summaryrefslogtreecommitdiffstats
path: root/lib/libgssapi/gss_export_sec_context.3
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libgssapi/gss_export_sec_context.3')
-rw-r--r--lib/libgssapi/gss_export_sec_context.3167
1 files changed, 167 insertions, 0 deletions
diff --git a/lib/libgssapi/gss_export_sec_context.3 b/lib/libgssapi/gss_export_sec_context.3
new file mode 100644
index 0000000..ca1aedd
--- /dev/null
+++ b/lib/libgssapi/gss_export_sec_context.3
@@ -0,0 +1,167 @@
+.\" -*- nroff -*-
+.\"
+.\" Copyright (c) 2005 Doug Rabson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.\" The following commands are required for all man pages.
+.Dd January 26, 2010
+.Dt GSS_EXPORT_SEC_CONTEXT 3 PRM
+.Os
+.Sh NAME
+.Nm gss_export_sec_context
+.Nd Transfer a security context to another process
+.\" This next command is for sections 2 and 3 only.
+.\" .Sh LIBRARY
+.Sh SYNOPSIS
+.In "gssapi/gssapi.h"
+.Ft OM_uint32
+.Fo gss_export_sec_context
+.Fa "OM_uint32 *minor_status"
+.Fa "gss_ctx_id_t *context_handle"
+.Fa "gss_buffer_t interprocess_token"
+.Fc
+.Sh DESCRIPTION
+Provided to support the sharing of work between multiple processes.
+This routine will typically be used by the context-acceptor,
+in an application where a single process receives incoming connection
+requests and accepts security contexts over them,
+then passes the established context to one or more other processes for
+message exchange.
+.Fn gss_export_sec_context
+deactivates the security context for the calling process and creates
+an interprocess token which,
+when passed to
+.Fn gss_import_sec_context
+in another process,
+will re-activate the context in the second process.
+Only a single instantiation of a given context may be active at any
+one time;
+a subsequent attempt by a context exporter to access the exported security context will fail.
+.Pp
+The implementation may constrain the set of processes by which the
+interprocess token may be imported,
+either as a function of local security policy,
+or as a result of implementation decisions.
+For example,
+some implementations may constrain contexts to be passed only between
+processes that run under the same account,
+or which are part of the same process group.
+.Pp
+The interprocess token may contain security-sensitive information
+(for example cryptographic keys).
+While mechanisms are encouraged to either avoid placing such sensitive
+information within interprocess tokens,
+or to encrypt the token before returning it to the application,
+in a typical object-library GSS-API implementation this may not be
+possible.
+Thus the application must take care to protect the interprocess token,
+and ensure that any process to which the token is transferred is
+trustworthy.
+.Pp
+If creation of the interprocess token is successful,
+the implementation shall deallocate all process-wide resources
+associated with the security context,
+and set the context_handle to
+.Dv GSS_C_NO_CONTEXT .
+In the event of an error that makes it impossible to complete the
+export of the security context,
+the implementation must not return an interprocess token,
+and should strive to leave the security context referenced by the
+.Fa context_handle
+parameter untouched.
+If this is impossible,
+it is permissible for the implementation to delete the security
+context,
+providing it also sets the
+.Fa context_handle
+parameter to
+.Dv GSS_C_NO_CONTEXT .
+.Sh PARAMETERS
+.Bl -tag -width ".It interprocess_token"
+.It minor_status
+Mechanism specific status code.
+.It context_handle
+Context handle identifying the context to transfer.
+.It interprocess_token
+Token to be transferred to target process.
+Storage associated with this token must be freed by the application
+after use with a call to
+.Fn gss_release_buffer .
+.El
+.Sh RETURN VALUES
+.Bl -tag -width ".It GSS_S_CONTEXT_EXPIRED"
+.It GSS_S_COMPLETE
+Successful completion
+.It GSS_S_CONTEXT_EXPIRED
+The context has expired
+.It GSS_S_NO_CONTEXT
+The context was invalid
+.It GSS_S_UNAVAILABLE
+The operation is not supported
+.El
+.Sh SEE ALSO
+.Xr gss_import_sec_context 3 ,
+.Xr gss_release_buffer 3
+.Sh STANDARDS
+.Bl -tag -width ".It RFC 2743"
+.It RFC 2743
+Generic Security Service Application Program Interface Version 2, Update 1
+.It RFC 2744
+Generic Security Service API Version 2 : C-bindings
+.El
+.Sh HISTORY
+The
+.Nm
+function first appeared in
+.Fx 7.0 .
+.Sh AUTHORS
+John Wray, Iris Associates
+.Sh COPYRIGHT
+Copyright (C) The Internet Society (2000). All Rights Reserved.
+.Pp
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of
+developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+.Pp
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+.Pp
+This document and the information contained herein is provided on an
+"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
OpenPOWER on IntegriCloud