From ea21a78f413afcfb20c18918f7c8ce2fea401636 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 4 Jan 1996 03:00:07 +0000 Subject: * gss-client.c (main, client_establish_context): If the -d flag is given to the client, then try to delegate credentials when establishing the context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7265 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gss-sample/ChangeLog | 6 ++++++ src/appl/gss-sample/README | 14 ++++++++++---- src/appl/gss-sample/gss-client.c | 11 +++++++++-- 3 files changed, 25 insertions(+), 6 deletions(-) (limited to 'src/appl/gss-sample') diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index f15c38c053..18b5a421cc 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,9 @@ +Wed Jan 3 21:55:30 1996 Theodore Y. Ts'o + + * gss-client.c (main, client_establish_context): If the -d flag is + given to the client, then try to delegate credentials when + establishing the context. + Thu Oct 12 11:15:28 1995 Ezra Peisach * gss-misc.c (recv_token): When continuing partial read, decrease diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index 0ec6bb7d7c..a8d0afa7e2 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -41,20 +41,26 @@ interfaces. The server's command line usage is - gss-server [-port port] service_name + gss-server [-port port] [-v2] service_name where service_name is a GSS-API service name of the form "service@host". The server will accept TCP connections on port -(default 4444) and establish contexts as service_name. +(default 4444) and establish contexts as service_name. The -v2 option +means that the GSSAPI v2 calls should be used (and tested). + The client's command line usage is - gss-client [-port port] host service_name msg + gss-client [-port port] [-v2] [-d] host service_name msg where host is the host running the server, service_name is the service name that the server will establish connections as, and msg is the message. The client connects to the TCP on (default 4444) -and performs the exchange. +and performs the exchange. The "-d" option specifies delegation - +a forwardable TGT will be sent to the server, which will put it in +its credential cache (you must kinit -f for this to work). +The -v2 option means that the GSSAPI v2 calls should be used (and +tested). If you are using this sample application with OpenVision's Kerberos 5 GSS-API mechanism: diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index 56e07c2d6c..3827336ffe 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -41,13 +41,16 @@ int call_server(); int send_token(); int recv_token(); + +int deleg_flag; void display_status(); extern FILE *display_file; usage() { - fprintf(stderr, "Usage: gss-client [-port port] [-v2] host service msg\n"); + fprintf(stderr, "Usage: gss-client [-port port] [-d] [-v2] host service \ +msg\n"); exit(1); } @@ -60,6 +63,7 @@ main(argc, argv) int v2 = 0; display_file = stdout; + deleg_flag = 0; /* Parse arguments. */ argc--; argv++; @@ -70,6 +74,8 @@ main(argc, argv) port = atoi(*argv); } else if (strcmp(*argv, "-v2") == 0) { v2 = 1; + } else if (strcmp(*argv, "-d") == 0) { + deleg_flag = GSS_C_DELEG_FLAG; } else break; argc--; argv++; @@ -446,7 +452,8 @@ int client_establish_context(s, service_name, gss_context) gss_context, target_name, GSS_C_NULL_OID, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | + deleg_flag, 0, NULL, /* no channel bindings */ token_ptr, -- cgit