From c0b9f4fe659b6839541970eb5675e57f4d814969 Mon Sep 17 00:00:00 2001 From: Doug Rabson Date: Thu, 29 Dec 2005 14:40:22 +0000 Subject: Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed by: Love Hörnquist Åstrand , ru (build system), des (openssh parts) --- lib/libgssapi/gss_unwrap.3 | 191 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 lib/libgssapi/gss_unwrap.3 (limited to 'lib/libgssapi/gss_unwrap.3') diff --git a/lib/libgssapi/gss_unwrap.3 b/lib/libgssapi/gss_unwrap.3 new file mode 100644 index 000000000000..345ce30654a1 --- /dev/null +++ b/lib/libgssapi/gss_unwrap.3 @@ -0,0 +1,191 @@ +.\" -*- nroff -*- +.\" +.\" Copyright (c) 2005 Doug Rabson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.\" Copyright (C) The Internet Society (2000). All Rights Reserved. +.\" +.\" This document and translations of it may be copied and furnished to +.\" others, and derivative works that comment on or otherwise explain it +.\" or assist in its implementation may be prepared, copied, published +.\" and distributed, in whole or in part, without restriction of any +.\" kind, provided that the above copyright notice and this paragraph are +.\" included on all such copies and derivative works. However, this +.\" document itself may not be modified in any way, such as by removing +.\" the copyright notice or references to the Internet Society or other +.\" Internet organizations, except as needed for the purpose of +.\" developing Internet standards in which case the procedures for +.\" copyrights defined in the Internet Standards process must be +.\" followed, or as required to translate it into languages other than +.\" English. +.\" +.\" The limited permissions granted above are perpetual and will not be +.\" revoked by the Internet Society or its successors or assigns. +.\" +.\" This document and the information contained herein is provided on an +.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +.\" +.\" The following commands are required for all man pages. +.Dd November 12, 2005 +.Os +.Dt GSS_UNWRAP 3 PRM +.Sh NAME +.Nm gss_unwrap , +.Nm gss_unseal +.Nd Convert a message previously protected by +.Xr gss_wrap 3 +back to a usable form +.\" This next command is for sections 2 and 3 only. +.\" .Sh LIBRARY +.Sh SYNOPSIS +.In "gssapi/gssapi.h" +.Ft OM_uint32 +.Fo gss_unwrap +.Fa "OM_uint32 *minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "const gss_buffer_t input_message_buffer" +.Fa "gss_buffer_t output_message_buffer" +.Fa "int *conf_state" +.Fa "gss_qop_t *qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_unseal +.Fa "OM_uint32 *minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "gss_buffer_t input_message_buffer" +.Fa "gss_buffer_t output_message_buffer" +.Fa "int *conf_state" +.Fa "gss_qop_t *qop_state" +.Fc +.Sh DESCRIPTION +Converts a message previously protected by +.Xr gss_wrap 3 +back to a usable form, +verifying the embedded MIC. +The +.Dv conf_state +parameter indicates whether the message was encrypted; +the +.Dv qop_state +parameter indicates the strength of protection that was used to provide the +confidentiality and integrity services. +.Pp +Since some application-level protocols may wish to use tokens emitted +by +.Xr gss_wrap 3 +to provide "secure framing", +implementations must support the wrapping and unwrapping of +zero-length messages. +.Pp +The +.Fn gss_unseal +routine is an obsolete variant of +.Fn gss_unwrap . +It is +provided for backwards +compatibility with applications using the GSS-API V1 interface. +A distinct entrypoint (as opposed to #define) is provided, +both to allow GSS-API V1 applications to link +and to retain the slight parameter type differences between the +obsolete versions of this routine and its current form. +.Sh PARAMETERS +.Bl -tag +.It minor_status +Mechanism specific status code. +.It context_handle +Identifies the context on which the message arrived. +.It input_message_buffer +Protected message. +.It output_message_buffer +Buffer to receive unwrapped message. +Storage associated with this buffer must +be freed by the application after use use +with a call to +.Xr gss_release_buffer 3 . +.It conf_state +.Bl -tag -width "Non-zero" +.It Non-zero +Confidentiality and integrity protection were used. +.It Zero +Integrity service only was used. +.El +.Pp +Specify NULL if not required. +.It qop_state +Quality of protection provided. Specify NULL if not required. +.El +.Sh RETURN VALUES +.Bl -tag +.It GSS_S_COMPLETE +Successful completion. +.It GSS_S_DEFECTIVE_TOKEN +The token failed consistency checks. +.It GSS_S_BAD_SIG +The MIC was incorrect +.It GSS_S_DUPLICATE_TOKEN +The token was valid, and contained a correct +MIC for the message, but it had already been +processed. +.It GSS_S_OLD_TOKEN +The token was valid, and contained a correct MIC +for the message, but it is too old to check for +duplication. +.It GSS_S_UNSEQ_TOKEN +The token was valid, and contained a correct MIC +for the message, but has been verified out of +sequence; a later token has already been +received. +.It GSS_S_GAP_TOKEN +The token was valid, and contained a correct MIC +for the message, but has been verified out of +sequence; an earlier expected token has not yet +been received. +.It GSS_S_CONTEXT_EXPIRED +The context has already expired. +.It GSS_S_NO_CONTEXT +The context_handle parameter did not identify a valid context. +.El +.Sh SEE ALSO +.Xr gss_wrap 3 , +.Xr gss_release_buffer 3 +.Sh STANDARDS +.Bl -tag +.It RFC 2743 +Generic Security Service Application Program Interface Version 2, Update 1 +.It RFC 2744 +Generic Security Service API Version 2 : C-bindings +.\" .Sh HISTORY +.Sh HISTORY +The +.Nm +manual page example first appeared in +.Fx 7.0 . +.Sh AUTHORS +John Wray, Iris Associates -- cgit v1.2.3