From 86d684e4d663141370b7332a9ab37e46f6ef68db Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Oct 2011 14:56:01 +1100
Subject: gensec: Refuse to seal if we did not negotiate to sign

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 auth/gensec/gensec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index c0ebc68bb5..b7f89f1d56 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -76,6 +76,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
 }
-- 
cgit