Delegation functions.
Delegation Functions.
Functions in this section allow delegation to occur outside of the context initiation handshake.
Accept a delegated credential. This functions drives the accepting side of the credential delegation process. It is expected to be called in tandem with the gss_init_delegation function.
Parameters:
minor_status The minor status returned by this function. This parameter will be 0 upon success.
context_handle The security context over which the credential is delegated.
extension_oids A set of extension OIDs corresponding to buffers in the extension_buffers parameter below. May be GSS_C_NO_BUFFER_SET. Currently not used.
extension_buffers A set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET. Currently not used.
input_token The token that was produced by a prior call to gss_init_delegation.
req_flags Flags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE is checked for. This flag results in tokens that aren't wrapped.
time_req The requested period of validity (seconds) of the delegated credential. Currently a NO-OP.
time_rec This parameter will contain the received period of validity of the delegated credential upon success. May be NULL.
delegated_cred_handle This parameter will contain the delegated credential upon success.
mech_type Returns the security mechanism upon success. Currently not implemented. May be NULL.
output_token A token that should be passed to gss_init_delegation if the return value is GSS_S_CONTINUE_NEEDED.
Return values:
GSS_S_COMPLETE Successful completion
GSS_S_CONTINUE_NEEDED The function needs to be called again.
GSS_S_FAILURE Failure
Initiate Delegation. This functions drives the initiating side of the credential delegation process. It is expected to be called in tandem with the gss_accept_delegation function.
Parameters:
minor_status The minor status returned by this function. This parameter will be 0 upon success.
context_handle The security context over which the credential is delegated.
cred_handle The credential to be delegated. May be GSS_C_NO_CREDENTIAL in which case the credential associated with the security context is used.
desired_mech The desired security mechanism. Currently not used. May be GSS_C_NO_OID.
extension_oids A set of extension OIDs corresponding to buffers in the extension_buffers parameter below. The extensions specified will be added to the delegated credential. May be GSS_C_NO_BUFFER_SET.
extension_buffers A set of extension buffers corresponding to OIDs in the extension_oids parameter above. May be GSS_C_NO_BUFFER_SET.
input_token The token that was produced by a prior call to gss_accept_delegation. This parameter will be ignored the first time this function is called.
req_flags Flags that modify the behavior of the function. Currently only GSS_C_GLOBUS_SSL_COMPATIBLE and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG are checked for. The GSS_C_GLOBUS_SSL_COMPATIBLE flag results in tokens that aren't wrapped and GSS_C_GLOBUS_LIMITED_DELEG_PROXY_FLAG causes the delegated proxy to be limited (requires that no extensions are specified.
time_req The requested period of validity (seconds) of the delegated credential. Passing a time_req of 0 cause the delegated credential to have the same lifetime as the credential that issued it.
output_token A token that should be passed to gss_accept_delegation if the return value is GSS_S_CONTINUE_NEEDED.
Return values:
GSS_S_COMPLETE Success
GSS_S_CONTINUE_NEEDED This function needs to be called again.
GSS_S_FAILURE upon failure
Generated automatically by Doxygen for globus_gssapi_gsi from the source code.