Generic Security Services API Library Functions
gssexportseccontext(3GS)
NAME
gssexportseccontext - transfer a security context to
another process
SYNOPSIS
cc [ flag... ] file... -lgss [ library... ]
#include
OMuint32 gssexportseccontext(OMuint32 *minorstatus,
gssctxidt *contexthandle,gssbuffert interprocesstoken);
DESCRIPTION
The gssexportseccontext() function generates an interpro-
cess token for transfer to another process within an end
system. gssexportseccontext() and
gssimportseccontext() allow a security context to be
transferred between processes on a single machine.
The gssexportseccontext() function supports the sharing
of work between multiple processes. This routine is typi-
cally used by the context-acceptor, in an application where
a single process receives incoming connection requests and
accepts security contexts over them, then passes the esta-
blished context to one or more other processes for message
exchange. gssexportseccontext() deactivates the security
context for the calling process and creates an interprocess
token which, when passed to gssimportseccontext() in
another process, reactivates the context in the second pro-
cess. Only a single instantiation of a given context can be
active at any one time; a subsequent attempt by a context
exporter to access the exported security context will fail.
The interprocess token may contain security-sensitive infor-
mation, for example cryptographic keys. While mechanisms
are encouraged to either avoid placing such sensitive infor-
mation within interprocess tokens or to encrypt the token
before returning it to the application, in a typical
object-library GS-API implementation, this might not be
possible. Thus, the application must take care to protect
the interprocess token and ensure that any process to which
the token is transferred is trustworthy. If creation of the
interprocess token is successful, the GS-API deallocates
all process-wide resources associated with the security con-
text and sets the contexthandle to GSCNOCONTEXT. In the
event of an error that makes it impossible to complete the
export of the security context, the function does not return
an interprocess token and leaves the security context refer-
enced by the contexthandle parameter untouched.
SunOS 5.11 Last change: 15 Jan 2003 1
Generic Security Services API Library Functions
gssexportseccontext(3GS)
Sun's implementation of gssexportseccontext() does not
encrypt the interprocess token. The interprocess token is
serialized before it is transferred to another process.
PARAMETERS
The parameter descriptions for gssexportseccontext() are
as follows:
minorstatus A mechanism-specific status code.
contexthandle Context handle identifying the context
to transfer.
interprocesstoken Token to be transferred to target pro-
cess. Storage associated with this
token must be freed by the application
after use with a call to
gssreleasebuffer(3GS).
ERORS
gssexportseccontext() returns one of the following status
codes:
GSCOMPLETE Successful completion.
GSCONTEXTEXPIRED The context has expired.
GSNOCONTEXT The context was invalid.
GSUNAVAILABLE The operation is not supported.
GSFAILURE The underlying mechanism detected
an error for which no specific GS
status code is defined. The
mechanism-specific status code
reported by means of the
minorstatus parameter details the
error condition.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 15 Jan 2003 2
Generic Security Services API Library Functions
gssexportseccontext(3GS)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWgss (32-bit)
SUNWgssx (64-bit)
MT Level Safe
SEE ALSO
gssacceptseccontext(3GS), gssimportseccontext(3GS),
gssinitseccontext(3GS), gssreleasebuffer(3GS), attri-
butes(5)
Solaris Security for Developers Guide
SunOS 5.11 Last change: 15 Jan 2003 3
Generic Security Services API Library Functions
gssexportseccontext(3GS)
SunOS 5.11 Last change: 15 Jan 2003 4
|
