Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
B.  GSS-API Reference GSS-API Status Codes GSS-API Major Status Code Values  Previous   Contents   Next 
   
 

The routine documentation also uses the name GSS_S_COMPLETE, which is a zero value, to indicate an absence of any API errors or supplementary information bits.

The following table lists the supplementary information values returned by GSS-API functions.

Table B-4 Supplementary Information Codes

Code

Bit Number

Meaning

GSS_S_CONTINUE_NEEDED

0 (LSB)

Returned only by gss_init_sec_context() or gss_accept_sec_context(). The routine must be called again to complete its function

GSS_S_DUPLICATE_TOKEN

1

The token was a duplicate of an earlier token

GSS_S_OLD_TOKEN

2

The token's validity period has expired

GSS_S_UNSEQ_TOKEN

3

A later token has already been processed

GSS_S_GAP_TOKEN

4

An expected per-message token was not received

For more on status codes, see "Status Codes".

Displaying Status Codes

The function gss_display_status() translates GSS-API status codes into text format, allowing them to be displayed to a user or put in a text log. Because gss_display_status() only displays one status code at a time, and some functions can return multiple status conditions, it should be invoked as part of a loop. As long as gss_display_status() indicates a non-zero status code (in Example B-1, the value returned in the message_context parameter), another status code is available for the function to fetch.

Example B-1 Displaying Status Codes with gss_display_status()

OM_uint32 message_context;
OM_uint32 status_code;
OM_uint32 maj_status;
OM_uint32 min_status;
gss_buffer_desc status_string;

...

message_context = 0;

do {

     maj_status = gss_display_status(
               &min_status,
               status_code,
               GSS_C_GSS_CODE,
               GSS_C_NO_OID,
               &message_context,
               &status_string);

     fprintf(stderr, "%.*s\n", \
               (int)status_string.length, \
               (char *)status_string.value);

     gss_release_buffer(&min_status, &status_string,);

} while (message_context != 0);

Status Code Macros

The macros GSS_CALLING_ERROR(), GSS_ROUTINE_ERROR() and GSS_SUPPLEMENTARY_INFO() are provided, each of which takes a GSS status code and removes all but the relevant field. For example, the value obtained by applying GSS_ROUTINE_ERROR() to a status code removes the calling errors and supplementary information fields, leaving only the routine errors field. The values delivered by these macros can be directly compared with a GSS_S_xxx symbol of the appropriate type. The macro GSS_ERROR() is also provided, which when applied to a GSS-API status code returns a non-zero value if the status code indicated a calling or routine error, and a zero value otherwise. All macros defined by the GSS-API evaluate their argument(s) exactly once.

GSS-API Data Types and Values

This section covers various types of GSS-API data types and values. Certain data types that are opaque to the user, such as gss_cred_id_t or gss_name_t, are not covered here, since there is no advantage to knowing their structure. This section explains the following:

  • "Basic GSS-API Data Types" -- Shows the definitions of the OM_uint32, gss_buffer_desc, gss_OID_desc, gss_OID_set_desc_struct, and gss_channel_bindings_struct data types.

  • "Name Types" -- Shows the various name formats recognized by the GSS-API for specifying names.

  • "Address Types for Channel Bindings" -- Shows the various values that may be used as the initiator_addrtype and acceptor_addrtype fields of the gss_channel_bindings_t structure.

Basic GSS-API Data Types

These are some of the data types used by the GSS-API.

OM_uint32

The OM_uint32 is a platform-independent 32-bit unsigned integer.

gss_buffer_desc

This is the definition of the gss_buffer_desc and the gss_buffer_t pointer:
typedef struct gss_buffer_desc_struct {
        size_t length;
        void *value;
} gss_buffer_desc, *gss_buffer_t;

gss_OID_desc

This is the definition of the gss_OID_desc and the gss_OID pointer:
typedef struct gss_OID_desc_struct {
        OM_uint32 length;
        void*elements;
} gss_OID_desc, *gss_OID;

gss_OID_set_desc

This is the definition of the gss_OID_set_desc and the gss_OID_set pointer:
typedef struct gss_OID_set_desc_struct  {
        size_t  count;
        gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;

gss_channel_bindings_struct

This is the definition of the gss_channel_bindings_struct structure and the gss_channel_bindings_t pointer:
typedef struct gss_channel_bindings_struct {
        OM_uint32 initiator_addrtype;
        gss_buffer_desc initiator_address;
        OM_uint32 acceptor_addrtype;
        gss_buffer_desc acceptor_address;
        gss_buffer_desc application_data;
} *gss_channel_bindings_t;

Name Types

A name type indicates the format of the name with which it is associated. (See "Names" and "OIDs" for more on names and name types.) The GSS-API supports the following name types, which are all gss_OID types:

Table B-5 Name Types

Name Type

Meaning

GSS_C_NO_NAME

The recommended symbolic name GSS_C_NO_NAME indicates that no name is being passed within a particular value of a parameter used for the purpose of transferring names.

GSS_C_NO_OID

This value corresponds to a null input value instead of an actual object identifier. Where specified, it indicates interpretation of an associated name based on a mechanism-specific default printable syntax.

GSS_C_NT_ANONYMOUS

Provided as a means to identify anonymous names, and can be compared against in order to determine, in a mechanism-independent fashion, whether a name refers to an anonymous principal.

GSS_C_NT_EXPORT_NAME

A name that has been exported with the gss_export_name() function.

GSS_C_NT_HOSTBASED_SERVICE

This name type is used to represent services associated with host computers. This name form is constructed using two elements, "service" and "hostname," as follows: service@hostname.

GSS_C_NT_MACHINE_UID_NAME

This name type is used to indicate a numeric user identifier corresponding to a user on a local system. Its interpretation is OS-specific. The gss_import_name() function resolves this UID into a username, which is then treated as the User Name Form.

GSS_C_NT_STRING_STRING_UID_NAME

This name type is used to indicate a string of digits representing the numeric user identifier of a user on a local system. Its interpretation is OS-specific. This name type is similar to the Machine UID Form, except that the buffer contains a string representing the user ID.

GSS_C_NT_USER_NAME

A named user on a local system. Its interpretation is OS-specific. It takes the form: username.

Address Types for Channel Bindings

Table B-6 shows the possible values for the initiator_addrtype and acceptor_addrtype fields of the gss_channel_bindings_struct structure. These fields indicate the format that a name can take (for example, ARPAnet IMP address format or AppleTalk address format). Channel bindings are discussed in "Channel Bindings".

Table B-6 Channel Binding Address Types

Field

Value (Decimal)

Address Type

GSS_C_AF_UNSPEC

0

Unspecified address type

GSS_C_AF_LOCAL

1

Host-local

GSS_C_AF_INET

2

Internet address type (example: IP)

GSS_C_AF_IMPLINK

3

ARPAnet IMP

GSS_C_AF_PUP

4

pup protocols (example: BSP)

GSS_C_AF_CHAOS

5

MIT CHAOS protocol

GSS_C_AF_NS

6

XEROX NS

GSS_C_AF_NBS

7

nbs

GSS_C_AF_ECMA

8

ECMA

GSS_C_AF_DATAKIT

9

datakit protocols

GSS_C_AF_CCITT

10

CCITT

GSS_C_AF_SNA

11

IBM SNA

GSS_C_AF_DECnet

12

DECnet

GSS_C_AF_DLI

13

Direct data link interface

GSS_C_AF_LAT

14

LAT

GSS_C_AF_HYLINK

15

NSC Hyperchannel

GSS_C_AF_APPLETALK

16

AppleTalk

GSS_C_AF_BSC

17

BISYNC

GSS_C_AF_DSS

18

Distributed system services

GSS_C_AF_OSI

19

OSI TP4

GSS_C_AF_X25

21

X.25

GSS_C_AF_NULLADDR

255

No address specified

 		 
 
  Previous   Contents   Next