CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_h...

This depends on the DCERPC auth level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c2cfd3bc9ded5924c1cc663864f4a7f7f6351c31..1acf7fefb73266d52139e2ddde173cf7561ae7e0 100644 (file)
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -679,9 +679,15 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
 static bool schannel_have_feature(struct gensec_security *gensec_security,
                                         uint32_t feature)
 {
-       if (feature & (GENSEC_FEATURE_SIGN |
-                      GENSEC_FEATURE_SEAL)) {
-               return true;
+       if (gensec_security->dcerpc_auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+               if (feature & GENSEC_FEATURE_SIGN) {
+                       return true;
+               }
+       }
+       if (gensec_security->dcerpc_auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+               if (feature & GENSEC_FEATURE_SEAL) {
+                       return true;
+               }
        }
        if (feature & GENSEC_FEATURE_DCE_STYLE) {
                return true;