diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-06-20 16:19:31 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2015-07-11 21:59:25 +0200 |
commit | 55709541204cb1066c13744a4c577bf3c02b2e3c (patch) | |
tree | 42c0da73479e09478fd202007b7c55a98b71f7bc | |
parent | 54b9c1c8cb58608cfaa98fc75654557f8fab2df7 (diff) | |
download | samba-55709541204cb1066c13744a4c577bf3c02b2e3c.tar.gz |
auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given
auth_level and should not have GENSEC_FEATURE_SEAL if
DCERPC_AUTH_LEVEL_INTEGRITY is desired.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 756508c8c37b0370301a096e35abc171fe08d31c)
-rw-r--r-- | auth/gensec/gensec_start.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index e46f0ee8510..8b649e51908 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -701,6 +701,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s return NT_STATUS_INVALID_PARAMETER; } gensec_security->dcerpc_auth_level = auth_level; + /* + * We need to reset sign/seal in order to reset it. + * We may got some default features inherited by the credentials + */ + gensec_security->want_features &= ~GENSEC_FEATURE_SIGN; + gensec_security->want_features &= ~GENSEC_FEATURE_SEAL; gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE); gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES); if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { |