From 14d6f0bc30db9e400fe9cef53b0fd29f3798ad7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steffen=20Kie=C3=9F?= <kiess@ki4.de>
Date: Mon, 31 May 2021 16:38:21 +0200
Subject: [PATCH] Add support for GSS_C_CHANNEL_BOUND_FLAG
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

MIT krb5 version 1.19 will set GSS_C_CHANNEL_BOUND_FLAG when channel
binding succeeds. This will cause gssapi to fail with the error message:

ValueError: 2048 is not a valid RequirementFlag

Add support for GSS_C_CHANNEL_BOUND_FLAG to fix this.

Signed-off-by: Steffen Kieß <kiess@ki4.de>
---
 gssapi/raw/types.pyx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gssapi/raw/types.pyx b/gssapi/raw/types.pyx
index d99f74a5..63f37f84 100644
--- a/gssapi/raw/types.pyx
+++ b/gssapi/raw/types.pyx
@@ -62,6 +62,10 @@ class RequirementFlag(IntEnum, metaclass=ExtendableEnum):
     # support it will ignore it.
     ok_as_delegate = 32768
 
+    # GSS_C_CHANNEL_BOUND_FLAG, implemented in MIT krb5-1.19
+    # See https://datatracker.ietf.org/doc/html/draft-ietf-kitten-channel-bound-flag-04
+    channel_bound = 2048
+
 
 class AddressType(IntEnum, metaclass=ExtendableEnum):
     """