Creates a security context.
Network Services Library (libnsl.a)
#include <rpc/rpcsec_gss.h>
AUTH *rpc_gss_seccreate(cl, s_principal, mech, s_type, qop, o_req, o_ret)
CLIENT *cl;
char *s_principal;
char *mech;
rpc_gss_service_t s_type;
char *qop;
rpc_gss_options_req_t *o_req;
rpc_gss_options_ret_t *o_ret;
When making a remote procedure call using RPCSEC_GSS APIs, a security context must be created between the client and the server. The rpc_gss_seccreate subroutine uses the RPCSEC_GSS protocol to create a context. With the subroutine, you can specify the security mechanism that is used for context creation and thus for further client-server communication, security types and the quality of protection.
Item | Description |
---|---|
cl | Represents a client handle that can be created using any of the client handle creation subroutines. |
s_principal | Specifies a server principal of the form service@host. The service variable represents the service offered by a server and the host variable indicates the name of a machine on which the server resides (for example, nfs@aix1.ibm.com). |
mech | Represents the supported security mechanism that is used for context creation and client-server communication (for example, kerberosv5). |
s_type | Represents the type of service for the session that basically offers a level of protection. (for example, integrity and privacy). |
qop | Represents the quality of protection. You can specify the parameter to select cryptographic algorithm. |
o_req | Specifies the options that are passed to the GSS_API layer under the RPCSEC_GSS layer. If you specify the parameter with NULL, default parameters are used. |
o_ret | Specifies the options that are returned by the GSS_API layer. If you do not want to see options, you can specify the parameter with NULL. The o_ret parameter is an output parameter. |
Item | Description |
---|---|
a security context handle of the AUTH type | successful |
NULL | unsuccessful |
You can use the rpc_gss_get_error subroutine to retrieve the error number.
In the following example, security context is created to have a secure communication between the client and the server.
#include <stdlib.h>
#include <rpc/rpc.h>
#include <rpc/rpcsec_gss.h>
main()
{
CLIENT *client;
char *s_principal;
char *mech;
rpc_gss_service_t s_type;
char *qop;
rpc_gss_options_ret_t o_ret;
rpc_gss_error_t gss_error;
/* Create client handle using any of the client handle creation routines*/
/* Initialize the required parameters */
s_principal = "myservice@aix1.ibm.com"; /* service@host */
mech = "kerberosv5";
s_type = 2; /* 1: none, 2: integrity. 3: privacy */
qop = "GSS_C_QOP_DEFAULT";
o_ret.major_status = 0;
o_ret.minor_status = 0;
/* Create security context */
client->cl_auth = rpc_gss_seccreate(client, s_principal,
mech, s_type, qop, NULL, &0_ret);
if(client->cl_auth == NULL)
{
fprintf(stderr,"\nError in rpc_gss_seccreate:\n");
rpc_gss_get_error(&gss_error);
fprintf(stderr,"rpc_gss_error: %d \nSystem_error: %d \n"
,gss_error.rpc_gss_error,gss_error.system_error);
exit(EXIT_FAILURE);
}
/* Make a call to server */
}