GSSTEST   Version 1.10   22-Apr-1999
====================================


This program will analyze and verify the behaviour of a gssapi
mechanism implementation conforming to the IETF-defined
GSS-API v2 specification.  The tests are focused on the usage
pattern of the SNC-functionality of the SAP R/3 software
(SNC = Secure Network Communications).

The accompanying sources compile on the following platforms:

   Alpha running Digital Unix (OSF1) 3.2 and 4.0
       "build.OSF1" is configured for the DEC C Compiler (v5.2)


   HP PA-RISC (hp 9000/700 and 9000/800) running HP-UX 9.x and 10.x
       "build.HP-UX" is configured for the UN-bundled HP CC Compiler.


   Intel x86 running Windows NT 4.0 or Windows '95/'98
       "make.cmd" is configured for the Microsoft Visual C++ 5.0
       project files for VC 5.0 and VC 4.2 are also included.


   Sparc-family running Solaris 2.5 (SunOS 5.5.1)
       "build.SunOS" is configured for the SUN Wspro Compiler (v4.2)


   PowerPC/RS600 running AIX 3.2.5, 4.1.x, 4.2.x
       "build.AIX" is configured for the AIX xlc compiler


   MIPS running Reliant Unix (SINIX-Y) 5.43 or 5.44
       "build.SINIX-Y" is configured for SNI compiler
           "SNI: CDS++ V1.0C3200, 1.2.1.4 from 16 Dec 1997"


   Intel x86 or compatible running Linux 2.0/2.1/2.2 Kernels
       "build.Linux" is configured for gcc-2.7.3 & libc6





BUILDING GSSTEST:
=================

Assuming that you have your environment and search path correctly
configured, the only thing that you will have to do after unpacking
the source distribution is to change to the gsstest directory
and type "make".  If you want to use a different compiler than
those that I have used, you may have to adjust the knob/switches
in the "build.*"-scripts (Unix) or in "make.cmd" (Microsoft Windows).



RUNNING GSSTEST:
================

When gsstest is called with no command line parameters or
with "-h", then it will display a short summary of command line
options that are available:

  gsstest  -l <lib> -a <target_name> [-d <level>] [-n <num>] [-w <level> [-v]
          [-b 1/0] [-s 1/0] [-x 1/0] [-t <level>]    [-f] [-h] [-m] [-e] [-z]
          [-o <logfile>] [-p <logfile>]

  required arguments:
    -l <lib>            specifies the name of the shared library / DLL
    -a <target_name>    specifies the identity of the target / acceptor

  optional arguments:
    -d <level>   level of debug/trace output [0..4]               (default  0)
    -n <num>     number of concurrent security contexts           (default 10)
    -b 1/0       pass bogus or cleared handles into gssapi        (default  1)
    -s 1/0       check/verify SAP-specific constraints            (default  1)
    -w <level>   wrap ranges level (resolution of test [0..3])    (default  0)
    -x 1/0       attempt cross-process security context transfers (default  1)
    -o <logfile> transcript output into logfile and STDOUT
    -p <logfile> transcript output into logfile only
    -e           simulate/test user and application errors
    -f           imply GSS_C_TRANS_FLAG, force security context transfers
    -h           show this help
    -m           imply CONF and INTEG, force message protection
    -v           show location&line-numbers for ERROR messages
    -z           zap trailing NUL chars on names (dirty hack!)
    -t <level>   print detailed timing statistics for gssapi calls (default  0)
                   0=none, 1=parent, 2=child, 3=both


To get a feeling for how it should work, I have included a
DLL that should work on Microsoft Win32 (NT/95/98).
It basically a wrapper of Microsofts SSPI and uses the
NTLM target-only authentication.  This DLL does NOT offer
any message protection (i.e. integrity/confidentiality)
services, but it is able to "transfer" the established
security context across process boundaries.  (I know that
a trying to hold on to an established security context that
lacks message protection is not really useful -- well, except
for testing security context transfer facilites...).

TRY:      "gsstest -l gssntlm.dll"

I highly recommend using tools like "Purify", "BoundsChecker" or
"Electric Fence" to verify the correct operation of your gssapi
implementation regarding memory&resource management during the test.



BUG REPORTS / FEEDBACK
======================

I will appreciate almost any kind of feedback on my GSS-API test
program.  I am especially interested in the output that this tool
produces for *your* gss-api implemenation on any of the supported
hardware platforms.
(You don't even have to add comments, just Email me the output of gsstest.)

Please send all (technical) feedback and bug reports for gsstest
(preferably via Email !) to:

Martin Rex
SAP AG Walldorf
Developer, R/3 Network Security

Email:  <Martin.Rex@sap-ag.de>
Voice:  +49 (6227) 7-45351
Fax:    +49 (6227) 7-41198

Snail Mail:
   Martin Rex
   SAP AG Walldorf
   Neurottstrasse 16
   69190 Walldorf
   GERMANY
