From 22f656170d0df8d1be9bfc3e3e646ab56f647230 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Fri, 6 Feb 2004 19:05:47 +0000 Subject: [PATCH] 2004-02-06 Jeffrey Altman * Add new command line switches to the gss-client to support the use of GSS_C_SEQUENCE_FLAG or to disable the use of either GSS_C_MUTUAL_FLAG or GSS_C_REPLAY_FLAG ticket: 2212 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16023 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/gss-sample/ChangeLog | 9 ++++++++- src/appl/gss-sample/README | 8 ++++++++ src/appl/gss-sample/gss-client.c | 33 +++++++++++++++++++------------- 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 006340763..04bdc4737 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,10 @@ +2004-02-06 Jeffrey Altman + + * Add new command line switches to the gss-client + to support the use of GSS_C_SEQUENCE_FLAG or to + disable the use of either GSS_C_MUTUAL_FLAG or + GSS_C_REPLAY_FLAG + 2004-01-31 Ken Raeburn * gss-misc.c: Include sys/time.h or time.h, to get struct timeval @@ -13,7 +20,7 @@ * gss-misc.c (recv_token): Support reading 0 token flags as part of length - * gss-client.c : Support a -v1 argument meaning that no token flags are used o, + * gss-client.c : Support a -v1 argument meaning that no token flags are used, * gss-misc.c (send_token): If token flags are null, do not send them. diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index 8fc7cfee4..85232aff4 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -105,6 +105,14 @@ the following meanings: credential cache (you must have acquired your tickets with "kinit -f" for this to work). +-seq Tells the client to enforce ordered message delivery via + sequencing. + +-noreplay Tells the client to disable the use of replay + detection. + +-nomutual Tells the client to disable the use of mutual authentication. + -f Tells the client that the "msg" argument is actually the name of a file whose contents should be used as the message. diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index a66c0c9fe..898d0f8b6 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -108,7 +108,7 @@ static int connect_to_server(host, port) * * s (r) an established TCP connection to the service * service_name (r) the ASCII service name of the service - * deleg_flag (r) GSS-API delegation flag (if any) + * gss_flags (r) GSS-API delegation flag (if any) * auth_flag (r) whether to actually do authentication * oid (r) OID of the mechanism to use * context (w) the established GSS-API context @@ -128,12 +128,13 @@ static int connect_to_server(host, port) * unsuccessful, the GSS-API error messages are displayed on stderr * and -1 is returned. */ -static int client_establish_context(s, service_name, deleg_flag, auth_flag, - v1_format, oid, gss_context, ret_flags) +static int client_establish_context(s, service_name, gss_flags, auth_flag, + v1_format, oid, gss_context, ret_flags, replay_flag, + seq_flag, mutual_flag) int s; char *service_name; gss_OID oid; - OM_uint32 deleg_flag; + OM_uint32 gss_flags; int auth_flag; int v1_format; gss_ctx_id_t *gss_context; @@ -191,8 +192,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag, gss_context, target_name, oid, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | - deleg_flag, + gss_flags, 0, NULL, /* no channel bindings */ token_ptr, @@ -301,7 +301,7 @@ static void read_file(file_name, in_buf) * host (r) the host providing the service * port (r) the port to connect to on host * service_name (r) the GSS-API service name to authenticate to - * deleg_flag (r) GSS-API delegation flag (if any) + * gss_flags (r) GSS-API delegation flag (if any) * auth_flag (r) whether to do authentication * wrap_flag (r) whether to do message wrapping at all * encrypt_flag (r) whether to do encryption while wrapping @@ -320,14 +320,14 @@ static void read_file(file_name, in_buf) * reads back a GSS-API signature block for msg from the server, and * verifies it with gss_verify. -1 is returned if any step fails, * otherwise 0 is returned. */ -static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, +static int call_server(host, port, oid, service_name, gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, mcount) char *host; u_short port; gss_OID oid; char *service_name; - OM_uint32 deleg_flag; + OM_uint32 gss_flags; int auth_flag, wrap_flag, encrypt_flag, mic_flag; int v1_format; char *msg; @@ -357,7 +357,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, return -1; /* Establish context */ - if (client_establish_context(s, service_name, deleg_flag, auth_flag, + if (client_establish_context(s, service_name, gss_flags, auth_flag, v1_format, oid, &context, &ret_flags) < 0) { (void) close(s); @@ -581,7 +581,8 @@ int main(argc, argv) char *mechanism = 0; u_short port = 4444; int use_file = 0; - OM_uint32 deleg_flag = 0, min_stat; + OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; + OM_uint32 min_stat; gss_OID oid = GSS_C_NULL_OID; int mcount = 1, ccount = 1; int i; @@ -603,7 +604,13 @@ int main(argc, argv) if (!argc) usage(); mechanism = *argv; } else if (strcmp(*argv, "-d") == 0) { - deleg_flag = GSS_C_DELEG_FLAG; + gss_flags |= GSS_C_DELEG_FLAG; + } else if (strcmp(*argv, "-seq") == 0) { + gss_flags |= GSS_C_SEQUENCE_FLAG; + } else if (strcmp(*argv, "-noreplay") == 0) { + gss_flags &= ~GSS_C_REPLAY_FLAG; + } else if (strcmp(*argv, "-nomutual") == 0) { + gss_flags &= ~GSS_C_MUTUAL_FLAG; } else if (strcmp(*argv, "-f") == 0) { use_file = 1; } else if (strcmp(*argv, "-q") == 0) { @@ -644,7 +651,7 @@ int main(argc, argv) for (i = 0; i < ccount; i++) { if (call_server(server_host, port, oid, service_name, - deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag, + gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, mcount) < 0) exit(1); } -- 2.26.2