diff options
-rw-r--r-- | src/gss_sec_ctx.c | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 8e43033..89972e6 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -609,26 +609,9 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, } } - if (protect) { - retmin = ntlm_signseal_keys(in_flags, true, - &ctx->exported_session_key, - &ctx->crypto_state); - if (retmin) { - retmaj = GSS_S_FAILURE; - goto done; - } - } - /* in_flags all verified, assign as current flags */ ctx->neg_flags |= in_flags; - if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { - ctx->gss_flags |= GSS_C_INTEG_FLAG; - } - if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { - ctx->gss_flags |= GSS_C_CONF_FLAG & GSS_C_INTEG_FLAG; - } - enc_sess_key.data = encrypted_random_session_key.data; enc_sess_key.length = encrypted_random_session_key.length; @@ -662,6 +645,23 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, ctx->int_flags |= NTLMSSP_CTX_FLAG_AUTH_WITH_MIC; } + if (protect) { + retmin = ntlm_signseal_keys(in_flags, true, + &ctx->exported_session_key, + &ctx->crypto_state); + if (retmin) { + retmaj = GSS_S_FAILURE; + goto done; + } + } + + if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SIGN) { + ctx->gss_flags |= GSS_C_INTEG_FLAG; + } + if (ctx->neg_flags & NTLMSSP_NEGOTIATE_SEAL) { + ctx->gss_flags |= GSS_C_CONF_FLAG & GSS_C_INTEG_FLAG; + } + ctx->stage = NTLMSSP_STAGE_DONE; output_token->value = malloc(ctx->auth_msg.length); |