From 54b9c1c8cb58608cfaa98fc75654557f8fab2df7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 19 Jun 2015 14:46:53 +0200 Subject: [PATCH] auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if GENSEC_FEATURE_SEAL is negotiated. Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Reviewed-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 3542d33314e32279340f07f995c1dcbd16106352) --- auth/gensec/gensec.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index ea628617971..01c4ac6d954 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -39,9 +39,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, if (!gensec_security->ops->unseal_packet) { return NT_STATUS_NOT_IMPLEMENTED; } + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { + return NT_STATUS_INVALID_PARAMETER; + } if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { return NT_STATUS_INVALID_PARAMETER; } + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { + return NT_STATUS_INVALID_PARAMETER; + } return gensec_security->ops->unseal_packet(gensec_security, data, length, @@ -79,6 +85,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return NT_STATUS_INVALID_PARAMETER; } + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { + return NT_STATUS_INVALID_PARAMETER; + } return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); } @@ -107,6 +116,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { return 0; } + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { + if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { + return 0; + } + } return gensec_security->ops->sig_size(gensec_security, data_size); } -- 2.47.2