diff options
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 4cc067ffde..070e83e97c 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -257,6 +257,15 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } + if (((gensec_security->want_features & GENSEC_FEATURE_SIGN) + || (gensec_security->want_features & GENSEC_FEATURE_SEAL)) + && (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) + && !lp_parm_bool(-1, "gensec_gssapi", "dce_signseal", + cli_credentials_get_kerberos_state(creds) == CRED_MUST_USE_KERBEROS)) { + DEBUG(2, ("GSSAPI sign/seal disabled for DCE/RPC. ")); + return NT_STATUS_INVALID_PARAMETER; + } + nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; |