Man Linux: Main Page and Category List

NAME

       Utility Functions -

       Utility functions for GSSAPI.

   Functions
       globus_result_t globus_gss_assist_authorization_host_name (char
           *hostname, gss_name_t *authorization_hostname)

   Accept Security Context
       OM_uint32 globus_gss_assist_accept_sec_context (OM_uint32
           *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t
           cred_handle, char **src_name_char, OM_uint32 *ret_flags, int
           *user_to_user_flag, int *token_status, gss_cred_id_t
           *delegated_cred_handle, int(*gss_assist_get_token)(void *, void **,
           size_t *), void *gss_assist_get_context,
           int(*gss_assist_send_token)(void *, void *, size_t), void
           *gss_assist_send_context)

   Accept Security Context Asyncronous
       OM_uint32 globus_gss_assist_accept_sec_context_async (OM_uint32
           *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t
           cred_handle, char **src_name_char, OM_uint32 *ret_flags, int
           *user_to_user_flag, void *input_buffer, size_t input_buffer_len,
           void **output_bufferp, size_t *output_buffer_lenp, gss_cred_id_t
           *delegated_cred_handle)

   Acquire Credential
       OM_uint32 globus_gss_assist_acquire_cred (OM_uint32 *minor_status,
           gss_cred_usage_t cred_usage, gss_cred_id_t *output_cred_handle)

   Acquire Credential Extension
       OM_uint32 globus_gss_assist_acquire_cred_ext (OM_uint32 *minor_status,
           char *desired_name_char, OM_uint32 time_req, const gss_OID_set
           desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t
           *output_cred_handle, gss_OID_set *actual_mechs, OM_uint32
           *time_rec)

   Display Status
       OM_uint32 globus_gss_assist_display_status (FILE *fp, char *comment,
           OM_uint32 major_status, OM_uint32 minor_status, int token_status)

   Display Status String
       OM_uint32 globus_gss_assist_display_status_str (char **str, char
           *comment, OM_uint32 major_status, OM_uint32 minor_status, int
           token_status)

   Gridmap
       int globus_gss_assist_gridmap (char *globusidp, char **useridp)

   User OK
       int globus_gss_assist_userok (char *globusid, char *userid)

   Map Local User
       int globus_gss_assist_map_local_user (char *local_user, char
           **globusidp)
       OM_uint32 globus_gss_assist_import_sec_context (OM_uint32
           *minor_status, gss_ctx_id_t *context_handle, int *token_status, int
           fdp, FILE *fperr)

   Init Security Context
       OM_uint32 globus_gss_assist_init_sec_context (OM_uint32 *minor_status,
           const gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, char
           *target_name_char, OM_uint32 req_flags, OM_uint32 *ret_flags, int
           *token_status, int(*gss_assist_get_token)(void *, void **, size_t
           *), void *gss_assist_get_context, int(*gss_assist_send_token)(void
           *, void *, size_t), void *gss_assist_send_context)

   Init Security Context Async
       OM_uint32 globus_gss_assist_init_sec_context_async (OM_uint32
           *minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t
           *context_handle, char *target_name_char, OM_uint32 req_flags,
           OM_uint32 *ret_flags, void *input_buffer, size_t input_buffer_len,
           void **output_bufferp, size_t *output_buffer_lenp)

   Will Handle Restrictions
       OM_uint32 globus_gss_assist_will_handle_restrictions (OM_uint32
           *minor_status, gss_ctx_id_t *context_handle)

   Get Unwrap
       OM_uint32 globus_gss_assist_get_unwrap (OM_uint32 *minor_status, const
           gss_ctx_id_t context_handle, char **data, size_t *length, int
           *token_status, int(*gss_assist_get_token)(void *, void **, size_t
           *), void *gss_assist_get_context, FILE *fperr)

   Wrap
       OM_uint32 globus_gss_assist_wrap_send (OM_uint32 *minor_status, const
           gss_ctx_id_t context_handle, char *data, size_t length, int
           *token_status, int(*gss_assist_send_token)(void *, void *, size_t),
           void *gss_assist_send_context, FILE *fperr)

Detailed Description

       Utility functions for GSSAPI.

Function Documentation

   OM_uint32 globus_gss_assist_accept_sec_context (OM_uint32 * minor_status,
       gss_ctx_id_t * context_handle, const gss_cred_id_t cred_handle, char **
       src_name_char, OM_uint32 * ret_flags, int * user_to_user_flag, int *
       token_status, gss_cred_id_t * delegated_cred_handle, int(*)(void *,
       void **, size_t *) gss_assist_get_token, void * gss_assist_get_context,
       int(*)(void *, void *, size_t) gss_assist_send_token, void *
       gss_assist_send_context)
       This routine accepts a GSSAPI security context and is called by the
       gram_gatekeeper. It isolates the GSSAPI from the rest of the gram code.

       Initialize a gssapi security connection. Used by the server. The
       context_handle is returned, and there is one for each connection. This
       routine will take cake of the looping and token processing, using the
       supplied get_token and send_token routines.

       Parameters:
           minor_status gssapi return code
           context_handle pointer to returned context.
           cred_handle the cred handle obtained by acquire_cred.
           src_name_char Pointer to char string repersentation of the client
           which contacted the server. Maybe NULL if not wanted. Should be
           freed when done.
           ret_flags Pointer to which services are available after the
           connection is established. Maybe NULL if not wanted. We will also
           use this to pass in flags to the globus version of gssapi_ssleay
           user_to_user_flag Pointer to flag to be set if the src_name is the
           same as our name. (Follwing are particular to this assist routine)
           token_status assist routine get/send token status
           delegated_cred_handle pointer to be set to the credential delegated
           by the client if delegation occurs during the security handshake
           gss_assist_get_token a get token routine
           gss_assist_get_context first arg for the get token routine
           gss_assist_send_token a send token routine
           gss_assist_send_context first arg for the send token routine

       Returns:
           GSS_S_COMPLETE on sucess Other gss errors on failure.

   OM_uint32 globus_gss_assist_accept_sec_context_async (OM_uint32 *
       minor_status, gss_ctx_id_t * context_handle, const gss_cred_id_t
       cred_handle, char ** src_name_char, OM_uint32 * ret_flags, int *
       user_to_user_flag, void * input_buffer, size_t input_buffer_len, void
       ** output_bufferp, size_t * output_buffer_lenp, gss_cred_id_t *
       delegated_cred_handle)
       This is a asynchronous version of the
       globus_gss_assist_accept_sec_context() function. Instead of looping
       itself it passes in and out the read and written buffers and the
       calling application is responsible for doing the I/O directly.

       Parameters:
           minor_status gssapi return code
           context_handle pointer to returned context.
           cred_handle the cred handle obtained by acquire_cred.
           src_name_char Pointer to char string repersentation of the client
           which contacted the server. Maybe NULL if not wanted. Should be
           freed when done.
           ret_flags Pointer to which services are available after the
           connection is established. Maybe NULL if not wanted. We will also
           use this to pass in flags to the globus version of gssapi_ssleay
           user_to_user_flag Pointer to flag to be set if the src_name is the
           same as our name.
           input_buffer pointer to a buffer received from peer.
           input_buffer_len length of the buffer input_buffer.
           output_bufferp pointer to a pointer which will be filled in with a
           pointer to a allocated block of memory. If non-NULL the contents of
           this block should be written to the peer where they will be fed
           into the gss_assist_init_sec_context_async() function.
           output_buffer_lenp pointer to an integer which will be filled in
           with the length of the allocated output buffer pointed to by
           *output_bufferp.
           delegated_cred_handle pointer to be set to the credential delegated
           by the client if delegation occurs during the security handshake

       Returns:
           GSS_S_COMPLETE on successful completion when this function does not
           need to be called again.

       GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer
       and a new input_buffer read and this function called again.

       Other gss errors on failure.

   OM_uint32 globus_gss_assist_acquire_cred (OM_uint32 * minor_status,
       gss_cred_usage_t cred_usage, gss_cred_id_t * output_cred_handle)
       Called once at the start of the process, to obtain the credentials the
       process is running under. The

       Parameters:
           minor_status pointer for return code
           cred_usage GSS_C_INITIATE, GSS_C_ACCEPT, or GSS_C_BOTH
           output_cred_handle Pointer to the returned handle. This needs to be
           passed to many gss routines.

       Returns:
           GSS_S_COMPLETE on sucess Other GSS return codes

   OM_uint32 globus_gss_assist_acquire_cred_ext (OM_uint32 * minor_status,
       char * desired_name_char, OM_uint32 time_req, const gss_OID_set
       desired_mechs, gss_cred_usage_t cred_usage, gss_cred_id_t *
       output_cred_handle, gss_OID_set * actual_mechs, OM_uint32 * time_rec)
       Called once at the start of the process, to obtain the credentials the
       process is running under. All the parameters of the gss_acquire_cred,
       except the desired_name is a string of the form: [type:]name. This will
       be imported with the type.

       Returns:
           GSS_S_COMPLETE on sucess Other GSS return codes

       See also:
           globus_gsi_gss_acquire_cred

   OM_uint32 globus_gss_assist_display_status (FILE * fp, char * comment,
       OM_uint32 major_status, OM_uint32 minor_status, int token_status)
       Display the messages for the major and minor status on the file pointed
       at by fp. Takes care of the overloaded major_status if there was a
       problem with the get_token or send_token routines.

       Parameters:
           fp a file pointer
           comment String to print out before other error messages.
           major_status The major status to display
           minor_status The minor status to display
           token_status token status to display

       Returns:
           0

   OM_uint32 globus_gss_assist_display_status_str (char ** str, char *
       comment, OM_uint32 major_status, OM_uint32 minor_status, int
       token_status)
       Display the messages for the major and minor status and return a string
       with the messages. Takes care of the overloaded major_status if there
       was a problem with the get_token or send_token routines.

       Parameters:
           str pointer to char * for returned string. Must be freed
           comment String to print out before other error messages.
           major_status The major status to display
           minor_status The minor status to display
           token_status token status to display

       Returns:
           0

   int globus_gss_assist_gridmap (char * globusidp, char ** useridp)
       Routines callable from globus based code to map a globusID to a local
       unix user. GRIDMAP environment variable pointing at the map file.
       Defaults to ~/.gridmap

       A gridmap file is required if being run as root. if being run as a
       user,it is not required, and defaults to the current user who is
       running the command.

       This is the same file used by the gssapi_cleartext but will be used
       with other gssapi implementations which do not use the gridmap file.

       Parameters:
           globusidp the GSSAPI name from the client who requested
           authentication
           useridp the resulting user ID name for the local system

       Returns:
           0 on success -1 if bad arguments 1 on error

   int globus_gss_assist_userok (char * globusid, char * userid)
       Check to see if a particular globusid is authorized to access the given
       local user account. Parameters:
           globusid the globus id in string form - this should be the user’s
           subject
           userid the local account that access is sought for

       Returns:
           0 on success (authorization allowed) -1 if bad arguments 1 on error

   int globus_gss_assist_map_local_user (char * local_user, char ** globusidp)
       Routine for returning the default globus ID associated with a local
       user name. This is somewhat of a hack since there is not a guarenteed
       one-to-one mapping. What we do is look for the first entry in the
       gridmap file that has the local user as the default login. If the user
       is not a default on any entry, we find the first entry in which the
       user exists as a secondary mapping.

       Parameters:
           local_user the local username to find the DN for
           globusidp the first DN found that reverse maps from the local_user

       Returns:
           0 on success, otherwise an error object identifier is returned. use
           globus_error_get to get the error object from the id. The resulting
           error object must be freed using globus_object_free when it is no
           longer needed.

       See also:
           globus_error_get

           globus_object_free

   globus_result_t globus_gss_assist_authorization_host_name (char * hostname,
       gss_name_t * authorization_hostname)
       Create a GSS Name structure from the given hostname. This function
       tries to resolve the given host name string to the canonical DNS name
       for the host.

       Parameters:
           hostname The host name or numerical address to be resolved and
           transform into a GSS Name
           authorization_hostname The resulting GSS Name

       Returns:
           GLOBUS_SUCCESS on successful completion, a error object otherwise

   OM_uint32 globus_gss_assist_import_sec_context (OM_uint32 * minor_status,
       gss_ctx_id_t * context_handle, int * token_status, int fdp, FILE *
       fperr)
       Import the security context from a file. Parameters:
           minor_status GSSAPI return code. This is a Globus Error code (or
           GLOBUS_SUCCESS) cast to a OM_uint32 pointer. If an erro has
           occurred, the resulting error (from calling globus_error_get on
           this variable) needs to be freed by the caller
           context_handle The imported context
           token_status Errors that occurred while reading from the file
           fdp the file descriptor pointing to a file containing the security
           context
           fperr FILE * to write error messages

       Returns:
           the major status

   OM_uint32 globus_gss_assist_init_sec_context (OM_uint32 * minor_status,
       const gss_cred_id_t cred_handle, gss_ctx_id_t * context_handle, char *
       target_name_char, OM_uint32 req_flags, OM_uint32 * ret_flags, int *
       token_status, int(*)(void *, void **, size_t *) gss_assist_get_token,
       void * gss_assist_get_context, int(*)(void *, void *, size_t)
       gss_assist_send_token, void * gss_assist_send_context)
       Initialize a gssapi security connection. Used by the client. The
       context_handle is returned, and there is one for each connection. This
       routine will take cake of the looping and token processing, using the
       supplied get_token and send_token routines.

       Parameters:
           minor_status GSSAPI return code. The new minor_status is a
           globus_result_t cast to an OM_uint32. If the call was successful,
           the minor status is equivalant to GLOBUS_SUCCESS. Otherwise, it is
           a globus error object ID that can be passed to globus_error_get to
           get the error object. The error object needs to be freed with
           globus_object_free.
           cred_handle the cred handle obtained by acquire_cred.
           context_handle pointer to returned context.
           target_name_char char string repersentation of the server to be
           contacted.
           req_flags request flags, such as GSS_C_DELEG_FLAG for delegation
           and the GSS_C_MUTUAL_FLAG for mutual authentication.
           ret_flags Pointer to which services are available after the
           connection is established. Maybe NULL if not wanted.

       The Follwing are particular to this assist routine:

       Parameters:
           token_status the assist routine’s get/send token status
           gss_assist_get_token function pointer for getting the token
           gss_assist_get_context first argument passed to the
           gss_assist_get_token function
           gss_assist_send_token function pointer for setting the token
           gss_assist_send_context first argument passed to the
           gss_assist_set_token function pointer

       Returns:
           The major status

   OM_uint32 globus_gss_assist_init_sec_context_async (OM_uint32 *
       minor_status, const gss_cred_id_t cred_handle, gss_ctx_id_t *
       context_handle, char * target_name_char, OM_uint32 req_flags, OM_uint32
       * ret_flags, void * input_buffer, size_t input_buffer_len, void **
       output_bufferp, size_t * output_buffer_lenp)
       This is a asynchronous version of the
       globus_gss_assist_init_sec_context() function. Instead of looping
       itself it passes in and out the read and written buffers and the
       calling application is responsible for doing the I/O directly.

       Parameters:
           minor_status GSSAPI return code. The new minor status is a
           globus_result_t cast to a OM_uint32. If an error occurred
           (GSS_ERROR(major_status)) the minor_status is a globus error object
           id. The error object can be obtained via globus_error_get and
           should be destroyed with globus_object_free when no longer needed.
           If no error occurred, the minor status is equal to GLOBUS_SUCCESS.
           cred_handle the cred handle obtained by acquire_cred.
           context_handle pointer to returned context.
           target_name_char char string repersentation of the server to be
           contacted.
           req_flags request flags, such as GSS_C_DELEG_FLAG for delegation
           and the GSS_C_MUTUAL_FLAG for mutual authentication.
           ret_flags Pointer to which services are available after the
           connection is established. Maybe NULL if not wanted.
           input_buffer pointer to a buffer received from peer. Should be NULL
           on first call.
           input_buffer_len length of the buffer input_buffer. Should be zero
           on first call.
           output_bufferp pointer to a pointer which will be filled in with a
           pointer to a allocated block of memory. If non-NULL the contents of
           this block should be written to the peer where they will be fed
           into the gss_assist_init_sec_context_async() function.
           output_buffer_lenp pointer to an integer which will be filled in
           with the length of the allocated output buffer pointed to by
           *output_bufferp.

       Returns:
           GSS_S_COMPLETE on successful completion when this function does not
           need to be called again.

       GSS_S_CONTINUE_NEEDED when *output_bufferp should be sent to the peer
       and a new input_buffer read and this function called again.

       Other gss errors on failure.

   OM_uint32 globus_gss_assist_will_handle_restrictions (OM_uint32 *
       minor_status, gss_ctx_id_t * context_handle)
       Sets the context to handle restrictions. Parameters:
           minor_status the resulting minor status from setting the context
           handle
           context_handle the context handle to set the minor status of

       Returns:
           the major status from setting the context

   OM_uint32 globus_gss_assist_get_unwrap (OM_uint32 * minor_status, const
       gss_ctx_id_t context_handle, char ** data, size_t * length, int *
       token_status, int(*)(void *, void **, size_t *) gss_assist_get_token,
       void * gss_assist_get_context, FILE * fperr)
       Gets a token using the specific tokenizing functions, and performs the
       GSS unwrap of that token. See also:
           gss_unwrap

       Parameters:
           minor_status GSSAPI return code,

       See also:
           gss_unwrap

       Parameters:
           context_handle the context
           data pointer to be set to the unwrapped application data. This must
           be freed by the caller.
           length pointer to be set to the length of the data byte array.
           token_status assist routine get/send token status
           gss_assist_get_token a detokenizing routine
           gss_assist_get_context first arg for above routine
           fperr error stream to print to

       Returns:
           GSS_S_COMPLETE on sucess Other gss errors on failure.

   OM_uint32 globus_gss_assist_wrap_send (OM_uint32 * minor_status, const
       gss_ctx_id_t context_handle, char * data, size_t length, int *
       token_status, int(*)(void *, void *, size_t) gss_assist_send_token,
       void * gss_assist_send_context, FILE * fperr) Parameters:
           minor_status GSSAPI return code. If the call was successful, the
           minor status is equal to GLOBUS_SUCCESS. Otherwise, it is an error
           object ID for which globus_error_get() and globus_object_free() can
           be used to get and destroy it.
           context_handle the context.
           data pointer to application data to wrap and send
           length length of the data array
           token_status assist routine get/send token status
           gss_assist_send_token a send_token routine
           gss_assist_send_context first arg for the send_token
           fperr file handle to write error message to.

       Returns:
           GSS_S_COMPLETE on sucess Other gss errors on failure.

       See also:
           gss_wrap()

Author

       Generated automatically by Doxygen for globus gss assist from the
       source code.