summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-09-11 11:19:02 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:38:04 -0500
commit5edbeca14108a9b2c3badafce0b0b3447a8280f6 (patch)
tree55129f66d1eff5ab537fea11c0be494be6f08230 /source4/rpc_server
parentcfdcc32f8480e538246ca1771e58e9a4835f22b6 (diff)
downloadsamba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.tar.gz
samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.tar.bz2
samba-5edbeca14108a9b2c3badafce0b0b3447a8280f6.zip
r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/dcesrv_auth.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index c8feec11bd..a2ba709f56 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -394,8 +394,8 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
return False;
}
- /* pad to 8 byte multiple */
- dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 8);
+ /* pad to 16 byte multiple, match win2k3 */
+ dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 16);
ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length);
payload_length = ndr->offset - DCERPC_REQUEST_LENGTH;
@@ -409,7 +409,8 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
} else {
dce_conn->auth_state.auth_info->credentials
= data_blob_talloc(call, NULL,
- gensec_sig_size(dce_conn->auth_state.gensec_security));
+ gensec_sig_size(dce_conn->auth_state.gensec_security,
+ payload_length));
}
/* add the auth verifier */