r10153: This patch adds a new parameter to gensec_sig_size(), the size of the

data to be signed/sealed.  We can use this to split the data from the
signature portion of the resultant wrapped packet.

This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).

This fixes one of the krb5 issues in my list.

Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)

14 files changed, 224 insertions, 48 deletions

diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 87c60da84f..f0256b9668 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -559,7 +559,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security,
 	return gensec_security->ops->sign_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
 }
 
-size_t gensec_sig_size(struct gensec_security *gensec_security) 
+size_t gensec_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
 	if (!gensec_security->ops->sig_size) {
 		return 0;
@@ -568,7 +568,7 @@ size_t gensec_sig_size(struct gensec_security *gensec_security)
 		return 0;
 	}
 	
-	return gensec_security->ops->sig_size(gensec_security);
+	return gensec_security->ops->sig_size(gensec_security, data_size);
 }
 
 NTSTATUS gensec_wrap(struct gensec_security *gensec_security, 
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index f55e5354ad..4ff09d2066 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -73,7 +73,7 @@ struct gensec_security_ops {
 				const uint8_t *data, size_t length, 
 				const uint8_t *whole_pdu, size_t pdu_length, 
 				DATA_BLOB *sig);
-	size_t   (*sig_size)(struct gensec_security *gensec_security);
+	size_t   (*sig_size)(struct gensec_security *gensec_security, size_t data_size);
 	NTSTATUS (*check_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx, 
 				 const uint8_t *data, size_t length, 
 				 const uint8_t *whole_pdu, size_t pdu_length, 
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index c3f7c52085..69f219fe07 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -480,10 +480,38 @@ static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security,
 	return NT_STATUS_OK;
 }
 
-static size_t gensec_gssapi_sig_size(struct gensec_security *gensec_security) 
+static size_t gensec_gssapi_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
-	/* not const but work for DCERPC packets and arcfour */
-	return 45;
+	struct gensec_gssapi_state *gensec_gssapi_state = gensec_security->private_data;
+	OM_uint32 maj_stat, min_stat;
+	OM_uint32 output_size;
+	if ((gensec_gssapi_state->gss_oid->length != gss_mech_krb5->length)
+	    || (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, 
+		       gensec_gssapi_state->gss_oid->length) != 0)) {
+		DEBUG(1, ("NO sig size available for this mech\n"));
+		return 0;
+	}
+		
+	maj_stat = gsskrb5_wrap_size(&min_stat, 
+				     gensec_gssapi_state->gssapi_context,
+				     gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL),
+				     GSS_C_QOP_DEFAULT,
+				     data_size, 
+				     &output_size);
+	if (GSS_ERROR(maj_stat)) {
+		TALLOC_CTX *mem_ctx = talloc_new(NULL); 
+		DEBUG(1, ("gensec_gssapi_seal_packet: determinaing signature size with gss_wrap_size_limit failed: %s\n", 
+			  gssapi_error_string(mem_ctx, maj_stat, min_stat)));
+		talloc_free(mem_ctx);
+		return 0;
+	}
+
+	if (output_size < data_size) {
+		return 0;
+	}
+
+	/* The difference between the max output and the max input must be the signature */
+	return output_size - data_size;
 }
 
 static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_security, 
@@ -496,7 +524,7 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit
 	OM_uint32 maj_stat, min_stat;
 	gss_buffer_desc input_token, output_token;
 	int conf_state;
-	ssize_t sig_length = 0;
+	ssize_t sig_length;
 
 	input_token.length = length;
 	input_token.value = data;
@@ -514,12 +542,15 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (output_token.length < length) {
+	sig_length = gensec_gssapi_sig_size(gensec_security, length);
+
+	/* Caller must pad to right boundary */
+	if (output_token.length != (length + sig_length)) {
+		DEBUG(1, ("gensec_gssapi_seal_packet: GSS Wrap length [%d] does not match caller length [%d] plus sig size [%d] = [%d]\n", 
+			  output_token.length, length, sig_length, length + sig_length));
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
-	sig_length = 45;
-
 	memcpy(data, ((uint8_t *)output_token.value) + sig_length, length);
 	*sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value, sig_length);
 
@@ -618,9 +649,15 @@ static NTSTATUS gensec_gssapi_sign_packet(struct gensec_security *gensec_securit
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
-	sig_length = 45;
+	sig_length = gensec_gssapi_sig_size(gensec_security, length);
+
+	/* Caller must pad to right boundary */
+	if (output_token.length != (length + sig_length)) {
+		DEBUG(1, ("gensec_gssapi_sign_packet: GSS Wrap length [%d] does not match caller length [%d] plus sig size [%d] = [%d]\n", 
+			  output_token.length, length, sig_length, length + sig_length));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
 
-	/*memcpy(data, ((uint8_t *)output_token.value) + sig_length, length);*/
 	*sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value, sig_length);
 
 	dump_data_pw("gensec_gssapi_seal_packet: sig\n", sig->data, sig->length);
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index fc961d8eaa..a4561ee996 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -26,7 +26,7 @@
 #include "auth/auth.h"
 #include "auth/gensec/schannel.h"
 
-static size_t schannel_sig_size(struct gensec_security *gensec_security)
+static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t data_size)
 {
 	return 32;
 }
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 3efbf65a3d..133530833b 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -198,7 +198,7 @@ static NTSTATUS gensec_spnego_unwrap(struct gensec_security *gensec_security,
 			     mem_ctx, in, out);
 }
 
-static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security) 
+static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
 	struct spnego_state *spnego_state = gensec_security->private_data;
 
@@ -207,7 +207,7 @@ static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security)
 		return 0;
 	}
 	
-	return gensec_sig_size(spnego_state->sub_sec_security);
+	return gensec_sig_size(spnego_state->sub_sec_security, data_size);
 }
 
 static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_security, 
diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c
index 8f6c94463c..41075cd25b 100644
--- a/source4/auth/ntlmssp/ntlmssp_sign.c
+++ b/source4/auth/ntlmssp/ntlmssp_sign.c
@@ -431,7 +431,7 @@ NTSTATUS ntlmssp_sign_init(struct gensec_ntlmssp_state *gensec_ntlmssp_state)
 	return NT_STATUS_OK;
 }
 
-size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security) 
+size_t gensec_ntlmssp_sig_size(struct gensec_security *gensec_security, size_t data_size) 
 {
 	return NTLMSSP_SIG_SIZE;
 }
diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c
index 5edcee08ec..52bb2ecf1b 100644
--- a/source4/heimdal/lib/gssapi/arcfour.c
+++ b/source4/heimdal/lib/gssapi/arcfour.c
@@ -326,6 +326,37 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
 }
 
 OM_uint32
+_gssapi_wrap_size_arcfour(OM_uint32 * minor_status,
+			  const gss_ctx_id_t context_handle,
+			  int conf_req_flag,
+			  gss_qop_t qop_req,
+			  OM_uint32 req_input_size,
+			  OM_uint32 * output_size,
+			  OM_uint32 * padlen,
+			  krb5_keyblock *key)
+{
+    size_t len, total_len, datalen;
+    *padlen = 0;
+    datalen = req_input_size;
+    len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
+    /* if GSS_C_DCE_STYLE is in use:
+     *  - we only need to encapsulate the WRAP token
+     *  - we should not add padding
+     */
+    if (!(context_handle->flags & GSS_C_DCE_STYLE)) {
+    	datalen += 1 /* padding */;
+    	len += datalen;
+    }
+    _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
+    if (context_handle->flags & GSS_C_DCE_STYLE) {
+    	total_len += datalen;
+    }
+
+    *output_size = total_len;
+    return GSS_S_COMPLETE;
+}
+	
+OM_uint32
 _gssapi_wrap_arcfour(OM_uint32 * minor_status,
 		     const gss_ctx_id_t context_handle,
 		     int conf_req_flag,
diff --git a/source4/heimdal/lib/gssapi/arcfour.h b/source4/heimdal/lib/gssapi/arcfour.h
index 5acfcad29d..0406b64b09 100644
--- a/source4/heimdal/lib/gssapi/arcfour.h
+++ b/source4/heimdal/lib/gssapi/arcfour.h
@@ -70,5 +70,14 @@ OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status,
 				     gss_qop_t *qop_state,
 				     krb5_keyblock *key,
 				     char *type);
+OM_uint32
+_gssapi_wrap_size_arcfour(OM_uint32 * minor_status,
+			  const gss_ctx_id_t context_handle,
+			  int conf_req_flag,
+			  gss_qop_t qop_req,
+			  OM_uint32 req_input_size,
+			  OM_uint32 * output_size,
+			  OM_uint32 * padlen,
+			  krb5_keyblock *key);
 
 #endif /* GSSAPI_ARCFOUR_H_ */
diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c
index 75b6a8bcfa..1cc510d6fc 100755
--- a/source4/heimdal/lib/gssapi/cfx.c
+++ b/source4/heimdal/lib/gssapi/cfx.c
@@ -48,7 +48,8 @@ wrap_length_cfx(krb5_crypto crypto,
 		size_t input_length,
 		size_t *output_length,
 		size_t *cksumsize,
-		u_int16_t *padlength)
+		u_int16_t *padlength, 
+	        size_t *padsize)
 {
     krb5_error_code ret;
     krb5_cksumtype type;
@@ -68,18 +69,17 @@ wrap_length_cfx(krb5_crypto crypto,
     }
 
     if (conf_req_flag) {
-	size_t padsize;
 
 	/* Header is concatenated with data before encryption */
 	input_length += sizeof(gss_cfx_wrap_token_desc);
 
-	ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, &padsize);
+	ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, padsize);
 	if (ret) {
 	    return ret;
 	}
 	if (padsize > 1) {
 	    /* XXX check this */
-	    *padlength = padsize - (input_length % padsize);
+	    *padlength = *padsize - (input_length % *padsize);
 	}
 
 	/* We add the pad ourselves (noted here for completeness only) */
@@ -90,6 +90,7 @@ wrap_length_cfx(krb5_crypto crypto,
     } else {
 	/* Checksum is concatenated with data */
 	*output_length += input_length + *cksumsize;
+	*padsize = 0;
     }
 
     assert(*output_length > input_length);
@@ -101,13 +102,15 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
 				const gss_ctx_id_t context_handle,
 				int conf_req_flag,
 				gss_qop_t qop_req,
-				OM_uint32 req_output_size,
-				OM_uint32 *max_input_size,
+				OM_uint32 req_input_size,
+				OM_uint32 *output_len,
+				OM_uint32 *padsize,
 				krb5_keyblock *key)
 {
     krb5_error_code ret;
     krb5_crypto crypto;
-    u_int16_t padlength;
+    u_int16_t pad_length;
+    size_t pad_size;
     size_t output_length, cksumsize;
 
     ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
@@ -118,8 +121,8 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
     }
 
     ret = wrap_length_cfx(crypto, conf_req_flag, 
-			  req_output_size,
-			  &output_length, &cksumsize, &padlength);
+			  req_input_size,
+			  &output_length, &cksumsize, &pad_length, &pad_size);
     if (ret != 0) {
 	gssapi_krb5_set_error_string();
 	*minor_status = ret;
@@ -127,13 +130,8 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
 	return GSS_S_FAILURE;
     }
 
-    if (output_length < req_output_size) {
-	*max_input_size = (req_output_size - output_length);
-	*max_input_size -= padlength;
-    } else {
-	/* Should this return an error? */
-	*max_input_size = 0;
-    }
+    *output_len = output_length;
+    *padsize = pad_size;
 
     krb5_crypto_destroy(gssapi_krb5_context, crypto);
 
@@ -201,7 +199,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
     krb5_data cipher;
     size_t wrapped_len, cksumsize;
     u_int16_t padlength, rrc = 0;
-    OM_uint32 seq_number;
+    OM_uint32 seq_number, padsize;
     u_char *p;
 
     ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
@@ -213,7 +211,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
 
     ret = wrap_length_cfx(crypto, conf_req_flag, 
 			  input_message_buffer->length,
-			  &wrapped_len, &cksumsize, &padlength);
+			  &wrapped_len, &cksumsize, &padlength, &padsize);
     if (ret != 0) {
 	gssapi_krb5_set_error_string();
 	*minor_status = ret;
diff --git a/source4/heimdal/lib/gssapi/cfx.h b/source4/heimdal/lib/gssapi/cfx.h
index a587cb9d97..d9bdd9da19 100755
--- a/source4/heimdal/lib/gssapi/cfx.h
+++ b/source4/heimdal/lib/gssapi/cfx.h
@@ -66,8 +66,9 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status,
 				const gss_ctx_id_t context_handle,
 				int conf_req_flag,
 				gss_qop_t qop_req,
-				OM_uint32 req_output_size,
-				OM_uint32 *max_input_size,
+				OM_uint32 req_input_size,
+				OM_uint32 *output_len,
+				OM_uint32 *padlen,
 				krb5_keyblock *key);
 
 OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status,
diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h
index 4ee988b020..4bf6780daa 100644
--- a/source4/heimdal/lib/gssapi/gssapi.h
+++ b/source4/heimdal/lib/gssapi/gssapi.h
@@ -628,6 +628,15 @@ OM_uint32 gss_inquire_context (
             int * /*open_context*/
            );
 
+OM_uint32 gsskrb5_wrap_size (
+            OM_uint32 * /*minor_status*/,
+            const gss_ctx_id_t /*context_handle*/,
+            int /*conf_req_flag*/,
+            gss_qop_t /*qop_req*/,
+            OM_uint32 /*req_input_size*/,
+            OM_uint32 * /*output_size*/
+	);
+
 OM_uint32 gss_wrap_size_limit (
             OM_uint32 * /*minor_status*/,
             const gss_ctx_id_t /*context_handle*/,
diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c
index bdb09e633b..50249d2d7f 100644
--- a/source4/heimdal/lib/gssapi/wrap.c
+++ b/source4/heimdal/lib/gssapi/wrap.c
@@ -120,7 +120,7 @@ gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
 }
 
 static OM_uint32
-sub_wrap_size (
+sub_wrap_size_limit (
             OM_uint32 req_output_size,
             OM_uint32 * max_input_size,
 	    int blocksize,
@@ -156,6 +156,8 @@ gss_wrap_size_limit (
   krb5_keyblock *key;
   OM_uint32 ret;
   krb5_keytype keytype;
+  OM_uint32 output_size;
+  OM_uint32 blocksize;
 
   ret = gss_krb5_get_subkey(context_handle, &key);
   if (ret) {
@@ -167,17 +169,102 @@ gss_wrap_size_limit (
 
   switch (keytype) {
   case KEYTYPE_DES :
+      ret = sub_wrap_size_limit(req_output_size, max_input_size, 8, 22);
+      break;
+  case KEYTYPE_DES3 :
+      ret = sub_wrap_size_limit(req_output_size, max_input_size, 8, 34);
+      break;
   case KEYTYPE_ARCFOUR:
   case KEYTYPE_ARCFOUR_56:
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
+      ret = _gssapi_wrap_size_arcfour(minor_status, context_handle, 
+				      conf_req_flag, qop_req, 
+				      req_output_size, &output_size, 
+				      &blocksize, key);
+      
+      if (output_size > req_output_size) {
+	      *max_input_size = req_output_size - (output_size - req_output_size);
+	      (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
+      } else {
+	      *max_input_size = 0;
+      }
+      break;
+  default :
+      ret = _gssapi_wrap_size_cfx(minor_status, context_handle, 
+				  conf_req_flag, qop_req, 
+				  req_output_size, &output_size, 
+				  &blocksize, key);
+      if (output_size > req_output_size) {
+	      *max_input_size = req_output_size - (output_size - req_output_size);
+	      (*max_input_size) &= (~(OM_uint32)(blocksize - 1));
+      } else {
+	      *max_input_size = 0;
+      }
+      break;
+  }
+  krb5_free_keyblock (gssapi_krb5_context, key);
+  *minor_status = 0;
+  return ret;
+}
+
+static OM_uint32
+sub_wrap_size (
+            OM_uint32 req_input_size,
+            OM_uint32 * output_size,
+	    int blocksize,
+	    int extrasize
+           )
+{
+    size_t len, total_len, padlength, datalen;
+
+    padlength = blocksize - (req_input_size % blocksize);
+    datalen = req_input_size + padlength + 8;
+    len = datalen + extrasize;
+    gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM);
+    
+    *output_size = total_len;
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+gsskrb5_wrap_size (
+            OM_uint32 * minor_status,
+            const gss_ctx_id_t context_handle,
+            int conf_req_flag,
+            gss_qop_t qop_req,
+            OM_uint32 req_input_size,
+            OM_uint32 * output_size
+           )
+{
+  krb5_keyblock *key;
+  OM_uint32 ret, padlen;
+  krb5_keytype keytype;
+
+  ret = gss_krb5_get_subkey(context_handle, &key);
+  if (ret) {
+      gssapi_krb5_set_error_string ();
+      *minor_status = ret;
+      return GSS_S_FAILURE;
+  }
+  krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
+
+  switch (keytype) {
+  case KEYTYPE_DES :
+      ret = sub_wrap_size(req_input_size, output_size, 8, 22);
       break;
   case KEYTYPE_DES3 :
-      ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
+      ret = sub_wrap_size(req_input_size, output_size, 8, 34);
+      break;
+  case KEYTYPE_ARCFOUR:
+  case KEYTYPE_ARCFOUR_56:
+      ret = _gssapi_wrap_size_arcfour(minor_status, context_handle, 
+				      conf_req_flag, qop_req, 
+				      req_input_size, output_size, &padlen, key);
       break;
   default :
       ret = _gssapi_wrap_size_cfx(minor_status, context_handle, 
 				  conf_req_flag, qop_req, 
-				  req_output_size, max_input_size, key);
+				  req_input_size, output_size, &padlen, key);
       break;
   }
   krb5_free_keyblock (gssapi_krb5_context, key);
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 3d0176845b..352972b0b7 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -369,6 +369,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 	NTSTATUS status;
 	struct ndr_push *ndr;
 	DATA_BLOB creds2;
+	size_t payload_length;
 
 	/* non-signed packets are simpler */
 	if (!c->security_state.auth_info || 
@@ -400,12 +401,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		(16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
 	ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
 
+	payload_length = pkt->u.request.stub_and_verifier.length + 
+		c->security_state.auth_info->auth_pad_length;
+
 	/* sign or seal the packet */
 	switch (c->security_state.auth_info->auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		c->security_state.auth_info->credentials
-			= data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state));
+			= data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state, 
+									  payload_length));
 		data_blob_clear(&c->security_state.auth_info->credentials);
 		break;
 
@@ -447,8 +452,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		status = gensec_seal_packet(c->security_state.generic_state, 
 					    mem_ctx, 
 					    blob->data + DCERPC_REQUEST_LENGTH, 
-					    pkt->u.request.stub_and_verifier.length + 
-					    c->security_state.auth_info->auth_pad_length,
+					    payload_length,
 					    blob->data,
 					    blob->length - 
 					    c->security_state.auth_info->credentials.length,
@@ -463,8 +467,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		status = gensec_sign_packet(c->security_state.generic_state, 
 					    mem_ctx, 
 					    blob->data + DCERPC_REQUEST_LENGTH, 
-					    pkt->u.request.stub_and_verifier.length + 
-					    c->security_state.auth_info->auth_pad_length,
+					    payload_length, 
 					    blob->data,
 					    blob->length - 
 					    c->security_state.auth_info->credentials.length,
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index c8feec11bd..a2ba709f56 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -394,8 +394,8 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
 		return False;
 	}
 
-	/* pad to 8 byte multiple */
-	dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 8);
+	/* pad to 16 byte multiple, match win2k3 */
+	dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 16);
 	ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length);
 
 	payload_length = ndr->offset - DCERPC_REQUEST_LENGTH;
@@ -409,7 +409,8 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call,
 	} else {
 		dce_conn->auth_state.auth_info->credentials
 			= data_blob_talloc(call, NULL, 
-					   gensec_sig_size(dce_conn->auth_state.gensec_security));
+					   gensec_sig_size(dce_conn->auth_state.gensec_security, 
+							   payload_length));
 	}
 
 	/* add the auth verifier */