From 5edbeca14108a9b2c3badafce0b0b3447a8280f6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 11 Sep 2005 11:19:02 +0000 Subject: r10153: This patch adds a new parameter to gensec_sig_size(), the size of the data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104) --- source4/rpc_server/dcesrv_auth.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index c8feec11bd..a2ba709f56 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -394,8 +394,8 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, return False; } - /* pad to 8 byte multiple */ - dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 8); + /* pad to 16 byte multiple, match win2k3 */ + dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 16); ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length); payload_length = ndr->offset - DCERPC_REQUEST_LENGTH; @@ -409,7 +409,8 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, } else { dce_conn->auth_state.auth_info->credentials = data_blob_talloc(call, NULL, - gensec_sig_size(dce_conn->auth_state.gensec_security)); + gensec_sig_size(dce_conn->auth_state.gensec_security, + payload_length)); } /* add the auth verifier */ -- cgit