diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-10-15 13:17:33 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-10-18 13:13:32 +1100 |
commit | 0d5de7e19c8112821269b4f5a910ee777f35d185 (patch) | |
tree | 61b04a7c2f01fff4f72988d222b0626d1277e4b7 /auth/gensec/gensec_start.c | |
parent | 5ef4e91cf099290c8798fd12b35927eed34b2fcf (diff) | |
download | samba-0d5de7e19c8112821269b4f5a910ee777f35d185.tar.gz samba-0d5de7e19c8112821269b4f5a910ee777f35d185.tar.bz2 samba-0d5de7e19c8112821269b4f5a910ee777f35d185.zip |
gensec: Assert that we have not been subject to a downgrade attack in DCE/RPC clients
Because of the calling convention, this is the best place to assert
that we have not been subject to a downgrade attack on the negotiated
features. (In DCE/RPC, this isn't a negotiation, the client simply
specifies the level of protection that is required).
Andrew Bartlett
(some formatting fixes)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth/gensec/gensec_start.c')
-rw-r--r-- | auth/gensec/gensec_start.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c index 10fcb67b25..aa609c9b6f 100644 --- a/auth/gensec/gensec_start.c +++ b/auth/gensec/gensec_start.c @@ -547,6 +547,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->subcontext = true; (*gensec_security)->want_features = parent->want_features; + (*gensec_security)->dcerpc_auth_level = parent->dcerpc_auth_level; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context); (*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings); @@ -671,6 +672,7 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s DEBUG(3, ("Could not find GENSEC backend for auth_type=%d\n", (int)auth_type)); return NT_STATUS_INVALID_PARAMETER; } + gensec_security->dcerpc_auth_level = auth_level; gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE); gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES); if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { |