ntlmssp: Refuse to seal if we did not negotiate to sign

author Andrew Bartlett <abartlet@samba.org>

Sat, 15 Oct 2011 03:56:11 +0000 (14:56 +1100)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 18 Oct 2011 02:13:33 +0000 (13:13 +1100)
author Andrew Bartlett <abartlet@samba.org>
Sat, 15 Oct 2011 03:56:11 +0000 (14:56 +1100)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 18 Oct 2011 02:13:33 +0000 (13:13 +1100)
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c

index 019ea3ce3b3b99574db5bbb74bf0bf47be3e89c9..a5c57d8423f43553ef3a34fad71ae745944e5a49 100644 (file)
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -274,6 +274,11 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
+       if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+               DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
         if (!ntlmssp_state->session_key.length) {
                 DEBUG(3, ("NO session key, cannot seal packet\n"));
                 return NT_STATUS_NO_USER_SESSION_KEY;
author	Andrew Bartlett <abartlet@samba.org>
	Sat, 15 Oct 2011 03:56:11 +0000 (14:56 +1100)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 18 Oct 2011 02:13:33 +0000 (13:13 +1100)