From e4aebd7e28e7b00a13246b367eb2e7de5ae7b57b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 1 Mar 2016 17:37:38 +0100
Subject: [PATCH] s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/librpc/crypto/gse.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 543fdb72f90..e67c3d2d99d 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -603,6 +603,9 @@ static NTSTATUS gensec_gse_client_start(struct gensec_security *gensec_security)
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+		do_sign = true;
+	}
 	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
 		do_sign = true;
 	}
@@ -903,18 +906,15 @@ static bool gensec_gse_have_feature(struct gensec_security *gensec_security,
 		talloc_get_type_abort(gensec_security->private_data,
 		struct gse_context);
 
+	if (feature & GENSEC_FEATURE_SESSION_KEY) {
+		return gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG;
+	}
 	if (feature & GENSEC_FEATURE_SIGN) {
 		return gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG;
 	}
 	if (feature & GENSEC_FEATURE_SEAL) {
 		return gse_ctx->gss_got_flags & GSS_C_CONF_FLAG;
 	}
-	if (feature & GENSEC_FEATURE_SESSION_KEY) {
-		/* Only for GSE/Krb5 */
-		if (smb_gss_oid_equal(gse_ctx->ret_mech, gss_mech_krb5)) {
-			return true;
-		}
-	}
 	if (feature & GENSEC_FEATURE_DCE_STYLE) {
 		return gse_ctx->gss_got_flags & GSS_C_DCE_STYLE;
 	}
-- 
2.11.4.GIT