Pike v8.1 release 6

Method GSSAPI.Context()->mech()


Method mech

int is_established()
int services()
int locally_initiated()
Name source_name()
Name target_name()
int(0..) lifetime()
string mech()

Description

Functions to query various properties about the context.

These wrap GSS_Inquire_context according to RFC 2743 section 2.2.6.

is_established()

Returns nonzero as soon as the context has been established. That means no further rounds through GSSAPI.InitContext.init or GSSAPI.AcceptContext.accept, that the remote peer is authenticated as required, and that the set of available services is complete (see services).

services()

Returns a bitfield of GSSAPI.*_FLAG flags for the services that the context (currently) provides. This field is complete only when the context establishment has finished, i.e. when is_established returns nonzero.

See also GSSAPI.describe_services.

locally_initiated()

Returns nonzero if the context is an initiator, zero if it is an acceptor. (This is mainly useful in imported contexts.)

source_name()

Returns the name of the context initiator. The name is always an MN. Returns an anonymous name if used on the acceptor side and the anonymous authentication service (c.f. GSSAPI.ANON_FLAG) was used.

target_name()

Returns the name of the context acceptor. If a name is returned then it is always an MN.

Zero is returned on the initiator side if the initiator didn't specify a target name and the acceptor did not authenticate itself (should never happen if mutual authentication (c.f. GSSAPI.MUTUAL_FLAG) is a required service).

The returned object is not necessarily the same one as was passed to GSSAPI.InitContext.create, even though they are likely to compare as equal (they might not be equal if the passed name wasn't an MN).

lifetime()

Returns the validity lifetime left for the context. Returns zero if the context has expired, or Int.inf if there is no time limit (in older pikes without Int.inf a large positive integer is returned instead).

mech()

Returns the mechanism that provides the context. The returned value is its OID on dotted-decimal form.

These functions don't throw errors if the context is missing or not completely established, even though they might not be able to query the proper values then (GSS-API implementations are known to not be completely reliable in handling these queries for partly established contexts). The functions instead return zero.