diff options
author | Simo Sorce <simo@redhat.com> | 2013-11-16 17:09:45 -0500 |
---|---|---|
committer | Günther Deschner <gdeschner@redhat.com> | 2013-11-20 15:26:08 +0100 |
commit | 3df6ac81f4a6d8cf6ff514e7d7f2cbe58840c393 (patch) | |
tree | 91008104605d618734344e8c217cb462506b9038 | |
parent | 6a096c0a0a37d2fa9e0b03edce05929a7d98f390 (diff) | |
download | gss-proxy-3df6ac81f4a6d8cf6ff514e7d7f2cbe58840c393.tar.gz gss-proxy-3df6ac81f4a6d8cf6ff514e7d7f2cbe58840c393.tar.xz gss-proxy-3df6ac81f4a6d8cf6ff514e7d7f2cbe58840c393.zip |
server: Implement flag filtering enforcement
Resolves: https://fedorahosted.org/gss-proxy/ticket/109
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
-rw-r--r-- | proxy/src/gp_creds.c | 6 | ||||
-rw-r--r-- | proxy/src/gp_rpc_creds.h | 3 | ||||
-rw-r--r-- | proxy/src/gp_rpc_init_sec_context.c | 2 |
3 files changed, 11 insertions, 0 deletions
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index 5337390..60c4e12 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -548,3 +548,9 @@ done: return ret_maj; } + +void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags) +{ + *flags |= gpcall->service->enforce_flags; + *flags &= ~gpcall->service->filter_flags; +} diff --git a/proxy/src/gp_rpc_creds.h b/proxy/src/gp_rpc_creds.h index 6389ebe..4c8febb 100644 --- a/proxy/src/gp_rpc_creds.h +++ b/proxy/src/gp_rpc_creds.h @@ -46,4 +46,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min, gss_OID_set *actual_mechs, uint32_t *initiator_time_rec, uint32_t *acceptor_time_rec); + +void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags); + #endif /* _GP_RPC_CREDS_H_ */ diff --git a/proxy/src/gp_rpc_init_sec_context.c b/proxy/src/gp_rpc_init_sec_context.c index 76ffaab..5e5d6f1 100644 --- a/proxy/src/gp_rpc_init_sec_context.c +++ b/proxy/src/gp_rpc_init_sec_context.c @@ -119,6 +119,8 @@ int gp_init_sec_context(struct gp_call_ctx *gpcall, } } + gp_filter_flags(gpcall, &req_flags); + ret_maj = gss_init_sec_context(&ret_min, ich, &ctx, |