gss_export_sec_context(3)gss_export_sec_context(3)NAMEgss_export_sec_context - Prepare security context for transfer to
another process.
SYNOPSIS
#include <gssapi/gssapi.h>
OM_uint32 gss_export_sec_context(
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token );
PARAMETERS
Kerberos 5 error code. Security context to be transferred. After the
context is transferred, this parameter is set to GSS_C_NO_CONTEXT.
Token to be transferred to the target process.
The application must release the storage associated with the
token after use with a call to gss_release_buffer().
DESCRIPTION
The gss_export_sec_context() function prepares a security context for
transfer to another process. It is typically used by the context accep‐
tor in an application where a single process receives incoming connec‐
tion requests and accepts security contexts over them. The initial
process then passes the established context to another process for mes‐
sage exchange.
This function disables the security context for the calling process and
creates an interprocess token that, when passed to gss_import_sec_con‐
text() in another process, re-enables the context in the second
process. Only a single instance of a given security context may be
active at any time; a subsequent attempt by a context exporter to
access the exported security context will fail.
The interprocess token may contain security-sensitive information such
as a cryptographic key. Therefore, the application must take care to
protect the interprocess token and to ensure that any process to which
the token is transferred is trustworthy. In addition, this token should
not be transferred over a network in an insecure manner.
If creation of the interprocess token is successful, all process-wide
resources associated with the security context are deallocated and the
context_handle parameter is set to GSS_C_NO_CONTEXT. The security con‐
text is not deleted until the exported security context token is cre‐
ated. If an error occurs that makes it impossible to complete the
export of the security context, the original context is returned
unchanged.
After use, the application must release the storage associated with the
token with a call to gss_release_buffer().
RETURN VALUES
GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CONTEXT xx08xxxx
GSS_S_UNAVAILABLE xx10xxxx
PORTABILITY CONSIDERATIONS
This function exports a token that can only be shared with other HP
Application Security SDK implementations.
SEE ALSO
Functions: gss_accept_sec_context(3), gss_import_sec_context(3),
gss_init_sec_context(3), gss_release_buffer(3)gss_export_sec_context(3)