ntlmssp: Refuse to seal if we did not negotiate to sign
authorAndrew Bartlett <abartlet@samba.org>
Sat, 15 Oct 2011 03:56:11 +0000 (14:56 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 18 Oct 2011 02:13:33 +0000 (13:13 +1100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
auth/ntlmssp/ntlmssp_sign.c

index 019ea3c..a5c57d8 100644 (file)
@@ -274,6 +274,11 @@ NTSTATUS ntlmssp_seal_packet(struct ntlmssp_state *ntlmssp_state,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
+       if (!(ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
+               DEBUG(3, ("NTLMSSP Sealing not negotiated - cannot seal packet!\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
        if (!ntlmssp_state->session_key.length) {
                DEBUG(3, ("NO session key, cannot seal packet\n"));
                return NT_STATUS_NO_USER_SESSION_KEY;