gss_verify_mic()--Verify that Cryptographic Signature is Correct
Syntax
#include <gssapi.h> OM_uint32 gss_verify_mic ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message, gss_buffer_t input_token, gss_qop_t * qop_state);Service Program Name: QSYS/QKRBGSS
Default public authority: *USE
Threadsafe: Yes
The gss_verify_mic() function verifies that the cryptographic signature for a message is correct. This ensures that the message has not been modified since the signature was generated.
Parameters
- minor_status (Output)
- A status code from the security mechanism.
- context_handle (Input)
- The context in which the message arrived.
- input_message (Input)
- The message to be verified.
- input_token (Input)
- The signature token generated by the gss_get_mic()
routine.
- qop_state (Output)
- The quality of protection that was applied to the message. Specify
NULL for this parameter if the quality of protection is not needed.
The Kerberos security mechanism supports three quality of protection levels as follows:
GSS_KRB5_INTEG_C_QOP_MD5 Truncated MD5 GSS_KRB5_INTEG_C_QOP_DES_MD5 DES_MAC of an MD5 hash GSS_KRB5_INTEG_C_QOP_DES_MAC Normal DES_MAC algorithm
Return Value
The return value is one of the following status codes:
- GSS_S_BAD_SIG
- The input token contains an incorrect signature.
- GSS_S_COMPLETE
- The routine completed successfully.
- GSS_S_CONTEXT_EXPIRED
- The context identifier provided by the caller has expired.
- GSS_S_CREDENTIALS_EXPIRED
- The credentials associated with the referenced context have expired.
- GSS_S_DEFECTIVE_CREDENTIAL
- The credential is defective.
- GSS_S_DEFECTIVE_TOKEN
- Consistency checks performed on the input token failed.
- GSS_S_DUPLICATE_TOKEN
- The token is a duplicate of a token that has already been processed.
- GSS_S_FAILURE
- The routine failed for reasons that are not defined at the GSS level. The
minor_status return parameter contains a mechanism-dependent error
code describing the reason for the failure.
- GSS_S_GAP_TOKEN
- One or more predecessor tokens have not been processed.
- GSS_S_NO_CONTEXT
- The context identifier provided by the caller does not refer to a valid
security context.
- GSS_S_OLD_TOKEN
- The token is too old to be checked for duplication against previous tokens.
This is a fatal error during context establishment.
- GSS_S_UNSEQ_TOKEN
- A later token has already been processed.
Authorities
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the configuration file | *X |
Configuration file | *R |
Error Messages
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
API introduced: V5R1
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]