CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_h...

This depends on the DCERPC auth level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index be2e94e14d805715313d8c0e3771649262f52a7b..8baf803f91203d277d1d2c224fb8ff41c25b4b69 100644 (file)
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -672,9 +672,15 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
 static bool schannel_have_feature(struct gensec_security *gensec_security,
                                         uint32_t feature)
 {
-       if (feature & (GENSEC_FEATURE_SIGN |
-                      GENSEC_FEATURE_SEAL)) {
-               return true;
+       if (gensec_security->dcerpc_auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+               if (feature & GENSEC_FEATURE_SIGN) {
+                       return true;
+               }
+       }
+       if (gensec_security->dcerpc_auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+               if (feature & GENSEC_FEATURE_SEAL) {
+                       return true;
+               }
        }
        if (feature & GENSEC_FEATURE_DCE_STYLE) {
                return true;