diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-02-07 22:27:53 +1100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-02-16 21:19:44 +0100 |
commit | 91c325bb706c5a7df32710dff3b781fca13bbc54 (patch) | |
tree | a3ea3e58de277553ef96cb2bd3b9e25b8b1a6c48 /source3/librpc/crypto/gse.c | |
parent | 024737698eb9d1fd1aa82432c6a7ed09195de98d (diff) | |
download | samba-91c325bb706c5a7df32710dff3b781fca13bbc54.tar.gz samba-91c325bb706c5a7df32710dff3b781fca13bbc54.tar.bz2 samba-91c325bb706c5a7df32710dff3b781fca13bbc54.zip |
s3-librpc: Remove gse_verify_server_auth_flags
gensec_update() ensures that DCE-style and sign/seal are negotiated correctly
for DCE/RPC pipes. Also, the smb sealing client/server already check for the
gensec_have_feature().
This additional check just keeps causing trouble, and is 'protecting'
an already secure negoitated exchange.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/librpc/crypto/gse.c')
-rw-r--r-- | source3/librpc/crypto/gse.c | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 9f06dc3d8c..fba2c2fba3 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -525,52 +525,6 @@ done: return status; } -static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx) -{ - if (memcmp(gse_ctx->ret_mech, - gss_mech_krb5, sizeof(gss_OID_desc)) != 0) { - return NT_STATUS_ACCESS_DENIED; - } - - /* GSS_C_MUTUAL_FLAG */ - /* GSS_C_DELEG_FLAG */ - /* GSS_C_DELEG_POLICY_FLAG */ - /* GSS_C_REPLAY_FLAG */ - /* GSS_C_SEQUENCE_FLAG */ - - /* GSS_C_INTEG_FLAG */ - if (gse_ctx->gss_want_flags & GSS_C_INTEG_FLAG) { - if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) { - return NT_STATUS_ACCESS_DENIED; - } - } - - /* GSS_C_CONF_FLAG */ - if (gse_ctx->gss_want_flags & GSS_C_CONF_FLAG) { - if (!(gse_ctx->gss_got_flags & GSS_C_CONF_FLAG)) { - return NT_STATUS_ACCESS_DENIED; - } - - /* GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG */ - if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) { - return NT_STATUS_ACCESS_DENIED; - } - } - - /* GSS_C_DCE_STYLE */ - if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) { - if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) { - return NT_STATUS_ACCESS_DENIED; - } - /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */ - if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) { - return NT_STATUS_ACCESS_DENIED; - } - } - - return NT_STATUS_OK; -} - static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min) { OM_uint32 gss_min, gss_maj; @@ -1019,10 +973,6 @@ static NTSTATUS gensec_gse_update(struct gensec_security *gensec_security, return status; } - if (gensec_security->gensec_role == GENSEC_SERVER) { - return gse_verify_server_auth_flags(gse_ctx); - } - return NT_STATUS_OK; } |