gss_unwrap()--Unwrap a Message

Syntax

 #include <gssapi.h>

 OM_uint32 gss_unwrap (
     OM_uint32 *    minor_status,
     gss_ctx_id_t     context_handle,  
     gss_buffer_t   input_message,
     gss_buffer_t   output_message,
     int *      conf_state,
     gss_qop_t *    qop_state);

  Service Program Name: QSYS/QKRBGSS

  Default public authority: *USE

  Threadsafe: Yes

The gss_unwrap() function unwraps a message sealed by the gss_wrap() routine and verifies the embedded signature. The conf_state return parameter indicates whether or not the message has been encrypted.

Parameters

minor_status (Output)

A status code from the security mechanism.

context_handle (Input)

The context in which the message arrived.

input_message (Input)

The sealed message token generated by the gss_wrap() routine.

output_message (Output)

The unsealed message.

conf_state (Output)

The level of confidentiality that was applied to the message. Specify NULL for this parameter if the confidentiality state is not needed. The return value is set as follows:

TRUE	Both confidentiality and integrity services were applied.
FALSE	Only integrity services were applied.

qop_state (Output)

The quality of protection that was applied to the message. Specify NULL for this parameter if the quality of protection is not needed.

The Kerberos security mechanism supports three quality of protection levels as follows (in decreasing order or speed):

GSS_KRB5_INTEG_C_QOP_MD5	Truncated MD5
GSS_KRB5_INTEG_C_QOP_DES_MD5	DES_MAC of an MD5 hash
GSS_KRB5_INTEG_C_QOP_DES_MAC	Normal DES_MAC algorithm

Return Value

The return value is one of the following status codes:

GSS_S_BAD_SIG

The input token contains an incorrect signature.

GSS_S_COMPLETE

The routine completed successfully.

GSS_S_CONTEXT_EXPIRED

The context identifier provided by the caller has expired.

GSS_S_CREDENTIALS_EXPIRED

Credentials are no longer valid.

GSS_S_DEFECTIVE_TOKEN

Consistency checks performed on the input token failed.

GSS_S_DUPLICATE_TOKEN

The token is a duplicate of a token that has already been processed.

GSS_S_FAILURE

The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.

GSS_S_GAP_TOKEN

One or more predecessor tokens have not been processed.

GSS_S_NO_CONTEXT

The context identifier provided by the caller does not refer to a valid security context.

GSS_S_OLD_TOKEN

The token is too old to be checked for duplication against previous tokens. This is a fatal error during context establishment.

GSS_S_UNSEQ_TOKEN

A later token has already been processed.

Authorities

Object Referred to	Data Authority Required
Each directory in the path name preceding the configuration file	*X
Configuration file	*R

Object Referred to

Data Authority Required

Each directory in the path name preceding the configuration file

Configuration file

Error Messages

Message ID	Error Message Text
CPE3418 E	Possible APAR condition or hardware failure.

Message ID

Error Message Text

CPE3418 E

Possible APAR condition or hardware failure.