusid() looks for the default gridmap file
defined by the value of the GRIDMAP environment variable. If that is not set, it falls
back to $HOME/.gridmap.
Parameters:
username The local username to look up in the gridmap file.
dns A pointer to an array of strings. This function modifies this to point to a newly
allocated array of strings. The caller must use the macro GlobusGssAssistFreeDNArray()
to free this memory.
dn_count A pointer to an integer that is modified to contain the number of entries in
the array returned via the dns parameter.
Returns:
On success, globus_gss_assist_lookup_all_globusid() returns GLOBUS_SUCCESS and
modifies its dns and dn_count parameters as described above. If an error occurs,
globus_gss_assist_lookup_all_globusid() returns a globus_result_t that can be resolved
to an error object and the values pointed to by dns and dn_count are undefined.
Return values:
GLOBUS_SUCCESS Success
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS Error with arguments
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP Invalid path to gridmap
GLOBUS_GSI_GSS_ASSIST_ERROR_ERRNO System error
References GLOBUS_GSI_GSS_ASSIST_ERROR_ERRNO, GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_ARGUMENTS,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_GRIDMAP, and GLOBUS_GSI_GSS_ASSIST_MODULE.
globus_result_t globus_gss_assist_map_and_authorize (gss_ctx_id_tcontext, char *service, char
*desired_identity, char *identity_buffer, unsigned intidentity_buffer_length)
Authorize the peer of a security context to use a service. The
globus_gss_assist_map_and_authorize() function attempts to authorize the peer of a
security context to use a particular service. If the desired_identity parameter is non-
NULL, the authorization will succeed only if the peer is authorized for that identity.
Otherwise, any valid authorized local user name will be used. If authorized, the local
user name will be copied to the string pointed to by the identity_buffer parameter, which
must be at least as long as the value passed as the identity_buffer_length parameter.
If authorization callouts are defined in the callout configuration file,
globus_gss_assist_map_and_authorize() will invoke both the GLOBUS_GENERIC_MAPPING_TYPE
callout and the GLOBUS_GENERIC_AUTHZ_TYPE callout; otherwise the default gridmap file will
be used for mapping and no service-specific authorization will be done.
If globus_gss_assist_map_and_authorize() uses a gridmap file, it first looks for a file
defined by the value of the GRIDMAP environment variable. If that is not set, it falls
back to $HOME/.gridmap.
Parameters:
context Security context to inspect for peer identity information.
service A NULL-terminated string containing the name of the service that an
authorization decision is being made for.
desired_identity Optional. If non-NULL, perform an authorization to act as the local
user named by this NULL-terminated string.
identity_buffer A pointer to a string buffer into which will be copied the local user
name that the peer of the context is authorized to act as.
identity_buffer_length Length of the identity_buffer array.
Returns:
On success, globus_gss_assist_map_and_authorize() returns GLOBUS_SUCCESS and copies
the authorized local identity to the identity_buffer parameter. If an error occurs,
globus_gss_assist_map_and_authorize() returns a globus_result_t that can be resolved
to an error object.
Return values:
GLOBUS_SUCCESS Success
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_CALLOUT_CONFIG Invalid authorization configuration
file
GLOBUS_CALLOUT_ERROR_WITH_HASHTABLE Hash table operation failed.
GLOBUS_CALLOUT_ERROR_CALLOUT_ERROR The callout itself returned a error.
GLOBUS_CALLOUT_ERROR_WITH_DL Dynamic library operation failed.
GLOBUS_CALLOUT_ERROR_OUT_OF_MEMORY Out of memory
GLOBUS_GSI_GSS_ASSIST_GSSAPI_ERROR A GSSAPI function returned an error
GLOBUS_GSI_GSS_ASSIST_GRIDMAP_LOOKUP_FAILED Gridmap lookup failure
GLOBUS_GSI_GSS_ASSIST_BUFFER_TOO_SMALL Caller provided insufficient buffer space for
local identity
References GLOBUS_GSI_GSS_ASSIST_CALLOUT_ERROR.
globus_result_t globus_gss_assist_map_and_authorize_sharing (char *shared_user_certificate,
gss_ctx_id_tcontext, char *desired_identity, char *identity_buffer, unsigned
intidentity_buffer_length)
Authorize a particular credential for shared access. The
globus_gss_assist_map_and_authorize_sharing() function attempts to authorize a particular
credential for shared access. the desired_identity parameter is non-NULL, the
authorization will succeed only if the credential is authorized for that identity.
Otherwise, any valid authorized local user name will be used. If authorized, the local
user name will be copied to the string pointed to by the identity_buffer parameter, which
must be at least as long as the value passed as the identity_buffer_length parameter.
If authorization callouts are defined in the callout configuration file,
globus_gss_assist_map_and_authorize_sharing() will invoke both the
GLOBUS_GENERIC_MAPPING_TYPE callout and the GLOBUS_GENERIC_AUTHZ_TYPE callout; otherwise
the default gridmap file will be used for mapping and no service-specific authorization
will be done.
If globus_gss_assist_map_and_authorize_sharing() uses a gridmap file, it first looks for a
file defined by the value of the GRIDMAP environment variable. If that is not set, it
falls back to $HOME/.gridmap.
Parameters:
shared_user_certificate cert and cert chain of user that owns the resources to be
shared, in PEM format. This will be parsed to find the identity that should be mapped.
context Security context of the underlying connection. This should generally be
ignored.
desired_identity Optional. If non-NULL, perform an authorization to act as the local
user named by this NULL-terminated string.
identity_buffer A pointer to a string buffer into which will be copied the local user
name that the peer of the context is authorized to act as.
identity_buffer_length Length of the identity_buffer array.
Returns:
On success, globus_gss_assist_map_and_authorize_sharing() returns GLOBUS_SUCCESS and
copies the authorized local identity to the identity_buffer parameter. If an error
occurs, globus_gss_assist_map_and_authorize_sharing() returns a globus_result_t that
can be resolved to an error object.
Return values:
GLOBUS_SUCCESS Success
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_CALLOUT_CONFIG Invalid authorization configuration
file
GLOBUS_CALLOUT_ERROR_WITH_HASHTABLE Hash table operation failed.
GLOBUS_CALLOUT_ERROR_CALLOUT_ERROR The callout itself returned a error.
GLOBUS_CALLOUT_ERROR_WITH_DL Dynamic library operation failed.
GLOBUS_CALLOUT_ERROR_OUT_OF_MEMORY Out of memory
GLOBUS_GSI_GSS_ASSIST_GSSAPI_ERROR A GSSAPI function returned an error
GLOBUS_GSI_GSS_ASSIST_GRIDMAP_LOOKUP_FAILED Gridmap lookup failure
GLOBUS_GSI_GSS_ASSIST_BUFFER_TOO_SMALL Caller provided insufficient buffer space for
local identity
References GLOBUS_GSI_GSS_ASSIST_CALLOUT_ERROR.
OM_uint32 globus_gss_assist_import_sec_context (OM_uint32 *minor_status, gss_ctx_id_t
*context_handle, int *token_status, intfdp, FILE *fperr)
Import the security context from a file.
Parameters:
minor_status GSSAPI return code. This is a Globus Error code (or GLOBUS_SUCCESS) cast
to a OM_uint32 pointer. If an erro has occurred, the resulting error (from calling
globus_error_get on this variable) needs to be freed by the caller
context_handle The imported context
token_status Errors that occurred while reading from the file
fdp the file descriptor pointing to a file containing the security context
fperr FILE * to write error messages
Returns:
the major status
References GLOBUS_GSI_GSS_ASSIST_ERROR_IMPORTING_CONTEXT,
GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_TOKEN, and globus_gss_assist_display_status().
OM_uint32 globus_gss_assist_init_sec_context (OM_uint32 *minor_status, const
gss_cred_id_tcred_handle, gss_ctx_id_t *context_handle, char *target_name_char,
OM_uint32req_flags, OM_uint32 *ret_flags, int *token_status, int(*)(void *, void **,
size_t *)gss_assist_get_token, void *gss_assist_get_context, int(*)(void *, void *,
size_t)gss_assist_send_token, void *gss_assist_send_context)
Initialize a gssapi security connection. Used by the client. The context_handle is
returned, and there is one for each connection. This routine will take cake of the looping
and token processing, using the supplied get_token and send_token routines.
Parameters:
minor_status GSSAPI return code. The new minor_status is a globus_result_t cast to an
OM_uint32. If the call was successful, the minor status is equivalant to
GLOBUS_SUCCESS. Otherwise, it is a globus error object ID that can be passed to
globus_error_get to get the error object. The error object needs to be freed with
globus_object_free.
cred_handle the cred handle obtained by acquire_cred.
context_handle pointer to returned context.
target_name_char char string repersentation of the server to be contacted.
req_flags request flags, such as GSS_C_DELEG_FLAG for delegation and the
GSS_C_MUTUAL_FLAG for mutual authentication.
ret_flags Pointer to which services are available after the connection is established.
Maybe NULL if not wanted.
The Follwing are particular to this assist routine:
Parameters:
token_status the assist routine's get/send token status
gss_assist_get_token function pointer for getting the token
gss_assist_get_context first argument passed to the gss_assist_get_token function
gss_assist_send_token function pointer for setting the token
gss_assist_send_context first argument passed to the gss_assist_set_token function
pointer
Returns:
The major status
References GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_INIT.
OM_uint32 globus_gss_assist_init_sec_context_async (OM_uint32 *minor_status, const
gss_cred_id_tcred_handle, gss_ctx_id_t *context_handle, char *target_name_char,
OM_uint32req_flags, OM_uint32 *ret_flags, void *input_buffer, size_tinput_buffer_len, void
**output_bufferp, size_t *output_buffer_lenp)
This is a asynchronous version of the globus_gss_assist_init_sec_context() function.
Instead of looping itself it passes in and out the read and written buffers and the
calling application is responsible for doing the I/O directly.
Parameters:
minor_status GSSAPI return code. The new minor status is a globus_result_t cast to a
OM_uint32. If an error occurred (GSS_ERROR(major_status)) the minor_status is a globus
error object id. The error object can be obtained via globus_error_get and should be
destroyed with globus_object_free when no longer needed. If no error occurred, the
minor status is equal to GLOBUS_SUCCESS.
cred_handle the cred handle obtained by acquire_cred.
context_handle pointer to returned context.
target_name_char char string repersentation of the server to be contacted.
req_flags request flags, such as GSS_C_DELEG_FLAG for delegation and the
GSS_C_MUTUAL_FLAG for mutual authentication.
ret_flags Pointer to which services are available after the connection is established.
Maybe NULL if not wanted.
input_buffer pointer to a buffer received from peer. Should be NULL on first call.
input_buffer_len length of the buffer input_buffer. Should be zero on first call.
output_bufferp pointer to a pointer which will be filled in with a pointer to a
allocated block of memory. If non-NULL the contents of this block should be written to
the peer where they will be fed into the gss_assist_init_sec_context_async() function.
output_buffer_lenp pointer to an integer which will be filled in with the length of
the allocated output buffer pointed to by *output_bufferp.
Returns:
GSS_S_COMPLETE on successful completion when this function does not need to be called
again.
GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer and a new
input_buffer read and this function called again.
Other gss errors on failure.
References GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_INIT.
OM_uint32 globus_gss_assist_will_handle_restrictions (OM_uint32 *minor_status, gss_ctx_id_t
*context_handle)
Sets the context to handle restrictions.
Parameters:
minor_status the resulting minor status from setting the context handle
context_handle the context handle to set the minor status of
Returns:
the major status from setting the context
OM_uint32 globus_gss_assist_get_unwrap (OM_uint32 *minor_status, const
gss_ctx_id_tcontext_handle, char **data, size_t *length, int *token_status, int(*)(void *,
void **, size_t *)gss_assist_get_token, void *gss_assist_get_context, FILE *fperr)
Gets a token using the specific tokenizing functions, and performs the GSS unwrap of that
token.
See Also:
gss_unwrap
Parameters:
minor_status GSSAPI return code,
See Also:
gss_unwrap
Parameters:
context_handle the context
data pointer to be set to the unwrapped application data. This must be freed by the
caller.
length pointer to be set to the length of the data byte array.
token_status assist routine get/send token status
gss_assist_get_token a detokenizing routine
gss_assist_get_context first arg for above routine
fperr error stream to print to
Returns:
GSS_S_COMPLETE on sucess Other gss errors on failure.
References globus_gss_assist_display_status().
OM_uint32 globus_gss_assist_wrap_send (OM_uint32 *minor_status, const
gss_ctx_id_tcontext_handle, char *data, size_tlength, int *token_status, int(*)(void *,
void *, size_t)gss_assist_send_token, void *gss_assist_send_context, FILE *fperr)
Parameters:
minor_status GSSAPI return code. If the call was successful, the minor status is equal
to GLOBUS_SUCCESS. Otherwise, it is an error object ID for which globus_error_get()
and globus_object_free() can be used to get and destroy it.
context_handle the context.
data pointer to application data to wrap and send
length length of the data array
token_status assist routine get/send token status
gss_assist_send_token a send_token routine
gss_assist_send_context first arg for the send_token
fperr file handle to write error message to.
Returns:
GSS_S_COMPLETE on sucess Other gss errors on failure.
See Also:
gss_wrap()
References GLOBUS_GSI_GSS_ASSIST_ERROR_WITH_WRAP, and globus_gss_assist_display_status().
Author
Generated automatically by Doxygen for globus gss assist from the source code.