auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client

On the server this check is deferred to the first request. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2016-09-01 11:00:54 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2016-10-26 11:20:12 +0200
commit: 5204ad6a14d4ff4ecb5ed38e2a8680426bb5ed52 (patch)
tree: 67eb8ab6da61dd6d21bd8d4c0cbb302b0fa304ca /auth/gensec/gensec_start.c
parent: 5db81a11013541eb9c543501e37d670471727cee (diff)
download: samba-5204ad6a14d4ff4ecb5ed38e2a8680426bb5ed52.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 1e616277dad..89a7a9b1ea5 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -742,7 +742,9 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
 	if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
-		gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+		if (gensec_security->gensec_role == GENSEC_CLIENT) {
+			gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
+		}
 	} else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
 		gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
 		gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
author	Stefan Metzmacher <metze@samba.org>	2016-09-01 11:00:54 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2016-10-26 11:20:12 +0200
commit	5204ad6a14d4ff4ecb5ed38e2a8680426bb5ed52 (patch)
tree	67eb8ab6da61dd6d21bd8d4c0cbb302b0fa304ca /auth/gensec/gensec_start.c
parent	5db81a11013541eb9c543501e37d670471727cee (diff)
download	samba-5204ad6a14d4ff4ecb5ed38e2a8680426bb5ed52.tar.gz