1 files changed, 12 insertions, 2 deletions

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 16bf4eb7ed..bef7e4be78 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -95,6 +95,10 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 		return false;
 	}
 
+	if (call->conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNING) {
+		gensec_want_feature(auth->gensec_security, GENSEC_FEATURE_SIGN_PKT_HEADER);
+	}
+
 	return true;
 }
 
@@ -287,6 +291,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 	struct ndr_pull *ndr;
 	NTSTATUS status;
 	enum ndr_err_code ndr_err;
+	size_t hdr_size = DCERPC_REQUEST_LENGTH;
 
 	if (!dce_conn->auth_state.auth_info ||
 	    !dce_conn->auth_state.gensec_security) {
@@ -335,6 +340,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+		hdr_size += 16;
+	}
+
 	ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		talloc_free(ndr);
@@ -346,13 +356,13 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
 					      call,
-					      full_packet->data + DCERPC_REQUEST_LENGTH,
+					      full_packet->data + hdr_size,
 					      pkt->u.request.stub_and_verifier.length, 
 					      full_packet->data,
 					      full_packet->length-auth.credentials.length,
 					      &auth.credentials);
 		memcpy(pkt->u.request.stub_and_verifier.data, 
-		       full_packet->data + DCERPC_REQUEST_LENGTH,
+		       full_packet->data + hdr_size,
 		       pkt->u.request.stub_and_verifier.length);
 		break;