From 0d5de7e19c8112821269b4f5a910ee777f35d185 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 15 Oct 2011 13:17:33 +1100
Subject: gensec: Assert that we have not been subject to a downgrade attack in
 DCE/RPC clients

Because of the calling convention, this is the best place to assert
that we have not been subject to a downgrade attack on the negotiated
features.  (In DCE/RPC, this isn't a negotiation, the client simply
specifies the level of protection that is required).

Andrew Bartlett

(some formatting fixes)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 auth/gensec/gensec.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'auth/gensec/gensec.h')

diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 38f2513742..ee87a4da79 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -160,6 +160,7 @@ struct gensec_security {
 	enum gensec_role gensec_role;
 	bool subcontext;
 	uint32_t want_features;
+	uint8_t dcerpc_auth_level;
 	struct tevent_context *event_ctx;
 	struct tsocket_address *local_addr, *remote_addr;
 	struct gensec_settings *settings;
-- 
cgit