Skip to content

Commit

Permalink
Add support for GSS_C_CHANNEL_BOUND_FLAG
Browse files Browse the repository at this point in the history 
MIT krb5 version 1.19 will set GSS_C_CHANNEL_BOUND_FLAG when channel
binding succeeds. This will cause gssapi to fail with the error message:

ValueError: 2048 is not a valid RequirementFlag

Add support for GSS_C_CHANNEL_BOUND_FLAG to fix this.

Signed-off-by: Steffen Kieß <kiess@ki4.de>
[rharwood@redhat.com: Shorten too-long URL]
  • Loading branch information
@steffen-kiess @frozencemetery
steffen-kiess authored and frozencemetery committed Jun 1, 2021
1 parent 737330b commit 0652ca6
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions gssapi/raw/types.pyx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@ class RequirementFlag(IntEnum, metaclass=ExtendableEnum):
# support it will ignore it.
ok_as_delegate = 32768

# GSS_C_CHANNEL_BOUND_FLAG, implemented in MIT krb5-1.19
# See draft-ietf-kitten-channel-bound-flag-04
channel_bound = 2048


class AddressType(IntEnum, metaclass=ExtendableEnum):
"""
Expand Down

0 comments on commit 0652ca6

Please sign in to comment.