s4:librpc/rpc: only propose header signing if we use sign or seal

[samba.git] / source4 / librpc / rpc / dcerpc_auth.c

diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index a146716495399af23dfd711b6fbe234f4eb4677b..bace29a9d640b5b047f34937d7df7e29c7f4a3a7 100644 (file)
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -398,7 +398,9 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
        sec->auth_info->credentials = state->credentials;
 
        if (gensec_have_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER)) {
-               state->pipe->conn->flags |= DCERPC_PROPOSE_HEADER_SIGNING;
+               if (auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+                       state->pipe->conn->flags |= DCERPC_PROPOSE_HEADER_SIGNING;
+               }
        }
 
        /* The first request always is a dcerpc_bind. The subsequent ones