s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP

This allows the right hooks to be called in GENSEC when s3compat
implements the auth_ntlmssp interface.  Otherwise, we can't do the
signing or sealing as we have not negoitated it's use.

Andrew Bartlett

1 files changed, 21 insertions, 0 deletions

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0f60cdff1c..4678aeb698 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1189,6 +1189,16 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
 			goto err;
 		}
 
+		switch (auth_info.auth_level) {
+			case DCERPC_AUTH_LEVEL_INTEGRITY:
+				auth_ntlmssp_want_sign(a);
+				break;
+			case DCERPC_AUTH_LEVEL_PRIVACY:
+				auth_ntlmssp_want_seal(a);
+				break;
+			default:
+				break;
+		}
 		/*
 		 * Pass the first security blob of data to it.
 		 * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
@@ -1524,6 +1534,17 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
 		goto err;
 	}
 
+	switch (pauth_info->auth_level) {
+	case DCERPC_AUTH_LEVEL_INTEGRITY:
+		auth_ntlmssp_want_sign(a);
+		break;
+	case DCERPC_AUTH_LEVEL_PRIVACY:
+		auth_ntlmssp_want_seal(a);
+		break;
+	default:
+		break;
+	}
+
 	status = auth_ntlmssp_update(a, blob, &response);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		DEBUG(0,("pipe_ntlmssp_auth_bind: auth_ntlmssp_update failed: %s\n",