# A policy which is used to validate channel-bindings.
#
abfab_channel_bindings {
- if (GSS-Acceptor-Service-Name && (outer.request:GSS-Acceptor-Service-Name != GSS-Acceptor-Service-Name)) {
+ if (&GSS-Acceptor-Service-Name && (&outer.request:GSS-Acceptor-Service-Name != &GSS-Acceptor-Service-Name)) {
reject
}
- if (GSS-Acceptor-Host-Name && outer.request:GSS-Acceptor-Host-Name != GSS-Acceptor-Host-Name ) {
+ if (&GSS-Acceptor-Host-Name && &outer.request:GSS-Acceptor-Host-Name != &GSS-Acceptor-Host-Name ) {
reject
}
- if (GSS-Acceptor-Realm-Name && outer.request:GSS-Acceptor-Realm-Name != GSS-Acceptor-Realm-Name ) {
+ if (&GSS-Acceptor-Realm-Name && &outer.request:GSS-Acceptor-Realm-Name != &GSS-Acceptor-Realm-Name ) {
reject
}
- if (GSS-Acceptor-Service-Name || GSS-Acceptor-Realm-Name || GSS-Acceptor-Host-Name) {
+ if (&GSS-Acceptor-Service-Name || &GSS-Acceptor-Realm-Name || &GSS-Acceptor-Host-Name) {
update control {
- Chbind-Response-Code := success
+ &Chbind-Response-Code := success
}
#
# then they won't be copied to the reply.
#
update reply {
- GSS-Acceptor-Service-Name = &GSS-Acceptor-Service-Name
- GSS-Acceptor-Host-Name = &GSS-Acceptor-Host-Name
- GSS-Acceptor-Realm-Name = &GSS-Acceptor-Realm-Name
+ &GSS-Acceptor-Service-Name = &GSS-Acceptor-Service-Name
+ &GSS-Acceptor-Host-Name = &GSS-Acceptor-Host-Name
+ &GSS-Acceptor-Realm-Name = &GSS-Acceptor-Realm-Name
}
}