3.3. gss_init_sec_context
OM_uint32 gss_init_sec_context (
OM_uint32 * minor_status,
gss_cred_id_t claimant_cred_handle,
gss_ctx_id_t * context_handle,
gss_name_t target_name,
gss_OID mech_type,
int req_flags,
int time_req,
gss_channel_bindings_t
input_chan_bindings,
gss_buffer_t input_token
gss_OID * actual_mech_type,
gss_buffer_t output_token,
int * ret_flags,
OM_uint32 * time_rec )
Purpose:
Initiates the establishment of a security context between the
application and a remote peer. Initially, the input_token parameter
should be specified as GSS_C_NO_BUFFER. The routine may return a
output_token which should be transferred to the peer application,
where the peer application will present it to gss_accept_sec_context.
If no token need be sent, gss_init_sec_context will indicate this by
setting the length field of the output_token argument to zero. To
complete the context establishment, one or more reply tokens may be
required from the peer application; if so, gss_init_sec_context will
return a status indicating GSS_S_CONTINUE_NEEDED in which case it
should be called again when the reply token is received from the peer
application, passing the token to gss_init_sec_context via the
input_token parameters.
The values returned via the ret_flags and time_rec parameters are not
defined unless the routine returns GSS_S_COMPLETE.
Parameters:
claimant_cred_handle gss_cred_id_t, read, optional
handle for credentials claimed. Supply
GSS_C_NO_CREDENTIAL to use default
credentials.
context_handle gss_ctx_id_t, read/modify
context handle for new context. Supply
GSS_C_NO_CONTEXT for first call; use value
returned by first call in continuation calls.
RFC 1509 GSSAPI - Overview and C bindings September 1993
target_name gss_name_t, read
Name of target
mech_type OID, read, optional
Object ID of desired mechanism. Supply
GSS_C_NULL_OID to obtain an implementation
specific default
req_flags bit-mask, read
Contains four independent flags, each of
which requests that the context support a
specific service option. Symbolic
names are provided for each flag, and the
symbolic names corresponding to the required
flags should be logically-ORed
together to form the bit-mask value. The
flags are:
GSS_C_DELEG_FLAG
True - Delegate credentials to remote peer
False - Don't delegate
GSS_C_MUTUAL_FLAG
True - Request that remote peer
authenticate itself
False - Authenticate self to remote peer
only
GSS_C_REPLAY_FLAG
True - Enable replay detection for signed
or sealed messages
False - Don't attempt to detect
replayed messages
GSS_C_SEQUENCE_FLAG
True - Enable detection of out-of-sequence
signed or sealed messages
False - Don't attempt to detect
out-of-sequence messages
time_req integer, read
Desired number of seconds for which context
should remain valid. Supply 0 to request a
default validity period.
=10= |
