git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ed88012
)
s3-gse: verify that we got GSS_C_DCE_STYLE when expected
author
Stefan Metzmacher
<metze@samba.org>
Sat, 14 Jan 2012 10:27:21 +0000
(11:27 +0100)
committer
Stefan Metzmacher
<metze@samba.org>
Wed, 18 Jan 2012 15:23:24 +0000
(16:23 +0100)
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.
metze
source3/librpc/crypto/gse.c
patch
|
blob
|
history
diff --git
a/source3/librpc/crypto/gse.c
b/source3/librpc/crypto/gse.c
index 76f6109e9337826f3b3c59806680d1a9815963e6..5a5492f80aca935e1b7f6c1c3e19c7260b4fb834 100644
(file)
--- a/
source3/librpc/crypto/gse.c
+++ b/
source3/librpc/crypto/gse.c
@@
-552,6
+552,17
@@
static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
}
}
+ /* GSS_C_DCE_STYLE */
+ if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) {
+ if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
+ if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
return NT_STATUS_OK;
}