Add option to specify allowed usage.

Credentials can often be used both to accept and to initiate contexts. With this option admins can allow a specific usage only. This is to avoid allowing an unprivileged process to fool a remote client by allowing it to impersonate a server, when we only want to allow this service to use credentials to initiate contexts.
author: Simo Sorce <simo@redhat.com> 2013-10-14 16:41:13 -0400
committer: Simo Sorce <simo@redhat.com> 2013-10-14 17:31:11 -0400
commit: 97c47d3f12e6a236d34a12f5a66e6a1450b62388 (patch)
tree: c44b2046b710acd86867dbac5e7ff28257ce19ae /proxy/src/gp_proxy.h
parent: f513734b61873fa9bbbaec78f1221d291a0c94a5 (diff)
download: gss-proxy-97c47d3f12e6a236d34a12f5a66e6a1450b62388.tar.gz
gss-proxy-97c47d3f12e6a236d34a12f5a66e6a1450b62388.tar.xz
gss-proxy-97c47d3f12e6a236d34a12f5a66e6a1450b62388.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
index a5b3a28..5f42ffa 100644
--- a/proxy/src/gp_proxy.h
+++ b/proxy/src/gp_proxy.h
@@ -55,6 +55,7 @@ struct gp_service {
     bool kernel_nfsd;
     char *socket;
     SELINUX_CTX selinux_ctx;
+    gss_cred_usage_t cred_usage;
 
     uint32_t mechs;
     struct gp_cred_krb5 krb5;
author	Simo Sorce <simo@redhat.com>	2013-10-14 16:41:13 -0400
committer	Simo Sorce <simo@redhat.com>	2013-10-14 17:31:11 -0400
commit	97c47d3f12e6a236d34a12f5a66e6a1450b62388 (patch)
tree	c44b2046b710acd86867dbac5e7ff28257ce19ae /proxy/src/gp_proxy.h
parent	f513734b61873fa9bbbaec78f1221d291a0c94a5 (diff)
download	gss-proxy-97c47d3f12e6a236d34a12f5a66e6a1450b62388.tar.gz gss-proxy-97c47d3f12e6a236d34a12f5a66e6a1450b62388.tar.xz gss-proxy-97c47d3f12e6a236d34a12f5a66e6a1450b62388.zip