summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-08-11 18:12:54 +0200
committerStefan Metzmacher <metze@samba.org>2008-08-11 18:15:59 +0200
commit97f59cb1902eec0fba610da6c13d7089ea7d7576 (patch)
tree260c79a8331b71020a15c348333beb9f852d4770
parenteb81a62d142883f3cef3da4ba29675b70b515883 (diff)
downloadsamba-97f59cb1902eec0fba610da6c13d7089ea7d7576.tar.gz
samba-97f59cb1902eec0fba610da6c13d7089ea7d7576.tar.bz2
samba-97f59cb1902eec0fba610da6c13d7089ea7d7576.zip
rpc_server: correct the chunk_size depending on the signature size
metze (This used to be commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e)
-rw-r--r--source4/rpc_server/dcerpc_server.c13
-rw-r--r--source4/rpc_server/dcesrv_auth.c7
2 files changed, 14 insertions, 6 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index a336ddb339..fa7b8d26f5 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -917,6 +917,7 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
DATA_BLOB stub;
uint32_t total_length, chunk_size;
struct dcesrv_connection_context *context = call->context;
+ size_t sig_size = 0;
/* call the reply function */
status = context->iface->reply(call, call, call->r);
@@ -948,7 +949,15 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
/* we can write a full max_recv_frag size, minus the dcerpc
request header size */
- chunk_size = call->conn->cli_max_recv_frag - (DCERPC_MAX_SIGN_SIZE+DCERPC_REQUEST_LENGTH);
+ chunk_size = call->conn->cli_max_recv_frag;
+ chunk_size -= DCERPC_REQUEST_LENGTH;
+ if (call->conn->auth_state.gensec_security) {
+ chunk_size -= DCERPC_AUTH_TRAILER_LENGTH;
+ sig_size = gensec_sig_size(call->conn->auth_state.gensec_security,
+ call->conn->cli_max_recv_frag);
+ chunk_size -= sig_size;
+ chunk_size -= (chunk_size % 16);
+ }
do {
uint32_t length;
@@ -978,7 +987,7 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call)
pkt.u.response.stub_and_verifier.data = stub.data;
pkt.u.response.stub_and_verifier.length = length;
- if (!dcesrv_auth_response(call, &rep->blob, &pkt)) {
+ if (!dcesrv_auth_response(call, &rep->blob, sig_size, &pkt)) {
return dcesrv_fault(call, DCERPC_FAULT_OTHER);
}
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 64f42eea25..0aad3775d0 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -398,7 +398,8 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
push a signed or sealed dcerpc request packet into a blob
*/
bool dcesrv_auth_response(struct dcesrv_call_state *call,
- DATA_BLOB *blob, struct ncacn_packet *pkt)
+ DATA_BLOB *blob, size_t sig_size,
+ struct ncacn_packet *pkt)
{
struct dcesrv_connection *dce_conn = call->conn;
NTSTATUS status;
@@ -445,9 +446,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
* GENSEC mech does AEAD signing of the packet
* headers */
dce_conn->auth_state.auth_info->credentials
- = data_blob_talloc(call, NULL,
- gensec_sig_size(dce_conn->auth_state.gensec_security,
- payload_length));
+ = data_blob_talloc(call, NULL, sig_size);
data_blob_clear(&dce_conn->auth_state.auth_info->credentials);
}