* gss-client.c (main, client_establish_context): If the -d flag is

	given to the client, then try to delegate credentials when
	establishing the context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7265 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index f15c38c0536355925cd71b6366bd7cc3f71ce375..18b5a421ccf098ede89b15ff32df07d89a927461 100644 (file)
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,9 @@
+Wed Jan  3 21:55:30 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+       * gss-client.c (main, client_establish_context): If the -d flag is
+               given to the client, then try to delegate credentials when
+               establishing the context.
+
 Thu Oct 12 11:15:28 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
        * gss-misc.c (recv_token): When continuing partial read, decrease

diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README
index 0ec6bb7d7c6bb92d24817b10dc84ec50ac8d0da0..a8d0afa7e253aa2bb8aa40482ad7ca638da3fb78 100644 (file)
--- a/src/appl/gss-sample/README
+++ b/src/appl/gss-sample/README
@@ -41,20 +41,26 @@ interfaces.
 
 The server's command line usage is
 
-       gss-server [-port port] service_name
+       gss-server [-port port] [-v2] service_name
 
 where service_name is a GSS-API service name of the form
 "service@host".  The server will accept TCP connections on port
-(default 4444) and establish contexts as service_name.
+(default 4444) and establish contexts as service_name.  The -v2 option
+means that the GSSAPI v2 calls should be used (and tested).
+
 
 The client's command line usage is
 
-       gss-client [-port port] host service_name msg
+       gss-client [-port port] [-v2] [-d] host service_name msg
 
 where host is the host running the server, service_name is the service
 name that the server will establish connections as, and msg is the
 message.  The client connects to the TCP on <host:port> (default 4444)
-and performs the exchange.
+and performs the exchange. The "-d" option specifies delegation -
+a forwardable TGT will be sent to the server, which will put it in
+its credential cache (you must kinit -f for this to work). 
+The -v2 option means that the GSSAPI v2 calls should be used (and
+tested).
 
 If you are using this sample application with OpenVision's Kerberos 5
 GSS-API mechanism:

diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index 56e07c2d6c908938da991ebc19dc0b1db1794587..3827336ffe349276268a930cb96a7fb009dfd986 100644 (file)
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -41,13 +41,16 @@ int call_server();
 
 int send_token();
 int recv_token();
+
+int deleg_flag;
 void display_status();
 
 extern FILE *display_file;
 
 usage()
 {
-     fprintf(stderr, "Usage: gss-client [-port port] [-v2] host service msg\n");
+     fprintf(stderr, "Usage: gss-client [-port port] [-d] [-v2] host service \
+msg\n");
      exit(1);
 }
 
@@ -60,6 +63,7 @@ main(argc, argv)
      int v2 = 0;
      
      display_file = stdout;
+     deleg_flag = 0;
 
      /* Parse arguments. */
      argc--; argv++;
@@ -70,6 +74,8 @@ main(argc, argv)
               port = atoi(*argv);
          } else if (strcmp(*argv, "-v2") == 0) {
               v2 = 1;
+         } else if (strcmp(*argv, "-d") == 0) {
+              deleg_flag = GSS_C_DELEG_FLAG;
          } else 
               break;
          argc--; argv++;
@@ -446,7 +452,8 @@ int client_establish_context(s, service_name, gss_context)
                                    gss_context,
                                    target_name,
                                    GSS_C_NULL_OID,
-                                   GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+                                   GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+                                                       deleg_flag,
                                    0,
                                    NULL,       /* no channel bindings */
                                    token_ptr,