Establishing a Security Context With the Server - Developer's Guide to Oracle® Solaris 11 Security

Developer's Guide to Oracle^® Solaris 11 Security

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Developer's Guide to Oracle^® ... » GSS-API Client Example » Establishing a Security Context With the Server

Updated: July 2014

Developer's Guide to Oracle^® Solaris 11 Security

Document Information

Using This Documentation

Chapter 1 Oracle Solaris Security for Developers (Overview)

Chapter 2 Developing Privileged Applications

Chapter 3 Writing PAM Applications and Services

Chapter 4 Writing Applications That Use GSS-API

Chapter 5 GSS-API Client Example

GSSAPI Client Example Overview

GSSAPI Client Example: main Function

Opening a Connection With the Server

Establishing a Security Context With the Server

Miscellaneous GSSAPI Context Operations on the Client Side

Wrapping and Sending a Message

Reading and Verifying a Signature Block From a GSS-API Client

Deleting the Security Context

Chapter 6 GSS-API Server Example

Chapter 7 Writing Applications That Use SASL

Chapter 8 Introduction to the Oracle Solaris Cryptographic Framework

Chapter 9 Writing User???Level Cryptographic Applications

Chapter 10 Introduction to the Oracle Solaris Key Management Framework

Appendix A Secure Coding Guidelines for Developers

Appendix B Sample C???Based GSS-API Programs

Appendix C GSS-API Reference

Appendix D Specifying an OID

Appendix E Source Code for SASL Example

Appendix F SASL Reference Tables

Appendix G Security Considerations When Using C Functions

Language:

Establishing a Security Context With the Server

After the connection is made, call_server() uses the function client_establish_context() to create the security context, as follows:

if (client_establish_context(s, service-name, deleg-flag, oid, &context,
                                  &ret-flags) < 0) {
          (void) close(s);
          return -1;
     }

s is a file descriptor that represents the connection that is established by connect_to_server().
service-name is the requested network service.
deleg-flag specifies whether the server can act as a proxy for the client.
oid is the mechanism.
context is the context to be created.
ret-flags is an int that specifies any flags to be returned by the GSS-API function gss_init_sec_context().

The client_establish_context() performs the following tasks:

Translates the service name into internal GSSAPI format
Performs a loop of token exchanges between the client and the server until the security context is complete

Copyright © 2000, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices