diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-06-19 14:46:53 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2015-07-11 21:59:25 +0200 |
commit | 54b9c1c8cb58608cfaa98fc75654557f8fab2df7 (patch) | |
tree | 1d9c8508511f2fd0f56ca8df3d85d8e1777b5c3e | |
parent | b6a59bbd3fb775ce40a45d71d69ba4f777651a8b (diff) | |
download | samba-54b9c1c8cb58608cfaa98fc75654557f8fab2df7.tar.gz |
auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if
GENSEC_FEATURE_SEAL is negotiated.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3542d33314e32279340f07f995c1dcbd16106352)
-rw-r--r-- | auth/gensec/gensec.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index ea628617971..01c4ac6d954 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -39,9 +39,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, if (!gensec_security->ops->unseal_packet) { return NT_STATUS_NOT_IMPLEMENTED; } + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { + return NT_STATUS_INVALID_PARAMETER; + } if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { return NT_STATUS_INVALID_PARAMETER; } + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { + return NT_STATUS_INVALID_PARAMETER; + } return gensec_security->ops->unseal_packet(gensec_security, data, length, @@ -79,6 +85,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return NT_STATUS_INVALID_PARAMETER; } + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { + return NT_STATUS_INVALID_PARAMETER; + } return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } @@ -107,6 +116,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return 0; } + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { + return 0; + } + } return gensec_security->ops->sig_size(gensec_security, data_size); } |