diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-01-14 11:27:21 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-01-18 16:23:24 +0100 |
commit | c5864deadcd24dcf1f9a99607deacc635e091fd4 (patch) | |
tree | efa54befe0c823f54701e7f12cb2509e0b32b1bd | |
parent | ed88012dd22c330117ed81c9adcc9e5c6e545bf8 (diff) | |
download | samba-c5864deadcd24dcf1f9a99607deacc635e091fd4.tar.gz samba-c5864deadcd24dcf1f9a99607deacc635e091fd4.tar.bz2 samba-c5864deadcd24dcf1f9a99607deacc635e091fd4.zip |
s3-gse: verify that we got GSS_C_DCE_STYLE when expected
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.
metze
-rw-r--r-- | source3/librpc/crypto/gse.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 76f6109e93..5a5492f80a 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -552,6 +552,17 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx) } } + /* GSS_C_DCE_STYLE */ + if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) { + if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) { + return NT_STATUS_ACCESS_DENIED; + } + /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */ + if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) { + return NT_STATUS_ACCESS_DENIED; + } + } + return NT_STATUS_OK; } |