aboutsummaryrefslogtreecommitdiff
path: root/lib/libgssapi/gss_accept_sec_context.3
diff options
context:
space:
mode:
authorDoug Rabson <dfr@FreeBSD.org>2005-12-29 14:40:22 +0000
committerDoug Rabson <dfr@FreeBSD.org>2005-12-29 14:40:22 +0000
commitc0b9f4fe659b6839541970eb5675e57f4d814969 (patch)
treef226da354a25653f837708c3ecef3468ea981824 /lib/libgssapi/gss_accept_sec_context.3
parent66c6b326543894776c17486b5932438e9dd098c9 (diff)
downloadsrc-c0b9f4fe659b6839541970eb5675e57f4d814969.tar.gz
src-c0b9f4fe659b6839541970eb5675e57f4d814969.zip
Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
Notes
Notes: svn path=/head/; revision=153838
Diffstat (limited to 'lib/libgssapi/gss_accept_sec_context.3')
-rw-r--r--lib/libgssapi/gss_accept_sec_context.3484
1 files changed, 484 insertions, 0 deletions
diff --git a/lib/libgssapi/gss_accept_sec_context.3 b/lib/libgssapi/gss_accept_sec_context.3
new file mode 100644
index 000000000000..679eb152fdef
--- /dev/null
+++ b/lib/libgssapi/gss_accept_sec_context.3
@@ -0,0 +1,484 @@
+.\" -*- nroff -*-
+.\"
+.\" Copyright (c) 2005 Doug Rabson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
+.\"
+.\" This document and translations of it may be copied and furnished to
+.\" others, and derivative works that comment on or otherwise explain it
+.\" or assist in its implementation may be prepared, copied, published
+.\" and distributed, in whole or in part, without restriction of any
+.\" kind, provided that the above copyright notice and this paragraph are
+.\" included on all such copies and derivative works. However, this
+.\" document itself may not be modified in any way, such as by removing
+.\" the copyright notice or references to the Internet Society or other
+.\" Internet organizations, except as needed for the purpose of
+.\" developing Internet standards in which case the procedures for
+.\" copyrights defined in the Internet Standards process must be
+.\" followed, or as required to translate it into languages other than
+.\" English.
+.\"
+.\" The limited permissions granted above are perpetual and will not be
+.\" revoked by the Internet Society or its successors or assigns.
+.\"
+.\" This document and the information contained herein is provided on an
+.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\" The following commands are required for all man pages.
+.Dd November 12, 2005
+.Os
+.Dt GSS_ACCEPT_SEC_CONTEXT 3 PRM
+.Sh NAME
+.Nm gss_accept_sec_context
+.Nd Accept a security context initiated by a peer application
+.\" This next command is for sections 2 and 3 only.
+.\" .Sh LIBRARY
+.Sh SYNOPSIS
+.In "gssapi/gssapi.h"
+.Ft OM_uint32
+.Fo gss_accept_sec_context
+.Fa "OM_uint32 *minor_status
+.Fa "gss_ctx_id_t *context_handle"
+.Fa "const gss_cred_id_t acceptor_cred_handle"
+.Fa "const gss_buffer_t input_token_buffer"
+.Fa "const gss_channel_bindings_t input_chan_bindings"
+.Fa "const gss_name_t *src_name"
+.Fa "gss_OID *mech_type"
+.Fa "gss_buffer_t output_token"
+.Fa "OM_uint32 *ret_flags"
+.Fa "OM_uint32 *time_rec"
+.Fa "gss_cred_id_t *delegated_cred_handle"
+.Fc
+.Sh DESCRIPTION
+Allows a remotely initiated security context between the application
+and a remote peer to be established. The routine may return a
+.Fa output_token
+which should be transferred to the peer application,
+where the peer application will present it to
+.Xr gss_init_sec_context 3 .
+If no token need be sent,
+.Fn gss_accept_sec_context
+will indicate this
+by setting the length field of the
+.Fa output_token
+argument to zero.
+To complete the context establishment, one or more reply tokens may be
+required from the peer application; if so,
+.Fn gss_accept_sec_context
+will return a status flag of
+.Dv GSS_S_CONTINUE_NEEDED , in which case it
+should be called again when the reply token is received from the peer
+application, passing the token to
+.Fn gss_accept_sec_context
+via the
+.Fa input_token
+parameters.
+.Pp
+Portable applications should be constructed to use the token length
+and return status to determine whether a token needs to be sent or
+waited for. Thus a typical portable caller should always invoke
+.Fn gss_accept_sec_context
+within a loop:
+.Bd -literal
+gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
+
+do {
+ receive_token_from_peer(input_token);
+ maj_stat = gss_accept_sec_context(&min_stat,
+ &context_hdl,
+ cred_hdl,
+ input_token,
+ input_bindings,
+ &client_name,
+ &mech_type,
+ output_token,
+ &ret_flags,
+ &time_rec,
+ &deleg_cred);
+ if (GSS_ERROR(maj_stat)) {
+ report_error(maj_stat, min_stat);
+ };
+ if (output_token->length != 0) {
+ send_token_to_peer(output_token);
+
+ gss_release_buffer(&min_stat, output_token);
+ };
+ if (GSS_ERROR(maj_stat)) {
+ if (context_hdl != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&min_stat,
+ &context_hdl,
+ GSS_C_NO_BUFFER);
+ break;
+ };
+} while (maj_stat & GSS_S_CONTINUE_NEEDED);
+.Ed
+.Pp
+Whenever the routine returns a major status that includes the value
+.Dv GSS_S_CONTINUE_NEEDED , the context is not fully established and the
+following restrictions apply to the output parameters:
+.Pp
+The value returned via the
+.Fa time_rec
+parameter is undefined Unless the
+accompanying
+.Fa ret_flags
+parameter contains the bit
+.Dv GSS_C_PROT_READY_FLAG , indicating that per-message services may be
+applied in advance of a successful completion status, the value
+returned via the
+.Fa mech_type
+parameter may be undefined until the
+routine returns a major status value of
+.Dv GSS_S_COMPLETE .
+.Pp
+The values of the
+.Dv GSS_C_DELEG_FLAG ,
+.Dv GSS_C_MUTUAL_FLAG ,
+.Dv GSS_C_REPLAY_FLAG ,
+.Dv GSS_C_SEQUENCE_FLAG ,
+.Dv GSS_C_CONF_FLAG ,
+.Dv GSS_C_INTEG_FLAG
+and
+.Dv GSS_C_ANON_FLAG bits returned
+via the
+.Fa ret_flags
+parameter should contain the values that the
+implementation expects would be valid if context establishment were
+to succeed.
+.Pp
+The values of the
+.Dv GSS_C_PROT_READY_FLAG
+and
+.Dv GSS_C_TRANS_FLAG bits
+within
+.Fa ret_flags
+should indicate the actual state at the time
+.Fn gss_accept_sec_context
+returns, whether or not the context is fully established.
+.Pp
+Although this requires that GSS-API implementations set the
+.Dv GSS_C_PROT_READY_FLAG
+in the final
+.Fa ret_flags
+returned to a caller
+(i.e. when accompanied by a
+.Dv GSS_S_COMPLETE
+status code), applications
+should not rely on this behavior as the flag was not defined in
+Version 1 of the GSS-API. Instead, applications should be prepared to
+use per-message services after a successful context establishment,
+according to the
+.Dv GSS_C_INTEG_FLAG
+and
+.Dv GSS_C_CONF_FLAG values.
+.Pp
+All other bits within the
+.Fa ret_flags
+argument should be set to zero.
+While the routine returns
+.Dv GSS_S_CONTINUE_NEEDED , the values returned
+via the
+.Fa ret_flags
+argument indicate the services that the
+implementation expects to be available from the established context.
+.Pp
+If the initial call of
+.Fn gss_accept_sec_context
+fails, the
+implementation should not create a context object, and should leave
+the value of the context_handle parameter set to
+.Dv GSS_C_NO_CONTEXT to
+indicate this. In the event of a failure on a subsequent call, the
+implementation is permitted to delete the "half-built" security
+context (in which case it should set the
+.Fa context_handle
+parameter to
+.Dv GSS_C_NO_CONTEXT ), but the preferred behavior is to leave the
+security context (and the context_handle parameter) untouched for the
+application to delete (using
+.Xr gss_delete_sec_context 3 ).
+.Pp
+During context establishment, the informational status bits
+.Dv GSS_S_OLD_TOKEN
+and
+.Dv GSS_S_DUPLICATE_TOKEN
+indicate fatal errors, and
+GSS-API mechanisms should always return them in association with a
+routine error of
+.Dv GSS_S_FAILURE . This requirement for pairing did not
+exist in version 1 of the GSS-API specification, so applications that
+wish to run over version 1 implementations must special-case these
+codes.
+.Sh PARAMETERS
+.Bl -tag
+.It context_handle
+Context handle for new context.
+Supply
+.Dv GSS_C_NO_CONTEXT for first
+call; use value returned in subsequent calls.
+Once
+.Fn gss_accept_sec_context
+has returned a
+value via this parameter, resources have been
+assigned to the corresponding context, and must
+be freed by the application after use with a
+call to
+.Xr gss_delete_sec_context 3 .
+.It acceptor_cred_handle
+Credential handle claimed by context acceptor.
+Specify
+.Dv GSS_C_NO_CREDENTIAL to accept the context as a
+default principal.
+If
+.Dv GSS_C_NO_CREDENTIAL is
+specified, but no default acceptor principal is
+defined,
+.Dv GSS_S_NO_CRED will be returned.
+.It input_token_buffer
+Token obtained from remote application.
+.It input_chan_bindings
+Application-specified bindings.
+Allows application to securely bind channel identification information
+to the security context.
+If channel bindings are not used, specify
+.Dv GSS_C_NO_CHANNEL_BINDINGS .
+.It src_name
+Authenticated name of context initiator.
+After use, this name should be deallocated by passing it to
+.Xr gss_release_name 3 .
+If not required, specify
+.Dv NULL .
+.It mech_type
+Security mechanism used.
+The returned OID value will be a pointer into static storage,
+and should be treated as read-only by the caller
+(in particular, it does not need to be freed).
+If not required, specify
+.Dv NULL .
+.It output_token
+Token to be passed to peer application.
+If the length field of the returned token buffer is 0,
+then no token need be passed to the peer application.
+If a non-zero length field is returned,
+the associated storage must be freed after use by the
+application with a call to
+.Xr gss_release_buffer 3 .
+.It ret_flags
+Contains various independent flags,
+each of which indicates that the context supports a specific service option.
+If not needed, specify
+.Dv NULL .
+Symbolic names are provided for each flag,
+and the symbolic names corresponding to the required flags should be
+logically-ANDed with the
+.Fa ret_flags
+value to test whether a given option is supported by the context.
+The flags are:
+.Bl -tag -width "WW"
+.It GSS_C_DELEG_FLAG
+.Bl -tag -width "False"
+.It True
+Delegated credentials are available via the delegated_cred_handle parameter
+.It False
+No credentials were delegated
+.El
+.It GSS_C_MUTUAL_FLAG
+.Bl -tag -width "False"
+.It True
+Remote peer asked for mutual authentication
+.It False
+Remote peer did not ask for mutual authentication
+.El
+.It GSS_C_REPLAY_FLAG
+.Bl -tag -width "False"
+.It True
+Replay of protected messages will be detected
+.It False
+Replayed messages will not be detected
+.El
+.It GSS_C_SEQUENCE_FLAG
+.Bl -tag -width "False"
+.It True
+Out-of-sequence protected messages will be detected
+.It False
+Out-of-sequence messages will not be detected
+.El
+.It GSS_C_CONF_FLAG
+.Bl -tag -width "False"
+.It True
+Confidentiality service may be invoked by calling the
+.Xr gss_wrap 3
+routine
+.It False
+No confidentiality service (via
+.Xr gss_wrap 3 )
+available.
+.Xr gss_wrap 3
+will provide message encapsulation,
+data-origin authentication and integrity services only.
+.El
+.It GSS_C_INTEG_FLAG
+.Bl -tag -width "False"
+.It True
+Integrity service may be invoked by calling either
+.Xr gss_get_mic 3
+or
+.Xr gss_wrap 3
+routines.
+.It False
+Per-message integrity service unavailable.
+.El
+.It GSS_C_ANON_FLAG
+.Bl -tag -width "False"
+.It True
+The initiator does not wish to be authenticated; the
+.Fa src_name
+parameter (if requested) contains an anonymous internal name.
+.It False
+The initiator has been authenticated normally.
+.El
+.It GSS_C_PROT_READY_FLAG
+.Bl -tag -width "False"
+.It True
+Protection services (as specified by the states of the
+.Dv GSS_C_CONF_FLAG
+and
+.Dv GSS_C_INTEG_FLAG )
+are available if the accompanying major status return value is either
+.Dv GSS_S_COMPLETE
+or
+.Dv GSS_S_CONTINUE_NEEDED.
+.It False
+Protection services (as specified by the states of the
+.Dv GSS_C_CONF_FLAG
+and
+.Dv GSS_C_INTEG_FLAG )
+are available only if the accompanying major status return value is
+.Dv GSS_S_COMPLETE .
+.El
+.It GSS_C_TRANS_FLAG
+.Bl -tag -width "False"
+.It True
+The resultant security context may be transferred to other processes
+via a call to
+.Xr gss_export_sec_context 3 .
+.It False
+The security context is not transferable.
+.El
+.El
+.Pp
+All other bits should be set to zero.
+.It time_rec
+Number of seconds for which the context will remain valid.
+Specify
+.Dv NULL
+if not required.
+.It delegated_cred_handle
+Credential
+handle for credentials received from context initiator.
+Only valid if
+.Dv GSS_C_DELEG_FLAG
+in
+.Fa ret_flags
+is true,
+in which case an explicit credential handle
+(i.e. not
+.Dv GSS_C_NO_CREDENTIAL )
+will be returned; if false,
+.Fn gss_accept_context
+will set this parameter to
+.Dv GSS_C_NO_CREDENTIAL .
+If a credential handle is returned,
+the associated resources must be released by the application after use
+with a call to
+.Xr gss_release_cred 3 .
+Specify
+.Dv NULL if not required.
+.It minor_status
+Mechanism specific status code.
+.El
+.Sh RETURN VALUES
+.Bl -tag
+.It GSS_S_CONTINUE_NEEDED
+Indicates that a token from the peer application is required to
+complete the context,
+and that gss_accept_sec_context must be called again with that token.
+.It GSS_S_DEFECTIVE_TOKEN
+Indicates that consistency checks performed on the input_token failed.
+.It GSS_S_DEFECTIVE_CREDENTIAL
+Indicates that consistency checks performed on the credential failed.
+.It GSS_S_NO_CRED
+The supplied credentials were not valid for context acceptance,
+or the credential handle did not reference any credentials.
+.It GSS_S_CREDENTIALS_EXPIRED
+The referenced credentials have expired.
+.It GSS_S_BAD_BINDINGS
+The input_token contains different channel bindings to those specified via the
+input_chan_bindings parameter.
+.It GSS_S_NO_CONTEXT
+Indicates that the supplied context handle did not refer to a valid context.
+.It GSS_S_BAD_SIG
+The input_token contains an invalid MIC.
+.It GSS_S_OLD_TOKEN
+The input_token was too old.
+This is a fatal error during context establishment.
+.It GSS_S_DUPLICATE_TOKEN
+The input_token is valid,
+but is a duplicate of a token already processed.
+This is a fatal error during context establishment.
+.It GSS_S_BAD_MECH
+The received token specified a mechanism that is not supported by
+the implementation or the provided credential.
+.El
+.Sh SEE ALSO
+.Xr gss_delete_sec_context 3 ,
+.Xr gss_export_sec_context 3 ,
+.Xr gss_get_mic 3 ,
+.Xr gss_init_sec_context 3 ,
+.Xr gss_release_buffer 3 ,
+.Xr gss_release_cred 3 ,
+.Xr gss_release_name 3 ,
+.Xr gss_wrap 3
+.Sh STANDARDS
+.Bl -tag
+.It RFC 2743
+Generic Security Service Application Program Interface Version 2, Update 1
+.It RFC 2744
+Generic Security Service API Version 2 : C-bindings
+.El
+.\" .Sh HISTORY
+.Sh HISTORY
+The
+.Nm
+manual page example first appeared in
+.Fx 7.0 .
+.Sh AUTHORS
+John Wray, Iris Associates