diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-05-12 11:05:15 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-21 21:05:09 +0200 |
commit | 8ddf3166d488f36c53f80080f7f17c78831080bc (patch) | |
tree | 0a8e2f79da7b8588fc9308fe4423a0f0a82c2152 /auth | |
parent | 0ff6a1ae1f2b6a4a5bfa458c0a1d56405e28df44 (diff) | |
download | samba-8ddf3166d488f36c53f80080f7f17c78831080bc.tar.gz |
auth/spnego: always announce GENSEC_FEATURE_SIGN_PKT_HEADER support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/gensec/spnego.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 645c8b2e087..ed7f3d71d68 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -1632,6 +1632,20 @@ static bool gensec_spnego_have_feature(struct gensec_security *gensec_security, uint32_t feature) { struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; + + if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) { + /* + * All mechs with sub (child) mechs need to provide DCERPC + * header signing! This is required because the negotiation + * of header signing is done before the authentication + * is completed. + * + * Currently all our backends support DCERPC with: + * GENSEC_FEATURE_SIGN_PKT_HEADER. + */ + return true; + } + if (!spnego_state->sub_sec_security) { return false; } |