| 跳过导航链接 | |
| 退出打印视图 | |
|
Oracle Solaris 10 开发者安全性指南 Oracle Solaris 10 1/13 Information Library (简体中文) |
| 跳过导航链接 | |
| 退出打印视图 | |
|
|
Oracle Solaris 10 开发者安全性指南 Oracle Solaris 10 1/13 Information Library (简体中文) |
gss-client 应用程序必须首先包装(即加密)数据,然后才能将其发送。应用程序通过执行以下步骤来包装消息:
确定包装大小限制。此过程可确保协议提供经过包装的消息。
获取源和目标的名称。将名称从对象标识符转换为字符串。
获取机制名称的列表。将名称从对象标识符转换为字符串。
将消息插入到缓冲区中并对其进行包装。
将消息发送到服务器。
以下源代码可用于包装消息。
示例 5-6 gss-client 示例:call_server()-包装消息
/* Test gss_wrap_size_limit */
maj_stat = gss_wrap_size_limit(&min_stat, context, conf_req_flag,
GSS_C_QOP_DEFAULT, req_output_size, &max_input_size);
if (maj_stat != GSS_S_COMPLETE) {
display_status("wrap_size_limit call", maj_stat, min_stat);
} else
fprintf (stderr, "gss_wrap_size_limit returned "
"max input size = %d \n"
"for req_output_size = %d with Integrity only\n",
max_input_size , req_output_size , conf_req_flag);
conf_req_flag = 1;
maj_stat = gss_wrap_size_limit(&min_stat, context, conf_req_flag,
GSS_C_QOP_DEFAULT, req_output_size, &max_input_size);
if (maj_stat != GSS_S_COMPLETE) {
display_status("wrap_size_limit call", maj_stat, min_stat);
} else
fprintf (stderr, "gss_wrap_size_limit returned "
" max input size = %d \n" "for req_output_size = %d with "
"Integrity & Privacy \n", max_input_size , req_output_size );
maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
if (maj_stat != GSS_S_COMPLETE) {
display_status("displaying source name", maj_stat, min_stat);
return -1;
}
maj_stat = gss_display_name(&min_stat, targ_name, &tname,
(gss_OID *) NULL);
if (maj_stat != GSS_S_COMPLETE) {
display_status("displaying target name", maj_stat, min_stat);
return -1;
}
fprintf(stderr, "\"%.*s\" to \"%.*s\", lifetime %u, flags %x, %s, %s\n",
(int) sname.length, (char *) sname.value, (int) tname.length,
(char *) tname.value, lifetime, context_flags,
(is_local) ? "locally initiated" : "remotely initiated",
(is_open) ? "open" : "closed");
(void) gss_release_name(&min_stat, &src_name);
(void) gss_release_name(&min_stat, &targ_name);
(void) gss_release_buffer(&min_stat, &sname);
(void) gss_release_buffer(&min_stat, &tname);
maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
if (maj_stat != GSS_S_COMPLETE) {
display_status("converting oid->string", maj_stat, min_stat);
return -1;
}
fprintf(stderr, "Name type of source name is %.*s.\n", (int) oid_name.length,
(char *) oid_name.value);
(void) gss_release_buffer(&min_stat, &oid_name);
/* Now get the names supported by the mechanism */
maj_stat = gss_inquire_names_for_mech(&min_stat, mechanism, &mech_names);
if (maj_stat != GSS_S_COMPLETE) {
display_status("inquiring mech names", maj_stat, min_stat);
return -1;
}
maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
if (maj_stat != GSS_S_COMPLETE) {
display_status("converting oid->string", maj_stat, min_stat);
return -1;
}
mechStr = (char *)__gss_oid_to_mech(mechanism);
fprintf(stderr, "Mechanism %.*s (%s) supports %d names\n", (int) oid_name.length,
(char *) oid_name.value, (mechStr == NULL ? "NULL" : mechStr),
mech_names->count);
(void) gss_release_buffer(&min_stat, &oid_name);
for (i=0; i < mech_names->count; i++) {
maj_stat = gss_oid_to_str(&min_stat, &mech_names->elements[i], &oid_name);
if (maj_stat != GSS_S_COMPLETE) {
display_status("converting oid->string", maj_stat, min_stat);
return -1;
}
fprintf(stderr, " %d: %.*s\n", i, (int) oid_name.length, (
char *) oid_name.value);
(void) gss_release_buffer(&min_stat, &oid_name);
}
(void) gss_release_oid_set(&min_stat, &mech_names);
if (use_file) {
read_file(msg, &in_buf);
} else {
/* Wrap the message */
in_buf.value = msg;
in_buf.length = strlen(msg) + 1;
}
if (ret_flag & GSS_C_CONF_FLAG) {
state = 1;
else
state = 0;
}
maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, &in_buf,
&state, &out_buf);
if (maj_stat != GSS_S_COMPLETE) {
display_status("wrapping message", maj_stat, min_stat);
(void) close(s);
(void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
return -1;
} else if (! state) {
fprintf(stderr, "Warning! Message not encrypted.\n");
}
/* Send to server */
if (send_token(s, &out_buf) < 0) {
(void) close(s);
(void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
return -1;
}
(void) gss_release_buffer(&min_stat, &out_buf);
|