Provided by: gss-man_1.0.2-3ubuntu1_all bug

NAME

       gss_accept_sec_context - API function

SYNOPSIS

       #include <gss.h>

       OM_uint32   gss_accept_sec_context(OM_uint32   *   minor_status,  gss_ctx_id_t  *  context_handle,  const
       gss_cred_id_t acceptor_cred_handle, const gss_buffer_t input_token_buffer,  const  gss_channel_bindings_t
       input_chan_bindings,  gss_name_t  * src_name, gss_OID * mech_type, gss_buffer_t output_token, OM_uint32 *
       ret_flags, OM_uint32 * time_rec, gss_cred_id_t * delegated_cred_handle);

ARGUMENTS

       OM_uint32 * minor_status
                   (Integer, modify) Mechanism specific status code.

       gss_ctx_id_t * context_handle
                   (gss_ctx_id_t, read/modify) Context handle for new
                     context.  Supply GSS_C_NO_CONTEXT for first call; use value
                     returned in subsequent calls.  Once gss_accept_sec_context() has
                     returned a value via this parameter, resources have been assigned
                     to the corresponding context, and must be freed by the
                     application after use with a call to gss_delete_sec_context().

       const gss_cred_id_t acceptor_cred_handle
                   (gss_cred_id_t, read) Credential handle
                     claimed by context acceptor. Specify GSS_C_NO_CREDENTIAL to
                     accept the context as a default principal.  If
                     GSS_C_NO_CREDENTIAL is specified, but no default acceptor
                     principal is defined, GSS_S_NO_CRED will be returned.

       const gss_buffer_t input_token_buffer
                   (buffer, opaque, read) Token obtained from
                     remote application.

       const gss_channel_bindings_t input_chan_bindings
                   (channel bindings, read, optional)
                     Application- specified bindings.  Allows application to securely
                     bind channel identification information to the security context.
                     If channel bindings are not used, specify
                     GSS_C_NO_CHANNEL_BINDINGS.

       gss_name_t * src_name
                   (gss_name_t, modify, optional) Authenticated name of
                     context initiator.  After use, this name should be deallocated by
                     passing it to gss_release_name().  If not required, specify NULL.

       gss_OID * mech_type
                   (Object ID, modify, optional) Security mechanism used.
                     The returned OID value will be a pointer into static storage, and
                     should be treated as read-only by the caller (in particular, it
                     does not need to be freed).  If not required, specify NULL.

       gss_buffer_t output_token
                   (buffer, opaque, modify) Token to be passed to peer
                     application.  If the length field of the returned token buffer is
                     0, then no token need be passed to the peer application.  If a
                     non- zero length field is returned, the associated storage must
                     be freed after use by the application with a call to
                     gss_release_buffer().

       OM_uint32 * ret_flags
                   (bit-mask, modify, optional) Contains various
                     independent flags, each of which indicates that the context
                     supports a specific service option.  If not needed, specify NULL.
                     Symbolic names are provided for each flag, and the symbolic names
                     corresponding to the required flags should be logically-ANDed
                     with the ret_flags value to test whether a given option is
                     supported by the context.  See below for the flags.

       OM_uint32 * time_rec
                   (Integer, modify, optional) Number of seconds for which
                     the context will remain valid. Specify NULL if not required.

       gss_cred_id_t * delegated_cred_handle
                   (gss_cred_id_t, modify, optional
                     credential) Handle for credentials received from context
                     initiator.  Only valid if deleg_flag in ret_flags is true, in
                     which case an explicit credential handle (i.e. not
                     GSS_C_NO_CREDENTIAL) will be returned; if deleg_flag is false,
                     gss_accept_sec_context() will set this parameter to
                     GSS_C_NO_CREDENTIAL.  If a credential handle is returned, the
                     associated resources must be released by the application after
                     use with a call to gss_release_cred().  Specify NULL if not
                     required.

DESCRIPTION

       Allows a remotely initiated security context between the application and a remote peer to be established.
       The routine may return a output_token which should be transferred to the peer application, where the peer
       application will present it to gss_init_sec_context.  If no token need  be  sent,  gss_accept_sec_context
       will  indicate  this  by  setting the length field of the output_token argument to zero.  To complete the
       context establishment, one or more reply tokens may  be  required  from  the  peer  application;  if  so,
       gss_accept_sec_context  will  return  a  status flag of GSS_S_CONTINUE_NEEDED, in which case it should be
       called again when the  reply  token  is  received  from  the  peer  application,  passing  the  token  to
       gss_accept_sec_context via the input_token parameters.

       Portable  applications  should  be  constructed  to  use  the token length and return status to determine
       whether a token needs to be sent or waited for.  Thus a typical  portable  caller  should  always  invoke
       gss_accept_sec_context within a loop:

       --------------------------------------------------- gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;

       do {
         receive_token_from_peer(input_token);
         maj_stat = gss_accept_sec_context(&min_stat,
                                           &context_hdl,
                                           cred_hdl,
                                           input_token,
                                           input_bindings,
                                           &client_name,
                                           &mech_type,
                                           output_token,
                                           &ret_flags,
                                           &time_rec,
                                           &deleg_cred);
         if (GSS_ERROR(maj_stat)) {
           report_error(maj_stat, min_stat);
         };
         if (output_token->length != 0) {
           send_token_to_peer(output_token);

           gss_release_buffer(&min_stat, output_token);
         };
         if (GSS_ERROR(maj_stat)) {
           if (context_hdl != GSS_C_NO_CONTEXT)
             gss_delete_sec_context(&min_stat,
                                    &context_hdl,
                                    GSS_C_NO_BUFFER);
           break;
         }; } while (maj_stat & GSS_S_CONTINUE_NEEDED); ---------------------------------------------------

       Whenever the routine returns a major status that includes the value GSS_S_CONTINUE_NEEDED, the context is
       not fully established and the following restrictions apply to the output parameters:

       The value returned via the time_rec parameter is undefined Unless the  accompanying  ret_flags  parameter
       contains the bit GSS_C_PROT_READY_FLAG, indicating that per-message services may be applied in advance of
       a successful completion status, the value returned via the mech_type parameter may be undefined until the
       routine returns a major status value of GSS_S_COMPLETE.

       The   values   of   the   GSS_C_DELEG_FLAG,   GSS_C_MUTUAL_FLAG,GSS_C_REPLAY_FLAG,   GSS_C_SEQUENCE_FLAG,
       GSS_C_CONF_FLAG,GSS_C_INTEG_FLAG and GSS_C_ANON_FLAG bits returned via  the  ret_flags  parameter  should
       contain  the  values  that  the  implementation  expects  would be valid if context establishment were to
       succeed.

       The values of the GSS_C_PROT_READY_FLAG and GSS_C_TRANS_FLAG bits within ret_flags  should  indicate  the
       actual state at the time gss_accept_sec_context returns, whether or not the context is fully established.

       Although  this requires that GSS-API implementations set the GSS_C_PROT_READY_FLAG in the final ret_flags
       returned to a caller (i.e. when accompanied by a GSS_S_COMPLETE status  code),  applications  should  not
       rely  on  this  behavior  as  the flag was not defined in Version 1 of the GSS-API. Instead, applications
       should be prepared to use per-message services after a successful context establishment, according to the
       GSS_C_INTEG_FLAG and GSS_C_CONF_FLAG values.

       All  other  bits  within  the  ret_flags  argument  should  be  set  to  zero.  While the routine returns
       GSS_S_CONTINUE_NEEDED, the values returned via the ret_flags argument  indicate  the  services  that  the
       implementation expects to be available from the established context.

       If  the  initial  call  of gss_accept_sec_context() fails, the implementation should not create a context
       object, and should leave the value of the context_handle parameter set to  GSS_C_NO_CONTEXT  to  indicate
       this.   In  the  event  of  a failure on a subsequent call, the implementation is permitted to delete the
       "half-built"  security  context  (in  which  case  it  should  set  the   context_handle   parameter   to
       GSS_C_NO_CONTEXT),  but  the  preferred behavior is to leave the security context (and the context_handle
       parameter) untouched for the application to delete (using gss_delete_sec_context).

       During context establishment, the informational status  bits  GSS_S_OLD_TOKEN  and  GSS_S_DUPLICATE_TOKEN
       indicate  fatal  errors,  and  GSS-API mechanisms should always return them in association with a routine
       error of GSS_S_FAILURE.  This requirement for  pairing  did  not  exist  in  version  1  of  the  GSS-API
       specification,  so  applications  that wish to run over version 1 implementations must special-case these
       codes.

       The `ret_flags` values:

       `GSS_C_DELEG_FLAG`::  -  True  -  Delegated  credentials  are  available  via  the  delegated_cred_handle
       parameter.  - False - No credentials were delegated.

       `GSS_C_MUTUAL_FLAG`::  -  True  - Remote peer asked for mutual authentication.  - False - Remote peer did
       not ask for mutual authentication.

       `GSS_C_REPLAY_FLAG`:: - True - replay of protected  messages  will  be  detected.   -  False  -  replayed
       messages will not be detected.

       `GSS_C_SEQUENCE_FLAG`::  -  True  -  out-of-sequence  protected  messages  will  be  detected.  - False -
       out-of-sequence messages will not be detected.

       `GSS_C_CONF_FLAG`:: - True - Confidentiality service may be invoked by calling the gss_wrap  routine.   -
       False - No confidentiality service (via gss_wrap) available. gss_wrap will provide message encapsulation,
       data-origin authentication and integrity services only.

       `GSS_C_INTEG_FLAG`:: - True - Integrity service may be invoked by calling either gss_get_mic or  gss_wrap
       routines.  - False - Per-message integrity service unavailable.

       `GSS_C_ANON_FLAG`::  - True - The initiator does not wish to be authenticated; the src_name parameter (if
       requested) contains an anonymous internal name.  - False - The initiator has been authenticated normally.

       `GSS_C_PROT_READY_FLAG`:: - True - Protection services (as specified by the states of the GSS_C_CONF_FLAG
       and   GSS_C_INTEG_FLAG)   are  available  if  the  accompanying  major  status  return  value  is  either
       GSS_S_COMPLETE or GSS_S_CONTINUE_NEEDED.  - False - Protection services (as specified by  the  states  of
       the  GSS_C_CONF_FLAG  and  GSS_C_INTEG_FLAG)  are  available only if the accompanying major status return
       value is GSS_S_COMPLETE.

       `GSS_C_TRANS_FLAG`:: - True - The resultant security context may be transferred to other processes via  a
       call to gss_export_sec_context().  - False - The security context is not transferable.

       All other bits should be set to zero.

RETURN VALUE

       `GSS_S_CONTINUE_NEEDED`:  Indicates  that  a  token from the peer application is required to complete the
       context, and that gss_accept_sec_context must be called again with that token.

       `GSS_S_DEFECTIVE_TOKEN`: Indicates that consistency checks performed on the input_token failed.

       `GSS_S_DEFECTIVE_CREDENTIAL`: Indicates that consistency checks performed on the credential failed.

       `GSS_S_NO_CRED`: The supplied credentials were not valid for context acceptance, or the credential handle
       did not reference any credentials.

       `GSS_S_CREDENTIALS_EXPIRED`: The referenced credentials have expired.

       `GSS_S_BAD_BINDINGS`:  The  input_token  contains  different  channel bindings to those specified via the
       input_chan_bindings parameter.

       `GSS_S_NO_CONTEXT`: Indicates that the supplied context handle did not refer to a valid context.

       `GSS_S_BAD_SIG`: The input_token contains an invalid MIC.

       `GSS_S_OLD_TOKEN`: The input_token was too old.  This is a fatal error during context establishment.

       `GSS_S_DUPLICATE_TOKEN`: The input_token is valid, but is a duplicate of a token already processed.  This
       is a fatal error during context establishment.

       `GSS_S_BAD_MECH`: The received token specified a mechanism that is not supported by the implementation or
       the provided credential.

REPORTING BUGS

       Report    bugs    to    <bug-gss@gnu.org>.     GNU    Generic     Security     Service     home     page:
       http://www.gnu.org/software/gss/ General help using GNU software: http://www.gnu.org/gethelp/

COPYRIGHT

       Copyright © 2003-2011 Simon Josefsson.
       Copying  and distribution of this file, with or without modification, are permitted in any medium without
       royalty provided the copyright notice and this notice are preserved.

SEE ALSO

       The full documentation for gss is maintained as a Texinfo manual.  If  the  info  and  gss  programs  are
       properly installed at your site, the command

              info gss

       should give you access to the complete manual.