r10153: This patch adds a new parameter to gensec_sig_size(), the size of the

data to be signed/sealed.  We can use this to split the data from the
signature portion of the resultant wrapped packet.

This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).

This fixes one of the krb5 issues in my list.

Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)

1 files changed, 31 insertions, 0 deletions

diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c
index 5edcee08ec..52bb2ecf1b 100644
--- a/source4/heimdal/lib/gssapi/arcfour.c
+++ b/source4/heimdal/lib/gssapi/arcfour.c
@@ -326,6 +326,37 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
 }
 
 OM_uint32
+_gssapi_wrap_size_arcfour(OM_uint32 * minor_status,
+			  const gss_ctx_id_t context_handle,
+			  int conf_req_flag,
+			  gss_qop_t qop_req,
+			  OM_uint32 req_input_size,
+			  OM_uint32 * output_size,
+			  OM_uint32 * padlen,
+			  krb5_keyblock *key)
+{
+    size_t len, total_len, datalen;
+    *padlen = 0;
+    datalen = req_input_size;
+    len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+    /* if GSS_C_DCE_STYLE is in use:
+     *  - we only need to encapsulate the WRAP token
+     *  - we should not add padding
+     */
+    if (!(context_handle->flags & GSS_C_DCE_STYLE)) {
+    	datalen += 1 /* padding */;
+    	len += datalen;
+    }
+    _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+    if (context_handle->flags & GSS_C_DCE_STYLE) {
+    	total_len += datalen;
+    }
+
+    *output_size = total_len;
+    return GSS_S_COMPLETE;
+}
+	
+OM_uint32
 _gssapi_wrap_arcfour(OM_uint32 * minor_status,
 		     const gss_ctx_id_t context_handle,
 		     int conf_req_flag,