gensec: Assert that we have not been subject to a downgrade attack in DCE/RPC clients

Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2011-10-15 13:17:33 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2011-10-18 13:13:32 +1100
commit: 0d5de7e19c8112821269b4f5a910ee777f35d185 (patch)
tree: 61b04a7c2f01fff4f72988d222b0626d1277e4b7 /auth/gensec/gensec.h
parent: 5ef4e91cf099290c8798fd12b35927eed34b2fcf (diff)
download: samba-0d5de7e19c8112821269b4f5a910ee777f35d185.tar.gz
samba-0d5de7e19c8112821269b4f5a910ee777f35d185.tar.bz2
samba-0d5de7e19c8112821269b4f5a910ee777f35d185.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 38f2513742..ee87a4da79 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -160,6 +160,7 @@ struct gensec_security {
 	enum gensec_role gensec_role;
 	bool subcontext;
 	uint32_t want_features;
+	uint8_t dcerpc_auth_level;
 	struct tevent_context *event_ctx;
 	struct tsocket_address *local_addr, *remote_addr;
 	struct gensec_settings *settings;
author	Andrew Bartlett <abartlet@samba.org>	2011-10-15 13:17:33 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2011-10-18 13:13:32 +1100
commit	0d5de7e19c8112821269b4f5a910ee777f35d185 (patch)
tree	61b04a7c2f01fff4f72988d222b0626d1277e4b7 /auth/gensec/gensec.h
parent	5ef4e91cf099290c8798fd12b35927eed34b2fcf (diff)
download	samba-0d5de7e19c8112821269b4f5a910ee777f35d185.tar.gz samba-0d5de7e19c8112821269b4f5a910ee777f35d185.tar.bz2 samba-0d5de7e19c8112821269b4f5a910ee777f35d185.zip