r6705: let the gensec module decide if messages can be signed and sealed in a different

order than a strict request - reply sequence

Note: we should also fix the client code...

metze
(This used to be commit 0a61d1f65150546f7a7582512ca010d156f963bf)

3 files changed, 10 insertions, 0 deletions

diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 71c00c5157..268881e4ba 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -39,6 +39,7 @@ struct gensec_target {
 #define GENSEC_FEATURE_SIGN		0x00000002
 #define GENSEC_FEATURE_SEAL		0x00000004
 #define GENSEC_FEATURE_DCE_STYLE	0x00000008
+#define GENSEC_FEATURE_ASYNC_REPLIES	0x00000010
 
 /* GENSEC mode */
 enum gensec_role
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 254736688b..ac007ae3ab 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -183,6 +183,11 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
 		gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_SESSION_KEY;
 	}
 
+	/* only NTLMv2 can handle async replies */
+	if (gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
+		gensec_ntlmssp_state->have_features |= GENSEC_FEATURE_ASYNC_REPLIES;
+	}
+
 	return status;
 }
 
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index cb1cdc9416..12e24859ec 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -742,6 +742,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
 	call->state_flags	= call->conn->dce_ctx->state_flags;
 	call->time		= timeval_current();
 
+	if (!gensec_have_feature(call->conn->auth_state.gensec_security, GENSEC_FEATURE_ASYNC_REPLIES)) {
+		call->state_flags &= ~DCESRV_CALL_STATE_FLAG_MAY_ASYNC;
+	}
+
 	context = dcesrv_find_context(call->conn, call->pkt.u.request.context_id);
 	if (context == NULL) {
 		return dcesrv_fault(call, DCERPC_FAULT_UNK_IF);