Index: src/client.c
===================================================================
RCS file: /cvs/oss/cvs/src/cvs/src/client.c,v
retrieving revision 1.1.1.3
retrieving revision 1.4
diff -c -r1.1.1.3 -r1.4
*** client.c	2001/08/17 20:31:22	1.1.1.3
--- client.c	2001/10/03 14:42:38	1.4
***************
*** 4199,4209 ****
      gss_buffer_desc *tok_in_ptr, tok_in, tok_out;
      OM_uint32 stat_min, stat_maj;
      gss_name_t server_name;
  
!     str = "BEGIN GSSAPI REQUEST\012";
  
      if (send (sock, str, strlen (str), 0) < 0)
  	error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
  
      sprintf (buf, "cvs@%s", hostinfo->h_name);
      tok_in.length = strlen (buf);
--- 4199,4223 ----
      gss_buffer_desc *tok_in_ptr, tok_in, tok_out;
      OM_uint32 stat_min, stat_maj;
      gss_name_t server_name;
+     char *username;
  
!     if ( current_parsed_root->username != NULL ) {
!         str = "BEGIN GSSAPI-U REQUEST\012";
! 	fprintf(stderr,"development test of GSSAPI-U username=%s\n", current_parsed_root->username);
!     } else {
!         str = "BEGIN GSSAPI REQUEST\012";
!     }
  
      if (send (sock, str, strlen (str), 0) < 0)
  	error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+ 
+     if ( current_parsed_root->username != NULL ) {
+ 	str = current_parsed_root->username;
+ 	if (send (sock, str, strlen (str), 0) < 0)
+ 	    error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+ 	if (send (sock, "\012", 1, 0) < 0)
+ 	    error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
+     }
  
      sprintf (buf, "cvs@%s", hostinfo->h_name);
      tok_in.length = strlen (buf);
Index: src/server.c
===================================================================
RCS file: /cvs/oss/cvs/src/cvs/src/server.c,v
retrieving revision 1.1.1.3
retrieving revision 1.6
diff -c -r1.1.1.3 -r1.6
*** server.c	2001/08/17 20:31:23	1.1.1.3
--- server.c	2001/10/03 14:42:38	1.6
***************
*** 33,39 ****
  /* We need this to wrap data.  */
  static gss_ctx_id_t gcontext;
  
! static void gserver_authenticate_connection PROTO((void));
  
  /* Whether we are already wrapping GSSAPI communication.  */
  static int cvs_gssapi_wrapping;
--- 33,39 ----
  /* We need this to wrap data.  */
  static gss_ctx_id_t gcontext;
  
! static void gserver_authenticate_connection PROTO((char *));
  
  /* Whether we are already wrapping GSSAPI communication.  */
  static int cvs_gssapi_wrapping;
***************
*** 5752,5763 ****
      {
  #ifdef HAVE_GSSAPI
  	free (tmp);
! 	gserver_authenticate_connection ();
  	return;
  #else
  	error (1, 0, "GSSAPI authentication not supported by this server");
  #endif
      }
      else
  	error (1, 0, "bad auth protocol start: %s", tmp);
  
--- 5752,5779 ----
      {
  #ifdef HAVE_GSSAPI
  	free (tmp);
! 	gserver_authenticate_connection ((char *)0);
  	return;
  #else
  	error (1, 0, "GSSAPI authentication not supported by this server");
  #endif
      }
+     else if (strcmp (tmp, "BEGIN GSSAPI-U REQUEST\n") == 0)
+     {
+ #ifdef HAVE_GSSAPI
+ 	free (tmp);
+         getline_safe (&username, &username_allocated, stdin, PATH_MAX);
+         strip_trailing_newlines (username);
+ 	gserver_authenticate_connection (username);
+ 	if (username_allocated)  {
+ 	   free(username);
+  	   username_allocated = 0;
+         }
+ 	return;
+ #else
+ 	error (1, 0, "GSSAPI authentication not supported by this server");
+ #endif
+     }
      else
  	error (1, 0, "bad auth protocol start: %s", tmp);
  
***************
*** 5956,5962 ****
     the same way.  */
  
  static void
! gserver_authenticate_connection ()
  {
      char hostname[MAXHOSTNAMELEN];
      struct hostent *hp;
--- 5972,5978 ----
     the same way.  */
  
  static void
! gserver_authenticate_connection ( char *username )
  {
      char hostname[MAXHOSTNAMELEN];
      struct hostent *hp;
***************
*** 6033,6039 ****
  			      &mechid) != GSS_S_COMPLETE
  	    || krb5_parse_name (kc, ((gss_buffer_t) &desc)->value, &p) != 0
! 	    || krb5_aname_to_localname (kc, p, sizeof buf, buf) != 0
! 	    || krb5_kuserok (kc, p, buf) != TRUE)
  	{
  	    error (1, 0, "access denied");
  	}
--- 6049,6055 ----
  			      &mechid) != GSS_S_COMPLETE
  	    || krb5_parse_name (kc, ((gss_buffer_t) &desc)->value, &p) != 0
! 	    || (krb5_aname_to_localname (kc, p, sizeof buf, buf) != 0 && !username)
! 	    || krb5_kuserok (kc, p, (username ? username: buf)) != TRUE)
  	{
  	    error (1, 0, "access denied");
  	}
***************
*** 6053,6059 ****
  	    error (1, errno, "fwrite failed");
      }
  
!     switch_to_user (buf);
  
      printf ("I LOVE YOU\n");
      fflush (stdout);
--- 6069,6078 ----
  	    error (1, errno, "fwrite failed");
      }
  
! #ifdef HAVE_SYSLOG_H
!     syslog (LOG_DAEMON | LOG_ERR, "gserver: switching to user %s", (username ? username :buf));
! #endif
!     switch_to_user (username ? username : buf);
  
      printf ("I LOVE YOU\n");
      fflush (stdout);