[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gss_inquire_sec_context_by_oid

Not sure if I ever committed this to the mechglue branch.

gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
                    krb5_keyblock **key)
    OM_uint32 ret;
    gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
    OM_uint32 minor;

    ret = gss_inquire_sec_context_by_oid(&minor,
    if (ret) {
        return ret;

    if (data_set == GSS_C_NO_BUFFER_SET ||
        data_set->count != 1) {
        gss_release_buffer_set(&minor, &data_set);
        return GSS_S_FAILURE;

    assert(sizeof(*key) == data_set->elements[0].length);
    memcpy(key, data_set->elements[0].value, data_set->elements[0].length);

    gss_release_buffer_set(&minor, &data_set);
    return GSS_S_COMPLETE;


Let me know if there is anything else you need.

-- Luke

>From: Michael B Allen <mba2000@ioplex.com>
>Subject: gss_inquire_sec_context_by_oid
>To: heimdal-discuss@sics.se
>Date: Thu, 2 Mar 2006 22:34:34 -0500
>Is there a standard way to extract more mechanism specific information
>like the subkey or authorization-data?
>I noticed mechglue exports a gss_inquire_sec_context_by_oid function. This
>appears to be an extension dreamt up by globus? Theres also a function
>that uses it to get what appears to be the AD but unfortunately there
>is no actual implementation of it in Heimdal.
>So I was thinking of implementing gss_inquire_sec_context_by_oid to get
>the AD and subkey. Does this sound like a good idea?
>Any direction would be appreciated (e.g. what OID to use for the subkey).