From 3df6ac81f4a6d8cf6ff514e7d7f2cbe58840c393 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 16 Nov 2013 17:09:45 -0500 Subject: server: Implement flag filtering enforcement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/gss-proxy/ticket/109 Reviewed-by: Günther Deschner --- proxy/src/gp_creds.c | 6 ++++++ proxy/src/gp_rpc_creds.h | 3 +++ proxy/src/gp_rpc_init_sec_context.c | 2 ++ 3 files changed, 11 insertions(+) diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index 5337390..60c4e12 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -548,3 +548,9 @@ done: return ret_maj; } + +void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags) +{ + *flags |= gpcall->service->enforce_flags; + *flags &= ~gpcall->service->filter_flags; +} diff --git a/proxy/src/gp_rpc_creds.h b/proxy/src/gp_rpc_creds.h index 6389ebe..4c8febb 100644 --- a/proxy/src/gp_rpc_creds.h +++ b/proxy/src/gp_rpc_creds.h @@ -46,4 +46,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min, gss_OID_set *actual_mechs, uint32_t *initiator_time_rec, uint32_t *acceptor_time_rec); + +void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags); + #endif /* _GP_RPC_CREDS_H_ */ diff --git a/proxy/src/gp_rpc_init_sec_context.c b/proxy/src/gp_rpc_init_sec_context.c index 76ffaab..5e5d6f1 100644 --- a/proxy/src/gp_rpc_init_sec_context.c +++ b/proxy/src/gp_rpc_init_sec_context.c @@ -119,6 +119,8 @@ int gp_init_sec_context(struct gp_call_ctx *gpcall, } } + gp_filter_flags(gpcall, &req_flags); + ret_maj = gss_init_sec_context(&ret_min, ich, &ctx, -- cgit