diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-06 22:54:48 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
commit | 915ddae2d8c0bf77ecc29fd3e87be79452d43c7d (patch) | |
tree | 2defb2096c4203e242da8ec0540d7b4e0b454864 /src | |
parent | 8647a0c4c78e0816629b76ce004e3c82a0cd7a85 (diff) | |
download | gss-ntlmssp-915ddae2d8c0bf77ecc29fd3e87be79452d43c7d.tar.gz gss-ntlmssp-915ddae2d8c0bf77ecc29fd3e87be79452d43c7d.tar.xz gss-ntlmssp-915ddae2d8c0bf77ecc29fd3e87be79452d43c7d.zip |
Fail if the encryption level is not matched
If the client allows only 128bit security but the server does not offer
it, then fail the authentication.
Diffstat (limited to 'src')
-rw-r--r-- | src/gss_sec_ctx.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 7bf87f5..69e2444 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -321,6 +321,12 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, } /* check required flags */ + if ((ctx->neg_flags & NTLMSSP_NEGOTIATE_128) && + (!(ctx->neg_flags & NTLMSSP_NEGOTIATE_56)) && + (!(in_flags & NTLMSSP_NEGOTIATE_128))) { + retmaj = GSS_S_UNAVAILABLE; + goto done; + } if ((ctx->neg_flags & NTLMSSP_NEGOTIATE_SEAL) && (!(in_flags & NTLMSSP_NEGOTIATE_SEAL))) { retmaj = GSS_S_FAILURE; |