JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

GSS-API Functions

Functions From Previous Versions of GSS-API

Functions for Manipulating OIDs

Renamed Functions

GSS-API Status Codes

GSS-API Major Status Code Values

Displaying Status Codes

Status Code Macros

GSS-API Data Types and Values

Basic GSS-API Data Types

OM_uint32

gss_buffer_desc

gss_OID_desc

gss_OID_set_desc

gss_channel_bindings_struct

Name Types

Address Types for Channel Bindings

Implementation-Specific Features in GSS-API

Oracle Solaris-Specific Functions

Human-Readable Name Syntax

Format of Anonymous Names

Implementations of Selected Data Types

Deletion of Contexts and Stored Data

Protection of Channel-Binding Information

Context Exportation and Interprocess Tokens

Types of Credentials Supported

Credential Expiration

Context Expiration

Wrap Size Limits and QOP Values

Use of minor_status Parameter

Kerberos v5 Status Codes

Messages Returned in Kerberos v5 for Status Code 1

Messages Returned in Kerberos v5 for Status Code 2

Messages Returned in Kerberos v5 for Status Code 3

Messages Returned in Kerberos v5 for Status Code 4

Messages Returned in Kerberos v5 for Status Code 5

Messages Returned in Kerberos v5 for Status Code 6

Messages Returned in Kerberos v5 for Status Code 7

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables

Glossary

Index

GSS-API Data Types and Values

This section describes various types of GSS-API data types and values. Some data types, such as gss_cred_id_t or gss_name_t, are opaque to the user. These data types do not need to be discussed. This section explains the following topics:

Basic GSS-API Data Types

This section describes data types that are used by GSS-API.

OM_uint32

The OM_uint32 is a platform-independent 32–bit unsigned integer.

gss_buffer_desc

The definition of the gss_buffer_desc with the gss_buffer_t pointer takes the following form:

typedef struct gss_buffer_desc_struct {
        size_t length;
        void *value;
} gss_buffer_desc, *gss_buffer_t;

gss_OID_desc

The definition of the gss_OID_desc with the gss_OID pointer takes the following form:

typedef struct gss_OID_desc_struct {
        OM_uint32 length;
        void*elements;
} gss_OID_desc, *gss_OID;

gss_OID_set_desc

The definition of the gss_OID_set_desc with the gss_OID_set pointer takes the following form:

typedef struct gss_OID_set_desc_struct  {
        size_t  count;
        gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;

gss_channel_bindings_struct

The definition of the gss_channel_bindings_struct structure and the gss_channel_bindings_t pointer has the following form:

typedef struct gss_channel_bindings_struct {
        OM_uint32 initiator_addrtype;
        gss_buffer_desc initiator_address;
        OM_uint32 acceptor_addrtype;
        gss_buffer_desc acceptor_address;
        gss_buffer_desc application_data;
} *gss_channel_bindings_t;

Name Types

A name type indicates the format of the associated name. See Names in GSS-API and GSS-API OIDs for more on names and name types. The GSS-API supports the gss_OID name types in the following table.

GSS_C_NO_NAME

The symbolic name GSS_C_NO_NAME is recommended as a parameter value to indicate that no value is supplied in the transfer of names.

GSS_C_NO_OID

This value corresponds to a null input value instead of an actual object identifier. Where specified, the value indicates interpretation of an associated name that is based on a mechanism-specific default printable syntax.

GSS_C_NT_ANONYMOUS

A means to identify anonymous names. This value can be compared with to determine in a mechanism-independent fashion whether a name refers to an anonymous principal.

GSS_C_NT_EXPORT_NAME

A name that has been exported with the gss_export_name() function.

GSS_C_NT_HOSTBASED_SERVICE

Used to represent services that are associated with host computers. This name form is constructed using two elements, service and hostname, as follows: service@hostname.

GSS_C_NT_MACHINE_UID_NAME

Used to indicate a numeric user identifier corresponding to a user on a local system. The interpretation of this value is OS-specific. The gss_import_name() function resolves this UID into a user name, which is then treated as the User Name Form.

GSS_C_NT_STRING_STRING_UID_NAME

Used to indicate a string of digits that represents the numeric user identifier of a user on a local system. The interpretation of this value is OS-specific. This name type is similar to the Machine UID Form, except that the buffer contains a string that represents the user ID.

GSS_C_NT_USER_NAME

A named user on a local system. The interpretation of this value is OS-specific. The value takes the form: username.

Address Types for Channel Bindings

The following table shows the possible values for the initiator_addrtype and acceptor_addrtype fields of the gss_channel_bindings_struct structure. These fields indicate the format that a name can take, for example, ARPAnet IMP address or AppleTalk address. Channel bindings are discussed in Using Channel Bindings in GSS-API.

Table C-4 Channel Binding Address Types

Field
Value (Decimal)
Address Type
GSS_C_AF_UNSPEC
0
Unspecified address type
GSS_C_AF_LOCAL
1
Host-local
GSS_C_AF_INET
2
Internet address type, for example, IP
GSS_C_AF_IMPLINK
3
ARPAnet IMP
GSS_C_AF_PUP
4
pup protocols, for example, BSP
GSS_C_AF_CHAOS
5
MIT CHAOS protocol
GSS_C_AF_NS
6
XEROX NS
GSS_C_AF_NBS
7
nbs
GSS_C_AF_ECMA
8
ECMA
GSS_C_AF_DATAKIT
9
Datakit protocols
GSS_C_AF_CCITT
10
CCITT
GSS_C_AF_SNA
11
IBM SNA
GSS_C_AF_DECnet
12
DECnet
GSS_C_AF_DLI
13
Direct data link interface
GSS_C_AF_LAT
14
LAT
GSS_C_AF_HYLINK
15
NSC Hyperchannel
GSS_C_AF_APPLETALK
16
AppleTalk
GSS_C_AF_BSC
17
BISYNC
GSS_C_AF_DSS
18
Distributed system services
GSS_C_AF_OSI
19
OSI TP4
GSS_C_AF_X25
21
X.25
GSS_C_AF_NULLADDR
255
No address specified