diff options
author | Simo Sorce <simo@redhat.com> | 2017-03-30 11:27:09 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-04-10 11:32:51 -0400 |
commit | 7feb7da54c0321b5a3eeb6c3797846a3cf7eda28 (patch) | |
tree | 7e55bf2b2fa50f3616452f3cededd32c8a99cad1 /src/lib/gssapi/generic/gssapi_ext.h | |
parent | c6a9fe0e7035f2f7ec98e696e549349601f05941 (diff) | |
download | krb5-7feb7da54c0321b5a3eeb6c3797846a3cf7eda28.zip krb5-7feb7da54c0321b5a3eeb6c3797846a3cf7eda28.tar.gz krb5-7feb7da54c0321b5a3eeb6c3797846a3cf7eda28.tar.bz2 |
Add support to query the SSF of a GSS context
Cyrus SASL provides a Security Strength Factor number to assess the
relative "strength" of the negotiated mechanism, and applications
sometimes make access control decisions based on it.
Add a call that allows us to query the mechanism that established the
GSS security context to ask what is the current SSF, based on the
enctype of the session key.
ticket: 8569 (new)
Diffstat (limited to 'src/lib/gssapi/generic/gssapi_ext.h')
-rw-r--r-- | src/lib/gssapi/generic/gssapi_ext.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index 9ad4421..9d3a7e7 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -575,4 +575,15 @@ gss_import_cred( } #endif +/* + * When used with gss_inquire_sec_context_by_oid(), return a buffer set with + * the first member containing an unsigned 32-bit integer in network byte + * order. This is the Security Strength Factor (SSF) associated with the + * secure channel established by the security context. NOTE: This value is + * made available solely as an indication for use by APIs like Cyrus SASL that + * classify the strength of a secure channel via this number. The strength of + * a channel cannot necessarily be represented by a simple number. + */ +GSS_DLLIMP extern gss_OID GSS_C_SEC_CONTEXT_SASL_SSF; + #endif /* GSSAPI_EXT_H_ */ |