From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 20 Jan 2012 14:55:55 +0000 (+0100)
Subject: s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG
X-Git-Tag: tevent-0.9.15~284
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7fe189749edf5c081be6f3a350072caa0c8b3d98;p=thirdparty%2Fsamba.git

s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG

metze
---

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 7cf116522d3..5bd2740a5ad 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -189,6 +189,7 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
 		gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
 	}
 	if (do_seal) {
+		gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
 		gse_ctx->gss_want_flags |= GSS_C_CONF_FLAG;
 	}
 
@@ -548,6 +549,11 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
 		if (!(gse_ctx->gss_got_flags & GSS_C_CONF_FLAG)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
+
+		/* GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG */
+		if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
 	}
 
 	/* GSS_C_DCE_STYLE */