diff options
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 12 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 14 |
2 files changed, 12 insertions, 14 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 56b821ecce0..2f6c8dd122e 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -1162,7 +1162,7 @@ struct tevent_req *dcerpc_bind_send(TALLOC_CTX *mem_ctx, pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX; } - if (p->binding->flags & DCERPC_HEADER_SIGNING) { + if (p->conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) { pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; } @@ -1304,7 +1304,7 @@ static void dcerpc_bind_recv_handler(struct rpc_request *subreq, conn->flags |= DCERPC_CONCURRENT_MULTIPLEX; } - if ((state->p->binding->flags & DCERPC_HEADER_SIGNING) && + if ((conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) && (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) { conn->flags |= DCERPC_HEADER_SIGNING; } @@ -1352,10 +1352,6 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p, pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX; } - if (p->binding->flags & DCERPC_HEADER_SIGNING) { - pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; - } - /* construct the NDR form of the packet */ status = ncacn_push_auth(&blob, mem_ctx, &pkt, @@ -2046,10 +2042,6 @@ struct tevent_req *dcerpc_alter_context_send(TALLOC_CTX *mem_ctx, pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX; } - if (p->binding->flags & DCERPC_HEADER_SIGNING) { - pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; - } - pkt.u.alter.max_xmit_frag = 5840; pkt.u.alter.max_recv_frag = 5840; pkt.u.alter.assoc_group_id = p->binding->assoc_group_id; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index d5e56206b04..9a5d04dfb95 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -173,10 +173,6 @@ static void bind_auth_next_step(struct composite_context *c) if (!composite_is_ok(c)) return; - if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) { - gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER); - } - if (state->credentials.length == 0) { composite_done(c); return; @@ -234,6 +230,12 @@ static void bind_auth_recv_bindreply(struct tevent_req *subreq) TALLOC_FREE(subreq); if (!composite_is_ok(c)) return; + if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) { + struct dcecli_security *sec = &state->pipe->conn->security_state; + + gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER); + } + if (!state->more_processing) { /* The first gensec_update has not requested a second run, so * we're done here. */ @@ -395,6 +397,10 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, sec->auth_info->credentials = state->credentials; + if (gensec_have_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER)) { + state->pipe->conn->flags |= DCERPC_PROPOSE_HEADER_SIGNING; + } + /* The first request always is a dcerpc_bind. The subsequent ones * depend on gensec results */ subreq = dcerpc_bind_send(state, p->conn->event_ctx, p, |