* gss-client.c (main, client_establish_context): If the -d flag is

	given to the client, then try to delegate credentials when
	establishing the context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7265 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 25 insertions, 6 deletions

diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog
index f15c38c..18b5a42 100644
--- a/src/appl/gss-sample/ChangeLog
+++ b/src/appl/gss-sample/ChangeLog
@@ -1,3 +1,9 @@
+Wed Jan  3 21:55:30 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+	* gss-client.c (main, client_establish_context): If the -d flag is
+		given to the client, then try to delegate credentials when
+		establishing the context.
+
 Thu Oct 12 11:15:28 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* gss-misc.c (recv_token): When continuing partial read, decrease
diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README
index 0ec6bb7..a8d0afa 100644
--- a/src/appl/gss-sample/README
+++ b/src/appl/gss-sample/README
@@ -41,20 +41,26 @@ interfaces.
 
 The server's command line usage is
 
-	gss-server [-port port] service_name
+	gss-server [-port port] [-v2] service_name
 
 where service_name is a GSS-API service name of the form
 "service@host".  The server will accept TCP connections on port
-(default 4444) and establish contexts as service_name.
+(default 4444) and establish contexts as service_name.  The -v2 option
+means that the GSSAPI v2 calls should be used (and tested).
+
 
 The client's command line usage is
 
-	gss-client [-port port] host service_name msg
+	gss-client [-port port] [-v2] [-d] host service_name msg
 
 where host is the host running the server, service_name is the service
 name that the server will establish connections as, and msg is the
 message.  The client connects to the TCP on <host:port> (default 4444)
-and performs the exchange.
+and performs the exchange. The "-d" option specifies delegation -
+a forwardable TGT will be sent to the server, which will put it in
+its credential cache (you must kinit -f for this to work). 
+The -v2 option means that the GSSAPI v2 calls should be used (and
+tested).
 
 If you are using this sample application with OpenVision's Kerberos 5
 GSS-API mechanism:
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index 56e07c2..3827336 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -41,13 +41,16 @@ int call_server();
 
 int send_token();
 int recv_token();
+
+int deleg_flag;
 void display_status();
 
 extern FILE *display_file;
 
 usage()
 {
-     fprintf(stderr, "Usage: gss-client [-port port] [-v2] host service msg\n");
+     fprintf(stderr, "Usage: gss-client [-port port] [-d] [-v2] host service \
+msg\n");
      exit(1);
 }
 
@@ -60,6 +63,7 @@ main(argc, argv)
      int v2 = 0;
      
      display_file = stdout;
+     deleg_flag = 0;
 
      /* Parse arguments. */
      argc--; argv++;
@@ -70,6 +74,8 @@ main(argc, argv)
 	       port = atoi(*argv);
 	  } else if (strcmp(*argv, "-v2") == 0) {
 	       v2 = 1;
+	  } else if (strcmp(*argv, "-d") == 0) {
+	       deleg_flag = GSS_C_DELEG_FLAG;
 	  } else 
 	       break;
 	  argc--; argv++;
@@ -446,7 +452,8 @@ int client_establish_context(s, service_name, gss_context)
 				    gss_context,
 				    target_name,
 				    GSS_C_NULL_OID,
-				    GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+				    GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+							deleg_flag,
 				    0,
 				    NULL,	/* no channel bindings */
 				    token_ptr,