summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-09-11 11:19:02 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:38:04 -0500
commit5edbeca14108a9b2c3badafce0b0b3447a8280f6 (patch)
tree55129f66d1eff5ab537fea11c0be494be6f08230 /source4/librpc
parentcfdcc32f8480e538246ca1771e58e9a4835f22b6 (diff)
downloadsamba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.tar.gz
samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.tar.bz2
samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.zip
r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/rpc/dcerpc.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 3d0176845b..352972b0b7 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -369,6 +369,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
NTSTATUS status;
struct ndr_push *ndr;
DATA_BLOB creds2;
+ size_t payload_length;
/* non-signed packets are simpler */
if (!c->security_state.auth_info ||
@@ -400,12 +401,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
(16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
+ payload_length = pkt->u.request.stub_and_verifier.length +
+ c->security_state.auth_info->auth_pad_length;
+
/* sign or seal the packet */
switch (c->security_state.auth_info->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
case DCERPC_AUTH_LEVEL_INTEGRITY:
c->security_state.auth_info->credentials
- = data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state));
+ = data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state,
+ payload_length));
data_blob_clear(&c->security_state.auth_info->credentials);
break;
@@ -447,8 +452,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
status = gensec_seal_packet(c->security_state.generic_state,
mem_ctx,
blob->data + DCERPC_REQUEST_LENGTH,
- pkt->u.request.stub_and_verifier.length +
- c->security_state.auth_info->auth_pad_length,
+ payload_length,
blob->data,
blob->length -
c->security_state.auth_info->credentials.length,
@@ -463,8 +467,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
status = gensec_sign_packet(c->security_state.generic_state,
mem_ctx,
blob->data + DCERPC_REQUEST_LENGTH,
- pkt->u.request.stub_and_verifier.length +
- c->security_state.auth_info->auth_pad_length,
+ payload_length,
blob->data,
blob->length -
c->security_state.auth_info->credentials.length,