test

GSS-API Programming Guide

Overview: main() (Client)

As with all C programs, the outer shell of the program is contained in the entry-point function, main(). main() performs four functions:

  1. It parses command-line arguments, assigning them to variables:

    • If specified, port is the port number for making the connection to the remote machine specified by host.

    • If the -d flag is set, security credentials should be delegated to the server. Specifically, the deleg_flag variable is set to the GSS-API value GSS_C_DELEG_FLAG; otherwise deleg_flag is set to zero.

    • mech is the (optional) name of the security mechanism, such as Kerberos v5 or X.509, to use. If no mechanism is specified, the GSS-API will use a default mechanism.

    • The name of the network service requested by the client (such as telnet, ftp, or login service) is assigned to service_name.

    • Finally, msg is the string to send to the server as protected data. If the -f option is specified, then msg is the name of a file from which to read the string.

    An example command line might look like this:


    % gss-client -port 8080 -d -mech kerberos_v5 erebos.eng nfs "ls"

    This command line specifies neither mechanism nor port, and does not use delegation:


    % gss-client erebos.eng nfs "ls"

  2. It calls parse_oid() to create a GSS-API OID (object identifier) from the name of a security mechanism (if such a name has been provided on the command line): 

    if (mechanism)
         parse_oid(mechanism, &g_mechOid);

    where mechanism is the string to translate and g_mechOid is a pointer to a gss_OID object for the mechanism. See Appendix C, Specifying an OID for more about specifying a non-default mechanism.

  3. It calls call_server(), which does the actual work of creating a context and sending data.

    if (call_server(hostname, port, g_mechOid, service_name,
                   deleg_flag, msg, use_file) < 0)
          exit(1);

  4. It releases the storage space for the OID if it has not been released yet.

    if (g_mechOID != GSS_C_NULL_OID)
     (void) gss_release_oid(&min_stat, &g_mechoid);

    Note that gss_release_oid(), while supported by the Sun implementation of the GSS-API, is not supported by all GSS-API implementations and is considered nonstandard. Since applications should if possible use the default mechanism provided by the GSS-API instead of allocating one (with gss_str_to_oid()), the gss_release_oid() command generally should not be used.