From 7fe189749edf5c081be6f3a350072caa0c8b3d98 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 20 Jan 2012 15:55:55 +0100
Subject: [PATCH] s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG

metze
---
 source3/librpc/crypto/gse.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 7cf116522d3..5bd2740a5ad 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -189,6 +189,7 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
 		gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
 	}
 	if (do_seal) {
+		gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
 		gse_ctx->gss_want_flags |= GSS_C_CONF_FLAG;
 	}
 
@@ -548,6 +549,11 @@ static NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx)
 		if (!(gse_ctx->gss_got_flags & GSS_C_CONF_FLAG)) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
+
+		/* GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG */
+		if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
 	}
 
 	/* GSS_C_DCE_STYLE */
-- 
2.11.4.GIT