Next: Introduction, Previous: (dir), Up: (dir) [Contents][Index]
This is the glass Reference Manual, version 1.0.2, generated automatically by Declt version 2.4 "Will Decker" on Wed Jun 20 11:52:36 2018 GMT+0.
| • Introduction: | What glass is all about | |
| • Systems: | The systems documentation | |
| • Files: | The files documentation | |
| • Packages: | The packages documentation | |
| • Definitions: | The symbols documentation | |
| • Indexes: | Concepts, functions, variables and data types |
General Lisp Authentication Security Services (glass) is a Common Lisp GSS-compatible API. It provides a set of generic functions which systems providing authentication services should specialize. Users wishing to consume these services should use these rather than functions exported directly from the providing packages.
The supported authentication systems are Kerberos, NTLM and SPNEGO (Negotiate).
The GSSAPI specifies a generalized mechanism for defining security service APIs. It is the most common way to consume Kerberos authentication.
This package provides a set of generic functions. Systems which provide security systems should provide methods for these generics.
Kerberos support is provided by cerberus.
;; client
CL-USER> (cerberus:logon-user "username@realm" "password" :kdc-address "10.1.1.1")
CL-USER> (defvar *credentials*
(gss:acquire-credentials :kerberos
"host/host.name.com@realm"))
*CREDENTIALS*
CL-USER> (multiple-value-bind (context buffer) (gss:initialize-security-context *context* :mutual t)
(defvar *client-context* context)
(defvar *buffer* buffer))
;; send the buffer to the application server
CL-USER> (cerberus:logon-service "host/host.name.com@realm" "password")
CL-USER> (defvar *server-credentials* (gss:acquire-credentials :kerberos nil))
*SERVER-CREDENTIALS*
CL-USER> (multiple-value-bind (context response-buffer) (gss:accept-security-context *server-credentials* *buffer*)
(defvar *server-context* context)
(defvar *response-buffer* response-buffer))
;; send the response buffer back to the client and pass to INITIALIZE-SECURITY-CONTEXT so the
;; client can authenticate the server
CL-USER> (gss:initialize-security-context *client-context* :buffer *response-buffer*)
;; compute checksums
CL-USER> (gss:get-mic *client-context* #(1 2 3 4))
CL-USER> (gss:verify-mic *server-context* (gss:get-mic *client-context* #(1 2 3 4)))
;; encrypt message
CL-USER> (gss:wrap *client-context* #(1 2 3 4))
CL-USER> (gss:unwrap *server-context* (gss:wrap *client-context* #(1 2 3 4)))
NTLM support is provided by ntlm. NTLM is a legacy protocol and is not recommended for use over unsecure networks, nevertheless it is often required for use with various Microsoft tools.
Negotiate support is provided by spnego. This system is essentially a wrapper around NTLM and Kerberos, with an initial negotiation stage to determine a mutually agreeable system.
Licensed under the terms of the MIT license.
Frank James May 2015.
Next: Files, Previous: Introduction, Up: Top [Contents][Index]
The main system appears first, followed by any subsystem dependency.
| • The glass system: |
Frank James <frank.a.james@gmail.com>
MIT
General Lisp Authentication and Security System API.
1.0.2
glass.asd (file)
Files are sorted by type and then listed depth-first from the systems components trees.
| • Lisp files: |
| • The glass.asd file: | ||
| • The glass/glass.lisp file: | ||
| • The glass/errors.lisp file: |
Next: The glass/glass<dot>lisp file, Previous: Lisp files, Up: Lisp files [Contents][Index]
glass.asd
glass (system)
Next: The glass/errors<dot>lisp file, Previous: The glass<dot>asd file, Up: Lisp files [Contents][Index]
glass (system)
glass.lisp
Previous: The glass/glass<dot>lisp file, Up: Lisp files [Contents][Index]
glass.lisp (file)
glass (system)
errors.lisp
gss-error (condition)
Next: Definitions, Previous: Files, Up: Top [Contents][Index]
Packages are listed by definition order.
| • The glass package: |
glass.lisp (file)
gss
common-lisp
Definitions are sorted by export status, category, package, and then by lexicographic order.
| • Exported definitions: | ||
| • Internal definitions: |
Next: Internal definitions, Previous: Definitions, Up: Definitions [Contents][Index]
| • Exported generic functions: | ||
| • Exported conditions: |
Next: Exported conditions, Previous: Exported definitions, Up: Exported definitions [Contents][Index]
For the server to accept a security context from the client.
On the first call to this function, CONTEXT-OR-CREDENTIALS should be a credential object as returned from the initial
call to ACQUIRE-CREDENTIALS. Subsequent calls CONTEXT-OR-CREDENTIALS should be the context returned from the previous call
to this function.
BUFFER is the opaque octet vector sent from the client.
Returns (values context response-buffer continue-needed) where CONTEXT is the context to be used in subsequent calls to this function or other
glass functions. RESPONSE-BUFFER is either an opaque octet vector to be sent back to the client, or nil if the context has been completed.
CONTINUE-NEEDED is a boolean indicating whether further calls to this function are required before authentication has completed.
May signal GSS-ERROR if authentication fails.
glass.lisp (file)
Acquire credentials for the principal named. Returns CREDENTIALS, for input into INITIALIZE-SECURITY-CONTEXT and ACCEPT-SECURITY-CONTEXT.
c.f. GSS_Acquire_cred.
MECH-TYPE ::= symbol naming the authentication mechamism.
PRINCIPAL ::= the name of the principal you are requesting credentials for. NIL assumes default.
Returns an opaque credential object to be used in subsequent calls.
glass.lisp (file)
Returns a string which represents the name of the principal to which is authenticated by this context. This function should be used by servers wishing to get some information on the identity of the client.
glass.lisp (file)
Compute a checksum over the message. C.f. GSS_GetMIC.
MESSAGE ::= octet array containing the plaintext.
Returns an octet array.
glass.lisp (file)
Returns a security context to be sent to the application server. c.f. GSS_Init_sec_context.
On the first call CONTEXT-OR-CREDENTIALS should be the result of the initial call to ACQUIRE-CREDENTIALS.
On subsequent calls, CONTEXT-OR-CREDENTIALS should be the context returned from the previous call to INITIALIZE-SECURITY-CONTEXT.
Returns (values context buffer continue-needed) where context is an opaque object to be used in subsequent calls to this or other functions. Buffer
is either an opaque octet-vector, which should be sent to the server, or nil if the context has been completed. Continue needed is
a boolean indicating whether further calls to this function need to made before the authentication is complete.
May signal conditions of type GSS-ERROR.
glass.lisp (file)
Decrypt the message. c.f. GSS_Unwrap
BUFFER ::= the wrapped message, as returned by WRAP.
Returns the decrypted plaintext.
glass.lisp (file)
Verify the checksum. c.f. GSS_VerifyMIC
MESSAGE ::= octet array containing the original message that was checksum’ed.
MESSAGE-TOKEN ::= the checksum, i.e. result of calling GET-MIC.
Returns T if verified.
glass.lisp (file)
Encrypt the message. c.f. GSS_Wrap
MESSAGE ::= octet array containing the plaintext message
Returns an octet array contining the encrypted message.
glass.lisp (file)
Previous: Exported generic functions, Up: Exported definitions [Contents][Index]
errors.lisp (file)
error (condition)
:major
(quote nil)
gss-error-major (generic function)
:minor
(quote nil)
gss-error-minor (generic function)
Previous: Exported definitions, Up: Definitions [Contents][Index]
| • Internal special variables: | ||
| • Internal generic functions: |
Next: Internal generic functions, Previous: Internal definitions, Up: Internal definitions [Contents][Index]
errors.lisp (file)
Previous: Internal special variables, Up: Internal definitions [Contents][Index]
errors.lisp (file)
errors.lisp (file)
Previous: Definitions, Up: Top [Contents][Index]
| • Concept index: | ||
| • Function index: | ||
| • Variable index: | ||
| • Data type index: |
Next: Function index, Previous: Indexes, Up: Indexes [Contents][Index]
| Jump to: | F G L |
|---|
| Jump to: | F G L |
|---|
Next: Variable index, Previous: Concept index, Up: Indexes [Contents][Index]
| Jump to: | A C G I M U V W |
|---|
| Jump to: | A C G I M U V W |
|---|
Next: Data type index, Previous: Function index, Up: Indexes [Contents][Index]
| Jump to: | *
M S |
|---|
| Jump to: | *
M S |
|---|
Previous: Variable index, Up: Indexes [Contents][Index]
| Jump to: | C G P S |
|---|
| Jump to: | C G P S |
|---|