gensec: Refuse to seal if we did not negotiate to sign

[obnox/samba/samba-obnox.git] / auth / gensec / gensec.c

diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index c0ebc68bb5edd69c29ff574b4385acb3baee18fb..b7f89f1d563be08ea7431c8a8d3f7b0ab50edf43 100644 (file)
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -76,6 +76,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
        if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
                return NT_STATUS_INVALID_PARAMETER;
        }
+       if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
        return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
 }