From 40a6abd116566c32a2b5f5dbda4fed9515a722a2 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 20 Aug 2009 13:02:28 +0200
Subject: [PATCH] gsskrb5: make the check for dcestyle and conf_req_flag == 0
 more explicit

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
---
 lib/gssapi/krb5/cfx.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c
index 4a92d7590..bf4dfd793 100755
--- a/lib/gssapi/krb5/cfx.c
+++ b/lib/gssapi/krb5/cfx.c
@@ -365,6 +365,11 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
 	gsshsize = sizeof(gss_cfx_wrap_token_desc) + k5hsize;
 	gsstsize = sizeof(gss_cfx_wrap_token_desc) + ec + k5tsize;
     } else {
+	if (IS_DCE_STYLE(ctx)) {
+	    *minor_status = EINVAL;
+	    return GSS_S_FAILURE;
+	}
+
 	k5hsize = 0;
 	*minor_status = krb5_crypto_length(context, ctx->crypto,
 					   KRB5_CRYPTO_TYPE_CHECKSUM,
@@ -381,12 +386,6 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
      */
 
     if (trailer == NULL) {
-	/* conf_req_flag=0 doesn't support DCE_STYLE */
-	if (conf_req_flag == 0) {
-	    *minor_status = EINVAL;
-	    major_status = GSS_S_FAILURE;
-	    goto failure;
-	}	    
 	rrc = gsstsize;
 	if (IS_DCE_STYLE(ctx))
 	    rrc -= ec;