|
1 '\" te |
|
2 .\" Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. |
|
3 .TH gss_store_cred 3GSS "30 Jun 2005" "SunOS 5.12" "Generic Security Services API Library Functions" |
|
4 .SH NAME |
|
5 gss_store_cred \- store a credential in the current credential store |
|
6 .SH SYNOPSIS |
|
7 .LP |
|
8 .nf |
|
9 \fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lgss\fR [ \fIlibrary\fR... ] |
|
10 #include <gssapi/gssapi.h> |
|
11 |
|
12 \fBOM_uint32\fR \fBgss_store_cred\fR(\fBOM_uint32 *\fR\fIminor_status\fR, |
|
13 \fBconst gss_cred_id_t\fR \fIinput_cred\fR, \fBconst gss_cred_usage_t\fR \fIcred_usage\fR, |
|
14 \fBconst gss_OID\fR \fIdesired_mech\fR, \fBOM_uint32\fR \fIoverwrite_cred\fR, |
|
15 \fBOM_uint32\fR \fIdefault_cred\fR, \fBgss_OID_set *\fR\fIelements_stored\fR, |
|
16 \fBgss_cred_usage_t *\fR\fIcred_usage_stored\fR); |
|
17 .fi |
|
18 |
|
19 .SH PARAMETERS |
|
20 .sp |
|
21 .LP |
|
22 The parameter descriptions for \fBgss_store_cred()\fR follow: |
|
23 .sp |
|
24 .ne 2 |
|
25 .mk |
|
26 .na |
|
27 \fB\fIinput_cred\fR\fR |
|
28 .ad |
|
29 .RS 21n |
|
30 .rt |
|
31 The credential to be stored. |
|
32 .RE |
|
33 |
|
34 .sp |
|
35 .ne 2 |
|
36 .mk |
|
37 .na |
|
38 \fB\fIcred_usage\fR\fR |
|
39 .ad |
|
40 .RS 21n |
|
41 .rt |
|
42 This parameter specifies whether to store an initiator, an acceptor, or both usage components of a credential. |
|
43 .RE |
|
44 |
|
45 .sp |
|
46 .ne 2 |
|
47 .mk |
|
48 .na |
|
49 \fB\fIdesired_mech\fR\fR |
|
50 .ad |
|
51 .RS 21n |
|
52 .rt |
|
53 The mechanism-specific component of a credential to be stored. If \fBGSS_C_NULL_OID\fR is specified, the \fBgss_store_cred()\fR function attempts to store all the elements of the given \fIinput_cred_handle\fR. |
|
54 .sp |
|
55 The \fBgss_store_cred()\fR function is not atomic when storing multiple elements of a credential. All delegated credentials, however, contain a single element. |
|
56 .RE |
|
57 |
|
58 .sp |
|
59 .ne 2 |
|
60 .mk |
|
61 .na |
|
62 \fB\fIoverwrite_cred\fR\fR |
|
63 .ad |
|
64 .RS 21n |
|
65 .rt |
|
66 A boolean that indicates whether to overwrite existing credentials in the current store for the same principal as that of the \fIinput_cred_handle\fR. A non-zero value indicates that credentials are overwritten. A zero value indicates that credentials are not overwritten. |
|
67 .RE |
|
68 |
|
69 .sp |
|
70 .ne 2 |
|
71 .mk |
|
72 .na |
|
73 \fB\fIdefault_cred\fR\fR |
|
74 .ad |
|
75 .RS 21n |
|
76 .rt |
|
77 A boolean that indicates whether to set the principal name of the \fIinput_cred_handle\fR parameter as the default of the current credential store. A non-zero value indicates that the principal name is set as the default. A zero value indicates that the principal name is not set as the default. The default principal of a credential store matches \fBGSS_C_NO_NAME\fR as the \fIdesired_name\fR input parameter for \fBgss_store_cred\fR(3GSS). |
|
78 .RE |
|
79 |
|
80 .sp |
|
81 .ne 2 |
|
82 .mk |
|
83 .na |
|
84 \fB\fIelements_stored\fR\fR |
|
85 .ad |
|
86 .RS 21n |
|
87 .rt |
|
88 The set of mechanism \fBOID\fRs for which \fIinput_cred_handle\fR elements have been stored. |
|
89 .RE |
|
90 |
|
91 .sp |
|
92 .ne 2 |
|
93 .mk |
|
94 .na |
|
95 \fB\fIcred_usage_stored\fR\fR |
|
96 .ad |
|
97 .RS 21n |
|
98 .rt |
|
99 The stored \fIinput_cred_handle\fR usage elements: initiator, acceptor, or both. |
|
100 .RE |
|
101 |
|
102 .sp |
|
103 .ne 2 |
|
104 .mk |
|
105 .na |
|
106 \fB\fIminor_status\fR\fR |
|
107 .ad |
|
108 .RS 21n |
|
109 .rt |
|
110 Minor status code that is specific to one of the following: the mechanism identified by the \fIdesired_mech_element\fR parameter, or the element of a single mechanism in the \fIinput_cred_handle\fR. In all other cases, \fIminor_status\fR has an undefined value on return. |
|
111 .RE |
|
112 |
|
113 .SH DESCRIPTION |
|
114 .sp |
|
115 .LP |
|
116 The \fBgss_store_cred()\fR function stores a credential in the the current GSS-API credential store for the calling process. Input credentials can be re-acquired through \fBgss_add_cred\fR(3GSS) and \fBgss_acquire_cred\fR(3GSS). |
|
117 .sp |
|
118 .LP |
|
119 The \fBgss_store_cred()\fR function is specifically intended to make delegated credentials available to a user's login session. |
|
120 .sp |
|
121 .LP |
|
122 The \fBgss_accept_sec_context()\fR function can return a delegated GSS-API credential to its caller. The function does not store delegated credentials to be acquired through \fBgss_add_cred\fR(3GSS). Delegated credentials can be used only by a receiving process unless they are made available for acquisition by calling the \fBgss_store_cred()\fR function. |
|
123 .sp |
|
124 .LP |
|
125 The Solaris Operating System supports a single GSS-API credential store per user. The current GSS-API credential store of a process is determined by its effective UID. |
|
126 .sp |
|
127 .LP |
|
128 In general, acceptor applications should switch the current credential store by changing the effective UID before storing a delegated credential. |
|
129 .SH RETURN VALUES |
|
130 .sp |
|
131 .LP |
|
132 The \fBgss_store_cred()\fR can return the following status codes: |
|
133 .sp |
|
134 .ne 2 |
|
135 .mk |
|
136 .na |
|
137 \fB\fBGSS_S_COMPLETE\fR\fR |
|
138 .ad |
|
139 .sp .6 |
|
140 .RS 4n |
|
141 Successful completion. |
|
142 .RE |
|
143 |
|
144 .sp |
|
145 .ne 2 |
|
146 .mk |
|
147 .na |
|
148 \fB\fBGSS_S_CREDENTIALS_EXPIRED\fR\fR |
|
149 .ad |
|
150 .sp .6 |
|
151 .RS 4n |
|
152 The credentials could not be stored because they have expired. |
|
153 .RE |
|
154 |
|
155 .sp |
|
156 .ne 2 |
|
157 .mk |
|
158 .na |
|
159 \fB\fBGSS_S_CALL_INACCESSIBLE_READ\fR\fR |
|
160 .ad |
|
161 .sp .6 |
|
162 .RS 4n |
|
163 No input credentials were given. |
|
164 .RE |
|
165 |
|
166 .sp |
|
167 .ne 2 |
|
168 .mk |
|
169 .na |
|
170 \fB\fBGSS_S_UNAVAILABLE\fR\fR |
|
171 .ad |
|
172 .sp .6 |
|
173 .RS 4n |
|
174 The credential store is unavailable. |
|
175 .RE |
|
176 |
|
177 .sp |
|
178 .ne 2 |
|
179 .mk |
|
180 .na |
|
181 \fB\fBGSS_S_DUPLICATE_ELEMENT\fR\fR |
|
182 .ad |
|
183 .sp .6 |
|
184 .RS 4n |
|
185 The credentials could not be stored because the \fIoverwrite_cred\fR input parameter was set to false (\fB0\fR) and the \fIinput_cred\fR parameter conflicts with a credential in the current credential store. |
|
186 .RE |
|
187 |
|
188 .sp |
|
189 .ne 2 |
|
190 .mk |
|
191 .na |
|
192 \fB\fBGSS_S_FAILURE\fR\fR |
|
193 .ad |
|
194 .sp .6 |
|
195 .RS 4n |
|
196 The underlying mechanism detected an error for which no specific \fBGSS\fR status code is defined. The mechanism-specific status code reported by means of the \fIminor_status\fR parameter details the error condition. |
|
197 .RE |
|
198 |
|
199 .SH ATTRIBUTES |
|
200 .sp |
|
201 .LP |
|
202 See \fBattributes\fR(5) for descriptions of the following attributes: |
|
203 .sp |
|
204 |
|
205 .sp |
|
206 .TS |
|
207 tab() box; |
|
208 cw(2.75i) |cw(2.75i) |
|
209 lw(2.75i) |lw(2.75i) |
|
210 . |
|
211 ATTRIBUTE TYPEATTRIBUTE VALUE |
|
212 _ |
|
213 Interface StabilityUncommitted |
|
214 _ |
|
215 MT-LevelSafe |
|
216 .TE |
|
217 |
|
218 .SH SEE ALSO |
|
219 .sp |
|
220 .LP |
|
221 \fBgss_accept_sec_context\fR(3GSS), \fBgss_acquire_cred\fR(3GSS), \fBgss_add_cred\fR(3GSS), \fBgss_init_sec_context\fR(3GSS), \fBgss_inquire_cred\fR(3GSS), \fBgss_release_cred\fR(3GSS), \fBgss_release_oid_set\fR(3GSS), \fBattributes\fR(5) |
|
222 .sp |
|
223 .LP |
|
224 |