Becausegss_str_to_oid() cannot always be used, thereare alternative techniques for finding and selecting mechanisms. One way isto construct a mechanism OID manually and then compare that mechanism to aset of available mechanisms. Another way is to get the set of available mechanismsand choose one from the set.
The gss_OID type has the following form:
typedef struct gss_OID_desc struct { OM_uint32 length; void *elements;} gss_OID_desc, *gss_OID;where theelements field of this structurepoints to the first byte of an octet string containing the ASN.1 BER encodingof the value portion of the normal BER TLV encoding of the gss_OID. Thelength field contains the number of bytesin this value. For example, the gss_OID value thatcorresponds to the DASS X.509 authentication mechanism has alength fieldof 7 and anelements field that points to the followingoctal values:53,14,2,207,163,7,5.
Another way to construct a mechanism OID is to declare a gss_OID and then initialize the elements manually to represent a given mechanism. As above, the input for theelements values can be hard-coded, obtained from a table, or entered by a user. This method is somewhat more painstaking than usinggss_str_to_oid() but achieves the same effect.
This constructed gss_OID can then be comparedagainst a set of available mechanisms that have been returned by the functionsgss_indicate_mechs() orgss_inquire_mechs_for_name().The application can check for the constructed mechanism OID in this set ofavailable mechanisms by using thegss_test_oid_set_member() function.Ifgss_test_oid_set_member() does not return an error,then the constructed OID can be used as the mechanism for GSS-API transactions.
Another way to construct a preset OID is to usegss_indicate_mechs() orgss_inquire_mechs_for_name() to get the gss_OID_set of available mechanisms. A gss_OID_set_desc_struct has the following form:
typedef struct gss_OID_set_desc_struct { OM_uint32 length; void *elements;} gss_OID_set_desc, *gss_OID_set;where each of the elements is a gss_OID thatrepresents a mechanism. The application can then parse each mechanism anddisplay the numerical representation. A user can use this display to choosethe mechanism. The application then sets the mechanism to the appropriatemember of the gss_OID_set. The application can alsocompare the desired mechanisms against a list of preferred mechanisms.
This function is shown for the sake of completeness. Typically your would use the default mechanism, which is specified by GSS_C_NULL_OID.
Example 30 UsingcreateMechOid() to Create a Mechanism OIDgss_OID createMechOid(const char *mechStr){ gss_buffer_desc mechDesc; gss_OID mechOid; OM_uint32 minor; if (mechStr == NULL) return (GSS_C_NULL_OID); mechDesc.length = strlen(mechStr); mechDesc.value = (void *) mechStr; if (gss_str_to_oid(&minor, &mechDesc, &mechOid) ! = GSS_S_COMPLETE) { fprintf(stderr, "Invalid mechanism oid specified <%s>", mechStr); return (GSS_C_NULL_OID); } return (mechOid);}