From b7848f2c58cbadfc49d9dfaefceddeb83b66869e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 28 Jun 2006 09:07:08 +0000 Subject: [PATCH] remove manpages, add leftover files from merge git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17702 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/mech/gss_accept_sec_context.3 | 484 --------------- lib/gssapi/mech/gss_acquire_cred.3 | 238 -------- lib/gssapi/mech/gss_add_cred.3 | 338 ----------- lib/gssapi/mech/gss_add_oid_set_member.3 | 130 ---- lib/gssapi/mech/gss_buffer_set.c | 126 ++++ lib/gssapi/mech/gss_canonicalize_name.3 | 137 ----- lib/gssapi/mech/gss_compare_name.3 | 122 ---- lib/gssapi/mech/gss_context_time.3 | 108 ---- lib/gssapi/mech/gss_create_empty_oid_set.3 | 112 ---- lib/gssapi/mech/gss_decapsulate_token.c | 74 +++ lib/gssapi/mech/gss_delete_sec_context.3 | 163 ----- lib/gssapi/mech/gss_display_name.3 | 151 ----- lib/gssapi/mech/gss_display_status.3 | 210 ------- lib/gssapi/mech/gss_duplicate_name.3 | 123 ---- lib/gssapi/mech/gss_duplicate_oid.c | 67 ++ lib/gssapi/mech/gss_encapsulate_token.c | 69 +++ lib/gssapi/mech/gss_export_name.3 | 128 ---- lib/gssapi/mech/gss_export_sec_context.3 | 168 ------ lib/gssapi/mech/gss_get_mic.3 | 165 ----- lib/gssapi/mech/gss_import_name.3 | 139 ----- lib/gssapi/mech/gss_import_sec_context.3 | 120 ---- lib/gssapi/mech/gss_indicate_mechs.3 | 107 ---- lib/gssapi/mech/gss_init_sec_context.3 | 571 ------------------ lib/gssapi/mech/gss_inquire_context.3 | 284 --------- lib/gssapi/mech/gss_inquire_cred.3 | 158 ----- lib/gssapi/mech/gss_inquire_cred_by_mech.3 | 173 ------ lib/gssapi/mech/gss_inquire_mechs_for_name.3 | 134 ---- lib/gssapi/mech/gss_inquire_names_for_mech.3 | 107 ---- .../mech/gss_inquire_sec_context_by_oid.c | 69 +++ lib/gssapi/mech/gss_oid_equal.c | 45 ++ lib/gssapi/mech/gss_oid_to_str.c | 66 ++ lib/gssapi/mech/gss_process_context_token.3 | 136 ----- lib/gssapi/mech/gss_release_buffer.3 | 111 ---- lib/gssapi/mech/gss_release_cred.3 | 108 ---- lib/gssapi/mech/gss_release_name.3 | 104 ---- lib/gssapi/mech/gss_release_oid_set.3 | 109 ---- lib/gssapi/mech/gss_test_oid_set_member.3 | 116 ---- lib/gssapi/mech/gss_unwrap.3 | 191 ------ lib/gssapi/mech/gss_verify_mic.3 | 172 ------ lib/gssapi/mech/gss_wrap.3 | 178 ------ lib/gssapi/mech/gss_wrap_size_limit.3 | 163 ----- lib/gssapi/mech/gssapi.3 | 261 -------- lib/gssapi/mech/mech_locl.h | 58 ++ 43 files changed, 574 insertions(+), 6219 deletions(-) delete mode 100644 lib/gssapi/mech/gss_accept_sec_context.3 delete mode 100644 lib/gssapi/mech/gss_acquire_cred.3 delete mode 100644 lib/gssapi/mech/gss_add_cred.3 delete mode 100644 lib/gssapi/mech/gss_add_oid_set_member.3 create mode 100644 lib/gssapi/mech/gss_buffer_set.c delete mode 100644 lib/gssapi/mech/gss_canonicalize_name.3 delete mode 100644 lib/gssapi/mech/gss_compare_name.3 delete mode 100644 lib/gssapi/mech/gss_context_time.3 delete mode 100644 lib/gssapi/mech/gss_create_empty_oid_set.3 create mode 100644 lib/gssapi/mech/gss_decapsulate_token.c delete mode 100644 lib/gssapi/mech/gss_delete_sec_context.3 delete mode 100644 lib/gssapi/mech/gss_display_name.3 delete mode 100644 lib/gssapi/mech/gss_display_status.3 delete mode 100644 lib/gssapi/mech/gss_duplicate_name.3 create mode 100644 lib/gssapi/mech/gss_duplicate_oid.c create mode 100644 lib/gssapi/mech/gss_encapsulate_token.c delete mode 100644 lib/gssapi/mech/gss_export_name.3 delete mode 100644 lib/gssapi/mech/gss_export_sec_context.3 delete mode 100644 lib/gssapi/mech/gss_get_mic.3 delete mode 100644 lib/gssapi/mech/gss_import_name.3 delete mode 100644 lib/gssapi/mech/gss_import_sec_context.3 delete mode 100644 lib/gssapi/mech/gss_indicate_mechs.3 delete mode 100644 lib/gssapi/mech/gss_init_sec_context.3 delete mode 100644 lib/gssapi/mech/gss_inquire_context.3 delete mode 100644 lib/gssapi/mech/gss_inquire_cred.3 delete mode 100644 lib/gssapi/mech/gss_inquire_cred_by_mech.3 delete mode 100644 lib/gssapi/mech/gss_inquire_mechs_for_name.3 delete mode 100644 lib/gssapi/mech/gss_inquire_names_for_mech.3 create mode 100644 lib/gssapi/mech/gss_inquire_sec_context_by_oid.c create mode 100644 lib/gssapi/mech/gss_oid_equal.c create mode 100644 lib/gssapi/mech/gss_oid_to_str.c delete mode 100644 lib/gssapi/mech/gss_process_context_token.3 delete mode 100644 lib/gssapi/mech/gss_release_buffer.3 delete mode 100644 lib/gssapi/mech/gss_release_cred.3 delete mode 100644 lib/gssapi/mech/gss_release_name.3 delete mode 100644 lib/gssapi/mech/gss_release_oid_set.3 delete mode 100644 lib/gssapi/mech/gss_test_oid_set_member.3 delete mode 100644 lib/gssapi/mech/gss_unwrap.3 delete mode 100644 lib/gssapi/mech/gss_verify_mic.3 delete mode 100644 lib/gssapi/mech/gss_wrap.3 delete mode 100644 lib/gssapi/mech/gss_wrap_size_limit.3 delete mode 100644 lib/gssapi/mech/gssapi.3 create mode 100644 lib/gssapi/mech/mech_locl.h diff --git a/lib/gssapi/mech/gss_accept_sec_context.3 b/lib/gssapi/mech/gss_accept_sec_context.3 deleted file mode 100644 index 692f02bdf..000000000 --- a/lib/gssapi/mech/gss_accept_sec_context.3 +++ /dev/null @@ -1,484 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_accept_sec_context.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_ACCEPT_SEC_CONTEXT 3 PRM -.Sh NAME -.Nm gss_accept_sec_context -.Nd Accept a security context initiated by a peer application -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_accept_sec_context -.Fa "OM_uint32 *minor_status -.Fa "gss_ctx_id_t *context_handle" -.Fa "const gss_cred_id_t acceptor_cred_handle" -.Fa "const gss_buffer_t input_token_buffer" -.Fa "const gss_channel_bindings_t input_chan_bindings" -.Fa "const gss_name_t *src_name" -.Fa "gss_OID *mech_type" -.Fa "gss_buffer_t output_token" -.Fa "OM_uint32 *ret_flags" -.Fa "OM_uint32 *time_rec" -.Fa "gss_cred_id_t *delegated_cred_handle" -.Fc -.Sh DESCRIPTION -Allows a remotely initiated security context between the application -and a remote peer to be established. The routine may return a -.Fa output_token -which should be transferred to the peer application, -where the peer application will present it to -.Xr gss_init_sec_context 3 . -If no token need be sent, -.Fn gss_accept_sec_context -will indicate this -by setting the length field of the -.Fa output_token -argument to zero. -To complete the context establishment, one or more reply tokens may be -required from the peer application; if so, -.Fn gss_accept_sec_context -will return a status flag of -.Dv GSS_S_CONTINUE_NEEDED , in which case it -should be called again when the reply token is received from the peer -application, passing the token to -.Fn gss_accept_sec_context -via the -.Fa input_token -parameters. -.Pp -Portable applications should be constructed to use the token length -and return status to determine whether a token needs to be sent or -waited for. Thus a typical portable caller should always invoke -.Fn gss_accept_sec_context -within a loop: -.Bd -literal -gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; - -do { - receive_token_from_peer(input_token); - maj_stat = gss_accept_sec_context(&min_stat, - &context_hdl, - cred_hdl, - input_token, - input_bindings, - &client_name, - &mech_type, - output_token, - &ret_flags, - &time_rec, - &deleg_cred); - if (GSS_ERROR(maj_stat)) { - report_error(maj_stat, min_stat); - }; - if (output_token->length != 0) { - send_token_to_peer(output_token); - - gss_release_buffer(&min_stat, output_token); - }; - if (GSS_ERROR(maj_stat)) { - if (context_hdl != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, - &context_hdl, - GSS_C_NO_BUFFER); - break; - }; -} while (maj_stat & GSS_S_CONTINUE_NEEDED); -.Ed -.Pp -Whenever the routine returns a major status that includes the value -.Dv GSS_S_CONTINUE_NEEDED , the context is not fully established and the -following restrictions apply to the output parameters: -.Pp -The value returned via the -.Fa time_rec -parameter is undefined Unless the -accompanying -.Fa ret_flags -parameter contains the bit -.Dv GSS_C_PROT_READY_FLAG , indicating that per-message services may be -applied in advance of a successful completion status, the value -returned via the -.Fa mech_type -parameter may be undefined until the -routine returns a major status value of -.Dv GSS_S_COMPLETE . -.Pp -The values of the -.Dv GSS_C_DELEG_FLAG , -.Dv GSS_C_MUTUAL_FLAG , -.Dv GSS_C_REPLAY_FLAG , -.Dv GSS_C_SEQUENCE_FLAG , -.Dv GSS_C_CONF_FLAG , -.Dv GSS_C_INTEG_FLAG -and -.Dv GSS_C_ANON_FLAG bits returned -via the -.Fa ret_flags -parameter should contain the values that the -implementation expects would be valid if context establishment were -to succeed. -.Pp -The values of the -.Dv GSS_C_PROT_READY_FLAG -and -.Dv GSS_C_TRANS_FLAG bits -within -.Fa ret_flags -should indicate the actual state at the time -.Fn gss_accept_sec_context -returns, whether or not the context is fully established. -.Pp -Although this requires that GSS-API implementations set the -.Dv GSS_C_PROT_READY_FLAG -in the final -.Fa ret_flags -returned to a caller -(i.e. when accompanied by a -.Dv GSS_S_COMPLETE -status code), applications -should not rely on this behavior as the flag was not defined in -Version 1 of the GSS-API. Instead, applications should be prepared to -use per-message services after a successful context establishment, -according to the -.Dv GSS_C_INTEG_FLAG -and -.Dv GSS_C_CONF_FLAG values. -.Pp -All other bits within the -.Fa ret_flags -argument should be set to zero. -While the routine returns -.Dv GSS_S_CONTINUE_NEEDED , the values returned -via the -.Fa ret_flags -argument indicate the services that the -implementation expects to be available from the established context. -.Pp -If the initial call of -.Fn gss_accept_sec_context -fails, the -implementation should not create a context object, and should leave -the value of the context_handle parameter set to -.Dv GSS_C_NO_CONTEXT to -indicate this. In the event of a failure on a subsequent call, the -implementation is permitted to delete the "half-built" security -context (in which case it should set the -.Fa context_handle -parameter to -.Dv GSS_C_NO_CONTEXT ), but the preferred behavior is to leave the -security context (and the context_handle parameter) untouched for the -application to delete (using -.Xr gss_delete_sec_context 3 ). -.Pp -During context establishment, the informational status bits -.Dv GSS_S_OLD_TOKEN -and -.Dv GSS_S_DUPLICATE_TOKEN -indicate fatal errors, and -GSS-API mechanisms should always return them in association with a -routine error of -.Dv GSS_S_FAILURE . This requirement for pairing did not -exist in version 1 of the GSS-API specification, so applications that -wish to run over version 1 implementations must special-case these -codes. -.Sh PARAMETERS -.Bl -tag -.It context_handle -Context handle for new context. -Supply -.Dv GSS_C_NO_CONTEXT for first -call; use value returned in subsequent calls. -Once -.Fn gss_accept_sec_context -has returned a -value via this parameter, resources have been -assigned to the corresponding context, and must -be freed by the application after use with a -call to -.Xr gss_delete_sec_context 3 . -.It acceptor_cred_handle -Credential handle claimed by context acceptor. -Specify -.Dv GSS_C_NO_CREDENTIAL to accept the context as a -default principal. -If -.Dv GSS_C_NO_CREDENTIAL is -specified, but no default acceptor principal is -defined, -.Dv GSS_S_NO_CRED will be returned. -.It input_token_buffer -Token obtained from remote application. -.It input_chan_bindings -Application-specified bindings. -Allows application to securely bind channel identification information -to the security context. -If channel bindings are not used, specify -.Dv GSS_C_NO_CHANNEL_BINDINGS . -.It src_name -Authenticated name of context initiator. -After use, this name should be deallocated by passing it to -.Xr gss_release_name 3 . -If not required, specify -.Dv NULL . -.It mech_type -Security mechanism used. -The returned OID value will be a pointer into static storage, -and should be treated as read-only by the caller -(in particular, it does not need to be freed). -If not required, specify -.Dv NULL . -.It output_token -Token to be passed to peer application. -If the length field of the returned token buffer is 0, -then no token need be passed to the peer application. -If a non-zero length field is returned, -the associated storage must be freed after use by the -application with a call to -.Xr gss_release_buffer 3 . -.It ret_flags -Contains various independent flags, -each of which indicates that the context supports a specific service option. -If not needed, specify -.Dv NULL . -Symbolic names are provided for each flag, -and the symbolic names corresponding to the required flags should be -logically-ANDed with the -.Fa ret_flags -value to test whether a given option is supported by the context. -The flags are: -.Bl -tag -width "WW" -.It GSS_C_DELEG_FLAG -.Bl -tag -width "False" -.It True -Delegated credentials are available via the delegated_cred_handle parameter -.It False -No credentials were delegated -.El -.It GSS_C_MUTUAL_FLAG -.Bl -tag -width "False" -.It True -Remote peer asked for mutual authentication -.It False -Remote peer did not ask for mutual authentication -.El -.It GSS_C_REPLAY_FLAG -.Bl -tag -width "False" -.It True -Replay of protected messages will be detected -.It False -Replayed messages will not be detected -.El -.It GSS_C_SEQUENCE_FLAG -.Bl -tag -width "False" -.It True -Out-of-sequence protected messages will be detected -.It False -Out-of-sequence messages will not be detected -.El -.It GSS_C_CONF_FLAG -.Bl -tag -width "False" -.It True -Confidentiality service may be invoked by calling the -.Xr gss_wrap 3 -routine -.It False -No confidentiality service (via -.Xr gss_wrap 3 ) -available. -.Xr gss_wrap 3 -will provide message encapsulation, -data-origin authentication and integrity services only. -.El -.It GSS_C_INTEG_FLAG -.Bl -tag -width "False" -.It True -Integrity service may be invoked by calling either -.Xr gss_get_mic 3 -or -.Xr gss_wrap 3 -routines. -.It False -Per-message integrity service unavailable. -.El -.It GSS_C_ANON_FLAG -.Bl -tag -width "False" -.It True -The initiator does not wish to be authenticated; the -.Fa src_name -parameter (if requested) contains an anonymous internal name. -.It False -The initiator has been authenticated normally. -.El -.It GSS_C_PROT_READY_FLAG -.Bl -tag -width "False" -.It True -Protection services (as specified by the states of the -.Dv GSS_C_CONF_FLAG -and -.Dv GSS_C_INTEG_FLAG ) -are available if the accompanying major status return value is either -.Dv GSS_S_COMPLETE -or -.Dv GSS_S_CONTINUE_NEEDED. -.It False -Protection services (as specified by the states of the -.Dv GSS_C_CONF_FLAG -and -.Dv GSS_C_INTEG_FLAG ) -are available only if the accompanying major status return value is -.Dv GSS_S_COMPLETE . -.El -.It GSS_C_TRANS_FLAG -.Bl -tag -width "False" -.It True -The resultant security context may be transferred to other processes -via a call to -.Xr gss_export_sec_context 3 . -.It False -The security context is not transferable. -.El -.El -.Pp -All other bits should be set to zero. -.It time_rec -Number of seconds for which the context will remain valid. -Specify -.Dv NULL -if not required. -.It delegated_cred_handle -Credential -handle for credentials received from context initiator. -Only valid if -.Dv GSS_C_DELEG_FLAG -in -.Fa ret_flags -is true, -in which case an explicit credential handle -(i.e. not -.Dv GSS_C_NO_CREDENTIAL ) -will be returned; if false, -.Fn gss_accept_context -will set this parameter to -.Dv GSS_C_NO_CREDENTIAL . -If a credential handle is returned, -the associated resources must be released by the application after use -with a call to -.Xr gss_release_cred 3 . -Specify -.Dv NULL if not required. -.It minor_status -Mechanism specific status code. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_CONTINUE_NEEDED -Indicates that a token from the peer application is required to -complete the context, -and that gss_accept_sec_context must be called again with that token. -.It GSS_S_DEFECTIVE_TOKEN -Indicates that consistency checks performed on the input_token failed. -.It GSS_S_DEFECTIVE_CREDENTIAL -Indicates that consistency checks performed on the credential failed. -.It GSS_S_NO_CRED -The supplied credentials were not valid for context acceptance, -or the credential handle did not reference any credentials. -.It GSS_S_CREDENTIALS_EXPIRED -The referenced credentials have expired. -.It GSS_S_BAD_BINDINGS -The input_token contains different channel bindings to those specified via the -input_chan_bindings parameter. -.It GSS_S_NO_CONTEXT -Indicates that the supplied context handle did not refer to a valid context. -.It GSS_S_BAD_SIG -The input_token contains an invalid MIC. -.It GSS_S_OLD_TOKEN -The input_token was too old. -This is a fatal error during context establishment. -.It GSS_S_DUPLICATE_TOKEN -The input_token is valid, -but is a duplicate of a token already processed. -This is a fatal error during context establishment. -.It GSS_S_BAD_MECH -The received token specified a mechanism that is not supported by -the implementation or the provided credential. -.El -.Sh SEE ALSO -.Xr gss_delete_sec_context 3 , -.Xr gss_export_sec_context 3 , -.Xr gss_get_mic 3 , -.Xr gss_init_sec_context 3 , -.Xr gss_release_buffer 3 , -.Xr gss_release_cred 3 , -.Xr gss_release_name 3 , -.Xr gss_wrap 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.El -.\" .Sh HISTORY -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_acquire_cred.3 b/lib/gssapi/mech/gss_acquire_cred.3 deleted file mode 100644 index 345df5d5a..000000000 --- a/lib/gssapi/mech/gss_acquire_cred.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_acquire_cred.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_ACQUIRE_CRED 3 PRM -.Sh NAME -.Nm gss_acquire_cred -.Nd Obtain a GSS-API credential handle for pre-existing credentials -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_acquire_cred -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t desired_name" -.Fa "OM_uint32 time_req" -.Fa "const gss_OID_set desired_mechs" -.Fa "gss_cred_usage_t cred_usage" -.Fa "gss_cred_id_t *output_cred_handle" -.Fa "gss_OID_set *actual_mechs" -.Fa "OM_uint32 *time_rec" -.Fc -.Sh DESCRIPTION -Allows an application to acquire a handle for a pre-existing -credential by name. -GSS-API implementations must impose a local -access-control policy on callers of this routine to prevent -unauthorized callers from acquiring credentials to which they are not -entitled. -This routine is not intended to provide a "login to the -network" function, as such a function would involve the creation of -new credentials rather than merely acquiring a handle to existing -credentials. -Such functions, if required, should be defined in -implementation-specific extensions to the API. -.Pp -If desired_name is -.Dv GSS_C_NO_NAME , -the call is interpreted as a -request for a credential handle that will invoke default behavior -when passed to -.Fn gss_init_sec_context -(if cred_usage is -.Dv GSS_C_INITIATE -or -.Dv GSS_C_BOTH ) -or -.Fn gss_accept_sec_context -(if cred_usage is -.Dv GSS_C_ACCEPT -or -.Dv GSS_C_BOTH ). -.Pp -Mechanisms should honor the -.Fa desired_mechs -parameter, -and return a credential that is suitable to use only with the -requested mechanisms. -An exception to this is the case where one underlying credential -element can be shared by multiple mechanisms; -in this case it is permissible for an implementation to indicate all -mechanisms with which the credential element may be used. -If -.Fa desired_mechs -is an empty set, behavior is undefined. -.Pp -This routine is expected to be used primarily by context acceptors, -since implementations are likely to provide mechanism-specific ways -of obtaining GSS-API initiator credentials from the system login -process. -Some implementations may therefore not support the acquisition of -.Dv GSS_C_INITIATE -or -.Dv GSS_C_BOTH -credentials via -.Fn gss_acquire_cred -for any name other than -.Dv GSS_C_NO_NAME , -or a name produced by applying either -.Fn gss_inquire_cred -to a valid credential, or -.Fn gss_inquire_context -to an active context. -.Pp -If credential acquisition is time-consuming for a mechanism, -the mechanism may choose to delay the actual acquisition until the -credential is required -(e.g. by -.Fn gss_init_sec_context -or -.Fn gss_accept_sec_context ). -Such mechanism-specific implementation -decisions should be invisible to the calling application; -thus a call of -.Fn gss_inquire_cred -immediately following the call of -.Fn gss_acquire_cred -must return valid credential data, -and may therefore incur the overhead of a deferred credential acquisition. -.Sh PARAMETERS -.Bl -tag -.It desired_name -Name of principal whose credential should be acquired. -.It time_req -Number of seconds that credentials should remain valid. -Specify -.Dv GSS_C_INDEFINITE -to request that the credentials have the maximum -permitted lifetime. -.It desired_mechs -Set of underlying security mechanisms that may be used. -.Dv GSS_C_NO_OID_SET -may be used to obtain an implementation-specific default. -.It cred_usage -.Bl -tag -width "GSS_C_INITIATE" -.It GSS_C_BOTH -Credentials may be used either to initiate or accept security -contexts. -.It GSS_C_INITIATE -Credentials will only be used to initiate security contexts. -.It GSS_C_ACCEPT -Credentials will only be used to accept security contexts. -.El -.It output_cred_handle -The returned credential handle. -Resources -associated with this credential handle must be released by -the application after use with a call to -.Fn gss_release_cred . -.It actual_mechs -The set of mechanisms for which the credential is valid. -Storage associated with the returned OID-set must be released by the -application after use with a call to -.Fn gss_release_oid_set . -Specify -.Dv NULL if not required. -.It time_rec -Actual number of seconds for which the returned credentials will -remain valid. -If the implementation does not support expiration of credentials, -the value -.Dv GSS_C_INDEFINITE -will be returned. -Specify NULL if not required. -.It minor_status -Mechanism specific status code. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion. -.It GSS_S_BAD_MECH -Unavailable mechanism requested. -.It GSS_S_BAD_NAMETYPE -Type contained within desired_name parameter is not supported. -.It GSS_S_BAD_NAME -Value supplied for desired_name parameter is ill formed. -.It GSS_S_CREDENTIALS_EXPIRED -The credentials could not be acquired Because they have expired. -.It GSS_S_NO_CRED -No credentials were found for the specified name. -.El -.Sh SEE ALSO -.Xr gss_init_sec_context 3 , -.Xr gss_accept_sec_context 3 , -.Xr gss_inquire_cred 3 , -.Xr gss_inquire_context 3 , -.Xr gss_release_cred 3 , -.Xr gss_release_oid_set 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_add_cred.3 b/lib/gssapi/mech/gss_add_cred.3 deleted file mode 100644 index 1c67f3326..000000000 --- a/lib/gssapi/mech/gss_add_cred.3 +++ /dev/null @@ -1,338 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_add_cred.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_ADD_CRED 3 PRM -.Sh NAME -.Nm gss_add_cred -.Nd Construct credentials incrementally -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_add_cred -.Fa "OM_uint32 *minor_status" -.Fa "const gss_cred_id_t input_cred_handle" -.Fa "const gss_name_t desired_name" -.Fa "const gss_OID desired_mech" -.Fa "gss_cred_usage_t cred_usage" -.Fa "OM_uint32 initiator_time_req" -.Fa "OM_uint32 acceptor_time_req" -.Fa "gss_cred_id_t *output_cred_handle" -.Fa "gss_OID_set *actual_mechs" -.Fa "OM_uint32 *initiator_time_rec" -.Fa "OM_uint32 *acceptor_time_rec" -.Fc -.Sh DESCRIPTION -Adds a credential-element to a credential. -The credential-element is identified by the name of the principal to -which it refers. -GSS-API implementations must impose a local access-control policy on -callers of this routine to prevent unauthorized callers from acquiring -credential-elements to which they are not entitled. -This routine is not intended to provide a "login to the network" -function, -as such a function would involve the creation of new -mechanism-specific authentication data, -rather than merely acquiring a GSS-API handle to existing data. -Such functions, -if required, -should be defined in implementation-specific extensions to the API. -.Pp -If -.Fa desired_name -is -.Dv GSS_C_NO_NAME , -the call is interpreted as a request to add a credential element that -will invoke default behavior when passed to -.Fn gss_init_sec_context -(if cred_usage is -.Dv GSS_C_INITIATE -or -.Dv GSS_C_BOTH ) -or -.Fn gss_accept_sec_context -(if -.Fa cred_usage -is -.Dv GSS_C_ACCEPT -or -.Dv GSS_C_BOTH ). -.PP -This routine is expected to be used primarily by context acceptors, -since implementations are likely to provide mechanism-specific ways of -obtaining GSS-API initiator credentials from the system login process. -Some implementations may therefore not support the acquisition of -.Dv GSS_C_INITIATE -or -.Dv GSS_C_BOTH -credentials via -.Fn gss_acquire_cred -for any name other than -.Dv GSS_C_NO_NAME , -or a name produced by applying either -.Fn gss_inquire_cred -to a valid credential, -or -.Fn gss_inquire_context -to an active context. -.Pp -If credential acquisition is time-consuming for a mechanism, -the mechanism may choose to delay the actual acquisition until the -credential is required (e.g. by -.Fn gss_init_sec_context -or -.Fn gss_accept_sec_context ). -Such mechanism-specific implementation decisions should be invisible -to the calling application; -thus a call of -.Fn gss_inquire_cred -immediately following the call of -.Fn gss_add_cred -must return valid credential data, -and may therefore incur the overhead of a deferred credential acquisition. -.Pp -This routine can be used to either compose a new credential containing -all credential-elements of the original in addition to the -newly-acquire credential-element, -or to add the new credential-element to an existing credential. -If -.Dv NULL -is specified for the -.Fa output_cred_handle -parameter argument, -the new credential-element will be added to the credential identified -by -.Fa input_cred_handle ; -if a valid pointer is specified for the -.Fa output_cred_handle -parameter, -a new credential handle will be created. -.Pp -If -.Dv GSS_C_NO_CREDENTIAL -is specified as the -.Fa input_cred_handle , -.Fn gss_add_cred -will compose a credential (and set the -.Fa output_cred_handle -parameter accordingly) based on default behavior. -That is, the call will have the same effect as if the application had -first made a call to -.Fn gss_acquire_cred , -specifying the same usage and passing -.Dv GSS_C_NO_NAME -as the -.Fa desired_name -parameter to obtain an explicit credential handle embodying default -behavior, -passed this credential handle to -.Fn gss_add_cred , -and finally called -.Fn gss_release_cred -on the first credential handle. -.Pp -If -.Dv GSS_C_NO_CREDENTIAL -is specified as the -.Fa input_cred_handle -parameter, -a non- -.Dv NULL -.Fa output_cred_handle -must be supplied. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It input_cred_handle -The credential to which a credential-element will be added. -If -.Dv GSS_C_NO_CREDENTIAL -is specified, the routine will compose the new credential based on -default behavior (see description above). -Note that, while the credential-handle is not modified by -.Fn gss_add_cred , -the underlying credential will be modified if -.Fa output_credential_handle -is -.Dv NULL . -.It desired_name -Name of principal whose credential should be acquired. -.It desired_mech -Underlying security mechanism with which the credential may be used. -.It cred_usage -.Bl -tag -width "GSS_C_INITIATE" -.It GSS_C_BOTH -Credential may be used either to initiate or accept security -contexts. -.It GSS_C_INITIATE -Credential will only be used to initiate security contexts. -.It GSS_C_ACCEPT -Credential will only be used to accept security contexts. -.El -.It initiator_time_req -Number of seconds that the credential should remain valid for -initiating security contexts. -This argument is ignored if the composed credentials are of type -.Dv GSS_C_ACCEPT . -Specify -.Dv GSS_C_INDEFINITE -to request that the credentials have the maximum permitted initiator lifetime. -.It acceptor_time_req -Number of seconds that the credential should remain valid for -accepting security contexts. -This argument is ignored if the composed credentials are of type -.Dv GSS_C_INITIATE . -Specify -.Dv GSS_C_INDEFINITE -to request that the credentials have the maximum permitted initiator lifetime. -.It output_cred_handle -The returned credential handle, -containing -the new credential-element and all the credential-elements from -.Fa input_cred_handle . -If a valid pointer to a -.Fa gss_cred_id_t -is supplied for this parameter, -.Fn gss_add_cred -creates a new credential handle containing all credential-elements -from the -.Fa input_cred_handle -and the newly acquired credential-element; -if -.Dv NULL -is specified for this parameter, -the newly acquired credential-element will be added to the credential -identified by -.Fa input_cred_handle . -.Pp -The resources associated with any credential handle returned via this -parameter must be released by the application after use with a call to -.Fn gss_release_cred . -.It actual_mechs -The complete set of mechanisms for which the new credential is valid. -Storage for the returned OID-set must be freed by the application -after use with a call to -.Fn gss_release_oid_set . -Specify -.Dv NULL if not required. -.It initiator_time_rec -Actual number of seconds for which the returned credentials will -remain valid for initiating contexts using the specified mechanism. -If the implementation or mechanism does not support expiration of -credentials, -the value -.Dv GSS_C_INDEFINITE -will be returned. -Specify -.Dv NULL -if not required. -.It acceptor_time_rec -Actual number of seconds for which the returned credentials will -remain valid for accepting security contexts using the specified -mechanism. -If the implementation or mechanism does not support expiration of -credentials, -the value -.Dv GSS_C_INDEFINITE -will be returned. -Specify -.Dv NULL -if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion. -.It GSS_S_BAD_MECH -Unavailable mechanism requested. -.It GSS_S_BAD_NAMETYPE -Type contained within desired_name parameter is not supported -.It GSS_S_BAD_NAME -Value supplied for desired_name parameter is ill-formed. -.It GSS_S_DUPLICATE_ELEMENT -The credential already contains an element for the requested mechanism -with overlapping usage and validity period. -.It GSS_S_CREDENTIALS_EXPIRED -The required credentials could not be added because they have expired. -.It GSS_S_NO_CRED -No credentials were found for the specified name. -.El -.Sh SEE ALSO -.Xr gss_init_sec_context 3 , -.Xr gss_accept_sec_context 3 , -.Xr gss_acquire_cred 3 , -.Xr gss_inquire_cred 3 , -.Xr gss_inquire_context 3 , -.Xr gss_release_cred 3 , -.Xr gss_release_oid_set 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_add_oid_set_member.3 b/lib/gssapi/mech/gss_add_oid_set_member.3 deleted file mode 100644 index 6f78aa502..000000000 --- a/lib/gssapi/mech/gss_add_oid_set_member.3 +++ /dev/null @@ -1,130 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_add_oid_set_member.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_ADD_OID_SET_MEMBER 3 PRM -.Sh NAME -.Nm gss_add_oid_set_member -.Nd Add an object identifier to a set -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_add_oid_set_member -.Fa "OM_uint32 *minor_status" -.Fa "const gss_OID member_oid" -.Fa "gss_OID_set *oid_set" -.Fc -.Sh DESCRIPTION -Add an Object Identifier to an Object Identifier set. -This routine is intended for use in conjunction with -.Fn gss_create_empty_oid_set -when constructing a set of mechanism OIDs for input to -.Fn gss_acquire_cred . -The -.Fa oid_set -parameter must refer to an OID-set that was created by GSS-API -(e.g. a set returned by -.Fn gss_create_empty_oid_set ). -GSS-API creates a copy of the -.Fa member_oid -and inserts this copy into the set, -expanding the storage allocated to the OID-set's elements array if -necessary. -The routine may add the new member OID anywhere within the elements -array, -and implementations should verify that the new -.Fa member_oid -is not already contained within the elements array; -if the -.Fa member_oid -is already present, -the -.Fa oid_set -should remain unchanged. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It member_oid -The object identifier to copied into the set. -.It oid_set -The set in which the object identifier should be inserted. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh SEE ALSO -.Xr gss_create_empty_oid_set 3 , -.Xr gss_acquire_cred 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_buffer_set.c b/lib/gssapi/mech/gss_buffer_set.c new file mode 100644 index 000000000..82f7ea61f --- /dev/null +++ b/lib/gssapi/mech/gss_buffer_set.c @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +OM_uint32 +gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + + set = (gss_buffer_set_desc *) malloc(sizeof(*set)); + if (set == GSS_C_NO_BUFFER_SET) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + set->count = 0; + set->elements = NULL; + + *buffer_set = set; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + gss_buffer_t p; + OM_uint32 ret; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) { + ret = gss_create_empty_buffer_set(minor_status, + buffer_set); + if (ret) { + return ret; + } + } + + set = *buffer_set; + set->elements = realloc(set->elements, + (set->count + 1) * sizeof(set->elements[0])); + if (set->elements == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = &set->elements[set->count]; + + p->value = malloc(member_buffer->length); + if (p->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(p->value, member_buffer->value, member_buffer->length); + p->length = member_buffer->length; + + set->count++; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + int i; + OM_uint32 minor; + + *minor_status = 0; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) { + return GSS_S_COMPLETE; + } + + for (i = 0; i < (*buffer_set)->count; i++) { + gss_release_buffer(&minor, &((*buffer_set)->elements[i])); + } + + (*buffer_set)->elements = NULL; + (*buffer_set)->count = 0; + + free(*buffer_set); + *buffer_set = GSS_C_NO_BUFFER_SET; + + return GSS_S_COMPLETE; +} + diff --git a/lib/gssapi/mech/gss_canonicalize_name.3 b/lib/gssapi/mech/gss_canonicalize_name.3 deleted file mode 100644 index afcf49c61..000000000 --- a/lib/gssapi/mech/gss_canonicalize_name.3 +++ /dev/null @@ -1,137 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_canonicalize_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_CANONICALIZE_NAME 3 PRM -.Sh NAME -.Nm gss_canonicalize_name -.Nd Convert an internal name to an MN -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_canonicalize_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t input_name" -.Fa "const gss_OID mech_type" -.Fa "gss_name_t *output_name" -.Fc -.Sh DESCRIPTION -Generate a canonical mechanism name (MN) from an arbitrary internal -name. -The mechanism name is the name that would be returned to a context -acceptor on successful authentication of a context where the initiator -used the -.Fa input_name -in a successful call to -.Fn gss_acquire_cred , -specifying an OID set containing -.Fa mech_type -as its only member, -followed by a call to -.Fn gss_init_sec_context , -specifying -.Fa mech_type -as the authentication mechanism. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It input_name -The name for which a canonical form is desired. -.It mech_type -The authentication mechanism for which the canonical form of the name -is desired. -The desired mechanism must be specified explicitly; - no default is provided. -.It output_name -The resultant canonical name. -Storage associated with this name must be freed by the application -after use with a call to -.Fn gss_release_name . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion. -.It GSS_S_BAD_MECH -The identified mechanism is not supported. -.It GSS_S_BAD_NAMETYPE -The provided internal name contains no elements that could be -processed by the specified mechanism. -.It GSS_S_BAD_NAME -The provided internal name was ill-formed. -.El -.Sh SEE ALSO -.Xr gss_acquire_cred 3 , -.Xr gss_init_sec_context 3 , -.Xr gss_release_name 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_compare_name.3 b/lib/gssapi/mech/gss_compare_name.3 deleted file mode 100644 index b39a7792f..000000000 --- a/lib/gssapi/mech/gss_compare_name.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_compare_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_COMPARE_NAME PRM -.Sh NAME -.Nm gss_compare_name -.Nd Compare two internal-form names -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_compare_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t name1" -.Fa "const gss_name_t name2" -.Fa "int *name_equal" -.Fc -.Sh DESCRIPTION -Allows an application to compare two internal-form names to determine -whether they refer to the same entity. -.Pp -If either name presented to -.Fn gss_compare_name -denotes an anonymous principal, -the routines should indicate that the two names do not refer to the -same identity. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It name1 -Internal-form name. -.It name2 -Internal-form name. -.It name_equal -.Bl -tag -.It non-zero -Names refer to same entity -.It zero -Names refer to different entities (strictly, the names are not known -to refer to the same identity). -.El -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_NAMETYPE -The two names were of incomparable types. -.It GSS_S_BAD_NAME -One or both of name1 or name2 was ill-formed. -.El -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_context_time.3 b/lib/gssapi/mech/gss_context_time.3 deleted file mode 100644 index 70bb37cd2..000000000 --- a/lib/gssapi/mech/gss_context_time.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_context_time.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_CONTEXT_TIME 3 PRM -.Sh NAME -.Nm gss_context_time -.Nd Determine for how long a context will remain valid -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_context_time -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "OM_uint32 *time_rec" -.Fc -.Sh DESCRIPTION -Determines the number of seconds for which the specified context will -remain valid. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Identifies the context to be interrogated. -.It time_rec -Number of seconds that the context will remain valid. -If the context has already expired, zero will be returned. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_CONTEXT_EXPIRED -The context has already expired -.It GSS_S_NO_CONTEXT -The context_handle parameter did not identify a valid context -.El -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_create_empty_oid_set.3 b/lib/gssapi/mech/gss_create_empty_oid_set.3 deleted file mode 100644 index 87f2bbda3..000000000 --- a/lib/gssapi/mech/gss_create_empty_oid_set.3 +++ /dev/null @@ -1,112 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_create_empty_oid_set.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_CREATE_EMPTY_OID_SET 3 PRM -.Sh NAME -.Nm gss_create_empty_oid_set -.Nd Create a set containing no object identifiers -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_create_empty_oid_set -.Fa "OM_uint32 *minor_status" -.Fa "gss_OID_set *oid_set" -.Fc -.Sh DESCRIPTION -Create an object-identifier set containing no object identifiers, -to which members may be subsequently added using the -.Fn gss_add_oid_set_member -routine. -These routines are intended to be used to construct sets of mechanism -object identifiers for input to -.Fn gss_acquire_cred . -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It oid_set - -The empty object identifier set. -The routine will allocate the gss_OID_set_desc object, -which the application must free after use with a call to -.Fn gss_release_oid_set . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh SEE ALSO -.Xr gss_add_oid_set_member 3 , -.Xr gss_acquire_cred 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_decapsulate_token.c b/lib/gssapi/mech/gss_decapsulate_token.c new file mode 100644 index 000000000..4f0d63780 --- /dev/null +++ b/lib/gssapi/mech/gss_decapsulate_token.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +OM_uint32 +gss_decapsulate_token(gss_buffer_t input_token, + gss_OID oid, + gss_buffer_t output_token) +{ + GSSAPIContextToken ct; + heim_oid o; + OM_uint32 status; + int ret; + size_t size; + + output_token->length = 0; + output_token->value = NULL; + + ret = der_get_oid (oid->elements, oid->length, &o, &size); + if (ret) + return GSS_S_FAILURE; + + ret = decode_GSSAPIContextToken(input_token->value, input_token->length, + &ct, NULL); + if (ret) { + free_oid(&o); + return GSS_S_FAILURE; + } + + if (heim_oid_cmp(&ct.thisMech, &o) == 0) { + status = GSS_S_COMPLETE; + output_token->value = ct.innerContextToken.data; + output_token->length = ct.innerContextToken.length; + free_oid(&ct.thisMech); + } else { + free_GSSAPIContextToken(&ct); + status = GSS_S_FAILURE; + } + free_oid(&o); + + return status; +} diff --git a/lib/gssapi/mech/gss_delete_sec_context.3 b/lib/gssapi/mech/gss_delete_sec_context.3 deleted file mode 100644 index ba89b46ba..000000000 --- a/lib/gssapi/mech/gss_delete_sec_context.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_delete_sec_context.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_DELETE_SEC_CONTEXT 3 PRM -.Sh NAME -.Nm gss_delete_sec_context -.Nd Discard a security context -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_delete_sec_context -.Fa "OM_uint32 *minor_status" -.Fa "gss_ctx_id_t *context_handle" -.Fa "gss_buffer_t output_token" -.Fc -.Sh DESCRIPTION -Delete a security context. -.Fn gss_delete_sec_context -will delete the local data structures associated with the specified -security context, -and may generate an output_token, -which when passed to the peer -.Fn gss_process_context_token -will instruct it to do likewise. -If no token is required by the mechanism, -the GSS-API should set the length field of the output_token (if -provided) to zero. -No further security services may be obtained using the context -specified by -.Fa context_handle . -.Pp -In addition to deleting established security contexts, -.Fn gss_delete_sec_context -must also be able to delete "half-built" security contexts resulting -from an incomplete sequence of -.Fn gss_init_sec_context -/ -.Fn gss_accept_sec_context -calls. -.Pp -The -.Fa output_token -parameter is retained for compatibility with version 1 of the GSS-API. -It is recommended that both peer applications invoke -.Fn gss_delete_sec_context -passing the value -.Dv GSS_C_NO_BUFFER -for the -.Fa output_token -parameter, -indicating that no token is required, -and that -.Fn gss_delete_sec_context -should simply delete local context data structures. -If the application does pass a valid buffer to -.Fn gss_delete_sec_context , -mechanisms are encouraged to return a zero-length token, -indicating that no peer action is necessary, -and that no token should be transferred by the application. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Context handle identifying context to delete. -After deleting the context, -the GSS-API will set this context handle to -.Dv GSS_C_NO_CONTEXT . -.It output_token -Token to be sent to remote application to instruct it to also delete -the context. -It is recommended that applications specify -.Dv GSS_C_NO_BUFFER -for this parameter, -requesting local deletion only. -If a buffer parameter is provided by the application, -the mechanism may return a token in it; -mechanisms that implement only local deletion should set the length -field of this token to zero to indicate to the application that no -token is to be sent to the peer. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NO_CONTEXT -No valid context was supplied -.El -.Sh SEE ALSO -.Xr gss_process_context_token 3 , -.Xr gss_init_sec_context 3 , -.Xr gss_accept_sec_context 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_display_name.3 b/lib/gssapi/mech/gss_display_name.3 deleted file mode 100644 index e0e2ae205..000000000 --- a/lib/gssapi/mech/gss_display_name.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_display_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_DISPLAY_NAME 3 PRM -.Sh NAME -.Nm gss_display_name -.Nd Convert internal-form name to text -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_display_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t input_name" -.Fa "gss_buffer_t output_name_buffer" -.Fa "gss_OID *output_name_type" -.Fc -.Sh DESCRIPTION -Allows an application to obtain a textual representation of an opaque -internal-form name for display purposes. -The syntax of a printable name is defined by the GSS-API implementation. -.Pp -If -.Fa input_name -denotes an anonymous principal, -the implementation should return the -.Fa gss_OID -value -.Dv GSS_C_NT_ANONYMOUS -as the -.Fa output_name_type , -and a textual name that is syntactically distinct from all valid -supported printable names in -.Fa output_name_buffer . -.Pp -If -.Fa input_name -was created by a call to -.Fn gss_import_name , -specifying -.Dv GSS_C_NO_OID -as the name-type, -implementations that employ lazy conversion between name types may -return -.Dv GSS_C_NO_OID -via the -.Fa output_name_type -parameter. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It input_name -Name to be displayed. -.It output_name_buffer -Buffer to receive textual name string. -The application must free storage associated with this name after use -with a call to -.Fn gss_release_buffer . -.It output_name_type -The type of the returned name. -The returned -.Fa gss_OID -will be a pointer into static storage, -and should be treated as read-only by the caller -(in particular, the application should not attempt to free it). -Specify -.Dv NULL -if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_NAME -.Fa input_name -was ill-formed -.El -.Sh SEE ALSO -.Xr gss_import_name 3 , -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_display_status.3 b/lib/gssapi/mech/gss_display_status.3 deleted file mode 100644 index ef10742e2..000000000 --- a/lib/gssapi/mech/gss_display_status.3 +++ /dev/null @@ -1,210 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_display_status.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_DISPLAY_STATUS 3 PRM -.Sh NAME -.Nm gss_display_status -.Nd Convert a GSS-API status code to text -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_display_status -.Fa "OM_uint32 *minor_status" -.Fa "OM_uint32 status_value" -.Fa "int status_type" -.Fa "const gss_OID mech_type" -.Fa "OM_uint32 *message_context" -.Fa "gss_buffer_t status_string" -.Fc -.Sh DESCRIPTION -Allows an application to obtain a textual representation of a GSS-API -status code, -for display to the user or for logging purposes. -Since some status values may indicate multiple conditions, -applications may need to call -.Fn gss_display_status -multiple times, -each call generating a single text string. -The -.Fa message_context -parameter is used by -.Fn gss_display_status -to store state information about which error messages have already -been extracted from a given -.Fa status_value ; -.Fa message_context -must be initialized to zero by the application prior to the first call, -and -.Fn gss_display_status -will return a non-zero value in this parameter if there are further -messages to extract. -.Pp -The -.Fa message_context -parameter contains all state information required by -.Fn gss_display_status -in order to extract further messages from the -.Fa status_value ; -even when a non-zero value is returned in this parameter, -the application is not required to call -.Fn gss_display_status -again unless subsequent messages are desired. -The following code extracts all messages from a given status code and prints them to stderr: -.Bd -literal -OM_uint32 message_context; -OM_uint32 status_code; -OM_uint32 maj_status; -OM_uint32 min_status; -gss_buffer_desc status_string; - - ... - -message_context = 0; - -do { - - maj_status = gss_display_status ( - &min_status, - status_code, - GSS_C_GSS_CODE, - GSS_C_NO_OID, - &message_context, - &status_string) - - fprintf(stderr, - "%.*s\\n", - (int)status_string.length, - (char *)status_string.value); - - gss_release_buffer(&min_status, &status_string); - -} while (message_context != 0); -.Ed -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It status_value -Status value to be converted -.It status_type -.Bl -tag -.It GSS_C_GSS_CODE -.Fa status_value -is a GSS status code -.It GSS_C_MECH_CODE -.Fa status_value -is a mechanism status code -.El -.It mech_type -Underlying mechanism (used to interpret a minor status value). -Supply -.Dv GSS_C_NO_OID -to obtain the system default. -.It message_context -Should be initialized to zero by the application prior to the first -call. -On return from -.Fn gss_display_status , -a non-zero status_value parameter indicates that additional messages -may be extracted from the status code via subsequent calls to -.Fn gss_display_status , -passing the same -.Fa status_value , -.Fa status_type , -.Fa mech_type , -and -.Fa message_context -parameters. -.It status_string -Textual interpretation of the -.Fa status_value . -Storage associated with this parameter must be freed by the -application after use with a call to -.Fn gss_release_buffer . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_MECH -Indicates that translation in accordance with an unsupported mechanism -type was requested -.It GSS_S_BAD_STATUS -The status value was not recognized, or the status type was neither -.Dv GSS_C_GSS_CODE -nor -.Dv GSS_C_MECH_CODE . -.El -.Sh SEE ALSO -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_duplicate_name.3 b/lib/gssapi/mech/gss_duplicate_name.3 deleted file mode 100644 index 70deb8ff5..000000000 --- a/lib/gssapi/mech/gss_duplicate_name.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_duplicate_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_DUPLICATE_NAME 3 PRM -.Sh NAME -.Nm gss_duplicate_name -.Nd Create a copy of an internal name -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_duplicate_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t src_name" -.Fa "gss_name_t *dest_name" -.Fc -.Sh DESCRIPTION -Create an exact duplicate of the existing internal name -.Fa src_name . -The new -.Fa dest_name -will be independent of -.Fa src_name -(i.e. -.Fa src_name -and -.Fa dest_name -must both be released, -and the release of one shall not affect the validity of the other). -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It src_name -Internal name to be duplicated. -.It dest_name -The resultant copy of -.Fa src_name. -Storage associated with this name must be freed by the application -after use with a call to -.Fn gss_release_name . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_NAME -The -.Fa src_name -parameter was ill-formed -.El -.Sh SEE ALSO -.Xr gss_release_name 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_duplicate_oid.c b/lib/gssapi/mech/gss_duplicate_oid.c new file mode 100644 index 000000000..3d20a7d25 --- /dev/null +++ b/lib/gssapi/mech/gss_duplicate_oid.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +OM_uint32 gss_duplicate_oid ( + OM_uint32 *minor_status, + gss_OID src_oid, + gss_OID *dest_oid + ) +{ + *minor_status = 0; + + if (src_oid == GSS_C_NO_OID) { + *dest_oid = GSS_C_NO_OID; + return GSS_S_COMPLETE; + } + + *dest_oid = malloc(sizeof(**dest_oid)); + if (*dest_oid == GSS_C_NO_OID) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + (*dest_oid)->elements = malloc(src_oid->length); + if ((*dest_oid)->elements == NULL) { + free(*dest_oid); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy((*dest_oid)->elements, src_oid->elements, src_oid->length); + (*dest_oid)->length = src_oid->length; + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/lib/gssapi/mech/gss_encapsulate_token.c b/lib/gssapi/mech/gss_encapsulate_token.c new file mode 100644 index 000000000..e18dda115 --- /dev/null +++ b/lib/gssapi/mech/gss_encapsulate_token.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +OM_uint32 +gss_encapsulate_token(gss_buffer_t input_token, + gss_OID oid, + gss_buffer_t output_token) +{ + GSSAPIContextToken ct; + int ret; + size_t size; + + ret = der_get_oid (oid->elements, oid->length, &ct.thisMech, &size); + if (ret) { + output_token->value = NULL; + output_token->length = 0; + return GSS_S_FAILURE; + } + + ct.innerContextToken.data = input_token->value; + ct.innerContextToken.length = input_token->length; + + ASN1_MALLOC_ENCODE(GSSAPIContextToken, + output_token->value, output_token->length, + &ct, &size, ret); + free_oid(&ct.thisMech); + if (ret) { + output_token->length = 0; + output_token->value = NULL; + return GSS_S_FAILURE; + } + if (output_token->length != size) + abort(); + + return GSS_S_COMPLETE; +} diff --git a/lib/gssapi/mech/gss_export_name.3 b/lib/gssapi/mech/gss_export_name.3 deleted file mode 100644 index 3087fc691..000000000 --- a/lib/gssapi/mech/gss_export_name.3 +++ /dev/null @@ -1,128 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_export_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_EXPORT_NAME 3 PRM -.Sh NAME -.Nm gss_export_name -.Nd Convert an MN to export form -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_export_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t input_name" -.Fa "gss_buffer_t exported_name" -.Fc -.Sh DESCRIPTION -To produce a canonical contiguous string representation of a mechanism -name (MN), -suitable for direct comparison -(e.g. with memcmp) -for use in authorization functions -(e.g. matching entries in an access-control list). -The -.Fa input_name -parameter must specify a valid MN -(i.e. an internal name generated by -.Fn gss_accept_sec_context -or by -.Fn gss_canonicalize_name ). -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It input_name -The MN to be exported. -.It exported_name -The canonical contiguous string form of -.Fa input_name . -Storage associated with this string must freed by the application -after use with -.Fn gss_release_buffer . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NAME_NOT_MN -The provided internal name was not a mechanism name. -.It GSS_S_BAD_NAME -The provided internal name was ill-formed. -.It GSS_S_BAD_NAMETYPE -The internal name was of a type not supported by the GSS-API implementation. -.El -.Sh SEE ALSO -.Xr gss_accept_sec_context 3 , -.Xr gss_canonicalize_name 3 , -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_export_sec_context.3 b/lib/gssapi/mech/gss_export_sec_context.3 deleted file mode 100644 index 1e164f721..000000000 --- a/lib/gssapi/mech/gss_export_sec_context.3 +++ /dev/null @@ -1,168 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_export_sec_context.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_EXPORT_SEC_CONTEXT 3 PRM -.Sh NAME -.Nm gss_export_sec_context -.Nd Transfer a security context to another process -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_export_sec_context -.Fa "OM_uint32 *minor_status" -.Fa "gss_ctx_id_t *context_handle" -.Fa "gss_buffer_t interprocess_token" -.Fc -.Sh DESCRIPTION -Provided to support the sharing of work between multiple processes. -This routine will typically be used by the context-acceptor, -in an application where a single process receives incoming connection -requests and accepts security contexts over them, -then passes the established context to one or more other processes for -message exchange. -.Fn gss_export_sec_context -deactivates the security context for the calling process and creates -an interprocess token which, -when passed to -.Fn gss_import_sec_context -in another process, -will re-activate the context in the second process. -Only a single instantiation of a given context may be active at any -one time; -a subsequent attempt by a context exporter to access the exported security context will fail. -.Pp -The implementation may constrain the set of processes by which the -interprocess token may be imported, -either as a function of local security policy, -or as a result of implementation decisions. -For example, -some implementations may constrain contexts to be passed only between -processes that run under the same account, -or which are part of the same process group. -.Pp -The interprocess token may contain security-sensitive information -(for example cryptographic keys). -While mechanisms are encouraged to either avoid placing such sensitive -information within interprocess tokens, -or to encrypt the token before returning it to the application, -in a typical object-library GSS-API implementation this may not be -possible. -Thus the application must take care to protect the interprocess token, -and ensure that any process to which the token is transferred is -trustworthy. -.Pp -If creation of the interprocess token is successful, -the implementation shall deallocate all process-wide resources -associated with the security context, -and set the context_handle to -.Dv GSS_C_NO_CONTEXT . -In the event of an error that makes it impossible to complete the -export of the security context, -the implementation must not return an interprocess token, -and should strive to leave the security context referenced by the -.Fa context_handle -parameter untouched. -If this is impossible, -it is permissible for the implementation to delete the security -context, -providing it also sets the -.Fa context_handle -parameter to -.Dv GSS_C_NO_CONTEXT . -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Context handle identifying the context to transfer. -.It interprocess_token -Token to be transferred to target process. -Storage associated with this token must be freed by the application -after use with a call to -.Fn gss_release_buffer . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_CONTEXT_EXPIRED -The context has expired -.It GSS_S_NO_CONTEXT -The context was invalid -.It GSS_S_UNAVAILABLE -The operation is not supported -.El -.Sh SEE ALSO -.Xr gss_import_sec_context 3 , -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_get_mic.3 b/lib/gssapi/mech/gss_get_mic.3 deleted file mode 100644 index 55c539eae..000000000 --- a/lib/gssapi/mech/gss_get_mic.3 +++ /dev/null @@ -1,165 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_get_mic.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_GET_MIC 3 PRM -.Sh NAME -.Nm gss_get_mic , -.Nm gss_sign -.Nd Calculate a cryptographic message integrity code (MIC) for a -message; integrity service -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_get_mic -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "gss_qop_t qop_req" -.Fa "const gss_buffer_t message_buffer" -.Fa "gss_buffer_t msg_token" -.Fc -.Ft OM_uint32 -.Fo gss_sign -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "gss_qop_t qop_req" -.Fa "gss_buffer_t message_buffer" -.Fa "gss_buffer_t msg_token" -.Fc -.Sh DESCRIPTION -Generates a cryptographic MIC for the supplied message, -and places the MIC in a token for transfer to the peer application. -The -.Fa qop_req -parameter allows a choice between several cryptographic algorithms, -if supported by the chosen mechanism. -.Pp -Since some application-level protocols may wish to use tokens emitted -by -.Fn gss_wrap -to provide "secure framing", -implementations must support derivation of MICs from zero-length messages. -.Pp -The -.Fn gss_sign -routine is an obsolete variant of -.Fn gss_get_mic . -It is -provided for backwards -compatibility with applications using the GSS-API V1 interface. -A distinct entrypoint (as opposed to #define) is provided, -both to allow GSS-API V1 applications to link -and to retain the slight parameter type differences between the -obsolete versions of this routine and its current form. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Identifies the context on which the message will be sent. -.It qop_req -Specifies requested quality of protection. -Callers are encouraged, on portability grounds, -to accept the default quality of protection offered by the chosen -mechanism, -which may be requested by specifying -.Dv GSS_C_QOP_DEFAULT -for this parameter. -If an unsupported protection strength is requested, -.Fn gss_get_mic -will return a -.Fa major_status -of -.Dv GSS_S_BAD_QOP . -.It message_buffer -Message to be protected. -.It msg_token -Buffer to receive token. -The application must free storage associated with this buffer after -use with a call to -.Fn gss_release_buffer . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_CONTEXT_EXPIRED -The context has already expired -.It GSS_S_NO_CONTEXT -The context_handle parameter did not identify a valid context -.It GSS_S_BAD_QOP -The specified QOP is not supported by the mechanism -.El -.Sh SEE ALSO -.Xr gss_wrap 3 , -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_import_name.3 b/lib/gssapi/mech/gss_import_name.3 deleted file mode 100644 index 7de13f2d8..000000000 --- a/lib/gssapi/mech/gss_import_name.3 +++ /dev/null @@ -1,139 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_import_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_IMPORT_NAME 3 PRM -.Sh NAME -.Nm gss_import_name -.Nd Convert a contiguous string name to internal-form -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_import_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_buffer_t input_name_buffer" -.Fa "const gss_OID input_name_type" -.Fa "gss_name_t *output_name" -.Fc -.Sh DESCRIPTION -Convert a contiguous string name to internal form. -In general, -the internal name returned (via the -.Fa output_name -parameter) will not be an MN; -the exception to this is if the -.Fa input_name_type -indicates that the contiguous string provided via the -.Fa input_name_buffer -parameter is of type -.Dv GSS_C_NT_EXPORT_NAME , -in which case the returned internal name will be an MN for the -mechanism that exported the name. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It input_name_buffer -Buffer containing contiguous string name to convert. -.It input_name_type -Object ID specifying type of printable name. -Applications may specify either -.Dv GSS_C_NO_OID -to use a mechanism-specific default printable syntax, -or an OID recognized by the GSS-API implementation to name a specific -namespace. -.It output_name -Returned name in internal form. -Storage associated with this name must be freed by the application -after use with a call to -.Fn gss_release_name . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_NAMETYPE -The -.Fa input_name_type -was unrecognized -.It GSS_S_BAD_NAME -The -.Fa input_name -parameter could not be interpreted as a name of the specified type -.It GSS_S_BAD_MECH -The input name-type was -.Dv GSS_C_NT_EXPORT_NAME , -but the mechanism contained within the input-name is not supported -.El -.Sh SEE ALSO -.Xr gss_release_name 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_import_sec_context.3 b/lib/gssapi/mech/gss_import_sec_context.3 deleted file mode 100644 index 325ad8b62..000000000 --- a/lib/gssapi/mech/gss_import_sec_context.3 +++ /dev/null @@ -1,120 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_import_sec_context.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_IMPORT_SEC_CONTEXT 3 PRM -.Sh NAME -.Nm gss_import_sec_context -.Nd Import a transferred context -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_import_sec_context -.Fa "OM_uint32 *minor_status" -.Fa "const gss_buffer_t interprocess_token" -.Fa "gss_ctx_id_t *context_handle" -.Fc -.Sh DESCRIPTION -Allows a process to import a security context established by another -process. -A given interprocess token may be imported only once. -See -.Fn gss_export_sec_context . -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It interprocess_token -Token received from exporting process. -.It context_handle -Context handle of newly reactivated context. -Resources associated with this context handle must be released by the -application after use with a call to -.Fn gss_delete_sec_context . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NO_CONTEXT -The token did not contain a valid context reference -.It GSS_S_DEFECTIVE_TOKEN -The token was invalid -.It GSS_S_UNAVAILABLE -The operation is unavailable -.It GSS_S_UNAUTHORIZED -Local policy prevents the import of this context by the current process -.El -.Sh SEE ALSO -.Xr gss_export_sec_context 3 , -.Xr gss_delete_sec_context 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_indicate_mechs.3 b/lib/gssapi/mech/gss_indicate_mechs.3 deleted file mode 100644 index a9f5ec5f3..000000000 --- a/lib/gssapi/mech/gss_indicate_mechs.3 +++ /dev/null @@ -1,107 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_indicate_mechs.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INDICATE_MECHS 3 PRM -.Sh NAME -.Nm gss_indicate_mechs -.Nd Determine available underlying authentication mechanisms -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_indicate_mechs -.Fa "OM_uint32 *minor_status" -.Fa "gss_OID_set *mech_set" -.Fc -.Sh DESCRIPTION -Allows an application to determine which underlying security -mechanisms are available. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It mech_set -Set of implementation-supported mechanisms. -The returned -.Fa mech_set -value will be a dynamically-allocated OID set, -that should be released by the caller after use with a call to -.Fn gss_release_oid_set . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh SEE ALSO -.Xr gss_release_oid_set 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_init_sec_context.3 b/lib/gssapi/mech/gss_init_sec_context.3 deleted file mode 100644 index 83814da8d..000000000 --- a/lib/gssapi/mech/gss_init_sec_context.3 +++ /dev/null @@ -1,571 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_init_sec_context.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INIT_SEC_CONTEXT 3 PRM -.Sh NAME -.Nm gss_init_sec_context -.Nd Initiate a security context with a peer application -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_init_sec_context -.Fa "OM_uint32 *minor_status" -.Fa "const gss_cred_id_t initiator_cred_handle" -.Fa "gss_ctx_id_t *context_handle" -.Fa "const gss_name_t target_name" -.Fa "const gss_OID mech_type" -.Fa "OM_uint32 req_flags" -.Fa "OM_uint32 time_req" -.Fa "const gss_channel_bindings_t input_chan_bindings" -.Fa "const gss_buffer_t input_token" -.Fa "gss_OID *actual_mech_type" -.Fa "gss_buffer_t output_token" -.Fa "OM_uint32 *ret_flags" -.Fa "OM_uint32 *time_rec" -.Fc -.Sh DESCRIPTION -Initiates the establishment of a security context between the -application and a remote peer. -Initially, the input_token parameter should be specified either as -.Dv GSS_C_NO_BUFFER, or as a pointer to a -gss_buffer_desc object whose length field contains the value zero. -The routine may return a output_token which should be transferred to -the peer application, where the peer application will present it to -.Xr gss_accept_sec_context 3 . If no token need be sent, -.Fn gss_init_sec_context -will indicate this by setting the -.Dv length field -of the output_token argument to zero. To complete the context -establishment, one or more reply tokens may be required from the peer -application; if so, -.Fn gss_init_sec_context -will return a status -containing the supplementary information bit -.Dv GSS_S_CONTINUE_NEEDED. -In this case, -.Fn gss_init_sec_context -should be called again when the reply token is received from the peer -application, passing the reply token to -.Fn gss_init_sec_context -via the input_token parameters. -.Pp -Portable applications should be constructed to use the token length -and return status to determine whether a token needs to be sent or -waited for. Thus a typical portable caller should always invoke -.Fn gss_init_sec_context -within a loop: -.Bd -literal -int context_established = 0; -gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; - ... -input_token->length = 0; - -while (!context_established) { - maj_stat = gss_init_sec_context(&min_stat, - cred_hdl, - &context_hdl, - target_name, - desired_mech, - desired_services, - desired_time, - input_bindings, - input_token, - &actual_mech, - output_token, - &actual_services, - &actual_time); - if (GSS_ERROR(maj_stat)) { - report_error(maj_stat, min_stat); - }; - - if (output_token->length != 0) { - send_token_to_peer(output_token); - gss_release_buffer(&min_stat, output_token) - }; - if (GSS_ERROR(maj_stat)) { - - if (context_hdl != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, - &context_hdl, - GSS_C_NO_BUFFER); - break; - }; - - if (maj_stat & GSS_S_CONTINUE_NEEDED) { - receive_token_from_peer(input_token); - } else { - context_established = 1; - }; -}; -.Ed -.Pp -Whenever the routine returns a major status that includes the value -.Dv GSS_S_CONTINUE_NEEDED, the context is not fully established and the -following restrictions apply to the output parameters: -.Bl -bullet -.It -The value returned via the -.Fa time_rec -parameter is undefined Unless -the accompanying -.Fa ret_flags -parameter contains the bit -.Dv GSS_C_PROT_READY_FLAG, indicating that per-message services may be -applied in advance of a successful completion status, the value -returned via the -.Fa actual_mech_type -parameter is undefined until the -routine returns a major status value of -.Dv GSS_S_COMPLETE. -.It -The values of the -.Dv GSS_C_DELEG_FLAG , -.Dv GSS_C_MUTUAL_FLAG , -.Dv GSS_C_REPLAY_FLAG , -.Dv GSS_C_SEQUENCE_FLAG , -.Fv GSS_C_CONF_FLAG , -.Dv GSS_C_INTEG_FLAG and -.Dv GSS_C_ANON_FLAG bits returned via the -.Fa ret_flags -parameter should contain the values that the -implementation expects would be valid if context establishment -were to succeed. In particular, if the application has requested -a service such as delegation or anonymous authentication via the -.Fa req_flags -argument, and such a service is unavailable from the -underlying mechanism, -.Fn gss_init_sec_context -should generate a token -that will not provide the service, and indicate via the -.Fa ret_flags -argument that the service will not be supported. The application -may choose to abort the context establishment by calling -.Xr gss_delete_sec_context 3 -(if it cannot continue in the absence of -the service), or it may choose to transmit the token and continue -context establishment (if the service was merely desired but not -mandatory). -.It -The values of the -.Dv GSS_C_PROT_READY_FLAG and -.Dv GSS_C_TRANS_FLAG bits -within -.Fa ret_flags -should indicate the actual state at the time -.Fn gss_init_sec_context -returns, whether or not the context is fully established. -.It -GSS-API implementations that support per-message protection are -encouraged to set the -.Dv GSS_C_PROT_READY_FLAG in the final -.Fa ret_flags -returned to a caller (i.e. when accompanied by a -.Dv GSS_S_COMPLETE -status code). However, applications should not rely on this -behavior as the flag was not defined in Version 1 of the GSS-API. -Instead, applications should determine what per-message services -are available after a successful context establishment according -to the -.Dv GSS_C_INTEG_FLAG and -.Dv GSS_C_CONF_FLAG values. -.It -All other bits within the -.Fa ret_flags -argument should be set to -zero. -.El -.Pp -If the initial call of -.Fn gss_init_sec_context -fails, the -implementation should not create a context object, and should leave -the value of the -.Fa context_handle -parameter set to -.Dv GSS_C_NO_CONTEXT to -indicate this. In the event of a failure on a subsequent call, the -implementation is permitted to delete the "half-built" security -context (in which case it should set the -.Fa context_handle -parameter to -.Dv GSS_C_NO_CONTEXT ), but the preferred behavior is to leave the -security context untouched for the application to delete (using -.Xr gss_delete_sec_context 3 ). -.Pp -During context establishment, the informational status bits -.Dv GSS_S_OLD_TOKEN and -.Dv GSS_S_DUPLICATE_TOKEN indicate fatal errors, and -GSS-API mechanisms should always return them in association with a -routine error of -.Dv GSS_S_FAILURE . -This requirement for pairing did not -exist in version 1 of the GSS-API specification, so applications that -wish to run over version 1 implementations must special-case these -codes. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It initiator_cred_handle -handle for credentials claimed. Supply -.Dv GSS_C_NO_CREDENTIAL to act as a default -initiator principal. If no default -initiator is defined, the function will -return -.Dv GSS_S_NO_CRED. -.It context_handle -context handle for new context. Supply -.Dv GSS_C_NO_CONTEXT for first call; use value -returned by first call in continuation calls. -Resources associated with this context-handle -must be released by the application after use -with a call to -.Fn gss_delete_sec_context . -.It target_name -Name of target -.It mech_type -Object ID of desired mechanism. Supply -.Dv GSS_C_NO_OID to obtain an implementation -specific default -.It req_flags -Contains various independent flags, each of -which requests that the context support a -specific service option. Symbolic -names are provided for each flag, and the -symbolic names corresponding to the required -flags should be logically-ORed -together to form the bit-mask value. The -flags are: -.Bl -tag -width "WW" -.It GSS_C_DELEG_FLAG -.Bl -tag -width "False" -.It True -Delegate credentials to remote peer -.It False -Don't delegate -.El -.It GSS_C_MUTUAL_FLAG -.Bl -tag -width "False" -.It True -Request that remote peer authenticate itself -.It False -Authenticate self to remote peer only -.El -.It GSS_C_REPLAY_FLAG -.Bl -tag -width "False" -.It True -Enable replay detection for messages protected with -.Xr gss_wrap 3 -or -.Xr gss_get_mic 3 -.It False -Don't attempt to detect replayed messages -.El -.It GSS_C_SEQUENCE_FLAG -.Bl -tag -width "False" -.It True -Enable detection of out-of-sequence protected messages -.It False -Don't attempt to detect out-of-sequence messages -.El -.It GSS_C_CONF_FLAG -.Bl -tag -width "False" -.It True -Request that confidentiality service be made available (via -.Xr gss_wrap 3 ) -.It False -No per-message confidentiality service is required. -.El -.It GSS_C_INTEG_FLAG -.Bl -tag -width "False" -.It True -Request that integrity service be made available (via -.Xr gss_wrap 3 -or -.Xr gss_get_mic 3 ) -.It False -No per-message integrity service is required. -.El -.It GSS_C_ANON_FLAG -.Bl -tag -width "False" -.It True -Do not reveal the initiator's identity to the acceptor. -.It False -Authenticate normally. -.El -.El -.It time_req -Desired number of seconds for which context -should remain valid. Supply 0 to request a -default validity period. -.It input_chan_bindings -Application-specified bindings. Allows -application to securely bind channel -identification information to the security -context. Specify -.Dv GSS_C_NO_CHANNEL_BINDINGS -if channel bindings are not used. -.It input_token -Token received from peer application. -Supply -.Dv GSS_C_NO_BUFFER, or a pointer to -a buffer containing the value -.Dv GSS_C_EMPTY_BUFFER -on initial call. -.It actual_mech_type -Actual mechanism used. The OID returned via -this parameter will be a pointer to static -storage that should be treated as read-only; -In particular the application should not attempt -to free it. Specify -.Dv NULL if not required. -.It output_token -token to be sent to peer application. If -the length field of the returned buffer is -zero, no token need be sent to the peer -application. Storage associated with this -buffer must be freed by the application -after use with a call to -.Xr gss_release_buffer 3 . -.It ret_flags -Contains various independent flags, each of which -indicates that the context supports a specific -service option. Specify -.Dv NULL if not -required. Symbolic names are provided -for each flag, and the symbolic names -corresponding to the required flags should be -logically-ANDed with the -.Fa ret_flags -value to test -whether a given option is supported by the -context. The flags are: -.Bl -tag -width "WW" -.It GSS_C_DELEG_FLAG -.Bl -tag -width "False" -.It True -Credentials were delegated to the remote peer -.It False -No credentials were delegated -.El -.It GSS_C_MUTUAL_FLAG -.Bl -tag -width "False" -.It True -The remote peer has authenticated itself. -.It False -Remote peer has not authenticated itself. -.El -.It GSS_C_REPLAY_FLAG -.Bl -tag -width "False" -.It True -Replay of protected messages will be detected -.It False -Replayed messages will not be detected -.El -.It GSS_C_SEQUENCE_FLAG -.Bl -tag -width "False" -.It True -Out-of-sequence protected messages will be detected -.It False -Out-of-sequence messages will not be detected -.El -.It GSS_C_CONF_FLAG -.Bl -tag -width "False" -.It True -Confidentiality service may be invoked by calling -.Xr gss_wrap 3 -routine -.It False -No confidentiality service (via -.Xr gss_wrap 3 ) available. -.Xr gss_wrap 3 will -provide message encapsulation, -data-origin authentication and -integrity services only. -.El -.It GSS_C_INTEG_FLAG -.Bl -tag -width "False" -.It True -Integrity service may be invoked by calling either -.Xr gss_get_mic 3 -or -.Xr gss_wrap 3 -routines. -.It False -Per-message integrity service unavailable. -.El -.It GSS_C_ANON_FLAG -.Bl -tag -width "False" -.It True -The initiator's identity has not been -revealed, and will not be revealed if -any emitted token is passed to the -acceptor. -.It False -The initiator's identity has been or will be authenticated normally. -.El -.It GSS_C_PROT_READY_FLAG -.Bl -tag -width "False" -.It True -Protection services (as specified by the states of the -.Dv GSS_C_CONF_FLAG -and -.Dv GSS_C_INTEG_FLAG ) are available for -use if the accompanying major status -return value is either -.Dv GSS_S_COMPLETE -or -.Dv GSS_S_CONTINUE_NEEDED. -.It False -Protection services (as specified by the states of the -.Dv GSS_C_CONF_FLAG -and -.Dv GSS_C_INTEG_FLAG ) are available -only if the accompanying major status -return value is -.Dv GSS_S_COMPLETE. -.El -.It GSS_C_TRANS_FLAG -.Bl -tag -width "False" -.It True -The resultant security context may be transferred to other processes via -a call to -.Fn gss_export_sec_context . -.It False -The security context is not transferable. -.El -.El -.Pp -All other bits should be set to zero. -.It time_rec -Number of seconds for which the context -will remain valid. If the implementation does -not support context expiration, the value -.Dv GSS_C_INDEFINITE will be returned. Specify -.Dv NULL if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_CONTINUE_NEEDED -Indicates that a token from the peer -application is required to complete the -context, and that gss_init_sec_context -must be called again with that token. -.It GSS_S_DEFECTIVE_TOKEN -Indicates that consistency checks performed -on the input_token failed -.It GSS_S_DEFECTIVE_CREDENTIAL -Indicates that consistency checks -performed on the credential failed. -.It GSS_S_NO_CRED -The supplied credentials were not valid for -context initiation, or the credential handle -did not reference any credentials. -.It GSS_S_CREDENTIALS_EXPIRED -The referenced credentials have expired -.It GSS_S_BAD_BINDINGS -The input_token contains different channel -bindings to those specified via the -input_chan_bindings parameter -.It GSS_S_BAD_SIG -The input_token contains an invalid MIC, or a MIC -that could not be verified -.It GSS_S_OLD_TOKEN -The input_token was too old. This is a fatal -error during context establishment -.It GSS_S_DUPLICATE_TOKEN -The input_token is valid, but is a duplicate -of a token already processed. This is a -fatal error during context establishment. -.It GSS_S_NO_CONTEXT -Indicates that the supplied context handle did -not refer to a valid context -.It GSS_S_BAD_NAMETYPE -The provided target_name parameter contained an -invalid or unsupported type of name -.It GSS_S_BAD_NAME -The provided target_name parameter was ill-formed. -.It GSS_S_BAD_MECH -The specified mechanism is not supported by the -provided credential, or is unrecognized by the -implementation. -.El -.Sh SEE ALSO -.Xr gss_accept_sec_context 3 , -.Xr gss_delete_sec_context 3 , -.Xr gss_get_mic 3 , -.Xr gss_release_buffer 3 , -.Xr gss_wrap 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.El -.\" .Sh HISTORY -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_inquire_context.3 b/lib/gssapi/mech/gss_inquire_context.3 deleted file mode 100644 index 8e516ad94..000000000 --- a/lib/gssapi/mech/gss_inquire_context.3 +++ /dev/null @@ -1,284 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_inquire_context.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INQUIRE_CONTEXT 3 PRM -.Sh NAME -.Nm gss_inquire_context -.Nd Obtain information about a security context -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_inquire_context -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "gss_name_t *src_name" -.Fa "gss_name_t *targ_name" -.Fa "OM_uint32 *lifetime_rec" -.Fa "gss_OID *mech_type" -.Fa "OM_uint32 *ctx_flags" -.Fa "int *locally_initiated" -.Fa "int *open" -.Fc -.Sh DESCRIPTION -Obtains information about a security context. -The caller must already have obtained a handle that refers to the -context, -although the context need not be fully established. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -A handle that refers to the security context. -.It src_name -The name of the context initiator. -If the context was established using anonymous authentication, -and if the application invoking -.Fn gss_inquire_context -is the context acceptor, -an anonymous name will be returned. -Storage associated with this name must be freed by the application -after use with a call to -.Fn gss_release_name . -Specify -.Dv NULL -if not required. -.It targ_name -The name of the context acceptor. -Storage associated with this name must be freed by the application -after use with a call to -.Fn gss_release_name . -If the context acceptor did not authenticate itself, -and if the initiator did not specify a target name in its call to -.Fn gss_init_sec_context , -the value -.Dv GSS_C_NO_NAME -will be returned. -Specify -.Dv NULL -if not required. -.It lifetime_rec -The number of seconds for which the context will remain valid. -If the context has expired, -this parameter will be set to zero. -If the implementation does not support context expiration, -the value -.Dv GSS_C_INDEFINITE -will be returned. -Specify -.Dv NULL -if not required. -.It mech_type -The security mechanism providing the context. -The returned OID will be a pointer to static storage that should be -treated as read-only by the application; -in particular the application should not attempt to free it. -Specify -.Dv NULL -if not required. -.It ctx_flags -Contains various independent flags, -each of which indicates that the context supports -(or is expected to support, if -.Fa open -is false) -a specific service option. -If not needed, specify -.Dv NULL . -Symbolic names are provided for each flag, -and the symbolic names corresponding to the required flags should be -logically-ANDed with the -.Fa ctx_flags -value to test whether a given option is supported by the context. -The flags are: -.Bl -tag -width "WW" -.It GSS_C_DELEG_FLAG -.Bl -tag -width "False" -.It True -Credentials were delegated from the initiator to the acceptor. -.It False -No credentials were delegated. -.El -.It GSS_C_MUTUAL_FLAG -.Bl -tag -width "False" -.It True -The acceptor was authenticated to the initiator. -.It False -The acceptor did not authenticate itself. -.El -.It GSS_C_REPLAY_FLAG -.Bl -tag -width "False" -.It True -Replay of protected messages will be detected. -.It False -Replayed messages will not be detected. -.El -.It GSS_C_SEQUENCE_FLAG -.Bl -tag -width "False" -.It True -Out-of-sequence protected messages will be detected. -.It False -Out-of-sequence messages will not be detected. -.El -.It GSS_C_CONF_FLAG -.Bl -tag -width "False" -.It True -Confidentiality service may be invoked by calling -.Fn gss_wrap -routine. -.It False -No confidentiality service -(via -.Fn gss_wrap ) -available. -.Fn gss_wrap -will provide message encapsulation, -data-origin authentication and integrity services only. -.El -.It GSS_C_INTEG_FLAG -.Bl -tag -width "False" -.It True -Integrity service may be invoked by calling either -.Fn gss_get_mic -or -.Fn gss_wrap -routines. -.It False -Per-message integrity service unavailable. -.El -.It GSS_C_ANON_FLAG -.Bl -tag -width "False" -.It True -The initiator's identity will not be revealed to the acceptor. -The -.Fa src_name -parameter (if requested) contains an anonymous internal name. -.It False -The initiator has been authenticated normally. -.El -.It GSS_C_PROT_READY_FLAG -.Bl -tag -width "False" -.It True -Protection services -(as specified by the states of the -.Dv GSS_C_CONF_FLAG -and -.Dv GSS_C_INTEG_FLAG ) -are available for use. -.It False -Protection services -(as specified by the states of the -.Dv GSS_C_CONF_FLAG -and -.Dv GSS_C_INTEG_FLAG ) -are available only if the context is fully established -(i.e. if the -.Fa open -parameter is non-zero). -.El -.It GSS_C_TRANS_FLAG -.Bl -tag -width "False" -.It True -The security context may be transferred to other processes via a call to -.Fn gss_export_sec_context . -.It False -The security context is not transferable. -.El -.El -.It locally_initiated -Non-zero if the invoking application is the context initiator. -Specify -.Dv NULL -if not required. -.It open -Non-zero if the context is fully established; -Zero if a context-establishment token is expected from the peer -application. -Specify -.Dv NULL -if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NO_CONTEXT -The referenced context could not be accessed -.El -.Sh SEE ALSO -.Xr gss_release_name 3 , -.Xr gss_init_sec_context 3 , -.Xr gss_wrap 3 , -.Xr gss_get_mic 3 , -.Xr gss_export_sec_context 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_inquire_cred.3 b/lib/gssapi/mech/gss_inquire_cred.3 deleted file mode 100644 index 2bf9bb68f..000000000 --- a/lib/gssapi/mech/gss_inquire_cred.3 +++ /dev/null @@ -1,158 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_inquire_cred.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INQUIRE_CRED 3 PRM -.Sh NAME -.Nm gss_inquire_cred -.Nd Obtain information about a credential -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_inquire_cred -.Fa "OM_uint32 *minor_status" -.Fa "const gss_cred_id_t cred_handle" -.Fa "gss_ctx_id_t *context_handle" -.Fa "gss_name_t *name" -.Fa "OM_uint32 *lifetime" -.Fa "gss_cred_usage_t *cred_usage" -.Fa "gss_OID_set *mechanisms" -.Fc -.Sh DESCRIPTION -Obtains information about a credential. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It cred_handle -A handle that refers to the target credential. -Specify -.Dv GSS_C_NO_CREDENTIAL -to inquire about the default initiator principal. -.It name -The name whose identity the credential asserts. -Storage associated with this name should be freed by the application -after use with a call to -.Fn gss_release_name . -Specify -.Dv NULL -if not required. -.It lifetime -The number of seconds for which the credential will remain valid. -If the credential has expired, -this parameter will be set to zero. -If the implementation does not support credential expiration, -the value GSS_C_INDEFINITE will be returned. -Specify -.Dv NULL -if not required. -.It cred_usage -How the credential may be used. -One of the following: -.Bl -item -offset indent -compact -.It -.Dv GSS_C_INITIATE -.It -.Dv GSS_C_ACCEPT -.It -.Dv GSS_C_BOTH -.El -Specify -.Dv NULL -if not required. -.It mechanisms -Set of mechanisms supported by the credential. -Storage associated with this OID set must be freed by the application -after use with a call to -.Fn gss_release_oid_set . -Specify -.Dv NULL -if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NO_CRED -The referenced credentials could not be accessed -.It GSS_S_DEFECTIVE_CREDENTIAL -The referenced credentials were invalid -.It GSS_S_CREDENTIALS_EXPIRED -The referenced credentials have expired. -If the lifetime parameter was not passed as -.Dv NULL , -it will be set to 0 -.El -.Sh SEE ALSO -.Xr gss_release_name 3 , -.Xr gss_release_oid_set 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_inquire_cred_by_mech.3 b/lib/gssapi/mech/gss_inquire_cred_by_mech.3 deleted file mode 100644 index 832e48ab8..000000000 --- a/lib/gssapi/mech/gss_inquire_cred_by_mech.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_inquire_cred_by_mech.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INQUIRE_CRED_BY_MECH 3 PRM -.Sh NAME -.Nm gss_inquire_cred_by_mech -.Nd Obtain per-mechanism information about a credential -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_inquire_cred_by_mech -.Fa "OM_uint32 *minor_status" -.Fa "const gss_cred_id_t cred_handle" -.Fa "const gss_OID mech_type" -.Fa "gss_name_t *name" -.Fa "OM_uint32 *initiator_lifetime" -.Fa "OM_uint32 *acceptor_lifetime" -.Fa "gss_cred_usage_t *cred_usage" -.Fc -.Sh DESCRIPTION -Obtains per-mechanism information about a credential. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It cred_handle -A handle that refers to the target credential. -Specify -.Dv GSS_C_NO_CREDENTIAL -to inquire about the default initiator principal. -.It mech_type -The mechanism for which information should be returned. -.It name -The name whose identity the credential asserts. -Storage associated with this name must be freed by the application -after use with a call to -.Fn gss_release_name . -Specify -.Dv NULL -if not required. -.It initiator_lifetime - -The number of seconds for which the credential will remain capable of -initiating security contexts under the specified mechanism. -If the credential can no longer be used to initiate contexts, -or if the credential usage for this mechanism is -.Dv GSS_C_ACCEPT , -this parameter will be set to zero. -If the implementation does not support expiration of initiator -credentials, -the value -.Dv GSS_C_INDEFINITE -will be returned. -Specify -.Dv NULL -if not required. -.It acceptor_lifetime -The number of seconds for which the credential will remain capable of -accepting security contexts under the specified mechanism. -If the credential can no longer be used to accept contexts, -or if the credential usage for this mechanism is -.Dv GSS_C_INITIATE , -this parameter will be set to zero. -If the implementation does not support expiration of acceptor -credentials, -the value -.Dv GSS_C_INDEFINITE -will be returned. -Specify -.Dv NULL -if not required. -.It cred_usage -How the credential may be used with the specified mechanism. -One of the following: -.Bl -item -offset indent -compact -.It -.Dv GSS_C_INITIATE -.It -.Dv GSS_C_ACCEPT -.It -.Dv GSS_C_BOTH -.El -Specify -.Dv NULL -if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NO_CRED -The referenced credentials could not be accessed -.It GSS_S_DEFECTIVE_CREDENTIAL -The referenced credentials were invalid -.It GSS_S_CREDENTIALS_EXPIRED -The referenced credentials have expired. -If the lifetime parameter was not passed as -.Dv NULL , -it will be set to 0. -.El -.Sh SEE ALSO -.Xr gss_release_name 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_inquire_mechs_for_name.3 b/lib/gssapi/mech/gss_inquire_mechs_for_name.3 deleted file mode 100644 index e5706ad41..000000000 --- a/lib/gssapi/mech/gss_inquire_mechs_for_name.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_inquire_mechs_for_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INQUIRE_MECHS_FOR_NAME 3 PRM -.Sh NAME -.Nm gss_inquire_mechs_for_name -.Nd List mechanisms that support the specified name-type -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_inquire_mechs_for_name -.Fa "OM_uint32 *minor_status" -.Fa "const gss_name_t input_name" -.Fa "gss_OID_set *mech_types" -.Fc -.Sh DESCRIPTION -Returns the set of mechanisms supported by the GSS-API implementation -that may be able to process the specified name. -.Pp - -Each mechanism returned will recognize at least one element within the -name. -It is permissible for this routine to be implemented within a -mechanism-independent GSS-API layer, -using the type information contained within the presented name, -and based on registration information provided by individual mechanism -implementations. -This means that the returned -.Fa mech_types -set may indicate that a particular mechanism will understand the name -when in fact it would refuse to accept the name as input to -.Fn gss_canonicalize_name , -.Fn gss_init_sec_context , -.Fn gss_acquire_cred -or -.Fn gss_add_cred -(due to some property of the specific name, as opposed to the name -type). -Thus this routine should be used only as a pre-filter for a call to a -subsequent mechanism-specific routine. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It input_name -The name to which the inquiry relates. -.It mech_types -Set of mechanisms that may support the specified name. -The returned OID set must be freed by the caller after use with a call -to -.Fn gss_release_oid_set . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_NAME -The -.Fa input_name -parameter was ill-formed -.El -.Sh SEE ALSO -.Xr gss_release_oid_set 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_inquire_names_for_mech.3 b/lib/gssapi/mech/gss_inquire_names_for_mech.3 deleted file mode 100644 index 55435ecb7..000000000 --- a/lib/gssapi/mech/gss_inquire_names_for_mech.3 +++ /dev/null @@ -1,107 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_inquire_names_for_mech.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_INQUIRE_NAMES_FOR_MECH 3 PRM -.Sh NAME -.Nm gss_inquire_names_for_mech -.Nd List the name-types supported by the specified mechanism -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_inquire_names_for_mech -.Fa "OM_uint32 *minor_status" -.Fa "const gss_OID mechanism" -.Fa "gss_OID_set *name_types" -.Fc -.Sh DESCRIPTION -Returns the set of name-types supported by the specified mechanism. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It mechanism -The mechanism to be interrogated. -.It name_types -Set of name-types supported by the specified mechanism. -The returned OID set must be freed by the application after use with a -call to -.Fn gss_release_oid_set . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh SEE ALSO -.Xr gss_release_oid_set 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c new file mode 100644 index 000000000..c82134f75 --- /dev/null +++ b/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +OM_uint32 +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + OM_uint32 major_status; + gssapi_mech_interface m; + + *minor_status = 0; + + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + m = ctx->gc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_inquire_sec_context_by_oid != NULL) + major_status = m->gm_inquire_sec_context_by_oid(minor_status, + ctx->gc_ctx, desired_object, data_set); + else + major_status = GSS_S_BAD_MECH; + + return major_status; +} + diff --git a/lib/gssapi/mech/gss_oid_equal.c b/lib/gssapi/mech/gss_oid_equal.c new file mode 100644 index 000000000..7fdb8237f --- /dev/null +++ b/lib/gssapi/mech/gss_oid_equal.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +int +gss_oid_equal(const gss_OID a, const gss_OID b) +{ + if (a == b) + return 1; + if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) + return 0; + return memcmp(a->elements, b->elements, a->length) == 0; +} diff --git a/lib/gssapi/mech/gss_oid_to_str.c b/lib/gssapi/mech/gss_oid_to_str.c new file mode 100644 index 000000000..0d5a33c20 --- /dev/null +++ b/lib/gssapi/mech/gss_oid_to_str.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id$"); + +OM_uint32 +gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) +{ + int ret; + size_t size; + heim_oid o; + char *p; + + oid_str->value = NULL; + oid_str->length = 0; + + ret = der_get_oid (oid->elements, oid->length, &o, &size); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = der_print_heim_oid(&o, &p); + free_oid(&o); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + oid_str->value = p; + oid_str->length = strlen(p) + 1; + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/lib/gssapi/mech/gss_process_context_token.3 b/lib/gssapi/mech/gss_process_context_token.3 deleted file mode 100644 index aece6fe75..000000000 --- a/lib/gssapi/mech/gss_process_context_token.3 +++ /dev/null @@ -1,136 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_process_context_token.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_PROCESS_CONTEXT_TOKEN 3 PRM -.Sh NAME -.Nm gss_process_context_token -.Nd Process a token on a security context from a peer application -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_process_context_token -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "const gss_buffer_t token_buffer" -.Fc -.Sh DESCRIPTION -Provides a way to pass an asynchronous token to the security service. -Most context-level tokens are emitted and processed synchronously by -.Fn gss_init_sec_context -and -.Fn gss_accept_sec_context , -and the application is informed as to whether further tokens are -expected by the -.Dv GSS_C_CONTINUE_NEEDED -major status bit. -Occasionally, -a mechanism may need to emit a context-level token at a point when the -peer entity is not expecting a token. -For example, -the initiator's final call to -.Fn gss_init_sec_context -may emit a token and return a status of -.Dv GSS_S_COMPLETE , -but the acceptor's call to -.Fn gss_accept_sec_context -may fail. -The acceptor's mechanism may wish to send a token containing an error -indication to the initiator, -but the initiator is not expecting a token at this point, -believing that the context is fully established. -.Fn gss_process_context_token -provides a way to pass such a token to the mechanism at any time. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Context handle of context on which token is to be processed. -.It token_buffer -Token to process. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_DEFECTIVE_TOKEN -Indicates that consistency checks performed on the token failed -.It GSS_S_NO_CONTEXT -The -.Fa context_handle -did not refer to a valid context -.El -.Sh SEE ALSO -.Xr gss_init_sec_context 3 , -.Xr gss_accept_sec_context 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_release_buffer.3 b/lib/gssapi/mech/gss_release_buffer.3 deleted file mode 100644 index c3ef8c4a1..000000000 --- a/lib/gssapi/mech/gss_release_buffer.3 +++ /dev/null @@ -1,111 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_release_buffer.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_RELEASE_BUFFER 3 PRM -.Sh NAME -.Nm gss_release_buffer -.Nd Discard a buffer -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_release_buffer -.Fa "OM_uint32 *minor_status" -.Fa "gss_buffer_t buffer" -.Fc -.Sh DESCRIPTION -Free storage associated with a buffer. -The storage must have been allocated by a GSS-API routine. -In addition to freeing the associated storage, -the routine will zero the length field in the descriptor to which the -buffer parameter refers, -and implementations are encouraged to additionally set the pointer -field in the descriptor to -.Dv NULL . -Any buffer object returned by a GSS-API routine may be passed to -.Fn gss_release_buffer -(even if there is no storage associated with the buffer). -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It buffer -The storage associated with the buffer will be deleted. -The gss_buffer_desc object will not be freed, -but its length field will be zeroed. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_release_cred.3 b/lib/gssapi/mech/gss_release_cred.3 deleted file mode 100644 index 464031da4..000000000 --- a/lib/gssapi/mech/gss_release_cred.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_release_cred.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_RELEASE_CRED 3 PRM -.Sh NAME -.Nm gss_release_cred -.Nd Discard a credential handle -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_release_cred -.Fa "OM_uint32 *minor_status" -.Fa "gss_cred_id_t *cred_handle" -.Fc -.Sh DESCRIPTION -Informs GSS-API that the specified credential handle is no longer -required by the application, -and frees associated resources. -Implementations are encouraged to set the cred_handle to -.Dv GSS_C_NO_CREDENTIAL -on successful completion of this call. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It cred_handle -Opaque handle identifying credential to be released. -If GSS_C_NO_CREDENTIAL is supplied, -the routine will complete successfully, but will do nothing. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_NO_CRED -Credentials could not be accessed -.El -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_release_name.3 b/lib/gssapi/mech/gss_release_name.3 deleted file mode 100644 index 47098846b..000000000 --- a/lib/gssapi/mech/gss_release_name.3 +++ /dev/null @@ -1,104 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_release_name.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_RELEASE_NAME 3 PRM -.Sh NAME -.Nm gss_release_name -.Nd Discard an internal-form name -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_release_name -.Fa "OM_uint32 *minor_status" -.Fa "gss_name_t *name" -.Fc -.Sh DESCRIPTION -Free GSS-API allocated storage associated with an internal-form name. -Implementations are encouraged to set the name to -.Dv GSS_C_NO_NAME -on successful completion of this call. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It name -The name to be deleted. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_BAD_NAME -The name parameter did not contain a valid name -.El -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_release_oid_set.3 b/lib/gssapi/mech/gss_release_oid_set.3 deleted file mode 100644 index 7b9c4a1b8..000000000 --- a/lib/gssapi/mech/gss_release_oid_set.3 +++ /dev/null @@ -1,109 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_release_oid_set.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_RELEASE_OID_SET 3 PRM -.Sh NAME -.Nm gss_release_oid_set -.Nd Discard a set of object identifiers -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_release_oid_set -.Fa "OM_uint32 *minor_status" -.Fa "gss_OID_set *set" -.Fc -.Sh DESCRIPTION -Free storage associated with a GSS-API generated gss_OID_set object. -The set parameter must refer to an OID-set that was returned from a -GSS-API routine. -.Fn gss_release_oid_set -will free the storage associated with each individual member OID, -the OID set's elements array, -and the gss_OID_set_desc itself. -.Pp -Implementations are encouraged to set the gss_OID_set parameter to -.Dv GSS_C_NO_OID_SET -on successful completion of this routine. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It set -The storage associated with the gss_OID_set will be deleted. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_test_oid_set_member.3 b/lib/gssapi/mech/gss_test_oid_set_member.3 deleted file mode 100644 index 34814aebd..000000000 --- a/lib/gssapi/mech/gss_test_oid_set_member.3 +++ /dev/null @@ -1,116 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_test_oid_set_member.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_TEST_OID_SET_MEMBER 3 PRM -.Sh NAME -.Nm gss_test_oid_set_member -.Nd Determines whether an object identifier is a member of a set -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_test_oid_set_member -.Fa "OM_uint32 *minor_status" -.Fa "const gss_OID member" -.Fa "const gss_OID_set set" -.Fa "int *present" -.Fc -.Sh DESCRIPTION -Interrogate an Object Identifier set to determine whether a specified -Object Identifier is a member. -This routine is intended to be used with OID sets returned by -.Fn gss_indicate_mechs , -.Fn gss_acquire_cred , -and -.Fn gss_inquire_cred , -but will also work with user-generated sets. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It member -The object identifier whose presence is to be tested. -.It set -The Object Identifier set. -.It present -Non-zero if the specified OID is a member of the set, zero if not. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.El -.Sh SEE ALSO -.Xr gss_indicate_mechs 3 , -.Xr gss_acquire_cred 3 , -.Xr gss_inquire_cred 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_unwrap.3 b/lib/gssapi/mech/gss_unwrap.3 deleted file mode 100644 index c3679ba38..000000000 --- a/lib/gssapi/mech/gss_unwrap.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_unwrap.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_UNWRAP 3 PRM -.Sh NAME -.Nm gss_unwrap , -.Nm gss_unseal -.Nd Convert a message previously protected by -.Xr gss_wrap 3 -back to a usable form -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_unwrap -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "const gss_buffer_t input_message_buffer" -.Fa "gss_buffer_t output_message_buffer" -.Fa "int *conf_state" -.Fa "gss_qop_t *qop_state" -.Fc -.Ft OM_uint32 -.Fo gss_unseal -.Fa "OM_uint32 *minor_status" -.Fa "gss_ctx_id_t context_handle" -.Fa "gss_buffer_t input_message_buffer" -.Fa "gss_buffer_t output_message_buffer" -.Fa "int *conf_state" -.Fa "gss_qop_t *qop_state" -.Fc -.Sh DESCRIPTION -Converts a message previously protected by -.Xr gss_wrap 3 -back to a usable form, -verifying the embedded MIC. -The -.Dv conf_state -parameter indicates whether the message was encrypted; -the -.Dv qop_state -parameter indicates the strength of protection that was used to provide the -confidentiality and integrity services. -.Pp -Since some application-level protocols may wish to use tokens emitted -by -.Xr gss_wrap 3 -to provide "secure framing", -implementations must support the wrapping and unwrapping of -zero-length messages. -.Pp -The -.Fn gss_unseal -routine is an obsolete variant of -.Fn gss_unwrap . -It is -provided for backwards -compatibility with applications using the GSS-API V1 interface. -A distinct entrypoint (as opposed to #define) is provided, -both to allow GSS-API V1 applications to link -and to retain the slight parameter type differences between the -obsolete versions of this routine and its current form. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Identifies the context on which the message arrived. -.It input_message_buffer -Protected message. -.It output_message_buffer -Buffer to receive unwrapped message. -Storage associated with this buffer must -be freed by the application after use use -with a call to -.Xr gss_release_buffer 3 . -.It conf_state -.Bl -tag -width "Non-zero" -.It Non-zero -Confidentiality and integrity protection were used. -.It Zero -Integrity service only was used. -.El -.Pp -Specify NULL if not required. -.It qop_state -Quality of protection provided. Specify NULL if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion. -.It GSS_S_DEFECTIVE_TOKEN -The token failed consistency checks. -.It GSS_S_BAD_SIG -The MIC was incorrect -.It GSS_S_DUPLICATE_TOKEN -The token was valid, and contained a correct -MIC for the message, but it had already been -processed. -.It GSS_S_OLD_TOKEN -The token was valid, and contained a correct MIC -for the message, but it is too old to check for -duplication. -.It GSS_S_UNSEQ_TOKEN -The token was valid, and contained a correct MIC -for the message, but has been verified out of -sequence; a later token has already been -received. -.It GSS_S_GAP_TOKEN -The token was valid, and contained a correct MIC -for the message, but has been verified out of -sequence; an earlier expected token has not yet -been received. -.It GSS_S_CONTEXT_EXPIRED -The context has already expired. -.It GSS_S_NO_CONTEXT -The context_handle parameter did not identify a valid context. -.El -.Sh SEE ALSO -.Xr gss_wrap 3 , -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_verify_mic.3 b/lib/gssapi/mech/gss_verify_mic.3 deleted file mode 100644 index 3755b6231..000000000 --- a/lib/gssapi/mech/gss_verify_mic.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_verify_mic.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_VERIFY_MIC 3 PRM -.Sh NAME -.Nm gss_verify_mic , -.Nm gss_verify -.Nd Check a MIC against a message; verify integrity of a received message -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_verify_mic -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "const gss_buffer_t message_buffer" -.Fa "const gss_buffer_t token_buffer" -.Fa "gss_qop_t *qop_state" -.Fc -.Ft OM_uint32 -.Fo gss_verify -.Fa "OM_uint32 *minor_status" -.Fa "gss_ctx_id_t context_handle" -.Fa "gss_buffer_t message_buffer" -.Fa "gss_buffer_t token_buffer" -.Fa "gss_qop_t *qop_state" -.Fc -.Sh DESCRIPTION -Verifies that a cryptographic MIC, -contained in the token parameter, -fits the supplied message. -The -.Fa qop_state -parameter allows a message recipient to determine the strength of -protection that was applied to the message. -.Pp -Since some application-level protocols may wish to use tokens emitted -by -.Fn gss_wrap -to provide "secure framing", -implementations must support the calculation and verification of MICs -over zero-length messages. -.Pp -The -.Fn gss_verify -routine is an obsolete variant of -.Fn gss_verify_mic . -It is provided for backwards -compatibility with applications using the GSS-API V1 interface. -A distinct entrypoint (as opposed to #define) is provided, -both to allow GSS-API V1 applications to link -and to retain the slight parameter type differences between the -obsolete versions of this routine and its current form. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Identifies the context on which the message arrived. -.It message_buffer -Message to be verified. -.It token_buffer -Token associated with message. -.It qop_state -Quality of protection gained from MIC. -Specify -.Dv NULL -if not required. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion -.It GSS_S_DEFECTIVE_TOKEN -The token failed consistency checks -.It GSS_S_BAD_SIG -The MIC was incorrect -.It GSS_S_DUPLICATE_TOKEN -The token was valid, -and contained a correct MIC for the message, -but it had already been processed -.It GSS_S_OLD_TOKEN -The token was valid, -and contained a correct MIC for the message, -but it is too old to check for duplication -.It GSS_S_UNSEQ_TOKEN -The token was valid, -and contained a correct MIC for the message, -but has been verified out of sequence; -a later token has already been received. -.It GSS_S_GAP_TOKEN -The token was valid, -and contained a correct MIC for the message, -but has been verified out of sequence; -an earlier expected token has not yet been received -.It GSS_S_CONTEXT_EXPIRED -The context has already expired -.It GSS_S_NO_CONTEXT -The context_handle parameter did not identify a valid context -.El -.Sh SEE ALSO -.Xr gss_wrap 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.El -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_wrap.3 b/lib/gssapi/mech/gss_wrap.3 deleted file mode 100644 index 6626bc4a6..000000000 --- a/lib/gssapi/mech/gss_wrap.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_wrap.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_WRAP 3 PRM -.Sh NAME -.Nm gss_wrap , -.Nm gss_seal -.Nd Attach a cryptographic MIC and optionally encrypt a message -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_wrap -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "int conf_req_flag" -.Fa "gss_qop_t qop_req" -.Fa "const gss_buffer_t input_message_buffer" -.Fa "int *conf_state" -.Fa "gss_buffer_t output_message_buffer" -.Fc -.Ft OM_uint32 -.Fo gss_seal -.Fa "OM_uint32 *minor_status" -.Fa "gss_ctx_id_t context_handle" -.Fa "int conf_req_flag" -.Fa "gss_qop_t qop_req" -.Fa "gss_buffer_t input_message_buffer" -.Fa "int *conf_state" -.Fa "gss_buffer_t output_message_buffer" -.Fc -.Sh DESCRIPTION -Attaches a cryptographic MIC and optionally encrypts the specified -.Dv input_message . -The output_message contains both the MIC and the message. -The -.Dv qop_req -parameter allows a choice between several cryptographic algorithms, -if supported by the chosen mechanism. -.Pp -Since some application-level protocols may wish to use tokens emitted -by -.Fn gss_wrap -to provide "secure framing", -implementations must support the wrapping of zero-length messages. -.Pp -The -.Fn gss_seal -routine is an obsolete variant of -.Fn gss_wrap . -It is -provided for backwards -compatibility with applications using the GSS-API V1 interface. -A distinct entrypoint (as opposed to #define) is provided, -both to allow GSS-API V1 applications to link -and to retain the slight parameter type differences between the -obsolete versions of this routine and its current form. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -Identifies the context on which the message will be sent. -.It conf_req_flag -.Bl -tag -width "Non-zero" -.It Non-zero -Both confidentiality and integrity services are requested. -.It Zero -Only integrity service is requested. -.El -.It qop_req -Specifies required quality of protection. -A mechanism-specific default may be requested by setting qop_req to -.Dv GSS_C_QOP_DEFAULT . -If an unsupported protection strength is requested, -.Fn gss_wrap -will return a major_status of -.Dv GSS_S_BAD_QOP . -.It input_message_buffer -Message to be protected. -.It conf_state -.Bl -tag -width "Non-zero" -.It Non-zero -Confidentiality, data origin authentication and integrity services -have been applied. -.It Zero -Integrity and data origin services only has been applied. -.El -.It output_message_buffer -Buffer to receive protected message. -Storage associated with this buffer must -be freed by the application after use use -with a call to -.Xr gss_release_buffer 3 . -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion. -.It GSS_S_CONTEXT_EXPIRED -The context has already expired -.It GSS_S_NO_CONTEXT -The context_handle parameter did not identify a valid context. -.It GSS_S_BAD_QOP -The specified QOP is not supported by the mechanism. -.El -.Sh SEE ALSO -.Xr gss_unwrap 3 , -.Xr gss_release_buffer 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gss_wrap_size_limit.3 b/lib/gssapi/mech/gss_wrap_size_limit.3 deleted file mode 100644 index 6fde6e593..000000000 --- a/lib/gssapi/mech/gss_wrap_size_limit.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gss_wrap_size_limit.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.\" The following commands are required for all man pages. -.Dd November 12, 2005 -.Os -.Dt GSS_WRAP_SIZE_LIMIT 3 PRM -.Sh NAME -.Nm gss_wrap_size_limit -.Nd Determine maximum message sizes -.\" This next command is for sections 2 and 3 only. -.\" .Sh LIBRARY -.Sh SYNOPSIS -.In "gssapi/gssapi.h" -.Ft OM_uint32 -.Fo gss_wrap_size_limit -.Fa "OM_uint32 *minor_status" -.Fa "const gss_ctx_id_t context_handle" -.Fa "int conf_req_flag" -.Fa "gss_qop_t qop_req" -.Fa "OM_uint32 req_output_size" -.Fa "OM_uint32 *max_input_size" -.Fc -.Sh DESCRIPTION -Allows an application to determine the maximum message size that, -if presented to -.Xr gss_wrap 3 -with the same -.Dv conf_req_flag -and -.Dv qop_req -parameters, -will result in an output token containing no more than -.Dv req_output_size -bytes. -.Pp -This call is intended for use by applications that -communicate over protocols that impose a maximum message size. -It enables the application to fragment messages prior to applying protection. -.Pp -GSS-API implementations are recommended but not required to detect -invalid QOP values when -.Fn gss_wrap_size_limit -is called. -This routine guarantees only a maximum message size, -not the availability of specific QOP values for message protection. -.Pp -Successful completion of this call does not guarantee that -.Xr gss_wrap 3 -will be able to protect a message of length max_input_size bytes, -since this ability may depend on the availability of system resources -at the time that -.Xr gss_wrap 3 -is called. -However, if the implementation itself imposes an upper limit on -the length of messages that may be processed by gss_wrap, -the implementation should not return a value via -.Dv max_input_bytes -that is greater than this length. -.Sh PARAMETERS -.Bl -tag -.It minor_status -Mechanism specific status code. -.It context_handle -A handle that refers to the security over which the messages will be sent. -.It conf_req_flag -Indicates whether -.Xr gss_wrap 3 -will be asked to apply confidentiality protection -in addition to integrity protection. -.It qop_req -Indicates the level of protection that -.Xr gss_wrap 3 -will be asked to provide. -.It req_output_size -The desired maximum size for tokens emitted by -.Xr gss_wrap 3 . -.It max_input_size -The maximum input message size that may be presented to -.Xr gss_wrap 3 -in order to guarantee that the emitted token shall -be no larger than -.Dv req_output_size -bytes. -.El -.Sh RETURN VALUES -.Bl -tag -.It GSS_S_COMPLETE -Successful completion. -.It GSS_S_NO_CONTEXT -The referenced context could not be accessed. -.It GSS_S_CONTEXT_EXPIRED -The context has expired. -.It GSS_S_BAD_QOP -The specified QOP is not supported by the mechanism. -.El -.Sh SEE ALSO -.Xr gss_wrap 3 -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.\" .Sh HISTORY -.Sh HISTORY -The -.Nm -manual page example first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/gssapi.3 b/lib/gssapi/mech/gssapi.3 deleted file mode 100644 index 71e27bba9..000000000 --- a/lib/gssapi/mech/gssapi.3 +++ /dev/null @@ -1,261 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Copyright (c) 2005 Doug Rabson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD: src/lib/libgssapi/gssapi.3,v 1.2 2006/01/25 10:06:28 dfr Exp $ -.\" -.Dd November 30, 2005 -.Dt GSSAPI 3 -.Os -.Sh NAME -.Nm gssapi -.Nd "Generic Security Services API" -.Sh LIBRARY -GSS-API Library (libgssapi, -lgssapi) -.Sh SYNOPSIS -.In gssapi/gssapi.h -.Sh DESCRIPTION -The Generic Security Service Application Programming Interface -provides security services to its callers, -and is intended for implementation atop a variety of underlying -cryptographic mechanisms. -Typically, GSS-API callers will be application protocols into which -security enhancements are integrated through invocation of services -provided by the GSS-API. -The GSS-API allows a caller application to authenticate a principal -identity associated with a peer application, to delegate rights to a -peer, -and to apply security services such as confidentiality and integrity -on a per-message basis. -.Pp -There are four stages to using the GSS-API: -.Pp -.Bl -tag -width "a)" -.It a) -The application acquires a set of credentials with which it may prove -its identity to other processes. -The application's credentials vouch for its global identity, -which may or may not be related to any local username under which it -may be running. -.It b) -A pair of communicating applications establish a joint security -context using their credentials. -The security context is a pair of GSS-API data structures that contain -shared state information, which is required in order that per-message -security services may be provided. -Examples of state that might be shared between applications as part of -a security context are cryptographic keys, -and message sequence numbers. -As part of the establishment of a security context, -the context initiator is authenticated to the responder, -and may require that the responder is authenticated in turn. -The initiator may optionally give the responder the right to initiate -further security contexts, -acting as an agent or delegate of the initiator. -This transfer of rights is termed delegation, -and is achieved by creating a set of credentials, -similar to those used by the initiating application, -but which may be used by the responder. -.Pp -To establish and maintain the shared information that makes up the -security context, -certain GSS-API calls will return a token data structure, -which is an opaque data type that may contain cryptographically -protected data. -The caller of such a GSS-API routine is responsible for transferring -the token to the peer application, -encapsulated if necessary in an application protocol. -On receipt of such a token, the peer application should pass it to a -corresponding GSS-API routine which will decode the token and extract -the information, -updating the security context state information accordingly. -.It c) -Per-message services are invoked to apply either: -.Pp -integrity and data origin authentication, or confidentiality, -integrity and data origin authentication to application data, -which are treated by GSS-API as arbitrary octet-strings. -An application transmitting a message that it wishes to protect will -call the appropriate GSS-API routine (gss_get_mic or gss_wrap) to -apply protection, -specifying the appropriate security context, -and send the resulting token to the receiving application. -The receiver will pass the received token (and, in the case of data -protected by gss_get_mic, the accompanying message-data) to the -corresponding decoding routine (gss_verify_mic or gss_unwrap) to -remove the protection and validate the data. -.It d) -At the completion of a communications session (which may extend across -several transport connections), -each application calls a GSS-API routine to delete the security -context. -Multiple contexts may also be used (either successively or -simultaneously) within a single communications association, at the -option of the applications. -.El -.Sh GSS-API ROUTINES -This section lists the routines that make up the GSS-API, -and offers a brief description of the purpose of each routine. -.Pp -GSS-API Credential-management Routines: -.Bl -tag -width "gss_inquire_cred_by_mech" -.It gss_acquire_cred -Assume a global identity; Obtain a GSS-API credential handle for -pre-existing credentials. -.It gss_add_cred -Construct credentials incrementally -.It gss_inquire_cred -Obtain information about a credential -.It gss_inquire_cred_by_mech -Obtain per-mechanism information about a credential. -.It gss_release_cred -Discard a credential handle. -.El -.Pp -GSS-API Context-Level Routines: -.Bl -tag -width "gss_inquire_cred_by_mech" -.It gss_init_sec_context -Initiate a security context with a peer application -.It gss_accept_sec_context - Accept a security context initiated by a peer application -.It gss_delete_sec_context -Discard a security context -.It gss_process_context_token -Process a token on a security context from a peer application -.It gss_context_time -Determine for how long a context will remain valid -.It gss_inquire_context -Obtain information about a security context -.It gss_wrap_size_limit -Determine token-size limit for -.Xr gss_wrap 3 -on a context -.It gss_export_sec_context -Transfer a security context to another process -.It gss_import_sec_context -Import a transferred context -.El -.Pp -GSS-API Per-message Routines: -.Bl -tag -width "gss_inquire_cred_by_mech" -.It gss_get_mic -Calculate a cryptographic message integrity code (MIC) for a message; -integrity service -.It gss_verify_mic -Check a MIC against a message; -verify integrity of a received message -.It gss_wrap -Attach a MIC to a message, and optionally encrypt the message content; -confidentiality service -.It gss_unwrap -Verify a message with attached MIC, and decrypt message content if -necessary. -.El -.Pp -GSS-API Name manipulation Routines: -.Bl -tag -width "gss_inquire_cred_by_mech" -.It gss_import_name -Convert a contiguous string name to internal-form -.It gss_display_name -Convert internal-form name to text -.It gss_compare_name -Compare two internal-form names -.It gss_release_name -Discard an internal-form name -.It gss_inquire_names_for_mech -List the name-types supported by the specified mechanism -.It gss_inquire_mechs_for_name -List mechanisms that support the specified name-type -.It gss_canonicalize_name -Convert an internal name to an MN -.It gss_export_name -Convert an MN to export form -.It gss_duplicate_name -Create a copy of an internal name -.El -.Pp -GSS-API Miscellaneous Routines -.Bl -tag -width "gss_inquire_cred_by_mech" -.It gss_add_oid_set_member -Add an object identifier to a set -.It gss_display_status -Convert a GSS-API status code to text -.It gss_indicate_mechs -Determine available underlying authentication mechanisms -.It gss_release_buffer -Discard a buffer -.It gss_release_oid_set -Discard a set of object identifiers -.It gss_create_empty_oid_set -Create a set containing no object identifiers -.It gss_test_oid_set_member -Determines whether an object identifier is a member of a set. -.El -.Pp -Individual GSS-API implementations may augment these routines by -providing additional mechanism-specific routines if required -functionality is not available from the generic forms. -Applications are encouraged to use the generic routines wherever -possible on portability grounds. -.Sh STANDARDS -.Bl -tag -.It RFC 2743 -Generic Security Service Application Program Interface Version 2, Update 1 -.It RFC 2744 -Generic Security Service API Version 2 : C-bindings -.El -.Sh HISTORY -The -.Nm -manual page first appeared in -.Fx 7.0 . -.Sh AUTHORS -John Wray, Iris Associates -.Sh COPYRIGHT -Copyright (C) The Internet Society (2000). All Rights Reserved. -.Pp -This document and translations of it may be copied and furnished to -others, and derivative works that comment on or otherwise explain it -or assist in its implementation may be prepared, copied, published -and distributed, in whole or in part, without restriction of any -kind, provided that the above copyright notice and this paragraph are -included on all such copies and derivative works. However, this -document itself may not be modified in any way, such as by removing -the copyright notice or references to the Internet Society or other -Internet organizations, except as needed for the purpose of -developing Internet standards in which case the procedures for -copyrights defined in the Internet Standards process must be -followed, or as required to translate it into languages other than -English. -.Pp -The limited permissions granted above are perpetual and will not be -revoked by the Internet Society or its successors or assigns. -.Pp -This document and the information contained herein is provided on an -"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. diff --git a/lib/gssapi/mech/mech_locl.h b/lib/gssapi/mech/mech_locl.h new file mode 100644 index 000000000..5d7d326f3 --- /dev/null +++ b/lib/gssapi/mech/mech_locl.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include +#include + +#include "context.h" +#include "cred.h" +#include "mech_switch.h" +#include "name.h" +#include "utils.h"