diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-06-20 16:19:31 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-06-23 14:38:53 +0200 |
commit | 756508c8c37b0370301a096e35abc171fe08d31c (patch) | |
tree | 46007ab8495492b2e5f94abcdd820ebf0eb46cfb /auth/gensec/gensec_start.c | |
parent | 3542d33314e32279340f07f995c1dcbd16106352 (diff) | |
download | samba-756508c8c37b0370301a096e35abc171fe08d31c.tar.gz |
auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given
auth_level and should not have GENSEC_FEATURE_SEAL if
DCERPC_AUTH_LEVEL_INTEGRITY is desired.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/gensec/gensec_start.c')
-rw-r--r-- | auth/gensec/gensec_start.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 955cc36f4cb..be316978a0b 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -724,6 +724,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s return NT_STATUS_INVALID_PARAMETER; } gensec_security->dcerpc_auth_level = auth_level; + /* + * We need to reset sign/seal in order to reset it. + * We may got some default features inherited by the credentials + */ + gensec_security->want_features &= ~GENSEC_FEATURE_SIGN; + gensec_security->want_features &= ~GENSEC_FEATURE_SEAL; gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE); gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES); if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { |