GSS-API security context. More...

#include <gss_tsig_api.h>

Inheritance diagram for isc::gss_tsig::GssApiSecCtx:

Public Member Functions
	GssApiSecCtx (const std::vector< uint8_t > &import)
	Import constructor.

	GssApiSecCtx (gss_ctx_id_t sec_ctx)
	Constructor.

	~GssApiSecCtx ()
	Destructor.

bool	accept (GssApiCred &cred, GssApiBuffer &intoken, GssApiName &source, GssApiBuffer &outtoken)
	Accept.

gss_ctx_id_t	get ()
	Get the value.

OM_uint32	getLifetime ()
	Get the lifetime (validity in seconds).

gss_ctx_id_t *	getPtr ()
	Get a pointer to the security context.

bool	init (GssApiCredPtr credp, GssApiName &target, OM_uint32 flags, GssApiBuffer &intoken, GssApiBuffer &outtoken, OM_uint32 &lifetime)
	Init.

void	inquire (GssApiName &source, GssApiName &target, OM_uint32 &lifetime, OM_uint32 &flags, bool &local, bool &established)
	Inquire.

std::vector< uint8_t >	serialize ()
	Export.

void	sign (GssApiBuffer &gmessage, GssApiBuffer &gsig)
	Sign.

void	verify (GssApiBuffer &gmessage, GssApiBuffer &gsig)
	Verify.

Public Member Functions inherited from isc::gss_tsig::GssApiLastError
	GssApiLastError ()
	Constructor.

virtual	~GssApiLastError ()
	Destructor.

int	getLastError () const
	Get the last error.

void	setLastError (int error)
	Set the last error.

Detailed Description

GSS-API security context.

Encapsulate gss_ctx_id_t the GSS-API pointer type.

Note: : some methods should be const but this does not match the API.

Definition at line 290 of file gss_tsig_api.h.

Constructor & Destructor Documentation

◆ GssApiSecCtx() [1/2]

isc::gss_tsig::GssApiSecCtx::GssApiSecCtx ( gss_ctx_id_t sec_ctx )

explicit

Constructor.

Parameters

sec_ctx The GSS-API security context.

Definition at line 269 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiLastError::GssApiLastError().

Here is the call graph for this function:

◆ GssApiSecCtx() [2/2]

isc::gss_tsig::GssApiSecCtx::GssApiSecCtx ( const std::vector< uint8_t > & import )

explicit

Import constructor.

Use the gss_import_sec_context GSS-API function.

Parameters

import Vector of byte representing the GSS-API security context.

Definition at line 273 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiLastError::GssApiLastError(), isc::gss_tsig::GssApiBuffer::getPtr(), isc::gss_tsig::gssApiErrMsg(), and isc_throw.

Here is the call graph for this function:

◆ ~GssApiSecCtx()

isc::gss_tsig::GssApiSecCtx::~GssApiSecCtx ( )

Destructor.

Use the gss_delete_sec_context GSS-API function.

Definition at line 284 of file gss_tsig_api.cc.

Member Function Documentation

◆ accept()

bool isc::gss_tsig::GssApiSecCtx::accept	(	GssApiCred &	cred,
		GssApiBuffer &	intoken,
		GssApiName &	source,
		GssApiBuffer &	outtoken )

Accept.

Accept is the server acceptor method: it should be called until it completes. The input and output tokens are used for communication with the peer i.e. a client.

Use the gss_accept_sec_context GSS-API function.

Parameters

	cred	Acceptor GSS-API credential.
	intoken	Input token (a GSS-API buffer).
[out]	source	Source GSS-API name.
[out]	outtoken	Output token (a GSS-API buffer).

Returns: True when complete, false when continue (i.e. must be called again).

Definition at line 413 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiCred::get(), isc::gss_tsig::GssApiBuffer::getPtr(), isc::gss_tsig::GssApiName::getPtr(), isc::gss_tsig::gssApiErrMsg(), isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

◆ get()

gss_ctx_id_t isc::gss_tsig::GssApiSecCtx::get ( )

inline

Get the value.

Definition at line 310 of file gss_tsig_api.h.

◆ getLifetime()

OM_uint32 isc::gss_tsig::GssApiSecCtx::getLifetime ( )

Get the lifetime (validity in seconds).

Use the gss_context_time GSS-API function.

Definition at line 308 of file gss_tsig_api.cc.

References isc::gss_tsig::gssApiErrMsg(), isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

◆ getPtr()

gss_ctx_id_t * isc::gss_tsig::GssApiSecCtx::getPtr ( )

inline

Get a pointer to the security context.

Returns: a pointer to the security context.

Definition at line 317 of file gss_tsig_api.h.

◆ init()

bool isc::gss_tsig::GssApiSecCtx::init	(	GssApiCredPtr	credp,
		GssApiName &	target,
		OM_uint32	flags,
		GssApiBuffer &	intoken,
		GssApiBuffer &	outtoken,
		OM_uint32 &	lifetime )

Init.

Init is the client setup method: it should be called until it completes. The input and output tokens are used for communication with the peer i.e. the acceptor.

Use the gss_init_sec_context GSS-API function.

Parameters

	credp	Pointer to claimant GSS-API credential.
	target	Target GSS-API name.
	flags	Requested flags.
	intoken	Input token (a GSS-API buffer).
[out]	outtoken	Output token (a GSS-API buffer).
[out]	lifetime	Validity lifetime (number of seconds from now).

Returns: True when complete, false when continue (i.e. must be called again).

Definition at line 367 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiName::get(), isc::gss_tsig::GssApiBuffer::getPtr(), isc::gss_tsig::gssApiErrMsg(), isc::gss_tsig::ISC_GSS_SPNEGO_MECHANISM, isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

◆ inquire()

void isc::gss_tsig::GssApiSecCtx::inquire	(	GssApiName &	source,
		GssApiName &	target,
		OM_uint32 &	lifetime,
		OM_uint32 &	flags,
		bool &	local,
		bool &	established )

Inquire.

Use the gss_inquire_context GSS-API function.

Parameters

[out]	source	Source GSS-API name.
[out]	target	Target GSS-API name.
[out]	lifetime	Validity lifetime (number of seconds from now).
[out]	flags	Current flags.
[out]	local	True when locally initialed, false otherwise.
[out]	established	True when established, false when a token is still expected.

Definition at line 321 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiName::getPtr(), isc::gss_tsig::gssApiErrMsg(), isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

◆ serialize()

vector< uint8_t > isc::gss_tsig::GssApiSecCtx::serialize ( )

Export.

Use the gss_export_sec_context GSS-API function.

Returns: A vector of byte representing the GSS-API security context.

Definition at line 295 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiBuffer::getContent(), isc::gss_tsig::GssApiBuffer::getPtr(), isc::gss_tsig::gssApiErrMsg(), isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

◆ sign()

void isc::gss_tsig::GssApiSecCtx::sign	(	GssApiBuffer &	gmessage,
		GssApiBuffer &	gsig )

Sign.

Use the gss_get_mic GSS-API function.

Parameters

	gmessage	GSS-API buffer containing the message to sign.
[out]	gsig	GSS-API buffer to handle the signature.

Definition at line 343 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiBuffer::getPtr(), isc::gss_tsig::gssApiErrMsg(), isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

◆ verify()

void isc::gss_tsig::GssApiSecCtx::verify	(	GssApiBuffer &	gmessage,
		GssApiBuffer &	gsig )

Verify.

Use the gss_verify_mic GSS-API function.

Parameters

gmessage	GSS-API buffer containing the message to verify.
gsig	GSS-API buffer containing the signature to verify.

Definition at line 355 of file gss_tsig_api.cc.

References isc::gss_tsig::GssApiBuffer::getPtr(), isc::gss_tsig::gssApiErrMsg(), isc_throw, and isc::gss_tsig::GssApiLastError::setLastError().

Here is the call graph for this function:

The documentation for this class was generated from the following files:

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ GssApiSecCtx() [1/2]

◆ GssApiSecCtx() [2/2]

◆ ~GssApiSecCtx()

Member Function Documentation

◆ accept()

◆ get()

◆ getLifetime()

◆ getPtr()

◆ init()

◆ inquire()

◆ serialize()

◆ sign()

◆ verify()