<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="stylesheet" href="style.css" type="text/css">
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type">
<link rel="Start" href="index.html">
<link rel="previous" href="Netclient_tut.html">
<link rel="next" href="Nethttpd_types.html">
<link rel="Up" href="index.html">
<link title="Index of types" rel=Appendix href="index_types.html">
<link title="Index of exceptions" rel=Appendix href="index_exceptions.html">
<link title="Index of values" rel=Appendix href="index_values.html">
<link title="Index of class attributes" rel=Appendix href="index_attributes.html">
<link title="Index of class methods" rel=Appendix href="index_methods.html">
<link title="Index of classes" rel=Appendix href="index_classes.html">
<link title="Index of class types" rel=Appendix href="index_class_types.html">
<link title="Index of modules" rel=Appendix href="index_modules.html">
<link title="Index of module types" rel=Appendix href="index_module_types.html">
<link title="Uq_gtk" rel="Chapter" href="Uq_gtk.html">
<link title="Equeue" rel="Chapter" href="Equeue.html">
<link title="Unixqueue" rel="Chapter" href="Unixqueue.html">
<link title="Unixqueue_pollset" rel="Chapter" href="Unixqueue_pollset.html">
<link title="Unixqueue_select" rel="Chapter" href="Unixqueue_select.html">
<link title="Uq_resolver" rel="Chapter" href="Uq_resolver.html">
<link title="Uq_engines" rel="Chapter" href="Uq_engines.html">
<link title="Uq_socks5" rel="Chapter" href="Uq_socks5.html">
<link title="Uq_io" rel="Chapter" href="Uq_io.html">
<link title="Uq_lwt" rel="Chapter" href="Uq_lwt.html">
<link title="Uq_libevent" rel="Chapter" href="Uq_libevent.html">
<link title="Uq_mt" rel="Chapter" href="Uq_mt.html">
<link title="Equeue_intro" rel="Chapter" href="Equeue_intro.html">
<link title="Equeue_howto" rel="Chapter" href="Equeue_howto.html">
<link title="Uq_ssl" rel="Chapter" href="Uq_ssl.html">
<link title="Https_client" rel="Chapter" href="Https_client.html">
<link title="Uq_tcl" rel="Chapter" href="Uq_tcl.html">
<link title="Netcamlbox" rel="Chapter" href="Netcamlbox.html">
<link title="Netcgi_apache" rel="Chapter" href="Netcgi_apache.html">
<link title="Netcgi_modtpl" rel="Chapter" href="Netcgi_modtpl.html">
<link title="Netcgi_common" rel="Chapter" href="Netcgi_common.html">
<link title="Netcgi" rel="Chapter" href="Netcgi.html">
<link title="Netcgi_ajp" rel="Chapter" href="Netcgi_ajp.html">
<link title="Netcgi_scgi" rel="Chapter" href="Netcgi_scgi.html">
<link title="Netcgi_cgi" rel="Chapter" href="Netcgi_cgi.html">
<link title="Netcgi_fcgi" rel="Chapter" href="Netcgi_fcgi.html">
<link title="Netcgi_dbi" rel="Chapter" href="Netcgi_dbi.html">
<link title="Netcgi1_compat" rel="Chapter" href="Netcgi1_compat.html">
<link title="Netcgi_test" rel="Chapter" href="Netcgi_test.html">
<link title="Netcgi_porting" rel="Chapter" href="Netcgi_porting.html">
<link title="Netcgi_plex" rel="Chapter" href="Netcgi_plex.html">
<link title="Http_client_conncache" rel="Chapter" href="Http_client_conncache.html">
<link title="Http_client" rel="Chapter" href="Http_client.html">
<link title="Telnet_client" rel="Chapter" href="Telnet_client.html">
<link title="Ftp_data_endpoint" rel="Chapter" href="Ftp_data_endpoint.html">
<link title="Ftp_client" rel="Chapter" href="Ftp_client.html">
<link title="Http_fs" rel="Chapter" href="Http_fs.html">
<link title="Ftp_fs" rel="Chapter" href="Ftp_fs.html">
<link title="Netclient_tut" rel="Chapter" href="Netclient_tut.html">
<link title="Netgssapi" rel="Chapter" href="Netgssapi.html">
<link title="Nethttpd_types" rel="Chapter" href="Nethttpd_types.html">
<link title="Nethttpd_kernel" rel="Chapter" href="Nethttpd_kernel.html">
<link title="Nethttpd_reactor" rel="Chapter" href="Nethttpd_reactor.html">
<link title="Nethttpd_engine" rel="Chapter" href="Nethttpd_engine.html">
<link title="Nethttpd_services" rel="Chapter" href="Nethttpd_services.html">
<link title="Nethttpd_plex" rel="Chapter" href="Nethttpd_plex.html">
<link title="Nethttpd_util" rel="Chapter" href="Nethttpd_util.html">
<link title="Nethttpd_intro" rel="Chapter" href="Nethttpd_intro.html">
<link title="Netmech_scram" rel="Chapter" href="Netmech_scram.html">
<link title="Netmech_scram_gssapi" rel="Chapter" href="Netmech_scram_gssapi.html">
<link title="Netmcore" rel="Chapter" href="Netmcore.html">
<link title="Netmcore_camlbox" rel="Chapter" href="Netmcore_camlbox.html">
<link title="Netmcore_mempool" rel="Chapter" href="Netmcore_mempool.html">
<link title="Netmcore_heap" rel="Chapter" href="Netmcore_heap.html">
<link title="Netmcore_ref" rel="Chapter" href="Netmcore_ref.html">
<link title="Netmcore_array" rel="Chapter" href="Netmcore_array.html">
<link title="Netmcore_sem" rel="Chapter" href="Netmcore_sem.html">
<link title="Netmcore_mutex" rel="Chapter" href="Netmcore_mutex.html">
<link title="Netmcore_condition" rel="Chapter" href="Netmcore_condition.html">
<link title="Netmcore_queue" rel="Chapter" href="Netmcore_queue.html">
<link title="Netmcore_buffer" rel="Chapter" href="Netmcore_buffer.html">
<link title="Netmcore_matrix" rel="Chapter" href="Netmcore_matrix.html">
<link title="Netmcore_hashtbl" rel="Chapter" href="Netmcore_hashtbl.html">
<link title="Netmcore_process" rel="Chapter" href="Netmcore_process.html">
<link title="Netmcore_tut" rel="Chapter" href="Netmcore_tut.html">
<link title="Netmcore_basics" rel="Chapter" href="Netmcore_basics.html">
<link title="Netplex_types" rel="Chapter" href="Netplex_types.html">
<link title="Netplex_mp" rel="Chapter" href="Netplex_mp.html">
<link title="Netplex_mt" rel="Chapter" href="Netplex_mt.html">
<link title="Netplex_log" rel="Chapter" href="Netplex_log.html">
<link title="Netplex_controller" rel="Chapter" href="Netplex_controller.html">
<link title="Netplex_container" rel="Chapter" href="Netplex_container.html">
<link title="Netplex_sockserv" rel="Chapter" href="Netplex_sockserv.html">
<link title="Netplex_workload" rel="Chapter" href="Netplex_workload.html">
<link title="Netplex_main" rel="Chapter" href="Netplex_main.html">
<link title="Netplex_config" rel="Chapter" href="Netplex_config.html">
<link title="Netplex_kit" rel="Chapter" href="Netplex_kit.html">
<link title="Rpc_netplex" rel="Chapter" href="Rpc_netplex.html">
<link title="Netplex_cenv" rel="Chapter" href="Netplex_cenv.html">
<link title="Netplex_semaphore" rel="Chapter" href="Netplex_semaphore.html">
<link title="Netplex_sharedvar" rel="Chapter" href="Netplex_sharedvar.html">
<link title="Netplex_mutex" rel="Chapter" href="Netplex_mutex.html">
<link title="Netplex_encap" rel="Chapter" href="Netplex_encap.html">
<link title="Netplex_mbox" rel="Chapter" href="Netplex_mbox.html">
<link title="Netplex_intro" rel="Chapter" href="Netplex_intro.html">
<link title="Netplex_advanced" rel="Chapter" href="Netplex_advanced.html">
<link title="Netplex_admin" rel="Chapter" href="Netplex_admin.html">
<link title="Netshm" rel="Chapter" href="Netshm.html">
<link title="Netshm_data" rel="Chapter" href="Netshm_data.html">
<link title="Netshm_hashtbl" rel="Chapter" href="Netshm_hashtbl.html">
<link title="Netshm_array" rel="Chapter" href="Netshm_array.html">
<link title="Netshm_intro" rel="Chapter" href="Netshm_intro.html">
<link title="Netconversion" rel="Chapter" href="Netconversion.html">
<link title="Netchannels" rel="Chapter" href="Netchannels.html">
<link title="Netstream" rel="Chapter" href="Netstream.html">
<link title="Mimestring" rel="Chapter" href="Mimestring.html">
<link title="Netmime" rel="Chapter" href="Netmime.html">
<link title="Netsendmail" rel="Chapter" href="Netsendmail.html">
<link title="Neturl" rel="Chapter" href="Neturl.html">
<link title="Netaddress" rel="Chapter" href="Netaddress.html">
<link title="Netbuffer" rel="Chapter" href="Netbuffer.html">
<link title="Netdate" rel="Chapter" href="Netdate.html">
<link title="Netencoding" rel="Chapter" href="Netencoding.html">
<link title="Netulex" rel="Chapter" href="Netulex.html">
<link title="Netaccel" rel="Chapter" href="Netaccel.html">
<link title="Netaccel_link" rel="Chapter" href="Netaccel_link.html">
<link title="Nethtml" rel="Chapter" href="Nethtml.html">
<link title="Netstring_str" rel="Chapter" href="Netstring_str.html">
<link title="Netmappings" rel="Chapter" href="Netmappings.html">
<link title="Netaux" rel="Chapter" href="Netaux.html">
<link title="Nethttp" rel="Chapter" href="Nethttp.html">
<link title="Netpagebuffer" rel="Chapter" href="Netpagebuffer.html">
<link title="Netfs" rel="Chapter" href="Netfs.html">
<link title="Netglob" rel="Chapter" href="Netglob.html">
<link title="Netauth" rel="Chapter" href="Netauth.html">
<link title="Netsockaddr" rel="Chapter" href="Netsockaddr.html">
<link title="Netnumber" rel="Chapter" href="Netnumber.html">
<link title="Rtypes" rel="Chapter" href="Rtypes.html">
<link title="Xdr_mstring" rel="Chapter" href="Xdr_mstring.html">
<link title="Xdr" rel="Chapter" href="Xdr.html">
<link title="Netcompression" rel="Chapter" href="Netcompression.html">
<link title="Netunichar" rel="Chapter" href="Netunichar.html">
<link title="Netchannels_tut" rel="Chapter" href="Netchannels_tut.html">
<link title="Netmime_tut" rel="Chapter" href="Netmime_tut.html">
<link title="Netsendmail_tut" rel="Chapter" href="Netsendmail_tut.html">
<link title="Netulex_tut" rel="Chapter" href="Netulex_tut.html">
<link title="Neturl_tut" rel="Chapter" href="Neturl_tut.html">
<link title="Netstring_pcre" rel="Chapter" href="Netstring_pcre.html">
<link title="Netsys" rel="Chapter" href="Netsys.html">
<link title="Netsys_posix" rel="Chapter" href="Netsys_posix.html">
<link title="Netsys_pollset" rel="Chapter" href="Netsys_pollset.html">
<link title="Netlog" rel="Chapter" href="Netlog.html">
<link title="Netexn" rel="Chapter" href="Netexn.html">
<link title="Netsys_win32" rel="Chapter" href="Netsys_win32.html">
<link title="Netsys_pollset_posix" rel="Chapter" href="Netsys_pollset_posix.html">
<link title="Netsys_pollset_win32" rel="Chapter" href="Netsys_pollset_win32.html">
<link title="Netsys_pollset_generic" rel="Chapter" href="Netsys_pollset_generic.html">
<link title="Netsys_signal" rel="Chapter" href="Netsys_signal.html">
<link title="Netsys_oothr" rel="Chapter" href="Netsys_oothr.html">
<link title="Netsys_xdr" rel="Chapter" href="Netsys_xdr.html">
<link title="Netsys_rng" rel="Chapter" href="Netsys_rng.html">
<link title="Netsys_types" rel="Chapter" href="Netsys_types.html">
<link title="Netsys_mem" rel="Chapter" href="Netsys_mem.html">
<link title="Netsys_tmp" rel="Chapter" href="Netsys_tmp.html">
<link title="Netsys_sem" rel="Chapter" href="Netsys_sem.html">
<link title="Netsys_pmanage" rel="Chapter" href="Netsys_pmanage.html">
<link title="Netgzip" rel="Chapter" href="Netgzip.html">
<link title="Netpop" rel="Chapter" href="Netpop.html">
<link title="Rpc_auth_dh" rel="Chapter" href="Rpc_auth_dh.html">
<link title="Rpc_key_service" rel="Chapter" href="Rpc_key_service.html">
<link title="Rpc_time" rel="Chapter" href="Rpc_time.html">
<link title="Rpc_auth_local" rel="Chapter" href="Rpc_auth_local.html">
<link title="Rpc" rel="Chapter" href="Rpc.html">
<link title="Rpc_program" rel="Chapter" href="Rpc_program.html">
<link title="Rpc_util" rel="Chapter" href="Rpc_util.html">
<link title="Rpc_portmapper_aux" rel="Chapter" href="Rpc_portmapper_aux.html">
<link title="Rpc_packer" rel="Chapter" href="Rpc_packer.html">
<link title="Rpc_transport" rel="Chapter" href="Rpc_transport.html">
<link title="Rpc_client" rel="Chapter" href="Rpc_client.html">
<link title="Rpc_simple_client" rel="Chapter" href="Rpc_simple_client.html">
<link title="Rpc_portmapper_clnt" rel="Chapter" href="Rpc_portmapper_clnt.html">
<link title="Rpc_portmapper" rel="Chapter" href="Rpc_portmapper.html">
<link title="Rpc_server" rel="Chapter" href="Rpc_server.html">
<link title="Rpc_auth_sys" rel="Chapter" href="Rpc_auth_sys.html">
<link title="Rpc_auth_gssapi" rel="Chapter" href="Rpc_auth_gssapi.html">
<link title="Rpc_proxy" rel="Chapter" href="Rpc_proxy.html">
<link title="Rpc_intro" rel="Chapter" href="Rpc_intro.html">
<link title="Rpc_mapping_ref" rel="Chapter" href="Rpc_mapping_ref.html">
<link title="Rpc_intro_gss" rel="Chapter" href="Rpc_intro_gss.html">
<link title="Rpc_ssl" rel="Chapter" href="Rpc_ssl.html">
<link title="Rpc_xti_client" rel="Chapter" href="Rpc_xti_client.html">
<link title="Shell_sys" rel="Chapter" href="Shell_sys.html">
<link title="Shell" rel="Chapter" href="Shell.html">
<link title="Shell_uq" rel="Chapter" href="Shell_uq.html">
<link title="Shell_fs" rel="Chapter" href="Shell_fs.html">
<link title="Shell_intro" rel="Chapter" href="Shell_intro.html">
<link title="Netsmtp" rel="Chapter" href="Netsmtp.html">
<link title="Intro" rel="Chapter" href="Intro.html">
<link title="Platform" rel="Chapter" href="Platform.html">
<link title="Foreword" rel="Chapter" href="Foreword.html">
<link title="Ipv6" rel="Chapter" href="Ipv6.html">
<link title="Regexp" rel="Chapter" href="Regexp.html"><link title="Types" rel="Section" href="#2_Types">
<link title="Exceptions" rel="Section" href="#2_Exceptions">
<link title="The API" rel="Section" href="#2_TheAPI">
<link title="Utility functions" rel="Section" href="#2_Utilityfunctions">
<link title="Common OID's for name types" rel="Section" href="#2_CommonOIDsfornametypes">
<link title="Encodings" rel="Section" href="#2_Encodings">
<link title="Create tokens" rel="Section" href="#2_Createtokens">
<title>Ocamlnet 3 Reference Manual : Netgssapi</title>
</head>
<body>
<div class="navbar"><a class="pre" href="Netclient_tut.html" title="Netclient_tut">Previous</a>
<a class="up" href="index.html" title="Index">Up</a>
<a class="post" href="Nethttpd_types.html" title="Nethttpd_types">Next</a>
</div>
<h1>Module <a href="type_Netgssapi.html">Netgssapi</a></h1>
<pre><span class="keyword">module</span> Netgssapi: <code class="code">sig</code> <a href="Netgssapi.html">..</a> <code class="code">end</code></pre><div class="info">
GSS-API Definition<br>
</div>
<hr width="100%">
<br>
This is mainly a translation of RFC 2743/2744 to Ocaml.<br>
<br>
<h2 id="2_Types">Types</h2><br>
<pre><span id="TYPEoid"><span class="keyword">type</span> <code class="type"></code>oid</span> = <code class="type">int array</code> </pre>
<div class="info">
OIDs like "1.3.6.1.5.6.2" as array of int's. The empty array
means <code class="code">GSS_C_NO_OID</code>.<br>
</div>
<pre><span id="TYPEoid_set"><span class="keyword">type</span> <code class="type"></code>oid_set</span> = <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a> list</code> </pre>
<div class="info">
A set of OID's. These lists should not contain OID's twice.
The empty list means <code class="code">GSS_C_NO_OID_SET</code>.<br>
</div>
<pre><span id="TYPEcredential"><span class="keyword">type</span> <code class="type"></code>credential</span> = <code class="type">< otype : [ `Credential ] ></code> </pre>
<div class="info">
A credential is opaque for the caller of the GSS-API.
The provider of the GSS-API can emit new credential objects,
and hand them out to the caller. When the caller passes
credentials back to the provider, the provider must check
whether the object is known, and reject any fake objects
created by the caller by raising <code class="code">Invalid_argument</code>.<br>
</div>
<pre><span id="TYPEcontext"><span class="keyword">type</span> <code class="type"></code>context</span> = <code class="type">< otype : [ `Context ]; valid : bool ></code> </pre>
<div class="info">
A context is also opaque, and the same rules apply as for
<code class="code">credential</code>.
<p>
The method <code class="code">valid</code> is true as long as the context is not
deleted.<br>
</div>
<pre><span id="TYPEtoken"><span class="keyword">type</span> <code class="type"></code>token</span> = <code class="type">string</code> </pre>
<div class="info">
Authentication tokens. These are also opaque to the caller,
but have a string representation so that they can be sent
over the wire.<br>
</div>
<pre><span id="TYPEinterprocess_token"><span class="keyword">type</span> <code class="type"></code>interprocess_token</span> = <code class="type">string</code> </pre>
<div class="info">
Interprocess tokens. These are also opaque to the caller,
but have a string representation so that they can be sent
over the wire.<br>
</div>
<pre><span id="TYPEcalling_error"><span class="keyword">type</span> <code class="type"></code>calling_error</span> = <code class="type">[ `Bad_structure | `Inaccessible_read | `Inaccessible_write | `None ]</code> </pre>
<div class="info">
Possible errors caused by the caller<br>
</div>
<pre><span id="TYPEroutine_error"><span class="keyword">type</span> <code class="type"></code>routine_error</span> = <code class="type">[ `Bad_QOP<br> | `Bad_bindings<br> | `Bad_mech<br> | `Bad_mic<br> | `Bad_name<br> | `Bad_nametype<br> | `Bad_status<br> | `Context_expired<br> | `Credentials_expired<br> | `Defective_credential<br> | `Defective_token<br> | `Duplicate_element<br> | `Failure<br> | `Name_not_mn<br> | `No_context<br> | `No_cred<br> | `None<br> | `Unauthorized<br> | `Unavailable ]</code> </pre>
<div class="info">
Possible errors caused by the provider<br>
</div>
<pre><span id="TYPEsuppl_status"><span class="keyword">type</span> <code class="type"></code>suppl_status</span> = <code class="type">[ `Continue_needed<br> | `Duplicate_token<br> | `Gap_token<br> | `Old_token<br> | `Unseq_token ]</code> </pre>
<div class="info">
Further flags<br>
</div>
<pre><span id="TYPEmajor_status"><span class="keyword">type</span> <code class="type"></code>major_status</span> = <code class="type"><a href="Netgssapi.html#TYPEcalling_error">calling_error</a> * <a href="Netgssapi.html#TYPEroutine_error">routine_error</a> *<br> <a href="Netgssapi.html#TYPEsuppl_status">suppl_status</a> list</code> </pre>
<div class="info">
The major status consists of these three elements. The bits of the
supplementary status field are represented as list<br>
</div>
<pre><span id="TYPEminor_status"><span class="keyword">type</span> <code class="type"></code>minor_status</span> = <code class="type">int32</code> </pre>
<div class="info">
The minor status is provider-specific. Note that GSS-API defines
it as <b>unsigned</b> 32-bit integer whereas <code class="code">int32</code> is signed.<br>
</div>
<pre><span id="TYPEname"><span class="keyword">type</span> <code class="type"></code>name</span> = <code class="type">< otype : [ `Name ] ></code> </pre>
<div class="info">
A name is also opaque, and the same rules apply as for
<code class="code">credential</code>.<br>
</div>
<pre><span id="TYPEaddress"><span class="keyword">type</span> <code class="type"></code>address</span> = <code class="type">[ `Inet of Unix.inet_addr<br> | `Local of string<br> | `Nulladdr<br> | `Other of int32 * string<br> | `Unspecified of string ]</code> </pre>
<div class="info">
Addresses tagged by address types<br>
</div>
<pre><span id="TYPEchannel_bindings"><span class="keyword">type</span> <code class="type"></code>channel_bindings</span> = <code class="type"><a href="Netgssapi.html#TYPEaddress">address</a> * <a href="Netgssapi.html#TYPEaddress">address</a> * string</code> </pre>
<div class="info">
Channel binding as tuple
<code class="code">(initiator_address, acceptor_address, application_data)</code><br>
</div>
<pre><span id="TYPEcred_usage"><span class="keyword">type</span> <code class="type"></code>cred_usage</span> = <code class="type">[ `Accept | `Both | `Initiate ]</code> </pre>
<pre><span id="TYPEqop"><span class="keyword">type</span> <code class="type"></code>qop</span> = <code class="type">< otype : [ `QOP ] ></code> </pre>
<div class="info">
Quality-of-proctection parameters are mechanism-specific<br>
</div>
<pre><span id="TYPEmessage"><span class="keyword">type</span> <code class="type"></code>message</span> = <code class="type"><a href="Xdr_mstring.mstring-c.html">Xdr_mstring.mstring</a> list</code> </pre>
<div class="info">
Messages are represented as lists of <code class="code">mstring</code><br>
</div>
<pre><span id="TYPEret_flag"><span class="keyword">type</span> <code class="type"></code>ret_flag</span> = <code class="type">[ `Anon_flag<br> | `Conf_flag<br> | `Deleg_flag<br> | `Integ_flag<br> | `Mutual_flag<br> | `Prot_ready_flag<br> | `Replay_flag<br> | `Sequence_flag<br> | `Trans_flag ]</code> </pre>
<div class="info">
Flags for the <code class="code">accept_sec_context</code> method<br>
</div>
<pre><span id="TYPEreq_flag"><span class="keyword">type</span> <code class="type"></code>req_flag</span> = <code class="type">[ `Anon_flag<br> | `Conf_flag<br> | `Deleg_flag<br> | `Integ_flag<br> | `Mutual_flag<br> | `Replay_flag<br> | `Sequence_flag ]</code> </pre>
<div class="info">
Flags for the <code class="code">init_sec_context</code> method<br>
</div>
<br>
<h2 id="2_Exceptions">Exceptions</h2><br>
<br>
There are no defined exceptions.
<p>
Errors should be reported using the <code class="code">major_status</code> and <code class="code">minor_status</code>
codes as much as possible.
<p>
<code class="code">Invalid_argument</code> may be raised for clear violations of calling
requirements, e.g. when an opaque object is passed to this interface
that was not returned by it before.<br>
<br>
<h2 id="2_TheAPI">The API</h2><br>
<br>
The methods have generally a type of the form
<p>
<pre class="codepre"><code class="code">
m : 't . arg1 -> ... -> argN -> out:( ret1 -> ... -> retM -> 't ) -> 't
</code></pre>
<p>
where <code class="code">arg</code>s are input arguments (with the exception of <code class="code">context</code>
which is in/out), and where outputs are passed back by calling the <code class="code">out</code>
functions with the outputs. The return value of <code class="code">out</code> is the return
value of the method call.
<p>
For example, if only <code class="code">output_token</code> of the <code class="code">accept_sec_context</code> method
is needed, one could call this method as in
<p>
<pre class="codepre"><code class="code"> let output_token =
gss_api # accept_sec_context
...
~out:(fun ~src_name ~mech_type ~output_token ~ret_flags
~time_rec ~delegated_cred_handle ~minor_status
~major_status ->
output_token
)
</code></pre>
<p>
Output values may not be defined when <code class="code">major_status</code> indicates
an error. (But see the RFC for details; especially <code class="code">init_sec_contect</code>
and <code class="code">accept_sec_context</code> may emit tokens even when <code class="code">major_status</code>
indicates an error.)
<p>
The names of the parameters are taken from RFC 2744, only
suffixes like <code class="code">_handle</code> have been removed. When the prefixes
<code class="code">input_</code> and <code class="code">output_</code> are meaningless, they are also removed.
All prefixes like "GSS" are removed anyway.<br>
<pre><span id="TYPEgss_api"><span class="keyword">class type</span> <a href="Netgssapi.gss_api-c.html">gss_api</a></span> = <code class="code">object</code> <a href="Netgssapi.gss_api-c.html">..</a> <code class="code">end</code></pre><br>
<h2 id="2_Utilityfunctions">Utility functions</h2><br>
<br>
These functions convert values to strings. Useful for generating
log messages.<br>
<pre><span id="VALstring_of_calling_error"><span class="keyword">val</span> string_of_calling_error</span> : <code class="type"><a href="Netgssapi.html#TYPEcalling_error">calling_error</a> -> string</code></pre><pre><span id="VALstring_of_routine_error"><span class="keyword">val</span> string_of_routine_error</span> : <code class="type"><a href="Netgssapi.html#TYPEroutine_error">routine_error</a> -> string</code></pre><pre><span id="VALstring_of_suppl_status"><span class="keyword">val</span> string_of_suppl_status</span> : <code class="type"><a href="Netgssapi.html#TYPEsuppl_status">suppl_status</a> -> string</code></pre><pre><span id="VALstring_of_major_status"><span class="keyword">val</span> string_of_major_status</span> : <code class="type"><a href="Netgssapi.html#TYPEmajor_status">major_status</a> -> string</code></pre><br>
<h2 id="2_CommonOIDsfornametypes">Common OID's for name types</h2><br>
<br>
See RFC 2078, section 4<br>
<pre><span id="VALnt_hostbased_service"><span class="keyword">val</span> nt_hostbased_service</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
names like "service<br>
</div>
<pre><span id="VALnt_user_name"><span class="keyword">val</span> nt_user_name</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
names like "username"<br>
</div>
<pre><span id="VALnt_machine_uid_name"><span class="keyword">val</span> nt_machine_uid_name</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
user ID in host byte order<br>
</div>
<pre><span id="VALnt_string_uid_name"><span class="keyword">val</span> nt_string_uid_name</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
user ID as string of digits<br>
</div>
<pre><span id="VALnt_anonymous"><span class="keyword">val</span> nt_anonymous</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
anonymous name<br>
</div>
<pre><span id="VALnt_export_name"><span class="keyword">val</span> nt_export_name</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
an export name<br>
</div>
<pre><span id="VALparse_hostbased_service"><span class="keyword">val</span> parse_hostbased_service</span> : <code class="type">string -> string * string</code></pre><div class="info">
Returns (<code class="code">service,host</code>) for "service<br>
</div>
<br>
<h2 id="2_Encodings">Encodings</h2><br>
<br>
There is some chance that some of these routines will finally be moved to
netstring<br>
<pre><span id="VALoid_to_string"><span class="keyword">val</span> oid_to_string</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a> -> string</code></pre><pre><span id="VALstring_to_oid"><span class="keyword">val</span> string_to_oid</span> : <code class="type">string -> <a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
Convert OID's to/from curly brace notation<br>
</div>
<pre><span id="VALoid_to_der"><span class="keyword">val</span> oid_to_der</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a> -> string</code></pre><pre><span id="VALder_to_oid"><span class="keyword">val</span> der_to_oid</span> : <code class="type">string -> int Pervasives.ref -> <a href="Netgssapi.html#TYPEoid">oid</a></code></pre><div class="info">
Convert OID's to/from DER. <code class="code">der_to_oid</code> takes a cursor as second arg.<br>
</div>
<pre><span id="VALwire_encode_token"><span class="keyword">val</span> wire_encode_token</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a> -> <a href="Netgssapi.html#TYPEtoken">token</a> -> string</code></pre><pre><span id="VALwire_decode_token"><span class="keyword">val</span> wire_decode_token</span> : <code class="type">string -> int Pervasives.ref -> <a href="Netgssapi.html#TYPEoid">oid</a> * <a href="Netgssapi.html#TYPEtoken">token</a></code></pre><div class="info">
Encode tokens as described in section 3.1 of RFC 2078. This is usually
only done for the initiating token.<br>
</div>
<pre><span id="VALencode_exported_name"><span class="keyword">val</span> encode_exported_name</span> : <code class="type"><a href="Netgssapi.html#TYPEoid">oid</a> -> string -> string</code></pre><pre><span id="VALdecode_exported_name"><span class="keyword">val</span> decode_exported_name</span> : <code class="type">string -> int Pervasives.ref -> <a href="Netgssapi.html#TYPEoid">oid</a> * string</code></pre><div class="info">
Encode names as described in section 3.2 of RFC 2078<br>
</div>
<br>
<h2 id="2_Createtokens">Create tokens</h2><br>
<br>
Format of the tokens: see RFC 4121<br>
<pre><span id="VALcreate_mic_token"><span class="keyword">val</span> create_mic_token</span> : <code class="type">sent_by_acceptor:bool -><br> acceptor_subkey:bool -><br> sequence_number:int64 -><br> get_mic:(<a href="Netgssapi.html#TYPEmessage">message</a> -> string) -> message:<a href="Netgssapi.html#TYPEmessage">message</a> -> string</code></pre><div class="info">
Create a MIC token:
<p>
<ul>
<li><code class="code">sent_by_acceptor</code>: whether this token comes from the acceptor</li>
<li><code class="code">acceptor_subkey</code>: see RFC</li>
<li><code class="code">sequence_number</code>: a sequence number</li>
<li><code class="code">get_mic</code>: the checksum function
(e.g. <a href="Netmech_scram.Cryptosystem.html#VALget_mic"><code class="code">Netmech_scram.Cryptosystem.get_mic</code></a>)</li>
<li><code class="code">message</code>: the message to be signed</li>
</ul>
The function returns the MIC token<br>
</div>
<pre><span id="VALparse_mic_token_header"><span class="keyword">val</span> parse_mic_token_header</span> : <code class="type">string -> bool * bool * int64</code></pre><div class="info">
Returns the triple
(<code class="code">sent_by_acceptor</code>, <code class="code">acceptor_subkey</code>, <code class="code">sequence_number</code>) from
the header of a MIC token that is passed to this function as
string. Fails if not parsable<br>
</div>
<pre><span id="VALverify_mic_token"><span class="keyword">val</span> verify_mic_token</span> : <code class="type">get_mic:(<a href="Netgssapi.html#TYPEmessage">message</a> -> string) -><br> message:<a href="Netgssapi.html#TYPEmessage">message</a> -> token:string -> bool</code></pre><div class="info">
Verifies the MIC <code class="code">token</code> with <code class="code">get_mic</code>, and returns true if the
verification is successful<br>
</div>
<pre><span id="VALcreate_wrap_token_conf"><span class="keyword">val</span> create_wrap_token_conf</span> : <code class="type">sent_by_acceptor:bool -><br> acceptor_subkey:bool -><br> sequence_number:int64 -><br> get_ec:(int -> int) -><br> encrypt_and_sign:(<a href="Netgssapi.html#TYPEmessage">message</a> -> <a href="Netgssapi.html#TYPEmessage">message</a>) -><br> message:<a href="Netgssapi.html#TYPEmessage">message</a> -> <a href="Netgssapi.html#TYPEmessage">message</a></code></pre><div class="info">
Wraps a <code class="code">message</code> so that it is encrypted and signed (confidential).
<p>
<ul>
<li><code class="code">sent_by_acceptor</code>: whether this token comes from the acceptor</li>
<li><code class="code">acceptor_subkey</code>: see RFC</li>
<li><code class="code">sequence_number</code>: a sequence number</li>
<li><code class="code">get_ec</code>: This function returns the "extra count" number for
the size of the plaintext w/o filler (e.g. use
<a href="Netmech_scram.Cryptosystem.html#VALget_ec"><code class="code">Netmech_scram.Cryptosystem.get_ec</code></a>).</li>
<li><code class="code">encrypt_and_sign</code>: the encryption function from the cryptosystem.
The plaintext is passed to this function, and the ciphertext with
the appended signature must be returned in the string.</li>
<li><code class="code">message</code>: the payload message</li>
</ul>
The function returns the token wrapping the message.<br>
</div>
<pre><span id="VALparse_wrap_token_header"><span class="keyword">val</span> parse_wrap_token_header</span> : <code class="type"><a href="Netgssapi.html#TYPEmessage">message</a> -> bool * bool * bool * int64</code></pre><div class="info">
<code class="code">let (sent_by_acceptor, sealed, acceptor_subkey, sequence_number) =
parse_wrap_token_header token</code>
<p>
Fails if the <code class="code">token</code> cannot be parsed.<br>
</div>
<pre><span id="VALunwrap_wrap_token_conf"><span class="keyword">val</span> unwrap_wrap_token_conf</span> : <code class="type">decrypt_and_verify:(<a href="Netgssapi.html#TYPEmessage">message</a> -> <a href="Netgssapi.html#TYPEmessage">message</a>) -><br> token:<a href="Netgssapi.html#TYPEmessage">message</a> -> <a href="Netgssapi.html#TYPEmessage">message</a></code></pre><div class="info">
Unwraps the <code class="code">token</code> using the decryption function
<code class="code">decrypt_and_verify</code> from the cryptosystem.
<p>
The functions fails if there is a format error, or the integrity
check fails.
<p>
Non-confidential messages cannot be unwrapped with this function.<br>
</div>
<br>
Token functions for non-confidential messages are still missing<br>
</body></html>
