Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/krb5/Solaris/man/gss_unwrap.3gss
author Will Fiveash <will.fiveash@oracle.com>
Wed, 24 Feb 2016 10:43:57 -0600
changeset 5490 9bf0bc57423a
child 7820 a2b9a7de9e1a
permissions -rw-r--r--
PSARC/2015/144 Kerberos 1.13 Delivery to Userland 19153034 Add MIT Kerberos to the Userland Consolidation

'\" te
.\" Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
.TH gss_unwrap 3GSS "22 Aug 2011" "SunOS 5.12" "Generic Security Services API Library Functions"
.SH NAME
gss_unwrap \- verify a message with attached cryptographic message
.SH SYNOPSIS
.LP
.nf
\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lgss\fR  [ \fIlibrary\fR... ] 
#include <gssapi/gssapi.h>

\fBOM_uint32\fR \fBgss_unwrap\fR(\fBOM_uint32 *\fR\fIminor_status\fR,
     \fBconst gss_ctx_id_t\fR \fIcontext_handle\fR,
     \fBconst gss_buffer_t\fR \fIinput_message_buffer\fR,
     \fBgss_buffer_t\fR \fIoutput_message_buffer\fR, \fBint *\fR\fIconf_state\fR,
     \fBgss_qop_t *\fR\fIqop_state\fR);
.fi

.SH DESCRIPTION
.sp
.LP
The \fBgss_unwrap()\fR function converts a message previously protected by \fBgss_wrap\fR(3GSS) back to a usable form, verifying the embedded \fBMIC\fR. The \fIconf_state\fR parameter indicates whether the message was encrypted; the \fIqop_state\fR parameter indicates the strength of protection that was used to provide the confidentiality and integrity services.
.sp
.LP
Since some application-level protocols may wish to use tokens emitted by \fBgss_wrap\fR(3GSS) to provide secure framing, the \fBGSS-API\fR supports the wrapping and unwrapping of zero-length messages.
.SH PARAMETERS
.sp
.LP
The parameter descriptions for \fBgss_unwrap()\fR follow:
.sp
.ne 2
.mk
.na
\fB\fIminor_status\fR\fR
.ad
.RS 25n
.rt  
The status code returned by the underlying mechanism.
.RE

.sp
.ne 2
.mk
.na
\fB\fIcontext_handle\fR\fR
.ad
.RS 25n
.rt  
Identifies the context on which the message arrived.
.RE

.sp
.ne 2
.mk
.na
\fB\fIinput_message_buffer\fR\fR
.ad
.RS 25n
.rt  
The message to be protected.
.RE

.sp
.ne 2
.mk
.na
\fB\fIoutput_message_buffer\fR\fR
.ad
.RS 25n
.rt  
The buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the application after use with a call to \fBgss_release_buffer\fR(3GSS).
.RE

.sp
.ne 2
.mk
.na
\fB\fIconf_state\fR\fR
.ad
.RS 25n
.rt  
If the value of \fIconf_state\fR is non-zero, then confidentiality and integrity protection were used. If the value is zero, only integrity service was used. Specify \fBNULL\fR if this parameter is not required.
.RE

.sp
.ne 2
.mk
.na
\fB\fIqop_state\fR\fR
.ad
.RS 25n
.rt  
Specifies the quality of protection provided. Specify \fBNULL\fR if this parameter is not required.
.RE

.SH ERRORS
.sp
.LP
\fBgss_unwrap()\fR may return the following status codes:
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_COMPLETE\fR\fR
.ad
.RS 25n
.rt  
Successful completion.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_DEFECTIVE_TOKEN\fR\fR
.ad
.RS 25n
.rt  
The token failed consistency checks.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_BAD_SIG\fR\fR
.ad
.RS 25n
.rt  
The \fBMIC\fR was incorrect.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_DUPLICATE_TOKEN\fR\fR
.ad
.RS 25n
.rt  
The token was valid, and contained a correct \fBMIC\fR for the message, but it had already been processed.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_OLD_TOKEN\fR\fR
.ad
.RS 25n
.rt  
The token was valid, and contained a correct \fBMIC\fR for the message, but it is too old to check for duplication.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_UNSEQ_TOKEN\fR\fR
.ad
.RS 25n
.rt  
The token was valid, and contained a correct \fBMIC\fR for the message, but has been verified out of sequence; a later token has already been received.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_GAP_TOKEN\fR\fR
.ad
.RS 25n
.rt  
The token was valid, and contained a correct \fBMIC\fR for the message, but has been verified out of sequence; an earlier expected token has not yet been received.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_CONTEXT_EXPIRED\fR\fR
.ad
.RS 25n
.rt  
The context has already expired.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_NO_CONTEXT\fR\fR
.ad
.RS 25n
.rt  
The \fIcontext_handle\fR parameter did not identify a valid context.
.RE

.sp
.ne 2
.mk
.na
\fB\fBGSS_S_FAILURE\fR\fR
.ad
.RS 25n
.rt  
The underlying mechanism detected an error for which no specific \fBGSS\fR status code is defined.  The mechanism-specific status code reported by means of the \fIminor_status\fR parameter details the error condition.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5)  for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
MT-LevelSafe
.TE

.SH SEE ALSO
.sp
.LP
\fBgss_release_buffer\fR(3GSS), \fBgss_wrap\fR(3GSS), \fBattributes\fR(5)
.sp
.LP
upstream/oracle/userland-gate