1gss_export_sec_coGnetneexrti(c3GSSeSc)urity Services API Libragrsys_Feuxnpcotrito_nssec_context(3GSS)
2
3
4

NAME

6       gss_export_sec_context - transfer a security context to another process
7

SYNOPSIS

9       cc [ flag... ] file... -lgss  [ library... ]
10       #include <gssapi/gssapi.h>
11
12       OM_uint32 gss_export_sec_context(OM_uint32 *minor_status,
13            gss_ctx_id_t *context_handle,gss_buffer_t interprocess_token);
14
15

DESCRIPTION

17       The  gss_export_sec_context()  function generates an interprocess token
18       for   transfer   to   another   process   within   an    end    system.
19       gss_export_sec_context()  and gss_import_sec_context() allow a security
20       context to be transferred between processes on a single machine.
21
22
23       The gss_export_sec_context() function  supports  the  sharing  of  work
24       between  multiple processes. This routine is typically used by the con‐
25       text-acceptor, in an application where a single process receives incom‐
26       ing  connection  requests and accepts security contexts over them, then
27       passes the established context to one or more other processes for  mes‐
28       sage  exchange.  gss_export_sec_context() deactivates the security con‐
29       text for the calling process and creates an interprocess  token  which,
30       when passed to gss_import_sec_context() in another process, reactivates
31       the context in the second process. Only a  single  instantiation  of  a
32       given  context can be active at any one time; a subsequent attempt by a
33       context exporter to access the exported security context will fail.
34
35
36       The interprocess token may contain security-sensitive information,  for
37       example  cryptographic keys.  While mechanisms are encouraged to either
38       avoid placing such sensitive information within interprocess tokens  or
39       to encrypt the token before returning it to the application, in a typi‐
40       cal object-library GSS-API implementation, this might not be  possible.
41       Thus,  the application must take care to protect the interprocess token
42       and ensure that any process to which the token is transferred is trust‐
43       worthy.  If  creation of the interprocess token is successful, the GSS-
44       API deallocates all process-wide resources associated with the security
45       context  and  sets the context_handle to GSS_C_NO_CONTEXT. In the event
46       of an error that makes it impossible to  complete  the  export  of  the
47       security  context,  the  function does not return an interprocess token
48       and leaves the security context referenced by the context_handle param‐
49       eter untouched.
50
51
52       Sun's  implementation  of gss_export_sec_context() does not encrypt the
53       interprocess token. The interprocess token is serialized before  it  is
54       transferred to another process.
55

PARAMETERS

57       The parameter descriptions for gss_export_sec_context() are as follows:
58
59       minor_status          A mechanism-specific status code.
60
61
62       context_handle        Context  handle identifying the context to trans‐
63                             fer.
64
65
66       interprocess_token    Token to be transferred to target process.  Stor‐
67                             age  associated  with this token must be freed by
68                             the  application  after  use  with  a   call   to
69                             gss_release_buffer(3GSS).
70
71

ERRORS

73       gss_export_sec_context() returns one of the following status codes:
74
75       GSS_S_COMPLETE           Successful completion.
76
77
78       GSS_S_CONTEXT_EXPIRED    The context has expired.
79
80
81       GSS_S_NO_CONTEXT         The context was invalid.
82
83
84       GSS_S_UNAVAILABLE        The operation is not supported.
85
86
87       GSS_S_FAILURE            The underlying mechanism detected an error for
88                                which no specific GSS status code is  defined.
89                                The mechanism-specific status code reported by
90                                means of the  minor_status  parameter  details
91                                the error condition.
92
93

ATTRIBUTES

95       See attributes(5) for descriptions of the following attributes:
96
97
98
99
100       ┌─────────────────────────────┬─────────────────────────────┐
101       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
102       ├─────────────────────────────┼─────────────────────────────┤
103       │Availability                 │SUNWgss (32-bit)             │
104       ├─────────────────────────────┼─────────────────────────────┤
105       │                             │SUNWgssx (64-bit)            │
106       ├─────────────────────────────┼─────────────────────────────┤
107       │MT Level                     │Safe                         │
108       └─────────────────────────────┴─────────────────────────────┘
109

SEE ALSO

111       gss_accept_sec_context(3GSS),             gss_import_sec_context(3GSS),
112       gss_init_sec_context(3GSS), gss_release_buffer(3GSS), attributes(5)
113
114
115       Solaris Security for Developers Guide
116
117
118
119SunOS 5.11                        15 Jan 2003     gss_export_sec_context(3GSS)
Impressum