gss_export_sec_context — Transfer a security context to another process
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
|
|
|
| minor_status (output) | An implementation-specific status code. | |
| context_handle (input/output) | The context handle identifying the context to transfer. | |
| interprocess_token (output) | The token to be transferred to the target process. Storage associated with this token must be freed by the application after use with a call to gss_release_buffer. |
This routine is provided to support the sharing of work between multiple processes. It will typically be used by the context acceptor, in an application where a single process receives incoming connection requests and accepts security contexts over them, then passes the established context to one or more other processes for message exchange. The gss_export_sec_context routine deactivates the security context for the calling process and creates an interprocess token which, when passed to gss_import_sec_context in another process, will re-activate the context in the second process. Only a single instantiation of a given context may be active at any one time; a subsequent attempt by a context exporter to access the exported security context will fail.
The implementation may constrain the set of processes by which the interprocess token may be imported, either as a function of local security policy, or as a result of implementation decisions. For example, some implementations may constrain contexts to be passed only between processes that run under the same account, or which are part of the same process group.
The interprocess token may contain security-sensitive information (for example, cryptographic keys).
If the creation of the interprocess token is successful, all process-wide resources associated with the security context will be deallocated, and the context_handle will be set to GSS_C_NO_CONTEXT.