From c9cfeb636a976af770b857e7470ea2f574939696 Mon Sep 17 00:00:00 2001 From: Jake Scott Date: Thu, 29 Aug 2024 13:38:30 -0400 Subject: [PATCH] channel-bindings --- v3/channelbinding.go | 6 +++--- v3/provider.go | 17 ++++++++++++----- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/v3/channelbinding.go b/v3/channelbinding.go index bb4ecc7..099f2ff 100644 --- a/v3/channelbinding.go +++ b/v3/channelbinding.go @@ -3,11 +3,11 @@ package gssapi import "net" -type gssAddressFamily int +type GssAddressFamily int const ( - GssAddrFamilyUNSPEC gssAddressFamily = 0 - GssAddrFamilyLOCAL gssAddressFamily = 1 << iota + GssAddrFamilyUNSPEC GssAddressFamily = 0 + GssAddrFamilyLOCAL GssAddressFamily = 1 << iota GssAddrFamilyINET GssAddrFamilyIMPLINK GssAddrFamilyPUP diff --git a/v3/provider.go b/v3/provider.go index 98e8243..9f5c368 100644 --- a/v3/provider.go +++ b/v3/provider.go @@ -43,10 +43,11 @@ func NewProvider(name string) Provider { type QoP uint type InitSecContextOptions struct { - Credential Credential - Mech GssMech - Flags ContextFlag - Lifetime time.Duration + Credential Credential + Mech GssMech + Flags ContextFlag + Lifetime time.Duration + ChannelBinding *ChannelBinding } type InitSecContextOption func(o *InitSecContextOptions) @@ -75,6 +76,12 @@ func WithInitiatorLifetime(life time.Duration) InitSecContextOption { } } +func WithChannelBinding(cb *ChannelBinding) InitSecContextOption { + return func(o *InitSecContextOptions) { + o.ChannelBinding = cb + } +} + // Provider is the interface that defines the top level GSSAPI functions that // create name, credential and security contexts type Provider interface { @@ -125,7 +132,7 @@ type Provider interface { // // A partially established context may allow the creation of protected messages. // Check the [SecContextInfo.ProtectionReady] flag by calling [SecContext.Inquire()]. - AcceptSecContext(cred Credential, inputToken []byte) (SecContext, []byte, error) // RFC 2743 § 2.2.2 + AcceptSecContext(cred Credential, inputToken []byte, cb *ChannelBinding) (SecContext, []byte, error) // RFC 2743 § 2.2.2 // ImportSecContext corresponds to the GSS_Import_sec_context function from RFC 2743 § 2.2.9 // Parameters: