From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 15 Dec 2015 14:10:20 +0000 (+0100)
Subject: CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_h... 
X-Git-Tag: samba-4.2.10~188
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd1c98f8172496f1cd007344b24b542cbdb446ec;p=thirdparty%2Fsamba.git

CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()

This depends on the DCERPC auth level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index c2cfd3bc9de..1acf7fefb73 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -679,9 +679,15 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
 static bool schannel_have_feature(struct gensec_security *gensec_security,
 					 uint32_t feature)
 {
-	if (feature & (GENSEC_FEATURE_SIGN |
-		       GENSEC_FEATURE_SEAL)) {
-		return true;
+	if (gensec_security->dcerpc_auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+		if (feature & GENSEC_FEATURE_SIGN) {
+			return true;
+		}
+	}
+	if (gensec_security->dcerpc_auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+		if (feature & GENSEC_FEATURE_SEAL) {
+			return true;
+		}
 	}
 	if (feature & GENSEC_FEATURE_DCE_STYLE) {
 		return true;