diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-09-22 22:41:02 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-23 07:17:57 +0000 |
commit | 7a05e04dfc81d20aff92e17c61af81bbe66d2492 (patch) | |
tree | 3de949a4dbe746affd549672c5c9d9dee609d0b8 /source4/auth/gensec | |
parent | c0ff93b033da632d5ad4a004d6fff05d08f5cf78 (diff) | |
download | samba-7a05e04dfc81d20aff92e17c61af81bbe66d2492.tar.gz samba-7a05e04dfc81d20aff92e17c61af81bbe66d2492.tar.bz2 samba-7a05e04dfc81d20aff92e17c61af81bbe66d2492.zip |
s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiation
this is the client side equivalent change for the previous fix
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index a864bca49b..ecf2a73b1f 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -632,18 +632,21 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, gensec_gssapi_state->max_wrap_buf_size = MIN(RIVAL(maxlength_proposed, 0), gensec_gssapi_state->max_wrap_buf_size); gensec_gssapi_state->sasl_protection = 0; - if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { - if (security_supported & NEG_SEAL) { + if (security_supported & NEG_SEAL) { + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { gensec_gssapi_state->sasl_protection |= NEG_SEAL; } - } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { - if (security_supported & NEG_SIGN) { + } + if (security_supported & NEG_SIGN) { + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { gensec_gssapi_state->sasl_protection |= NEG_SIGN; } - } else if (security_supported & NEG_NONE) { + } + if (security_supported & NEG_NONE) { gensec_gssapi_state->sasl_protection |= NEG_NONE; - } else { - DEBUG(1, ("Remote server does not support unprotected connections")); + } + if (gensec_gssapi_state->sasl_protection == 0) { + DEBUG(1, ("Remote server does not support unprotected connections\n")); return NT_STATUS_ACCESS_DENIED; } |