gss_export_sec_context - transfer a security context to another process
cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> OM_uint32 gss_export_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle,gss_buffer_t interprocess_token);
Generic Security Services API Library Functions
gss_export_sec_context(3gss)
NAME
gss_export_sec_context - transfer a security context to another process
SYNOPSIS
cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>
OM_uint32 gss_export_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,gss_buffer_t interprocess_token);
DESCRIPTION
The gss_export_sec_context() function generates an interprocess token
for transfer to another process within an end system.
gss_export_sec_context() and gss_import_sec_context() allow a security
context to be transferred between processes on a single machine.
The gss_export_sec_context() function supports the sharing of work
between multiple processes. This routine is typically used by the con-
text-acceptor, in an application where a single process receives incom-
ing connection requests and accepts security contexts over them, then
passes the established context to one or more other processes for mes-
sage exchange. gss_export_sec_context() deactivates the security con-
text for the calling process and creates an interprocess token which,
when passed to gss_import_sec_context() in another process, reactivates
the context in the second process. Only a single instantiation of a
given context can be active at any one time; a subsequent attempt by a
context exporter to access the exported security context will fail.
The interprocess token may contain security-sensitive information, for
example cryptographic keys. While mechanisms are encouraged to either
avoid placing such sensitive information within interprocess tokens or
to encrypt the token before returning it to the application, in a typi-
cal object-library GSS-API implementation, this might not be possible.
Thus, the application must take care to protect the interprocess token
and ensure that any process to which the token is transferred is trust-
worthy. If creation of the interprocess token is successful, the GSS-
API deallocates all process-wide resources associated with the security
context and sets the context_handle to GSS_C_NO_CONTEXT. In the event
of an error that makes it impossible to complete the export of the
security context, the function does not return an interprocess token
and leaves the security context referenced by the context_handle param-
eter untouched.
Sun's implementation of gss_export_sec_context() does not encrypt the
interprocess token. The interprocess token is serialized before it is
transferred to another process.
PARAMETERS
The parameter descriptions for gss_export_sec_context() are as follows:
minor_status A mechanism-specific status code.
context_handle Context handle identifying the context to trans-
fer.
interprocess_token Token to be transferred to target process. Stor-
age associated with this token must be freed by
the application after use with a call to
gss_release_buffer(3GSS).
ERRORS
gss_export_sec_context() returns one of the following status codes:
GSS_S_COMPLETE Successful completion.
GSS_S_CONTEXT_EXPIRED The context has expired.
GSS_S_NO_CONTEXT The context was invalid.
GSS_S_UNAVAILABLE The operation is not supported.
GSS_S_FAILURE The underlying mechanism detected an error for
which no specific GSS status code is defined.
The mechanism-specific status code reported by
means of the minor_status parameter details
the error condition.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|MT Level |Safe |
+-----------------------------+-----------------------------+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------------+
|Availability | security/kerberos-5 |
+---------------+------------------------+
|Stability | Pass-through committed |
+---------------+------------------------+
SEE ALSO
gss_accept_sec_context(3GSS), gss_import_sec_context(3GSS),
gss_init_sec_context(3GSS), gss_release_buffer(3GSS), attributes(7)
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from http://web.mit.edu/ker-
beros/dist/krb5/1.18/krb5-1.18.4.tar.gz.
Further information about this software can be found on the open source
community website at http://web.mit.edu/kerberos/.
Solaris 11.4 22 Aug 2011
gss_export_sec_context(3gss)