s3-gse: verify that we got GSS_C_DCE_STYLE when expected

author Stefan Metzmacher <metze@samba.org>

Sat, 14 Jan 2012 10:27:21 +0000 (11:27 +0100)

committer Stefan Metzmacher <metze@samba.org>

Wed, 18 Jan 2012 15:23:24 +0000 (16:23 +0100)
author Stefan Metzmacher <metze@samba.org>
Sat, 14 Jan 2012 10:27:21 +0000 (11:27 +0100)
committer Stefan Metzmacher <metze@samba.org>
Wed, 18 Jan 2012 15:23:24 +0000 (16:23 +0100)
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c

index 76f6109e9337826f3b3c59806680d1a9815963e6..5a5492f80aca935e1b7f6c1c3e19c7260b4fb834 100644 (file)
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -552,6 +552,17 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
                 }
         }
  
+       /* GSS_C_DCE_STYLE */
+       if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) {
+               if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) {
+                       return NT_STATUS_ACCESS_DENIED;
+               }
+               /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
+               if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) {
+                       return NT_STATUS_ACCESS_DENIED;
+               }
+       }
+
         return NT_STATUS_OK;
  }
author	Stefan Metzmacher <metze@samba.org>
	Sat, 14 Jan 2012 10:27:21 +0000 (11:27 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 18 Jan 2012 15:23:24 +0000 (16:23 +0100)