HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 5 GSSAPI (Generic Security Services Application Programming Interface)

gss_export_sec_context — Transfer a security context to another process

  Table of Contents

  Glossary

  Index

C Prototype

OM_uint32 gss_export_sec_context(
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token );

Arguments

minor_status (output) 

An implementation-specific status code.

context_handle (input/output) 

The context handle identifying the context to transfer.

interprocess_token (output) 

The token to be transferred to the target process. Storage associated with this token must be freed by the application after use with a call to gss_release_buffer.

Description

This routine is provided to support the sharing of work between multiple processes. It will typically be used by the context acceptor, in an application where a single process receives incoming connection requests and accepts security contexts over them, then passes the established context to one or more other processes for message exchange. The gss_export_sec_context routine deactivates the security context for the calling process and creates an interprocess token which, when passed to gss_import_sec_context in another process, will re-activate the context in the second process. Only a single instantiation of a given context may be active at any one time; a subsequent attempt by a context exporter to access the exported security context will fail.

The implementation may constrain the set of processes by which the interprocess token may be imported, either as a function of local security policy, or as a result of implementation decisions. For example, some implementations may constrain contexts to be passed only between processes that run under the same account, or which are part of the same process group.

The interprocess token may contain security-sensitive information (for example, cryptographic keys).

If the creation of the interprocess token is successful, all process-wide resources associated with the security context will be deallocated, and the context_handle will be set to GSS_C_NO_CONTEXT.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE

Successful completion.
GSS_S_CONTEXT_EXPIREDThe context has expired.
GSS_S_NO_CONTEXTThe context was invalid.
GSS_S_UNAVAILABLE

The operation is not supported.