diff options
| author | Stefan Metzmacher <metze@samba.org> | 2014-01-21 15:18:01 +0100 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2014-02-11 16:02:14 +0100 |
| commit | aeab9602c07c8e7bf0daeb382fd9beadb884e6c7 (patch) | |
| tree | fcf52102b1ad245fb4f709a1307ab799f53cb74d | |
| parent | 0856c639f998e38238098581006e6f6a8df62725 (diff) | |
| download | samba-aeab9602c07c8e7bf0daeb382fd9beadb884e6c7.tar.gz samba-aeab9602c07c8e7bf0daeb382fd9beadb884e6c7.tar.xz samba-aeab9602c07c8e7bf0daeb382fd9beadb884e6c7.zip | |
s3:librpc/rpc: only propose header signing if we use sign or seal
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index e4e2bfe17f..ce29ecb801 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1019,11 +1019,18 @@ static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli, return status; } - if (client_hdr_signing != NULL) { - *client_hdr_signing = gensec_have_feature(gensec_security, - GENSEC_FEATURE_SIGN_PKT_HEADER); + if (client_hdr_signing == NULL) { + return status; } + if (cli->auth->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { + *client_hdr_signing = false; + return status; + } + + *client_hdr_signing = gensec_have_feature(gensec_security, + GENSEC_FEATURE_SIGN_PKT_HEADER); + return status; } |