From 984438ca1522bfc2d882b2e3e7e8db187577e05a Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Thu, 29 Jul 2010 16:34:39 -0400
Subject: s3-dcerpc: add sign/seal support when using SPNEGO/KRB5

---
 source3/rpc_client/cli_pipe.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_client')

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 6dc2cd69af..e41966f6fb 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1305,6 +1305,10 @@ static NTSTATUS calculate_data_len_tosend(struct rpc_pipe_client *cli,
 {
 	uint32_t data_space, data_len;
 	size_t max_len;
+	struct gse_context *gse_ctx;
+	enum dcerpc_AuthType auth_type;
+	void *auth_ctx;
+	NTSTATUS status;
 
 	switch (cli->auth->auth_level) {
 	case DCERPC_AUTH_LEVEL_NONE:
@@ -1332,11 +1336,26 @@ static NTSTATUS calculate_data_len_tosend(struct rpc_pipe_client *cli,
 				*p_auth_len = NTLMSSP_SIG_SIZE;
 				break;
 			case PIPE_AUTH_TYPE_SPNEGO_KRB5:
-				*p_auth_len = 0; /* TODO */
+				status = spnego_get_negotiated_mech(
+						cli->auth->a_u.spnego_state,
+						&auth_type, &auth_ctx);
+				if (!NT_STATUS_IS_OK(status)) {
+					return status;
+				}
+				gse_ctx = talloc_get_type(auth_ctx,
+							  struct gse_context);
+				if (!gse_ctx) {
+					return NT_STATUS_INVALID_PARAMETER;
+				}
+				*p_auth_len = gse_get_signature_length(gse_ctx,
+						(cli->auth->auth_level ==
+						  DCERPC_AUTH_LEVEL_PRIVACY),
+						max_len);
 				break;
 			default:
 				return NT_STATUS_INVALID_PARAMETER;
 			}
+			break;
 		case DCERPC_AUTH_TYPE_NTLMSSP:
 			*p_auth_len = NTLMSSP_SIG_SIZE;
 			break;
-- 
cgit