2004-02-06 Jeffrey Altman <jaltman@mit.edu>

    * Add new command line switches to the gss-client
      to support the use of GSS_C_SEQUENCE_FLAG or to
      disable the use of either GSS_C_MUTUAL_FLAG or
      GSS_C_REPLAY_FLAG

ticket: 2212

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16023 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index 00634076308d9c12c4f868b178ba6632dba608a4..04bdc473705268a84c347fbccbd1c40b0a15f31c 100644 (file)
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-06  Jeffrey Altman <jaltman@mit.edu>
+
+    * Add new command line switches to the gss-client
+      to support the use of GSS_C_SEQUENCE_FLAG or to 
+      disable the use of either GSS_C_MUTUAL_FLAG or 
+      GSS_C_REPLAY_FLAG
+
 2004-01-31  Ken Raeburn  <raeburn@mit.edu>
 
        * gss-misc.c: Include sys/time.h or time.h, to get struct timeval
@@ -13,7 +20,7 @@
 
        * gss-misc.c (recv_token): Support reading 0 token flags as part of length
 
-       * gss-client.c :  Support a -v1 argument meaning that no token flags are used o,
+       * gss-client.c :  Support a -v1 argument meaning that no token flags are used,
 
        * gss-misc.c (send_token): If token flags are null, do not send them.
 

diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README
index 8fc7cfee4789201c37cd0d312496b05919928848..85232aff46ab1ebfe9893c7321c321f0d2f4669f 100644 (file)
--- a/src/appl/gss-sample/README
+++ b/src/appl/gss-sample/README
@@ -105,6 +105,14 @@ the following meanings:
        credential cache (you must have acquired your tickets with
        "kinit -f" for this to work).
 
+-seq Tells the client to enforce ordered message delivery via
+    sequencing.  
+
+-noreplay Tells the client to disable the use of replay
+    detection.
+
+-nomutual Tells the client to disable the use of mutual authentication.
+
 -f     Tells the client that the "msg" argument is actually the name
        of a file whose contents should be used as the message.
 

diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index a66c0c9fefdb0a0b73dcc85770b20a61d3f62a4d..898d0f8b68638b2e1905bbd34fb8f591f68a58f7 100644 (file)
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -108,7 +108,7 @@ static int connect_to_server(host, port)
  *
  *     s               (r) an established TCP connection to the service
  *     service_name    (r) the ASCII service name of the service
- *     deleg_flag      (r) GSS-API delegation flag (if any)
+ *     gss_flags       (r) GSS-API delegation flag (if any)
  *     auth_flag       (r) whether to actually do authentication
  *     oid             (r) OID of the mechanism to use
  *     context         (w) the established GSS-API context
@@ -128,12 +128,13 @@ static int connect_to_server(host, port)
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-static int client_establish_context(s, service_name, deleg_flag, auth_flag,
-                                   v1_format, oid, gss_context, ret_flags)
+static int client_establish_context(s, service_name, gss_flags, auth_flag,
+                                   v1_format, oid, gss_context, ret_flags, replay_flag,
+                    seq_flag, mutual_flag)
      int s;
      char *service_name;
      gss_OID oid;
-     OM_uint32 deleg_flag;
+     OM_uint32 gss_flags;
      int auth_flag;
      int v1_format;
      gss_ctx_id_t *gss_context;
@@ -191,8 +192,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag,
                                gss_context,
                                target_name,
                                oid,
-                               GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-                               deleg_flag,
+                               gss_flags,
                                0,
                                NULL,   /* no channel bindings */
                                token_ptr,
@@ -301,7 +301,7 @@ static void read_file(file_name, in_buf)
  *     host            (r) the host providing the service
  *     port            (r) the port to connect to on host
  *     service_name    (r) the GSS-API service name to authenticate to
- *     deleg_flag      (r) GSS-API delegation flag (if any)
+ *     gss_flags       (r) GSS-API delegation flag (if any)
  *     auth_flag       (r) whether to do authentication
  *     wrap_flag       (r) whether to do message wrapping at all
  *     encrypt_flag    (r) whether to do encryption while wrapping
@@ -320,14 +320,14 @@ static void read_file(file_name, in_buf)
  * reads back a GSS-API signature block for msg from the server, and
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.  */
-static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
+static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
                       wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
                       mcount)
      char *host;
      u_short port;
      gss_OID oid;
      char *service_name;
-     OM_uint32 deleg_flag;
+     OM_uint32 gss_flags;
      int auth_flag, wrap_flag, encrypt_flag, mic_flag;
      int v1_format;
      char *msg;
@@ -357,7 +357,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag,
          return -1;
 
      /* Establish context */
-     if (client_establish_context(s, service_name, deleg_flag, auth_flag,
+     if (client_establish_context(s, service_name, gss_flags, auth_flag,
                                  v1_format, oid, &context,
                                  &ret_flags) < 0) {
          (void) close(s);
@@ -581,7 +581,8 @@ int main(argc, argv)
      char *mechanism = 0;
      u_short port = 4444;
      int use_file = 0;
-     OM_uint32 deleg_flag = 0, min_stat;
+     OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+     OM_uint32 min_stat;
      gss_OID oid = GSS_C_NULL_OID;
      int mcount = 1, ccount = 1;
      int i;
@@ -603,7 +604,13 @@ int main(argc, argv)
               if (!argc) usage();
               mechanism = *argv;
           } else if (strcmp(*argv, "-d") == 0) {
-              deleg_flag = GSS_C_DELEG_FLAG;
+              gss_flags |= GSS_C_DELEG_FLAG;
+          } else if (strcmp(*argv, "-seq") == 0) {
+              gss_flags |= GSS_C_SEQUENCE_FLAG;
+          } else if (strcmp(*argv, "-noreplay") == 0) {
+              gss_flags &= ~GSS_C_REPLAY_FLAG;
+          } else if (strcmp(*argv, "-nomutual") == 0) {
+              gss_flags &= ~GSS_C_MUTUAL_FLAG;
          } else if (strcmp(*argv, "-f") == 0) {
               use_file = 1;
          } else if (strcmp(*argv, "-q") == 0) {
@@ -644,7 +651,7 @@ int main(argc, argv)
 
      for (i = 0; i < ccount; i++) {
        if (call_server(server_host, port, oid, service_name,
-                      deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+                      gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
                       v1_format,                      msg, use_file, mcount) < 0)
         exit(1);
      }