summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-08-20 09:31:07 -0400
committerGünther Deschner <gd@samba.org>2010-08-30 14:32:47 +0200
commitfb1aef085e0ae52869bb3906e803e10951da5781 (patch)
treeca67cdd8f8692b4010648a9bf7e2c155c1e0fe16 /source3
parente6ed1dc249f6a1a536efcd7519bc9d9bd5c180dd (diff)
downloadsamba-fb1aef085e0ae52869bb3906e803e10951da5781.tar.gz
samba-fb1aef085e0ae52869bb3906e803e10951da5781.tar.bz2
samba-fb1aef085e0ae52869bb3906e803e10951da5781.zip
dcerpc-gssapi: add function to check flags
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/librpc/rpc/dcerpc_gssapi.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c b/source3/librpc/rpc/dcerpc_gssapi.c
index e8a15b8e8b..e79231b912 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -480,9 +480,37 @@ NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
return NT_STATUS_INVALID_HANDLE;
}
- /* TODO: verify the mech oid identifies KRB5 */
+ if (memcmp(gse_ctx->ret_mech,
+ gss_mech_krb5, sizeof(gss_OID_desc)) != 0) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /* GSS_C_MUTUAL_FLAG */
+ if (gse_ctx->gss_c_flags & GSS_C_MUTUAL_FLAG) {
+ if (!(gse_ctx->ret_flags & GSS_C_MUTUAL_FLAG)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ /* GSS_C_DELEG_FLAG */
+ /* GSS_C_DELEG_POLICY_FLAG */
+ /* GSS_C_REPLAY_FLAG */
+ /* GSS_C_SEQUENCE_FLAG */
+
+ /* GSS_C_INTEG_FLAG */
+ if (gse_ctx->gss_c_flags & GSS_C_INTEG_FLAG) {
+ if (!(gse_ctx->ret_flags & GSS_C_INTEG_FLAG)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ /* GSS_C_CONF_FLAG */
+ if (gse_ctx->gss_c_flags & GSS_C_CONF_FLAG) {
+ if (!(gse_ctx->ret_flags & GSS_C_CONF_FLAG)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
- /* FIXME: implement checks */
return NT_STATUS_OK;
}