2004-02-06 Jeffrey Altman <jaltman@mit.edu>

* Add new command line switches to the gss-client to support the use of GSS_C_SEQUENCE_FLAG or to disable the use of either GSS_C_MUTUAL_FLAG or GSS_C_REPLAY_FLAG ticket: 2212 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16023 dc483132-0cff-0310-8789-dd5450dbe970
author: Jeffrey Altman <jaltman@secure-endpoints.com> 2004-02-06 19:05:47 +0000
committer: Jeffrey Altman <jaltman@secure-endpoints.com> 2004-02-06 19:05:47 +0000
commit: 22f656170d0df8d1be9bfc3e3e646ab56f647230 (patch)
tree: a4370f9f77168ab540870ac6fa68c4d3f944cef4 /src/appl
parent: 777e007f9cfd3fdbd73743598f6bdd9a8aa91a6e (diff)
download: krb5-22f656170d0df8d1be9bfc3e3e646ab56f647230.tar.gz
krb5-22f656170d0df8d1be9bfc3e3e646ab56f647230.tar.xz
krb5-22f656170d0df8d1be9bfc3e3e646ab56f647230.zip
3 files changed, 36 insertions, 14 deletions
diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index 006340763..04bdc4737 100644
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * Add new command line switches to the gss-client
+      to support the use of GSS_C_SEQUENCE_FLAG or to 
+      disable the use of either GSS_C_MUTUAL_FLAG or 
+      GSS_C_REPLAY_FLAG
+
 2004-01-31  Ken Raeburn  <raeburn@mit.edu>
 
 	* gss-misc.c: Include sys/time.h or time.h, to get struct timeval
@@ -13,7 +20,7 @@
 
 	* gss-misc.c (recv_token): Support reading 0 token flags as part of length
 
-	* gss-client.c :  Support a -v1 argument meaning that no token flags are used o,
+	* gss-client.c :  Support a -v1 argument meaning that no token flags are used,
 
 	* gss-misc.c (send_token): If token flags are null, do not send them.
 
diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README
index 8fc7cfee4..85232aff4 100644
--- a/src/appl/gss-sample/README
+++ b/src/appl/gss-sample/README
@@ -105,6 +105,14 @@ the following meanings:
 	credential cache (you must have acquired your tickets with
 	"kinit -f" for this to work).
 
+-seq Tells the client to enforce ordered message delivery via
+    sequencing.  
+
+-noreplay Tells the client to disable the use of replay
+    detection.
+
+-nomutual Tells the client to disable the use of mutual authentication.
+
 -f	Tells the client that the "msg" argument is actually the name
 	of a file whose contents should be used as the message.
 
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index a66c0c9fe..898d0f8b6 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -108,7 +108,7 @@ static int connect_to_server(host, port)
  *
  * 	s		(r) an established TCP connection to the service
  * 	service_name	(r) the ASCII service name of the service
- *	deleg_flag	(r) GSS-API delegation flag (if any)
+ *	gss_flags	(r) GSS-API delegation flag (if any)
  *	auth_flag	(r) whether to actually do authentication
  *	oid		(r) OID of the mechanism to use
  * 	context		(w) the established GSS-API context
@@ -128,12 +128,13 @@ static int connect_to_server(host, port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-static int client_establish_context(s, service_name, deleg_flag, auth_flag,
-				    v1_format, oid, gss_context, ret_flags)
+static int client_establish_context(s, service_name, gss_flags, auth_flag,
+				    v1_format, oid, gss_context, ret_flags, replay_flag,
+                    seq_flag, mutual_flag)
      int s;
      char *service_name;
      gss_OID oid;
-     OM_uint32 deleg_flag;
+     OM_uint32 gss_flags;
      int auth_flag;
      int v1_format;
      gss_ctx_id_t *gss_context;
@@ -191,8 +192,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag,
 				gss_context,
 				target_name,
 				oid,
-				GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-				deleg_flag,
+				gss_flags,
 				0,
 				NULL,	/* no channel bindings */
 				token_ptr,
@@ -301,7 +301,7 @@ static void read_file(file_name, in_buf)
  * 	host		(r) the host providing the service
  * 	port		(r) the port to connect to on host
  * 	service_name	(r) the GSS-API service name to authenticate to
- *	deleg_flag	(r) GSS-API delegation flag (if any)
+ *	gss_flags	(r) GSS-API delegation flag (if any)
  *	auth_flag	(r) whether to do authentication
  *	wrap_flag	(r) whether to do message wrapping at all
  *	encrypt_flag	(r) whether to do encryption while wrapping
@@ -320,14 +320,14 @@ static void read_file(file_name, in_buf)
  * reads back a GSS-API signature block for msg from the server, and
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.  */
-static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
+static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
 		       wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
 		       mcount)
      char *host;
      u_short port;
      gss_OID oid;
      char *service_name;
-     OM_uint32 deleg_flag;
+     OM_uint32 gss_flags;
      int auth_flag, wrap_flag, encrypt_flag, mic_flag;
      int v1_format;
      char *msg;
@@ -357,7 +357,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
 	  return -1;
 
      /* Establish context */
-     if (client_establish_context(s, service_name, deleg_flag, auth_flag,
+     if (client_establish_context(s, service_name, gss_flags, auth_flag,
 				  v1_format, oid, &context,
 				  &ret_flags) < 0) {
 	  (void) close(s);
@@ -581,7 +581,8 @@ int main(argc, argv)
      char *mechanism = 0;
      u_short port = 4444;
      int use_file = 0;
-     OM_uint32 deleg_flag = 0, min_stat;
+     OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+     OM_uint32 min_stat;
      gss_OID oid = GSS_C_NULL_OID;
      int mcount = 1, ccount = 1;
      int i;
@@ -603,7 +604,13 @@ int main(argc, argv)
 	       if (!argc) usage();
 	       mechanism = *argv;
 	   } else if (strcmp(*argv, "-d") == 0) {
-	       deleg_flag = GSS_C_DELEG_FLAG;
+	       gss_flags |= GSS_C_DELEG_FLAG;
+	   } else if (strcmp(*argv, "-seq") == 0) {
+	       gss_flags |= GSS_C_SEQUENCE_FLAG;
+	   } else if (strcmp(*argv, "-noreplay") == 0) {
+	       gss_flags &= ~GSS_C_REPLAY_FLAG;
+	   } else if (strcmp(*argv, "-nomutual") == 0) {
+	       gss_flags &= ~GSS_C_MUTUAL_FLAG;
 	  } else if (strcmp(*argv, "-f") == 0) {
 	       use_file = 1;
 	  } else if (strcmp(*argv, "-q") == 0) {
@@ -644,7 +651,7 @@ int main(argc, argv)
 
      for (i = 0; i < ccount; i++) {
        if (call_server(server_host, port, oid, service_name,
-		       deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+		       gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
 		       v1_format, 		       msg, use_file, mcount) < 0)
 	 exit(1);
      }
author	Jeffrey Altman <jaltman@secure-endpoints.com>	2004-02-06 19:05:47 +0000
committer	Jeffrey Altman <jaltman@secure-endpoints.com>	2004-02-06 19:05:47 +0000
commit	22f656170d0df8d1be9bfc3e3e646ab56f647230 (patch)
tree	a4370f9f77168ab540870ac6fa68c4d3f944cef4 /src/appl
parent	777e007f9cfd3fdbd73743598f6bdd9a8aa91a6e (diff)
download	krb5-22f656170d0df8d1be9bfc3e3e646ab56f647230.tar.gz krb5-22f656170d0df8d1be9bfc3e3e646ab56f647230.tar.xz krb5-22f656170d0df8d1be9bfc3e3e646ab56f647230.zip