2005-12-29 14:40:22 +00:00
|
|
|
.\" -*- nroff -*-
|
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2005 Doug Rabson
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.\" $FreeBSD$
|
|
|
|
.\"
|
|
|
|
.\" The following commands are required for all man pages.
|
2010-01-26 15:03:33 +00:00
|
|
|
.Dd January 26, 2010
|
2005-12-29 14:40:22 +00:00
|
|
|
.Dt GSS_EXPORT_SEC_CONTEXT 3 PRM
|
2010-04-14 19:08:06 +00:00
|
|
|
.Os
|
2005-12-29 14:40:22 +00:00
|
|
|
.Sh NAME
|
|
|
|
.Nm gss_export_sec_context
|
|
|
|
.Nd Transfer a security context to another process
|
|
|
|
.\" This next command is for sections 2 and 3 only.
|
|
|
|
.\" .Sh LIBRARY
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.In "gssapi/gssapi.h"
|
|
|
|
.Ft OM_uint32
|
|
|
|
.Fo gss_export_sec_context
|
|
|
|
.Fa "OM_uint32 *minor_status"
|
|
|
|
.Fa "gss_ctx_id_t *context_handle"
|
|
|
|
.Fa "gss_buffer_t interprocess_token"
|
|
|
|
.Fc
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
Provided to support the sharing of work between multiple processes.
|
|
|
|
This routine will typically be used by the context-acceptor,
|
|
|
|
in an application where a single process receives incoming connection
|
|
|
|
requests and accepts security contexts over them,
|
|
|
|
then passes the established context to one or more other processes for
|
|
|
|
message exchange.
|
|
|
|
.Fn gss_export_sec_context
|
|
|
|
deactivates the security context for the calling process and creates
|
|
|
|
an interprocess token which,
|
|
|
|
when passed to
|
|
|
|
.Fn gss_import_sec_context
|
|
|
|
in another process,
|
|
|
|
will re-activate the context in the second process.
|
|
|
|
Only a single instantiation of a given context may be active at any
|
|
|
|
one time;
|
|
|
|
a subsequent attempt by a context exporter to access the exported security context will fail.
|
|
|
|
.Pp
|
|
|
|
The implementation may constrain the set of processes by which the
|
|
|
|
interprocess token may be imported,
|
|
|
|
either as a function of local security policy,
|
|
|
|
or as a result of implementation decisions.
|
|
|
|
For example,
|
|
|
|
some implementations may constrain contexts to be passed only between
|
|
|
|
processes that run under the same account,
|
|
|
|
or which are part of the same process group.
|
|
|
|
.Pp
|
|
|
|
The interprocess token may contain security-sensitive information
|
|
|
|
(for example cryptographic keys).
|
|
|
|
While mechanisms are encouraged to either avoid placing such sensitive
|
|
|
|
information within interprocess tokens,
|
|
|
|
or to encrypt the token before returning it to the application,
|
|
|
|
in a typical object-library GSS-API implementation this may not be
|
|
|
|
possible.
|
|
|
|
Thus the application must take care to protect the interprocess token,
|
|
|
|
and ensure that any process to which the token is transferred is
|
|
|
|
trustworthy.
|
|
|
|
.Pp
|
|
|
|
If creation of the interprocess token is successful,
|
|
|
|
the implementation shall deallocate all process-wide resources
|
|
|
|
associated with the security context,
|
|
|
|
and set the context_handle to
|
|
|
|
.Dv GSS_C_NO_CONTEXT .
|
|
|
|
In the event of an error that makes it impossible to complete the
|
|
|
|
export of the security context,
|
|
|
|
the implementation must not return an interprocess token,
|
|
|
|
and should strive to leave the security context referenced by the
|
|
|
|
.Fa context_handle
|
|
|
|
parameter untouched.
|
|
|
|
If this is impossible,
|
|
|
|
it is permissible for the implementation to delete the security
|
|
|
|
context,
|
|
|
|
providing it also sets the
|
|
|
|
.Fa context_handle
|
|
|
|
parameter to
|
|
|
|
.Dv GSS_C_NO_CONTEXT .
|
|
|
|
.Sh PARAMETERS
|
|
|
|
.Bl -tag
|
|
|
|
.It minor_status
|
|
|
|
Mechanism specific status code.
|
|
|
|
.It context_handle
|
|
|
|
Context handle identifying the context to transfer.
|
|
|
|
.It interprocess_token
|
|
|
|
Token to be transferred to target process.
|
|
|
|
Storage associated with this token must be freed by the application
|
|
|
|
after use with a call to
|
|
|
|
.Fn gss_release_buffer .
|
|
|
|
.El
|
|
|
|
.Sh RETURN VALUES
|
|
|
|
.Bl -tag
|
|
|
|
.It GSS_S_COMPLETE
|
|
|
|
Successful completion
|
|
|
|
.It GSS_S_CONTEXT_EXPIRED
|
|
|
|
The context has expired
|
|
|
|
.It GSS_S_NO_CONTEXT
|
|
|
|
The context was invalid
|
|
|
|
.It GSS_S_UNAVAILABLE
|
|
|
|
The operation is not supported
|
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr gss_import_sec_context 3 ,
|
|
|
|
.Xr gss_release_buffer 3
|
|
|
|
.Sh STANDARDS
|
|
|
|
.Bl -tag
|
|
|
|
.It RFC 2743
|
|
|
|
Generic Security Service Application Program Interface Version 2, Update 1
|
|
|
|
.It RFC 2744
|
|
|
|
Generic Security Service API Version 2 : C-bindings
|
|
|
|
.El
|
|
|
|
.Sh HISTORY
|
|
|
|
The
|
|
|
|
.Nm
|
2010-01-26 15:03:33 +00:00
|
|
|
function first appeared in
|
2005-12-29 14:40:22 +00:00
|
|
|
.Fx 7.0 .
|
|
|
|
.Sh AUTHORS
|
|
|
|
John Wray, Iris Associates
|
2006-01-25 10:06:28 +00:00
|
|
|
.Sh COPYRIGHT
|
|
|
|
Copyright (C) The Internet Society (2000). All Rights Reserved.
|
|
|
|
.Pp
|
|
|
|
This document and translations of it may be copied and furnished to
|
|
|
|
others, and derivative works that comment on or otherwise explain it
|
|
|
|
or assist in its implementation may be prepared, copied, published
|
|
|
|
and distributed, in whole or in part, without restriction of any
|
|
|
|
kind, provided that the above copyright notice and this paragraph are
|
|
|
|
included on all such copies and derivative works. However, this
|
|
|
|
document itself may not be modified in any way, such as by removing
|
|
|
|
the copyright notice or references to the Internet Society or other
|
|
|
|
Internet organizations, except as needed for the purpose of
|
|
|
|
developing Internet standards in which case the procedures for
|
|
|
|
copyrights defined in the Internet Standards process must be
|
|
|
|
followed, or as required to translate it into languages other than
|
|
|
|
English.
|
|
|
|
.Pp
|
|
|
|
The limited permissions granted above are perpetual and will not be
|
|
|
|
revoked by the Internet Society or its successors or assigns.
|
|
|
|
.Pp
|
|
|
|
This document and the information contained herein is provided on an
|
|
|
|
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
|
|
|
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
|
|
|
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
|
|
|
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
|
|
|
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|