gss_delete_sec_context (delete a security context)

Purpose

Deletes a security context.

Format

#include <skrb/gssapi.h>
OM_uint32 gss_delete_sec_context (
    OM_uint32 *                    minor_status,
    gss_ctx_id_t *                 context_handle,
    gss_buffer_t                   output_token)

Parameters

Input/Output

context_handle: Specifies the context to be deleted. Upon successful completion, the context_handle value is set to GSS_C_NO_CONTEXT.

Output

output_token: Returns a token to be sent to the partner application. The partner application then passes this token to the gss_process_context_token() routine to delete the other end of the security context. The gss_delete_sec_context() routine sets the output_token length field to zero if no token needs to be sent to the partner application.
GSS_C_NO_BUFFER may be specified for the output_token parameter. In this case, no token is returned by the gss_delete_sec_context() routine. Both of the communicating applications must call gss_delete_sec_context() in order to delete both ends of the security context.
minor_status: Returns a status code from the security mechanism.

Usage

The gss_delete_sec_context() routine deletes one end of a security context. It also deletes the local data structures associated with the security context. When it deletes the context, the routine can generate a token. The application must then pass this token to the partner application. The partner application calls the gss_process_context_token() routine to process the token and complete the process of deleting the security context.

If no token is returned, it is up to both client and server to issue gss_delete_sec_context() independently of each other when the security context is no longer needed.

This call can be made by either peer in a security context to flush context-specific information. Both communicating applications must call the gss_delete_sec_context() routine if GSS_C_NO_BUFFER is specified for the output_token parameter.

The context_handle may not be used for additional security services after the gss_delete_sec_context() routine has successfully completed.

Status Codes

Table 1. Status Codes for **gss_delete_sec_context()**
Status Code	Meaning
GSS_S_COMPLETE	The routine completed successfully.
GSS_S_FAILURE	The routine failed for reasons that are not defined at the GSS level. The minor_status return parameter contains a mechanism-dependent error code describing the reason for the failure.
GSS_S_NO_CONTEXT	The supplied context handle did not refer to a valid context.