xref: /freebsd/lib/libgssapi/gss_delete_sec_context.3 (revision c0b9f4fe659b6839541970eb5675e57f4d814969)

.\" -*- nroff -*-
.\"
.\" Copyright (c) 2005 Doug Rabson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"	$FreeBSD$
.\"
.\" Copyright (C) The Internet Society (2000).  All Rights Reserved.
.\"
.\" This document and translations of it may be copied and furnished to
.\" others, and derivative works that comment on or otherwise explain it
.\" or assist in its implementation may be prepared, copied, published
.\" and distributed, in whole or in part, without restriction of any
.\" kind, provided that the above copyright notice and this paragraph are
.\" included on all such copies and derivative works.  However, this
.\" document itself may not be modified in any way, such as by removing
.\" the copyright notice or references to the Internet Society or other
.\" Internet organizations, except as needed for the purpose of
.\" developing Internet standards in which case the procedures for
.\" copyrights defined in the Internet Standards process must be
.\" followed, or as required to translate it into languages other than
.\" English.
.\"
.\" The limited permissions granted above are perpetual and will not be
.\" revoked by the Internet Society or its successors or assigns.
.\"
.\" This document and the information contained herein is provided on an
.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
.\"
.\" The following commands are required for all man pages.
.Dd November 12, 2005
.Os
.Dt GSS_DELETE_SEC_CONTEXT 3 PRM
.Sh NAME
.Nm gss_delete_sec_context
.Nd Discard a security context
.\" This next command is for sections 2 and 3 only.
.\" .Sh LIBRARY
.Sh SYNOPSIS
.In "gssapi/gssapi.h"
.Ft OM_uint32
.Fo gss_delete_sec_context
.Fa "OM_uint32 *minor_status"
.Fa "gss_ctx_id_t *context_handle"
.Fa "gss_buffer_t output_token"
.Fc
.Sh DESCRIPTION
Delete a security context.
.Fn gss_delete_sec_context
will delete the local data structures associated with the specified
security context,
and may generate an output_token,
which when passed to the peer
.Fn gss_process_context_token
will instruct it to do likewise.
If no token is required by the mechanism,
the GSS-API should set the length field of the output_token (if
provided) to zero.
No further security services may be obtained using the context
specified by
.Fa context_handle .
.Pp
In addition to deleting established security contexts,
.Fn gss_delete_sec_context
must also be able to delete "half-built" security contexts resulting
from an incomplete sequence of
.Fn gss_init_sec_context
/
.Fn gss_accept_sec_context
calls.
.Pp
The
.Fa output_token
parameter is retained for compatibility with version 1 of the GSS-API.
It is recommended that both peer applications invoke
.Fn gss_delete_sec_context
passing the value
.Dv GSS_C_NO_BUFFER
for the
.Fa output_token
parameter,
indicating that no token is required,
and that
.Fn gss_delete_sec_context
should simply delete local context data structures.
If the application does pass a valid buffer to
.Fn gss_delete_sec_context ,
mechanisms are encouraged to return a zero-length token,
indicating that no peer action is necessary,
and that no token should be transferred by the application.
.Sh PARAMETERS
.Bl -tag
.It minor_status
Mechanism specific status code.
.It context_handle
Context handle identifying context to delete.
After deleting the context,
the GSS-API will set this context handle to
.Dv GSS_C_NO_CONTEXT .
.It output_token
Token to be sent to remote application to instruct it to also delete
the context.
It is recommended that applications specify
.Dv GSS_C_NO_BUFFER
for this parameter,
requesting local deletion only.
If a buffer parameter is provided by the application,
the mechanism may return a token in it;
mechanisms that implement only local deletion should set the length
field of this token to zero to indicate to the application that no
token is to be sent to the peer.
.El
.Sh RETURN VALUES
.Bl -tag
.It GSS_S_COMPLETE
Successful completion
.It GSS_S_NO_CONTEXT
No valid context was supplied
.El
.Sh SEE ALSO
.Xr gss_process_context_token 3 ,
.Xr gss_init_sec_context 3 ,
.Xr gss_accept_sec_context 3
.Sh STANDARDS
.Bl -tag
.It RFC 2743
Generic Security Service Application Program Interface Version 2, Update 1
.It RFC 2744
Generic Security Service API Version 2 : C-bindings
.\" .Sh HISTORY
.El
.Sh HISTORY
The
.Nm
manual page example first appeared in
.Fx 7.0 .
.Sh AUTHORS
John Wray, Iris Associates