From 6a096c0a0a37d2fa9e0b03edce05929a7d98f390 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Sat, 16 Nov 2013 17:01:24 -0500
Subject: config: Add code to source flag filters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

2 New configuration options are made available:
- filter_flags
- enforce_flags

Any GSS Flags listed in the filter_flags option is forcibly filtered
out before a gss_init_sec_context() call is invoked.
Any GSS Flags listed in the enforce_flags option is forcibly added
to the list of flags requested by a gss_init_sec_context() call is
invoked.

Flags can be either literals or numeric and must be preceded by the
sign + (to add to the list) or - (to remove from the list).

Resolves: https://fedorahosted.org/gss-proxy/ticket/109

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
---
 proxy/src/gp_proxy.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'proxy/src/gp_proxy.h')

diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
index 8390f5d..b6c64ae 100644
--- a/proxy/src/gp_proxy.h
+++ b/proxy/src/gp_proxy.h
@@ -57,6 +57,8 @@ struct gp_service {
     char *socket;
     SELINUX_CTX selinux_ctx;
     gss_cred_usage_t cred_usage;
+    uint32_t filter_flags;
+    uint32_t enforce_flags;
 
     uint32_t mechs;
     struct gp_cred_krb5 krb5;
-- 
cgit