From 5edbeca14108a9b2c3badafce0b0b3447a8280f6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 11 Sep 2005 11:19:02 +0000
Subject: r10153: This patch adds a new parameter to gensec_sig_size(), the
 size of the data to be signed/sealed.  We can use this to split the data from
 the signature portion of the resultant wrapped packet.

This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).

This fixes one of the krb5 issues in my list.

Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
---
 source4/librpc/rpc/dcerpc.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'source4/librpc')

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 3d0176845b..352972b0b7 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -369,6 +369,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 	NTSTATUS status;
 	struct ndr_push *ndr;
 	DATA_BLOB creds2;
+	size_t payload_length;
 
 	/* non-signed packets are simpler */
 	if (!c->security_state.auth_info || 
@@ -400,12 +401,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		(16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
 	ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
 
+	payload_length = pkt->u.request.stub_and_verifier.length + 
+		c->security_state.auth_info->auth_pad_length;
+
 	/* sign or seal the packet */
 	switch (c->security_state.auth_info->auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		c->security_state.auth_info->credentials
-			= data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state));
+			= data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c->security_state.generic_state, 
+									  payload_length));
 		data_blob_clear(&c->security_state.auth_info->credentials);
 		break;
 
@@ -447,8 +452,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		status = gensec_seal_packet(c->security_state.generic_state, 
 					    mem_ctx, 
 					    blob->data + DCERPC_REQUEST_LENGTH, 
-					    pkt->u.request.stub_and_verifier.length + 
-					    c->security_state.auth_info->auth_pad_length,
+					    payload_length,
 					    blob->data,
 					    blob->length - 
 					    c->security_state.auth_info->credentials.length,
@@ -463,8 +467,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 		status = gensec_sign_packet(c->security_state.generic_state, 
 					    mem_ctx, 
 					    blob->data + DCERPC_REQUEST_LENGTH, 
-					    pkt->u.request.stub_and_verifier.length + 
-					    c->security_state.auth_info->auth_pad_length,
+					    payload_length, 
 					    blob->data,
 					    blob->length - 
 					    c->security_state.auth_info->credentials.length,
-- 
cgit