From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 14 Jan 2012 10:27:21 +0000 (+0100)
Subject: s3-gse: verify that we got GSS_C_DCE_STYLE when expected
X-Git-Tag: tevent-0.9.15~313
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5864deadcd24dcf1f9a99607deacc635e091fd4;p=thirdparty%2Fsamba.git

s3-gse: verify that we got GSS_C_DCE_STYLE when expected

GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.

metze
---

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 76f6109e933..5a5492f80ac 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -552,6 +552,17 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
 		}
 	}
 
+	/* GSS_C_DCE_STYLE */
+	if (gse_ctx->gss_want_flags & GSS_C_DCE_STYLE) {
+		if (!(gse_ctx->gss_got_flags & GSS_C_DCE_STYLE)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		/* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */
+		if (!(gse_ctx->gss_got_flags & GSS_C_MUTUAL_FLAG)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
 	return NT_STATUS_OK;
 }