# README
GSS-API
Capabilities
capabilities (
delegation BOOLEAN,
mutual_authentication BOOLEAN,
replay_detection BOOLEAN,
sequencing BOOLEAN,
anonymity BOOLEAN,
confidentiality BOOLEAN /* optional */,
itegrity BOOLEAN /* optional */,
)
GSS Sec Context
GSS Init Sec Context Call
Inputs:
(
claimant_cred_handle CREDENTIAL HANDLE DEFAULT NULL /* use default */,
input_context_handle CONTEXT HANDLE DEFAULT GSS_C_NO_CONTEXT /* not yet assigned */,
targ_name INTERNAL NAME,
mech_type OBJECT IDENTIFIER DEFAULT NULL /* use default */,
req_capabilities CAPABILITY,
lifetime_req INTEGER DEFAULT 0 /* use default */,
chan_bindings OCTET STRING,
input_token OCTET STRING DEFAULT NULL /* null or token from target */,
)
Outputs:
(
major_status INTEGER,
minor_status INTEGER,
output_context_handle CONTEXT HANDLE,
mech_type OBJECT IDENTIFIER /* never NULL */,
output_token OCTET STRING /* NULL or token to pass to context target */,
capabilities CAPABILITIES /* replaces req_* flags */,
prot_ready_state BOOLEAN,
lifetime_rec INTEGER /* in seconds, or reserved value for INDEFINITE */,
)
# Functions
No description provided by the author
AddMechanism function appends the mechanism to the mechanism store.
ContextComplete function informs on successful operation complete or context establishment.
ContextContinueNeeded function sets the context status to CONTINUE_NEEDED.
ContextError function sets the context error.
Clear the security context.
FromContext retrieves the Security Context.
GetAttribute function retrieves the attribute from the security context.
No description provided by the author
No description provided by the author
GetMechanism function returns the mechanism for the selected OID.
GetMechanismConfig returns the default config for the mechanism.
Initialize outbound security context.
No description provided by the author
No description provided by the author
MakeOption function is used to build the option structure.
MakeSignature function accepts the payload and returns the signature for the payload.
MakeSignatureEx function accepts the list of payloads and returns the payload signature.
No description provided by the author
No description provided by the author
NewSecurityContext initializes the Security Context.
ResetSecurityContext to it's initial state.
SetAttribute function sets the attribute to the current security context.
UnwrapEx function accepts the list of encrypted payloads and signature and returns the unencrypted paylaod.
UnwrapEx function accepts the list of encrypted payloads and signature and returns the unencrypted paylaod.
VerifySignature function accepts the payload and signature and returns nil if signature is valid.
No description provided by the author
WithCompatibility returns the option for the compatibility parameter.
WithConfig function sets the configuration.
WithCredential function returns the credential option for the local context credential store.
WithDefaultConfig function returns the mechanism factory with default configuration attached.
WithMechanismConfig function appends the mechanism-specific configuration.
WithMechanismFactory function returns the mechanism factory option for the local context mechanism store.
WithMechanismType returns the option of the mechanism type.
WithQoP returns the option for quality-of-protection.
WithRequest returns the option for the various request flags.
WithTargetName returns the option of the target name.
No description provided by the author
WrapEx function accepts the list of unencrypted payloads and returns the encrypted payload and signature.
The maximum message size for the given limit.
# Constants
No description provided by the author
The anon_req_flag requests that the initiator's identity not be transferred within tokens to be sent to the acceptor.
GSS_S_BAD_BINDINGS: channel binding mismatch.
GSS_S_BAD_MECH: unsupported mechanism requested.
GSS_S_BAD_MIC: token had invalid integrity check.
GSS_S_BAD_NAME: invalid name provided.
GSS_S_BAD_NAMETYPE: name of unsupported type provided.
GSS_S_BAD_QOP: unsupported QoP value.
GSS_S_BAD_SIG: token had invalid integrity check.
GSS_S_BAD_STATUS: invalid input status selector.
GSS_S_COMPLETE: normal completion.
The conf_req_flag provide informatory input to the GSS-API implementation as to per-message confidentiality services will be required on the context.
GSS_S_CONTEXT_EXPIRED: specified security context expired.
GSS_S_CONTINUE_NEEDED: continuation call to routine required.
GSS_S_CREDENTIALS_EXPIRED: expired credentials detected.
This flag allows the client to indicate to the server that datagram service should be used.
This flag was added for use with Microsoft's implementation of Distributed Computing Environment Remote Procedure Call (DCE RPC), which initially expected three legs of authentication.
GSS_S_DEFECTIVE_CREDENTIAL: defective credential detected.
GSS_S_DEFECTIVE_TOKEN: defective token detected.
The deleg_req_flag requests delegation of access rights.
GSS_S_DUPLICATE_ELEMENT: duplicate credential element requested.
GSS_S_DUPLICATE_TOKEN: duplicate per-message token detected.
Setting this flag indicates that the client wants to be informed of extended error information.
GSS_S_FAILURE: failure, unspecified at GSS-API level.
GSS_S_GAP_TOKEN: skipped predecessor token(s) detected.
This flag allows the client to indicate to the server that it should only allow the server application to identify the client by name and ID, but not to impersonate the client.
No description provided by the author
No description provided by the author
The integ_req_flag provide informatory input to the GSS-API implementation as to per-message integrity services will be required on the context.
The mutual_req_flag requests mutual authentication.
GSS_S_NAME_NOT_MN: name contains multi-mechanism elements.
GSS_S_NO_CONTEXT: no context.
GSS_S_NO_CRED: no valid credentials provided.
GSS_S_OLD_TOKEN: timed-out per-message token detected.
The replay_det_req_flag requests that replay detection features be applied to messages transferred on the established context.
The sequence_req_flag requests that sequencing be enforced.
GSS_S_UNAUTHORIZED: operation unauthorized.
GSS_S_UNAVAILABLE: operation unavailable.
GSS_S_FAILURE: unknown error.
GSS_S_UNSEQ_TOKEN: reordered (early) per-message token detected.
# Variables
No description provided by the author
No description provided by the author
No description provided by the author
GSS_S_BAD_BINDINGS.
GSS_S_BAD_MECH.
GSS_S_BAD_MIC.
GSS_S_BAD_NAME.
GSS_S_BAD_NAMETYPE.
GSS_S_BAD_QOP.
GSS_S_BAD_SIG.
GSS_S_BAD_STATUS.
GSS_S_CONTEXT_EXPIRED.
GSS_S_CREDENTIALS_EXPIRED.
GSS_S_DEFECTIVE_CREDENTIAL.
GSS_S_DEFECTIVE_TOKEN.
GSS_S_DUPLICATE_ELEMENT.
GSS_S_FAILURE.
No description provided by the author
GSS_S_NAME_NOT_MN.
GSS_S_NO_CONTEXT.
GSS_S_NO_CRED.
GSS_S_UNAUTHORIZED.
GSS_S_UNAVAILABLE.
GSS_S_FAILURE.
GSS_S_UNSEQ_TOKEN: reordered (early) per-message token detected.
# Structs
The GSSAPI call option.
No description provided by the author
No description provided by the author
MechanismFactoryWithConfig represents the mechanism factory with default configuration attached.
No description provided by the author
No description provided by the author
MessageTokenEx represents the extended message token structure.
PayloadEx represents the list of payloads with capabilities.
The security context represents the GSS-API context entitiy that contains the selected mechanism, credentials and settings for the security services.
Option indicates that target name SPN was retrieved from the untrusted source.
The Security Context token.
# Interfaces
No description provided by the author
ContextManager establishes and manages security contexts between peers.
No description provided by the author
CredentialsManager manages credentials.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Security context attributes storage.
Per-Message Security Service Availability.
Microsoft per-Message Security Service Availability.
# Type aliases
Cap is a capability used both for request and response.
No description provided by the author
No description provided by the author
The object identifier.
The option.
The security context status.