summaryrefslogtreecommitdiff
path: root/source3/librpc/crypto/gse.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-02-07 22:27:53 +1100
committerStefan Metzmacher <metze@samba.org>2012-02-16 21:19:44 +0100
commit91c325bb706c5a7df32710dff3b781fca13bbc54 (patch)
treea3ea3e58de277553ef96cb2bd3b9e25b8b1a6c48 /source3/librpc/crypto/gse.c
parent024737698eb9d1fd1aa82432c6a7ed09195de98d (diff)
downloadsamba-91c325bb706c5a7df32710dff3b781fca13bbc54.tar.gz
samba-91c325bb706c5a7df32710dff3b781fca13bbc54.tar.bz2
samba-91c325bb706c5a7df32710dff3b781fca13bbc54.zip
s3-librpc: Remove gse_verify_server_auth_flags
gensec_update() ensures that DCE-style and sign/seal are negotiated correctly for DCE/RPC pipes. Also, the smb sealing client/server already check for the gensec_have_feature(). This additional check just keeps causing trouble, and is 'protecting' an already secure negoitated exchange. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/librpc/crypto/gse.c')
-rw-r--r--source3/librpc/crypto/gse.c50
1 files changed, 0 insertions, 50 deletions
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 9f06dc3d8c..fba2c2fba3 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -525,52 +525,6 @@ done:
return status;
}
-static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
-{
- if (memcmp(gse_ctx->ret_mech,
- gss_mech_krb5, sizeof(gss_OID_desc)) != 0) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* GSS_C_MUTUAL_FLAG */
- /* GSS_C_DELEG_FLAG */
- /* GSS_C_DELEG_POLICY_FLAG */
- /* GSS_C_REPLAY_FLAG */
- /* GSS_C_SEQUENCE_FLAG */
-
- /* GSS_C_INTEG_FLAG */
- if (gse_ctx->gss_want_flags & GSS_C_INTEG_FLAG) {
- if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) {
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- /* GSS_C_CONF_FLAG */
- if (gse_ctx->gss_want_flags & GSS_C_CONF_FLAG) {
- if (!(gse_ctx->gss_got_flags & GSS_C_CONF_FLAG)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG */
- if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) {
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- /* GSS_C_DCE_STYLE */
- if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) {
- if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) {
- return NT_STATUS_ACCESS_DENIED;
- }
- /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
- if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) {
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- return NT_STATUS_OK;
-}
-
static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min)
{
OM_uint32 gss_min, gss_maj;
@@ -1019,10 +973,6 @@ static NTSTATUS gensec_gse_update(struct gensec_security *gensec_security,
return status;
}
- if (gensec_security->gensec_role == GENSEC_SERVER) {
- return gse_verify_server_auth_flags(gse_ctx);
- }
-
return NT_STATUS_OK;
}