auth/spnego: always announce GENSEC_FEATURE_SIGN_PKT_HEADER support.

author Stefan Metzmacher <metze@samba.org>

Fri, 12 May 2017 09:05:15 +0000 (11:05 +0200)

committer Andrew Bartlett <abartlet@samba.org>

Sun, 21 May 2017 19:05:09 +0000 (21:05 +0200)
author Stefan Metzmacher <metze@samba.org>
Fri, 12 May 2017 09:05:15 +0000 (11:05 +0200)
committer Andrew Bartlett <abartlet@samba.org>
Sun, 21 May 2017 19:05:09 +0000 (21:05 +0200)
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c

index 645c8b2e0871b66607813b01fe1a1d9fe5482c3e..ed7f3d71d681114ddf011b20918e8fdee50e60a2 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1632,6 +1632,20 @@ static bool gensec_spnego_have_feature(struct gensec_security *gensec_security,
                                        uint32_t feature) 
  {
         struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
+
+       if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+               /*
+                * All mechs with sub (child) mechs need to provide DCERPC
+                * header signing! This is required because the negotiation
+                * of header signing is done before the authentication
+                * is completed.
+                *
+                * Currently all our backends support DCERPC with:
+                * GENSEC_FEATURE_SIGN_PKT_HEADER.
+                */
+               return true;
+       }
+
         if (!spnego_state->sub_sec_security) {
                 return false;
         }
author	Stefan Metzmacher <metze@samba.org>
	Fri, 12 May 2017 09:05:15 +0000 (11:05 +0200)
committer	Andrew Bartlett <abartlet@samba.org>
	Sun, 21 May 2017 19:05:09 +0000 (21:05 +0200)