summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-01-14 11:27:21 +0100
committerStefan Metzmacher <metze@samba.org>2012-01-18 16:23:24 +0100
commitc5864deadcd24dcf1f9a99607deacc635e091fd4 (patch)
treeefa54befe0c823f54701e7f12cb2509e0b32b1bd
parented88012dd22c330117ed81c9adcc9e5c6e545bf8 (diff)
downloadsamba-c5864deadcd24dcf1f9a99607deacc635e091fd4.tar.gz
samba-c5864deadcd24dcf1f9a99607deacc635e091fd4.tar.bz2
samba-c5864deadcd24dcf1f9a99607deacc635e091fd4.zip
s3-gse: verify that we got GSS_C_DCE_STYLE when expected
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it. metze
-rw-r--r--source3/librpc/crypto/gse.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 76f6109e93..5a5492f80a 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -552,6 +552,17 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
}
}
+ /* GSS_C_DCE_STYLE */
+ if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) {
+ if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
+ if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
return NT_STATUS_OK;
}