面向开发者的 Oracle® Solaris 11 安全性指南

退出打印视图

更新时间: 2014 年 7 月
 
 

GSSAPI 服务器示例:main() 函数

    gss-server main() 函数执行以下任务:

  • 解析命令行参数并为变量指定参数

  • 获取与机制对应的服务的凭证

  • 调用 sign_server() 函数,该函数会执行涉及到对消息进行签名和返回消息等工作

  • 释放已经获取的凭证

  • 释放机制的 OID 名称空间

  • 在连接仍处于打开状态时关闭连接


注 - 此示例的源代码也可以通过 Oracle 下载中心获取。请参见 http://www.oracle.com/technetwork/indexes/downloads/sdlc-decommission-333274.html
示例 6-1  gss-server 示例:main()
int
main(argc, argv)
     int argc;
     char **argv;
{
     char *service_name;
     gss_cred_id_t server_creds;
     OM_uint32 min_stat;
     u_short port = 4444;
     int s;
     int once = 0;
     int do_inetd = 0;

     log = stdout;
     display_file = stdout;

     /* Parse command-line arguments. */
     argc--; argv++;
     while (argc) {
     if (strcmp(*argv, "-port") == 0) {
          argc--; argv++;
          if (!argc) usage();
          port = atoi(*argv);
     } else if (strcmp(*argv, "-verbose") == 0) {
          verbose = 1;
     } else if (strcmp(*argv, "-once") == 0) {
          once = 1;
     } else if (strcmp(*argv, "-inetd") == 0) {
          do_inetd = 1;
     } else if (strcmp(*argv, "-logfile") == 0) {
          argc--; argv++;
          if (!argc) usage();
          log = fopen(*argv, "a");
          display_file = log;
          if (!log) {
          perror(*argv);
          exit(1);
          }
     } else
          break;
     argc--; argv++;
     }
     if (argc != 1)
          usage();

     if ((*argv)[0] == '-')
          usage();

     service_name = *argv;

     /* Acquire service credentials. */
     if (server_acquire_creds(service_name, &server_creds) < 0)
          return -1;
     
     if (do_inetd) {
          close(1);
          close(2);
          /* Sign and return message. */
          sign_server(0, server_creds);
          close(0);
     } else {
          int stmp;

          if ((stmp = create_socket(port)) >= 0) {
              do {
                  /* Accept a TCP connection */
                  if ((s = accept(stmp, NULL, 0)) < 0) {
                      perror("accepting connection");
                      continue;
                  }
                  /* This return value is not checked, because there is
                     not really anything to do if it fails. */
                  sign_server(s, server_creds);
                  close(s);
              } while (!once);

              close(stmp);
          }
     }

     /* Close down and clean up. */
     (void) gss_release_cred(&min_stat, &server_creds);

     /*NOTREACHED*/
     (void) close(s);
     return 0;
}