server: Implement flag filtering enforcement

Resolves: https://fedorahosted.org/gss-proxy/ticket/109

Reviewed-by: Günther Deschner <gdeschner@redhat.com>

3 files changed, 11 insertions, 0 deletions

diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 5337390..60c4e12 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -548,3 +548,9 @@ done:
 
     return ret_maj;
 }
+
+void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags)
+{
+    *flags |= gpcall->service->enforce_flags;
+    *flags &= ~gpcall->service->filter_flags;
+}
diff --git a/proxy/src/gp_rpc_creds.h b/proxy/src/gp_rpc_creds.h
index 6389ebe..4c8febb 100644
--- a/proxy/src/gp_rpc_creds.h
+++ b/proxy/src/gp_rpc_creds.h
@@ -46,4 +46,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min,
                            gss_OID_set *actual_mechs,
                            uint32_t *initiator_time_rec,
                            uint32_t *acceptor_time_rec);
+
+void gp_filter_flags(struct gp_call_ctx *gpcall, uint32_t *flags);
+
 #endif /* _GP_RPC_CREDS_H_ */
diff --git a/proxy/src/gp_rpc_init_sec_context.c b/proxy/src/gp_rpc_init_sec_context.c
index 76ffaab..5e5d6f1 100644
--- a/proxy/src/gp_rpc_init_sec_context.c
+++ b/proxy/src/gp_rpc_init_sec_context.c
@@ -119,6 +119,8 @@ int gp_init_sec_context(struct gp_call_ctx *gpcall,
         }
     }
 
+    gp_filter_flags(gpcall, &req_flags);
+
     ret_maj = gss_init_sec_context(&ret_min,
                                    ich,
                                    &ctx,