diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-09-11 11:19:02 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:38:04 -0500 |
| commit | 5edbeca14108a9b2c3badafce0b0b3447a8280f6 (patch) | |
| tree | 55129f66d1eff5ab537fea11c0be494be6f08230 /source4/librpc | |
| parent | cfdcc32f8480e538246ca1771e58e9a4835f22b6 (diff) | |
| download | samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.tar.gz samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.tar.bz2 samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.zip | |
r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
Diffstat (limited to 'source4/librpc')
| -rw-r--r-- | source4/librpc/rpc/dcerpc.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 3d0176845b..352972b0b7 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -369,6 +369,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, NTSTATUS status; struct ndr_push *ndr; DATA_BLOB creds2; + size_t payload_length; /* non-signed packets are simpler */ if (!c->security_state.auth_info || @@ -400,12 +401,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, (16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15; ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length); + payload_length = pkt->u.request.stub_and_verifier.length + + c->security_state.auth_info->auth_pad_length; + /* sign or seal the packet */ switch (c->security_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: case DCERPC_AUTH_LEVEL_INTEGRITY: c->security_state.auth_info->credentials - = data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state)); + = data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state, + payload_length)); data_blob_clear(&c->security_state.auth_info->credentials); break; @@ -447,8 +452,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, status = gensec_seal_packet(c->security_state.generic_state, mem_ctx, blob->data + DCERPC_REQUEST_LENGTH, - pkt->u.request.stub_and_verifier.length + - c->security_state.auth_info->auth_pad_length, + payload_length, blob->data, blob->length - c->security_state.auth_info->credentials.length, @@ -463,8 +467,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, status = gensec_sign_packet(c->security_state.generic_state, mem_ctx, blob->data + DCERPC_REQUEST_LENGTH, - pkt->u.request.stub_and_verifier.length + - c->security_state.auth_info->auth_pad_length, + payload_length, blob->data, blob->length - c->security_state.auth_info->credentials.length, |