s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 543fdb72f90677d51d494043da3d1e930441718b..e67c3d2d99d8a4b2f1ab2fe90863f569f06ebb4f 100644 (file)
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -603,6 +603,9 @@ static NTSTATUS gensec_gse_client_start(struct gensec_security *gensec_security)
                return NT_STATUS_INVALID_PARAMETER;
        }
 
+       if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+               do_sign = true;
+       }
        if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
                do_sign = true;
        }
@@ -903,18 +906,15 @@ static bool gensec_gse_have_feature(struct gensec_security *gensec_security,
                talloc_get_type_abort(gensec_security->private_data,
                struct gse_context);
 
+       if (feature & GENSEC_FEATURE_SESSION_KEY) {
+               return gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG;
+       }
        if (feature & GENSEC_FEATURE_SIGN) {
                return gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG;
        }
        if (feature & GENSEC_FEATURE_SEAL) {
                return gse_ctx->gss_got_flags & GSS_C_CONF_FLAG;
        }
-       if (feature & GENSEC_FEATURE_SESSION_KEY) {
-               /* Only for GSE/Krb5 */
-               if (smb_gss_oid_equal(gse_ctx->ret_mech, gss_mech_krb5)) {
-                       return true;
-               }
-       }
        if (feature & GENSEC_FEATURE_DCE_STYLE) {
                return gse_ctx->gss_got_flags & GSS_C_DCE_STYLE;
        }