NAME
gss_accept_delegation
SYNOPSIS
package require gssapi
gss_accept_delegation
context_handle
extension_oids
extension_buffers
input_token
req_flags
time_req
delegated_cred_handle
mech_type
output_token
DESCRIPTION
The gss_accept_delegation command
RETURN VALUE
On success gss_accept_delegation returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_accept_delegation ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_accept_sec_context
SYNOPSIS
package require gssapi
gss_accept_sec_context
context_handle
acceptor_cred_handle
input_token
input_chan_bindings
src_name
mech_type
output_token
delegated_cred_handle
DESCRIPTION
The gss_accept_sec_context command accepts a security context created by the context initiator.
RETURN VALUE
On success gss_accept_sec_context returns major-status code, minor_status code, a bit mask containing independent flags representing services that have been requested by the initiating application and the number of seconds remaining before the context is no longer valid. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_accept_sec_context $accept_context $gss_c_no_credential $send_tok $gss_c_no_channel_bindings $source_name $mech_type $recv_tok $gss_c_no_credential ] maj_stat min_stat ret_flags time_rec
BUGS
None
TODO
None
SEE ALSO
NAME
gss_acquire_cred
SYNOPSIS
package require gssapi
gss_acquire_cred
desired_name
time_req
desired_mechs
cred_usage
output_cred_handle
actual_mechs
DESCRIPTION
The gss_acquire_cred command allows an application to acquire a GSS credential. The application can then use the credential with the gss_init_sec_context and gss_accept_sec_context commands.
RETURN VALUE
On success gss_acquire_cred returns major-status code, minor_status code and actual number of seconds for which the returned credentials will remain valid. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_acquire_cred NULL $GSS_C_INDEFINITE $gss_c_no_oid_set $GSS_C_BOTH $cred_handle NULL ] maj_stat min_stat time_rec
BUGS
None
TODO
None
SEE ALSO
gss_release_cred, gss_inquire_cred, gss_init_sec_context, gss_accept_sec_context
NAME
gss_add_buffer_set_member
SYNOPSIS
package require gssapi
gss_add_buffer_set_member
member_buffer
buffer_set
DESCRIPTION
The gss_add_buffer_set_member command adds a buffer to a buffer set.
RETURN VALUE
On success gss_add_buffer_set_member returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_add_buffer_set_member $member_buffer $buffer_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_add_cred
SYNOPSIS
package require gssapi
gss_add_cred
input_cred_handle
desired_name
mech_type
cred_usage
init_time_req
accept_time_req
output_cred_handle
actual_mechs
DESCRIPTION
The gss_add_cred command adds a credential element to an existing GSS credential. The credential must not already contain an element for the mechanism. A GSS credential must contain an element for each mechanism that will be used for contexts that are initiated or accepted using the credential.
RETURN VALUE
On success gss_add_cred returns major-status code, minor_status code, the initiate expiration time in seconds and the accept expiration time in seconds. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_add_cred $input_cred_handle $desired_name $gss_c_null_oid $GSS_C_BOTH $GSS_C_INDEFINITE $GSS_C_INDEFINITE $output_cred_handle $actual_mechs ] maj_stat min_stat init_time_rec accept_time_rec
BUGS
None
TODO
None
SEE ALSO
NAME
gss_add_oid_set_member
SYNOPSIS
package require gssapi
gss_add_oid_set_member
member_oid
oid_set
DESCRIPTION
The gss_add_oid_set_member command adds a new OID to an existing OID set.
RETURN VALUE
On success gss_add_oid_set_member returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_add_oid_set_member $GSS_C_NT_USER_NAME $oid_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
gss_indicate_mechs, gss_create_empty_oid_set, gss_test_oid_set_member, gss_release_oid_set
NAME
gss_canonicalize_name
SYNOPSIS
package require gssapi
gss_canonicalize_name
input_name
mech_type
output_name
DESCRIPTION
The gss_canonicalize_name command takes a GSS internal name that contains multiple internal representations and returns a new GSS internal name with a single name representation that corresponds to the specified security mechanism.
RETURN VALUE
On success gss_canonicalize_name returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_canonicalize_name $input_name $mech_type $output_name ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_compare_name
SYNOPSIS
package require gssapi
gss_compare_name
name1
name2
DESCRIPTION
The gss_compare_name command allows an application to compare two internal names to determine whether they refer to the same object. The two names must have an internal representation format in common to be comparable. The names are considered not equal if either name denotes an anonymous principal.
RETURN VALUE
On success gss_compare_name returns major-status code, minor_status code and 1 if the names refer to the same object or 0 otherwise. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_compare_name $target_name $alias_name ] maj_stat min_stat name_equal
BUGS
None
TODO
None
NAME
gss_context_time
SYNOPSIS
package require gssapi
gss_context_time
context_handle
DESCRIPTION
The gss_context_time command checks the specified security context and returns the number of seconds that the context remains valid. The returned value is GSS_C_INDEFINITE if the context does not have an expiration time.
RETURN VALUE
On success gss_context_time returns major-status code, minor_status code, and the number of seconds that the context remains valid. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_context_time $context_handle ] maj_stat min_stat time_rec
BUGS
None
TODO
None
NAME
gss_create_empty_buffer_set
SYNOPSIS
package require gssapi
gss_create_empty_buffer_set
buffer_set
DESCRIPTION
The gss_create_empty_buffer_set command creates an empty buffer set, to which membersmay be subsequently be added using the gss_add_buffer_set_member command.
RETURN VALUE
On success gss_create_empty_buffer_set returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_create_empty_buffer_set $buffer_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_create_empty_oid_set
SYNOPSIS
package require gssapi
gss_create_empty_oid_set
oid_set
DESCRIPTION
The gss_create_empty_oid_set command creates a new, empty OID set. Members can be added to the OID set by calling the gss_add_oid_set_member command. The OID set should be released when it is no longer needed by calling the gss_release_oid_set.
RETURN VALUE
On success gss_create_empty_oid_set returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_create_empty_oid_set $oid_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
gss_indicate_mechs, gss_add_oid_set_member, gss_test_oid_set_member, gss_release_oid_set
NAME
gss_delete_sec_context
SYNOPSIS
package require gssapi
gss_delete_sec_context
context_handle
output_token
DESCRIPTION
The gss_delete_sec_context command deletes one end of a security context. It also deletes the local data structures associated with the security context. When it deletes the context, the command can generate a token. The application must then pass this token to the partner application. The partner application calls the gss_process_context_token command to process the token and complete the process of deleting the security context.
RETURN VALUE
On success gss_delete_sec_context returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_delete_sec_context $context_handle $output_token ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_display_name
SYNOPSIS
package require gssapi
gss_display_name
input_name
output_name_buffer
output_name_type
DESCRIPTION
The gss_display_name command returns the textual representation of an opaque internal name. The syntax of the text representation is determined by the mechanism that was used to convert the name.
RETURN VALUE
On success gss_display_name returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_display_name $input_name $output_name_buffer $output_name_type ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_display_status
SYNOPSIS
package require gssapi
gss_display_status
status_value
status_type
mech_type
status_string
DESCRIPTION
The gss_display_status command provides an application with a textual representation of a GSS or mechanism status code. The returned message can then be displayed to the user or written to a log file.
RETURN VALUE
On success gss_display_status returns major-status code, minor_status code, message context and the text message for the status value. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_display_status $status_value $GSS_C_GSS_CODE $gss_c_null_oid ] maj_stat min_stat message_context status_string
BUGS
None
TODO
None
NAME
gss_duplicate_name
SYNOPSIS
package require gssapi
gss_duplicate_name
src_name
dest_name
DESCRIPTION
The gss_duplicate_name command creates a duplicate of a GSS internal name.
RETURN VALUE
On success gss_duplicate_name returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_name_t_value $src_name ] src_name_addr_value
lassign [ gss_duplicate_name $src_name_addr_value $dest_name ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_export_cred
SYNOPSIS
package require gssapi
gss_export_cred
cred_handle
desired_mech
option_req
output_buffer
DESCRIPTION
The gss_export_cred command creates a credential token for a GSS-API credential. This credential token can then be given to another process on the same system or on a different system. This second process calls gss_import_cred command to create a GSS-API credential from the credential token. In order to use the credential on a different system, the security mechanism must allow the credential to be used from any system.
RETURN VALUE
On success gss_export_cred returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_cred_id_t_value $delegated_cred_handle ] delegated_cred_handle_addr_value
lassign [ gss_export_cred $delegated_cred_handle_addr_value $gss_c_null_oid 0 $send_tok ] maj_stat min_stat time_rec
BUGS
None
TODO
None
SEE ALSO
gss_release_cred, gss_acquire_cred, gss_inquire_cred, gss_import_cred
NAME
gss_export_name
SYNOPSIS
package require gssapi
gss_export_name
input_name
exported_name
DESCRIPTION
The gss_export_name command creates an opaque token for a mechanism name.
RETURN VALUE
On success gss_export_name returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_export_name $input_name $exported_name ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_export_sec_context
SYNOPSIS
package require gssapi
gss_export_sec_context
context_handle
interprocess_token
DESCRIPTION
The gss_export_sec_context command creates a context token for a GSS-API security context. This context token can then be given to another process on the same system. This second process calls gss_import_sec_context command to create a GSS-API security context from the context token. Upon successful completion of gss_export_sec_context, the security context is no longer available for use by the current process. The security context token created by one implementation of GSS-API cannot be used with a different implementation of GSS-API.
RETURN VALUE
On success gss_export_sec_context returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_buffer_t_value $context_token ] context_token_addr_value
lassign [ gss_export_sec_context $init_context $context_token_addr_value ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_get_mic
SYNOPSIS
package require gssapi
gss_get_mic
context_handle
qop_req
message_buffer
message_token
DESCRIPTION
The gss_get_mic command generates a cryptographic signature for a message and returns this signature in a token that can be sent to a partner application. The partner application then calls the gss_verify_mic command to validate the signature.
RETURN VALUE
On success gss_get_mic returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_get_mic $context_handle $GSS_C_QOP_DEFAULT $message_buffer $message_token ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_import_cred
SYNOPSIS
package require gssapi
gss_import_cred
cred_handle
desired_mech
option_req
import_buffer
time_req
DESCRIPTION
The gss_import_cred command accepts a credential token created by the gss_export_cred command and creates a GSS-API credential.
RETURN VALUE
On success gss_import_cred returns major-status code, minor_status code and actual number of seconds for which the credential is valid. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_import_cred $imported_cred_handle $gss_c_null_oid 0 $send_tok 0 ] maj_stat min_stat time_rec
BUGS
None
TODO
None
SEE ALSO
gss_release_cred, gss_acquire_cred, gss_inquire_cred, gss_export_cred
NAME
gss_import_name
SYNOPSIS
package require gssapi
gss_import_name
input_name_buffer
input_name_type
output_name
DESCRIPTION
The gss_import_name command converts a printable name to the GSS internal format. The gss_name_t object created by this command can then be used as input to other GSS routines. The gss_name_t object created by the gss_import_name command contains an internal representation for each of the supported security mechanisms.
RETURN VALUE
On success gss_import_name returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_import_name $input_name_buffer $input_name_type $output_name ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_import_sec_context
SYNOPSIS
package require gssapi
gss_import_sec_context
interprocess_token
context_handle
DESCRIPTION
The gss_import_sec_context command accepts a security context token created by the gss_export_sec_context command and creates a GSS-API security context. Since the security context contains message sequencing information, it is usually not feasible to create multiple security contexts from a single context token.
RETURN VALUE
On success gss_import_sec_context returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_buffer_t_value $context_token ] context_token_addr_value
lassign [ gss_export_sec_context $context_token_addr_value $init_context ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
gss_import_sec_context
NAME
gss_indicate_mechs
SYNOPSIS
package require gssapi
gss_indicate_mechs
oid_set
DESCRIPTION
The gss_indicate_mechs command allows an application to determine which security mechanisms are available on the local system.
RETURN VALUE
On success gss_indicate_mechs returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_indicate_mechs $oid_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
gss_create_empty_oid_set, gss_add_oid_set_member, gss_test_oid_set_member, gss_release_oid_set
NAME
gss_init_delegation
SYNOPSIS
package require gssapi
gss_init_delegation
context_handle
cred_handle
desired_mech
extension_oids
extension_buffers
input_token
req_flags
time_req
output_token
DESCRIPTION
The gss_init_delegation command
RETURN VALUE
On success gss_init_delegation returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_init_delegation ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_init_sec_context
SYNOPSIS
package require gssapi
gss_init_sec_context
cred_handle
context_handle
target_name
mech_type
req_flags
time_req
input_chan_bindings
input_token
actual_mech_type
output_token
DESCRIPTION
The gss_init_sec_context command initiates a security context for use by two communicating applications.
RETURN VALUE
On success gss_init_sec_context returns major-status code, minor_status code, a bit mask containing independent flags indicating which GSS services are available for the context and the number of seconds for which the context will remain valid. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_cred_id_t_value $cred_handle ] cred_handle_addr_value
lassign [ gss_inquire_cred $cred_handle_addr_value $target_name NULL NULL ] maj_stat min_stat lifetime
lassign [ p_gss_name_t_value $target_name ] target_name_addr_value
lassign [ gss_init_sec_context $cred_handle_addr_value $init_context $target_name_addr_value $gss_c_null_oid 0 0 $gss_c_no_channel_bindings $gss_c_no_buffer NULL $send_tok ] maj_stat min_stat ret_flags time_rec
BUGS
None
TODO
None
SEE ALSO
gss_delete_sec_context, gss_accept_sec_context, gss_inquire_cred, p_gss_cred_id_t_value, p_gss_name_t_value
NAME
gss_inquire_context
SYNOPSIS
package require gssapi
gss_inquire_context
context_handle
source_name
target_name
mech_type
DESCRIPTION
The gss_inquire_context command returns information about a security context to the calling application.
RETURN VALUE
On success gss_inquire_context returns major-status code, minor_status code, the number of seconds for which the context remains valid, a bit mask containing independent flags indicating which GSS services are available for the context, 1 if the context was initiated locally or 0 otherwise, and 1 if context establishment has been completed or 0 otherwise. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_ctx_id_t_value $accept_context ] accept_context_addr_value
lassign [ gss_inquire_context $accept_context_addr_value $source_name $target_name $mech_type ] maj_stat min_stat lifetime ctx_flags locally_initiated open
BUGS
None
TODO
None
NAME
gss_inquire_cred
SYNOPSIS
package require gssapi
gss_inquire_cred
cred_handle
name
cred_usage
mechanisms
DESCRIPTION
The gss_inquire_cred command returns information about a GSS credential to the calling application. If GSS_C_NO_CREDENTIAL is specified for the cred_handle parameter, the default security mechanism is used to process the request.
RETURN VALUE
On success gss_acquire_cred returns major-status code, minor_status code and actual number of seconds for which the returned credentials will remain valid. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ p_gss_cred_id_t_value $cred_handle ] cred_handle_addr_value
lassign [ gss_inquire_cred $cred_handle_addr_value $target_name NULL NULL ] maj_stat min_stat lifetime
BUGS
None
TODO
None
SEE ALSO
NAME
gss_inquire_cred_by_mech
SYNOPSIS
package require gssapi
gss_inquire_cred_by_mech
cred_handle
mech_type
name
cred_usage
DESCRIPTION
The gss_inquire_cred_by_mech command returns information about a GSS credential for a single security mechanism. The information is obtained using the specified security mechanism.
RETURN VALUE
On success gss_inquire_cred_by_mech returns major-status code, minor_status code, the number of seconds for which the credential remains valid for initiating contexts and the number of seconds for which the credential remains valid for accepting contexts. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_inquire_cred_by_mech $cred_handle $mech_type $name $cred_usage ] maj_stat min_stat initiator_lifetime acceptor_lifetime
BUGS
None
TODO
None
NAME
gss_inquire_cred_by_oid
SYNOPSIS
package require gssapi
gss_inquire_cred_by_oid
cred_handle
desired_object
data_set
DESCRIPTION
The gss_inquire_cred_by_oid command gives applications a means to retrieve arbitrary data about a credential.
RETURN VALUE
On success gss_inquire_cred_by_oid returns major-status code, minor_status code and a set of octet string corresponding to the data associated with the desired_object. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_inquire_cred_by_oid $cred_handle $oid $data_set ] maj_stat min_stat lifetime
BUGS
None
TODO
None
SEE ALSO
NAME
gss_inquire_mechs_for_name
SYNOPSIS
package require gssapi
gss_inquire_mechs_for_name
input_name
mech_types
DESCRIPTION
The gss_inquire_mechs_for_name command returns the mechanisms with which a name may be processed.
RETURN VALUE
On success gss_inquire_names_for_mech returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_inquire_mechs_for_name $input_name $mech_types ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_inquire_names_for_mech
SYNOPSIS
package require gssapi
gss_inquire_names_for_mech
mechanism
name_types
DESCRIPTION
The gss_inquire_names_for_mech command returns the name types supported by a security mechanism.
RETURN VALUE
On success gss_inquire_names_for_mech returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_inquire_names_for_mech $mechanism $name_types ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_inquire_sec_context_by_oid
SYNOPSIS
package require gssapi
gss_inquire_sec_context_by_oid
context_handle
desired_object
data_set
DESCRIPTION
The gss_inquire_sec_context_by_oid command gives applications a means to retrieve arbitrary data about a security context.
RETURN VALUE
On success gss_inquire_sec_context_by_oid returns major-status code, minor_status code and a set of octet string corresponding to the data associated with the desired_object. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_inquire_sec_context_by_oid $context_handle $oid $data_set ] maj_stat min_stat lifetime
BUGS
None
TODO
None
SEE ALSO
NAME
gss_process_context_token
SYNOPSIS
package require gssapi
gss_process_context_token
context_handle
token_buffer
DESCRIPTION
The gss_process_context_token command processes a context token received from the partner application.
RETURN VALUE
On success gss_process_context_token returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_process_context_token $context_handle $token_buffer ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_release_buffer
SYNOPSIS
package require gssapi
gss_release_buffer
buffer
DESCRIPTION
The gss_release_buffer command releases storage associated with a gss_buffer_t buffer. The gss_buffer_desc structure itself is not released.
RETURN VALUE
On success gss_release_buffer returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_release_buffer $buffer ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_release_buffer_set
SYNOPSIS
package require gssapi
gss_release_buffer_set
buffer_set
DESCRIPTION
The gss_release_buffer_set command releases the storage assocaiated with a set of octet string allocated by gss_add_buffer_set_member.
RETURN VALUE
On success gss_release_buffer_set returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_release_buffer_set $buffer_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_release_cred
SYNOPSIS
package require gssapi
gss_release_cred
cred_handle
DESCRIPTION
The gss_release_cred command releases the local data structures associated with a GSS credential. If gss_c_no_credential is specified for the cred_handle parameter, no credential is released and gss_s_complete is returned for the major status return value.
RETURN VALUE
On success gss_release_cred returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_release_cred $cred_handle ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
NAME
gss_release_name
SYNOPSIS
package require gssapi
gss_release_name
input_name
DESCRIPTION
The gss_release_name command releases storage associated with a gss_name_t internal name.
RETURN VALUE
On success gss_release_name returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_release_name $input_name ] maj_stat min_stat
BUGS
None
TODO
None
NAME
gss_release_oid_set
SYNOPSIS
package require gssapi
gss_release_oid_set
oid_set
DESCRIPTION
The gss_release_oid_set command releases storage associated with a gss_oid_set object.
RETURN VALUE
On success gss_release_oid_set returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_release_oid_set $oid_set ] maj_stat min_stat
BUGS
None
TODO
None
SEE ALSO
gss_indicate_mechs, gss_create_empty_oid_set, gss_add_oid_set_member, gss_test_oid_set_member
NAME
gss_set_sec_context_option
SYNOPSIS
package require gssapi
gss_set_sec_context_option
context_handle
oid_of_desired_option
value_of_option
DESCRIPTION
The gss_set_sec_context_option command sets options on a security context prior to establishing it.
RETURN VALUE
On success gss_set_sec_context_option returns major-status code and minor_status code. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_set_sec_context_option $context_handle $oid $oid_value ] maj_stat min_stat lifetime
BUGS
None
TODO
None
NAME
gss_test_oid_set_member
SYNOPSIS
package require gssapi
gss_test_oid_set_member
member_oid
oid_set
DESCRIPTION
The gss_test_oid_set_member command checks an oid set to see if a specified oid is a member of the set.
RETURN VALUE
On success gss_test_oid_set_member returns major-status code, minor_status code and 1 if the OID is a member of the OID set or otherwise, it is set to zero. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_test_oid_set_member $GSS_C_NT_USER_NAME $oid_set ] maj_stat min_stat is_present
BUGS
None
TODO
None
SEE ALSO
gss_indicate_mechs, gss_create_empty_oid_set, gss_add_oid_set_member, gss_release_oid_set
NAME
gss_unwrap
SYNOPSIS
package require gssapi
gss_unwrap
context_handle
input_message_buffer
output_message_buffer
DESCRIPTION
The gss_unwrap command unwraps a message sealed by the gss_wrap command and verifies the embedded signature. The conf_state return parameter indicates whether or not the message has been encrypted.
RETURN VALUE
On success gss_unwrap returns major-status code, minor_status code, the level of confidentiality that was applied to the message and the quality of protection that was applied to the message. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_unwrap $context_handle $input_message_buffer $output_message_buffer ] maj_stat min_stat conf_state qop_state
BUGS
None
TODO
None
SEE ALSO
NAME
gss_verify_mic
SYNOPSIS
package require gssapi
gss_verify_mic
context_handle
message_buffer
token_buffer
DESCRIPTION
The gss_verify_mic command verifies that the cryptographic signature for a message is correct. This ensures that the message has not been modified since the signature was generated.
RETURN VALUE
On success gss_verify_mic returns major-status code, minor_status code and the quality of protection that was applied to the message. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_verify_mic $context_handle $message_buffer $token_buffer ] maj_stat min_stat qop_state
BUGS
None
TODO
None
SEE ALSO
NAME
gss_wrap
SYNOPSIS
package require gssapi
gss_wrap
context_handle
confidentiality_requested
quality_of_protection_requested
input_message_buffer
output_message_buffer
DESCRIPTION
The gss_wrap command cryptographically signs and optionally encrypts a message. The token returned in the output_message_buffer parameter contains both the signature and the message. This token is then sent to the partner application that calls the gss_unwrap command to extract the original message and verify its authenticity.
RETURN VALUE
On success gss_wrap returns major-status code, minor_status code and the level of confidentiality that was applied to the message. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_wrap $context_handle 1 $GSS_C_QOP_DEFAULT $input_message_buffer $output_message_buffer ] maj_stat min_stat conf_state
BUGS
None
TODO
None
SEE ALSO
NAME
gss_wrap_size_limit
SYNOPSIS
package require gssapi
gss_wrap_size_limit
context_handle
confidentiality_requested
quality_of_protection_requested
size_req
DESCRIPTION
The gss_wrap_size_limit command determines the largest message that can be processed by the gss_wrap command without exceeding the specified output token size.
RETURN VALUE
On success gss_wrap_size_limit returns major-status code, minor_status code and the maximum message size that can be processed without exceeding the specified maximum token size. If no errors occur, the command returns a major status value of GSS_S_COMPLETE. On error, this command will raise an error and must be caught using the appropriate catch command.
EXAMPLE
lassign [ gss_wrap_size_limit $context_handle 1 $GSS_C_QOP_DEFAULT 1012 ] maj_stat min_stat max_size
BUGS
None
TODO
None
SEE ALSO