1.\" -*- nroff -*-
2.\"
3.\" Copyright (c) 2005 Doug Rabson
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.\" The following commands are required for all man pages.
28.Dd January 26, 2010
29.Dt GSS_INQUIRE_CONTEXT 3 PRM
30.Os
31.Sh NAME
32.Nm gss_inquire_context
33.Nd Obtain information about a security context
34.\" This next command is for sections 2 and 3 only.
35.\" .Sh LIBRARY
36.Sh SYNOPSIS
37.In "gssapi/gssapi.h"
38.Ft OM_uint32
39.Fo gss_inquire_context
40.Fa "OM_uint32 *minor_status"
41.Fa "const gss_ctx_id_t context_handle"
42.Fa "gss_name_t *src_name"
43.Fa "gss_name_t *targ_name"
44.Fa "OM_uint32 *lifetime_rec"
45.Fa "gss_OID *mech_type"
46.Fa "OM_uint32 *ctx_flags"
47.Fa "int *locally_initiated"
48.Fa "int *open"
49.Fc
50.Sh DESCRIPTION
51Obtains information about a security context.
52The caller must already have obtained a handle that refers to the
53context,
54although the context need not be fully established.
55.Sh PARAMETERS
56.Bl -tag -width ".It locally_initiated"
57.It minor_status
58Mechanism specific status code.
59.It context_handle
60A handle that refers to the security context.
61.It src_name
62The name of the context initiator.
63If the context was established using anonymous authentication,
64and if the application invoking
65.Fn gss_inquire_context
66is the context acceptor,
67an anonymous name will be returned.
68Storage associated with this name must be freed by the application
69after use with a call to
70.Fn gss_release_name .
71Specify
72.Dv NULL
73if not required.
74.It targ_name
75The name of the context acceptor.
76Storage associated with this name must be freed by the application
77after use with a call to
78.Fn gss_release_name .
79If the context acceptor did not authenticate itself,
80and if the initiator did not specify a target name in its call to
81.Fn gss_init_sec_context ,
82the value
83.Dv GSS_C_NO_NAME
84will be returned.
85Specify
86.Dv NULL
87if not required.
88.It lifetime_rec
89The number of seconds for which the context will remain valid.
90If the context has expired,
91this parameter will be set to zero.
92If the implementation does not support context expiration,
93the value
94.Dv GSS_C_INDEFINITE
95will be returned.
96Specify
97.Dv NULL
98if not required.
99.It mech_type
100The security mechanism providing the context.
101The returned OID will be a pointer to static storage that should be
102treated as read-only by the application;
103in particular the application should not attempt to free it.
104Specify
105.Dv NULL
106if not required.
107.It ctx_flags
108Contains various independent flags,
109each of which indicates that the context supports
110(or is expected to support, if
111.Fa open
112is false)
113a specific service option.
114If not needed, specify
115.Dv NULL .
116Symbolic names are provided for each flag,
117and the symbolic names corresponding to the required flags should be
118logically-ANDed with the
119.Fa ctx_flags
120value to test whether a given option is supported by the context.
121The flags are:
122.Bl -tag -width "WW"
123.It GSS_C_DELEG_FLAG
124.Bl -tag -width "False"
125.It True
126Credentials were delegated from the initiator to the acceptor.
127.It False
128No credentials were delegated.
129.El
130.It GSS_C_MUTUAL_FLAG
131.Bl -tag -width "False"
132.It True
133The acceptor was authenticated to the initiator.
134.It False
135The acceptor did not authenticate itself.
136.El
137.It GSS_C_REPLAY_FLAG
138.Bl -tag -width "False"
139.It True
140Replay of protected messages will be detected.
141.It False
142Replayed messages will not be detected.
143.El
144.It GSS_C_SEQUENCE_FLAG
145.Bl -tag -width "False"
146.It True
147Out-of-sequence protected messages will be detected.
148.It False
149Out-of-sequence messages will not be detected.
150.El
151.It GSS_C_CONF_FLAG
152.Bl -tag -width "False"
153.It True
154Confidentiality service may be invoked by calling
155.Fn gss_wrap
156routine.
157.It False
158No confidentiality service
159(via
160.Fn gss_wrap )
161available.
162.Fn gss_wrap
163will provide message encapsulation,
164data-origin authentication and integrity services only.
165.El
166.It GSS_C_INTEG_FLAG
167.Bl -tag -width "False"
168.It True
169Integrity service may be invoked by calling either
170.Fn gss_get_mic
171or
172.Fn gss_wrap
173routines.
174.It False
175Per-message integrity service unavailable.
176.El
177.It GSS_C_ANON_FLAG
178.Bl -tag -width "False"
179.It True
180The initiator's identity will not be revealed to the acceptor.
181The
182.Fa src_name
183parameter (if requested) contains an anonymous internal name.
184.It False
185The initiator has been authenticated normally.
186.El
187.It GSS_C_PROT_READY_FLAG
188.Bl -tag -width "False"
189.It True
190Protection services
191(as specified by the states of the
192.Dv GSS_C_CONF_FLAG
193and
194.Dv GSS_C_INTEG_FLAG )
195are available for use.
196.It False
197Protection services
198(as specified by the states of the
199.Dv GSS_C_CONF_FLAG
200and
201.Dv GSS_C_INTEG_FLAG )
202are available only if the context is fully established
203(i.e. if the
204.Fa open
205parameter is non-zero).
206.El
207.It GSS_C_TRANS_FLAG
208.Bl -tag -width "False"
209.It True
210The security context may be transferred to other processes via a call to
211.Fn gss_export_sec_context .
212.It False
213The security context is not transferable.
214.El
215.El
216.It locally_initiated
217Non-zero if the invoking application is the context initiator.
218Specify
219.Dv NULL
220if not required.
221.It open
222Non-zero if the context is fully established;
223Zero if a context-establishment token is expected from the peer
224application.
225Specify
226.Dv NULL
227if not required.
228.El
229.Sh RETURN VALUES
230.Bl -tag -width ".It GSS_S_NO_CONTEXT"
231.It GSS_S_COMPLETE
232Successful completion
233.It GSS_S_NO_CONTEXT
234The referenced context could not be accessed
235.El
236.Sh SEE ALSO
237.Xr gss_export_sec_context 3 ,
238.Xr gss_get_mic 3 ,
239.Xr gss_init_sec_context 3 ,
240.Xr gss_release_name 3 ,
241.Xr gss_wrap 3
242.Sh STANDARDS
243.Bl -tag -width ".It RFC 2743"
244.It RFC 2743
245Generic Security Service Application Program Interface Version 2, Update 1
246.It RFC 2744
247Generic Security Service API Version 2 : C-bindings
248.El
249.Sh HISTORY
250The
251.Nm
252function first appeared in
253.Fx 7.0 .
254.Sh AUTHORS
255John Wray, Iris Associates
256.Sh COPYRIGHT
257Copyright (C) The Internet Society (2000).  All Rights Reserved.
258.Pp
259This document and translations of it may be copied and furnished to
260others, and derivative works that comment on or otherwise explain it
261or assist in its implementation may be prepared, copied, published
262and distributed, in whole or in part, without restriction of any
263kind, provided that the above copyright notice and this paragraph are
264included on all such copies and derivative works.  However, this
265document itself may not be modified in any way, such as by removing
266the copyright notice or references to the Internet Society or other
267Internet organizations, except as needed for the purpose of
268developing Internet standards in which case the procedures for
269copyrights defined in the Internet Standards process must be
270followed, or as required to translate it into languages other than
271English.
272.Pp
273The limited permissions granted above are perpetual and will not be
274revoked by the Internet Society or its successors or assigns.
275.Pp
276This document and the information contained herein is provided on an
277"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
278TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
279BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
280HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
281MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
282