summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-09-22 22:41:02 -0700
committerAndrew Tridgell <tridge@samba.org>2010-09-23 07:17:57 +0000
commit7a05e04dfc81d20aff92e17c61af81bbe66d2492 (patch)
tree3de949a4dbe746affd549672c5c9d9dee609d0b8
parentc0ff93b033da632d5ad4a004d6fff05d08f5cf78 (diff)
downloadsamba-7a05e04dfc81d20aff92e17c61af81bbe66d2492.tar.gz
samba-7a05e04dfc81d20aff92e17c61af81bbe66d2492.tar.bz2
samba-7a05e04dfc81d20aff92e17c61af81bbe66d2492.zip
s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiation
this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/auth/gensec/gensec_gssapi.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index a864bca49b..ecf2a73b1f 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -632,18 +632,21 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
gensec_gssapi_state->max_wrap_buf_size = MIN(RIVAL(maxlength_proposed, 0),
gensec_gssapi_state->max_wrap_buf_size);
gensec_gssapi_state->sasl_protection = 0;
- if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
- if (security_supported & NEG_SEAL) {
+ if (security_supported & NEG_SEAL) {
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
gensec_gssapi_state->sasl_protection |= NEG_SEAL;
}
- } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
- if (security_supported & NEG_SIGN) {
+ }
+ if (security_supported & NEG_SIGN) {
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
gensec_gssapi_state->sasl_protection |= NEG_SIGN;
}
- } else if (security_supported & NEG_NONE) {
+ }
+ if (security_supported & NEG_NONE) {
gensec_gssapi_state->sasl_protection |= NEG_NONE;
- } else {
- DEBUG(1, ("Remote server does not support unprotected connections"));
+ }
+ if (gensec_gssapi_state->sasl_protection == 0) {
+ DEBUG(1, ("Remote server does not support unprotected connections\n"));
return NT_STATUS_ACCESS_DENIED;
}