diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-10-31 15:55:57 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2018-12-23 21:33:51 +0100 |
commit | be2a67319d1b0f423d8fa19137c9a953398ddd50 (patch) | |
tree | 58a0ec451f169e0173c09a8f78a96ab04818fcb5 /auth | |
parent | b34eb437fe2508ad445125bc7139300981c43002 (diff) | |
download | samba-be2a67319d1b0f423d8fa19137c9a953398ddd50.tar.gz |
auth/gensec: enforce that all DCERPC contexts support SIGN_PKT_HEADER
That's currently always the case and will simplifies the callers.
WORKS now???
TDB_NO_FSYNC=1 buildnice make -j test FAIL_IMMEDIATELY=1 SOCKET_WRAPPER_KEEP_PCAP=1 TESTS='samba4.rpc.lsa.secrets.*ncacn_np.*Kerberos.*Samba3.*fl2000dc'
and
TDB_NO_FSYNC=1 buildnice make -j test FAIL_IMMEDIATELY=1 SOCKET_WRAPPER_KEEP_PCAP=1 TESTS='samba3.rpc.lsa.*ncacn_ip_tcp.*nt4_dc'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 23 21:33:51 CET 2018 on sn-devel-144
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/gensec.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index e021d0ce3fe..91d8cce3f4c 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -293,6 +293,8 @@ _PUBLIC_ size_t gensec_max_update_size(struct gensec_security *gensec_security) static NTSTATUS gensec_verify_features(struct gensec_security *gensec_security) { + bool ok; + /* * gensec_want_feature(GENSEC_FEATURE_SIGN) * and @@ -319,6 +321,20 @@ static NTSTATUS gensec_verify_features(struct gensec_security *gensec_security) } } + if (gensec_security->dcerpc_auth_level < DCERPC_AUTH_LEVEL_PACKET) { + return NT_STATUS_OK; + } + + ok = gensec_have_feature(gensec_security, + GENSEC_FEATURE_SIGN_PKT_HEADER); + if (!ok) { + DBG_ERR("backend [%s] does not support header signing! " + "auth_level[0x%x]\n", + gensec_security->ops->name, + gensec_security->dcerpc_auth_level); + return NT_STATUS_INTERNAL_ERROR; + } + return NT_STATUS_OK; } |