From 746d3c8ff9ce9b1ff55fa7953d29802714866c72 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 6 Aug 2008 22:28:04 +0200 Subject: rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN you need "dcesrv:header signing=yes" to enable it. metze (This used to be commit bde2496e6b7034c99243b22434a97aebeb8f75b9) --- source4/rpc_server/dcesrv_auth.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/rpc_server/dcesrv_auth.c') diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 1d89441170..64f42eea25 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -124,6 +124,11 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe return status; } + if (dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNING) { + gensec_want_feature(dce_conn->auth_state.gensec_security, + GENSEC_FEATURE_SIGN_PKT_HEADER); + } + /* Now that we are authenticated, go back to the generic session key... */ dce_conn->auth_state.session_key = dcesrv_generic_session_key; return NT_STATUS_OK; -- cgit From 97f59cb1902eec0fba610da6c13d7089ea7d7576 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 11 Aug 2008 18:12:54 +0200 Subject: rpc_server: correct the chunk_size depending on the signature size metze (This used to be commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e) --- source4/rpc_server/dcesrv_auth.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source4/rpc_server/dcesrv_auth.c') diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 64f42eea25..0aad3775d0 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -398,7 +398,8 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) push a signed or sealed dcerpc request packet into a blob */ bool dcesrv_auth_response(struct dcesrv_call_state *call, - DATA_BLOB *blob, struct ncacn_packet *pkt) + DATA_BLOB *blob, size_t sig_size, + struct ncacn_packet *pkt) { struct dcesrv_connection *dce_conn = call->conn; NTSTATUS status; @@ -445,9 +446,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call, * GENSEC mech does AEAD signing of the packet * headers */ dce_conn->auth_state.auth_info->credentials - = data_blob_talloc(call, NULL, - gensec_sig_size(dce_conn->auth_state.gensec_security, - payload_length)); + = data_blob_talloc(call, NULL, sig_size); data_blob_clear(&dce_conn->auth_state.auth_info->credentials); } -- cgit