From 7a05e04dfc81d20aff92e17c61af81bbe66d2492 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 22 Sep 2010 22:41:02 -0700 Subject: s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiation this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett --- source4/auth/gensec/gensec_gssapi.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'source4/auth/gensec/gensec_gssapi.c') diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index a864bca49b..ecf2a73b1f 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -632,18 +632,21 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, gensec_gssapi_state->max_wrap_buf_size = MIN(RIVAL(maxlength_proposed, 0), gensec_gssapi_state->max_wrap_buf_size); gensec_gssapi_state->sasl_protection = 0; - if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { - if (security_supported & NEG_SEAL) { + if (security_supported & NEG_SEAL) { + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { gensec_gssapi_state->sasl_protection |= NEG_SEAL; } - } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { - if (security_supported & NEG_SIGN) { + } + if (security_supported & NEG_SIGN) { + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { gensec_gssapi_state->sasl_protection |= NEG_SIGN; } - } else if (security_supported & NEG_NONE) { + } + if (security_supported & NEG_NONE) { gensec_gssapi_state->sasl_protection |= NEG_NONE; - } else { - DEBUG(1, ("Remote server does not support unprotected connections")); + } + if (gensec_gssapi_state->sasl_protection == 0) { + DEBUG(1, ("Remote server does not support unprotected connections\n")); return NT_STATUS_ACCESS_DENIED; } -- cgit