Method: GSSAPI::Simple#init_context

Defined in:
lib/gssapi/simple.rb

#init_context(in_token = nil, opts = {}) ⇒ String, true

Initialize the GSS security context (client initiator). If there was a previous call that issued a

continue you can pass the continuation token in via the token param.
If no flags are set the default flags are LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG

Parameters:

  • in_token (String) (defaults to: nil)

    an input token sent from the remote service in a continuation.

  • opts (Hash) (defaults to: {})

    misc opts to be set

Options Hash (opts):

  • :flags (Fixnum)

    override all other flags. If you set the :delegate option this option will override it. @see tools.ietf.org/html/rfc4121#section-4.1.1.1

  • :delegate (Boolean)

    if true set the credential delegate flag

Returns:

  • (String, true)

    if a continuation flag is set it will return the output token that is needed to send to the remote host. Otherwise it returns true and the GSS security context has been established.

Raises:



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/gssapi/simple.rb', line 62

def init_context(in_token = nil, opts = {})
  min_stat = FFI::MemoryPointer.new :OM_uint32
  ctx = (@context.nil? ? LibGSSAPI::GssCtxIdT.gss_c_no_context.address_of : @context.address_of)
  mech = LibGSSAPI::GssOID.gss_c_no_oid
  if(opts[:flags])
    flags = opts[:flags]
  else
    flags = (LibGSSAPI::GSS_C_MUTUAL_FLAG | LibGSSAPI::GSS_C_SEQUENCE_FLAG | LibGSSAPI::GSS_C_CONF_FLAG | LibGSSAPI::GSS_C_INTEG_FLAG)
    flags |= LibGSSAPI::GSS_C_DELEG_FLAG  if opts[:delegate]
    flags |= LibGSSAPI::GSS_C_DELEG_POLICY_FLAG  if opts[:delegate]
  end
  in_tok = LibGSSAPI::UnManagedGssBufferDesc.new
  in_tok.value = in_token
  out_tok = LibGSSAPI::ManagedGssBufferDesc.new
  ret_flags = FFI::MemoryPointer.new :OM_uint32


  maj_stat = LibGSSAPI.gss_init_sec_context(min_stat,
                                            nil,
                                            ctx,
                                            @int_svc_name,
                                            mech,
                                            flags,
                                            0,
                                            nil,
                                            in_tok.pointer,
                                            nil,
                                            out_tok.pointer,
                                            ret_flags,
                                            nil)

  raise GssApiError.new(maj_stat, min_stat), "gss_init_sec_context did not return GSS_S_COMPLETE" if maj_stat > 1
  
  @context = LibGSSAPI::GssCtxIdT.new(ctx.get_pointer(0))
  maj_stat == 1 ? out_tok.value : true
end