From c5864deadcd24dcf1f9a99607deacc635e091fd4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 14 Jan 2012 11:27:21 +0100
Subject: s3-gse: verify that we got GSS_C_DCE_STYLE when expected

GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.

metze
---
 source3/librpc/crypto/gse.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 76f6109e93..5a5492f80a 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -552,6 +552,17 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
 		}
 	}
 
+	/* GSS_C_DCE_STYLE */
+	if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) {
+		if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		/* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
+		if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
 	return NT_STATUS_OK;
 }
 
-- 
cgit