s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG

metze
author: Stefan Metzmacher <metze@samba.org> 2012-01-20 15:55:55 +0100
committer: Stefan Metzmacher <metze@samba.org> 2012-01-20 23:55:54 +0100
commit: 7fe189749edf5c081be6f3a350072caa0c8b3d98 (patch)
tree: a4b3781521b9246e2ae69331a266dd353300ba71
parent: 6f0f10c798639923eb0500751fdcef3930d1ebea (diff)
download: samba-7fe189749edf5c081be6f3a350072caa0c8b3d98.tar.gz
samba-7fe189749edf5c081be6f3a350072caa0c8b3d98.tar.bz2
samba-7fe189749edf5c081be6f3a350072caa0c8b3d98.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 7cf116522d..5bd2740a5a 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -189,6 +189,7 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
 		gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
 	}
 	if (do_seal) {
+		gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
 		gse_ctx->gss_want_flags |= GSS_C_CONF_FLAG;
 	}
 
@@ -548,6 +549,11 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
 		if (!(gse_ctx->gss_got_flags & GSS_C_CONF_FLAG)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
+
+		/* GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG */
+		if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
 	}
 
 	/* GSS_C_DCE_STYLE */
author	Stefan Metzmacher <metze@samba.org>	2012-01-20 15:55:55 +0100
committer	Stefan Metzmacher <metze@samba.org>	2012-01-20 23:55:54 +0100
commit	7fe189749edf5c081be6f3a350072caa0c8b3d98 (patch)
tree	a4b3781521b9246e2ae69331a266dd353300ba71
parent	6f0f10c798639923eb0500751fdcef3930d1ebea (diff)
download	samba-7fe189749edf5c081be6f3a350072caa0c8b3d98.tar.gz samba-7fe189749edf5c081be6f3a350072caa0c8b3d98.tar.bz2 samba-7fe189749edf5c081be6f3a350072caa0c8b3d98.zip