r2294: this fixes the NTLM2 sign+seal combination. I have now tested:

NTLM sign NTLM sign+seal NTLM2 sign NTLM2 sign+seal and all of the above both with and without key exchange the NTLM2 seal case is ugly and involves an extra data copy, which some API changes in gensec or the ndr layer might avoid in future.
author: Andrew Tridgell <tridge@samba.org> 2004-09-12 06:38:00 +0000
committer: Andrew Tridgell <tridge@samba.org> 2004-09-12 06:38:00 +0000
commit: 69d38a9e83539bef936c435773882b5050fec796 (patch)
tree: 0abb7760c578da384e7c85b876df28ded719788f /source/librpc/rpc/dcerpc.c
parent: fbcf3b0db593718a951fabadb11aa950d11d93f9 (diff)
download: samba-69d38a9e83539bef936c435773882b5050fec796.tar.gz
samba-69d38a9e83539bef936c435773882b5050fec796.tar.xz
samba-69d38a9e83539bef936c435773882b5050fec796.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/source/librpc/rpc/dcerpc.c b/source/librpc/rpc/dcerpc.c
index c2f691aa09b..629edd16d42 100644
--- a/source/librpc/rpc/dcerpc.c
+++ b/source/librpc/rpc/dcerpc.c
@@ -214,11 +214,14 @@ static NTSTATUS dcerpc_pull_request_sign(struct dcerpc_pipe *p,
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		status = gensec_unseal_packet(p->security_state.generic_state, 
 					      mem_ctx, 
-					      pkt->u.response.stub_and_verifier.data, 
+					      blob->data + DCERPC_REQUEST_LENGTH,
 					      pkt->u.response.stub_and_verifier.length, 
 					      blob->data,
 					      blob->length - auth.credentials.length,
 					      &auth.credentials);
+		memcpy(pkt->u.response.stub_and_verifier.data,
+		       blob->data + DCERPC_REQUEST_LENGTH,
+		       pkt->u.response.stub_and_verifier.length);
 		break;
 		
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
@@ -327,8 +330,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		status = gensec_seal_packet(p->security_state.generic_state, 
 					    mem_ctx, 
-					    ndr->data + DCERPC_REQUEST_LENGTH, 
-					    ndr->offset - DCERPC_REQUEST_LENGTH,
+					    blob->data + DCERPC_REQUEST_LENGTH, 
+					    pkt->u.request.stub_and_verifier.length+p->security_state.auth_info->auth_pad_length,
 					    blob->data,
 					    blob->length - 
 					    p->security_state.auth_info->credentials.length,
@@ -339,8 +342,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		status = gensec_sign_packet(p->security_state.generic_state, 
 					    mem_ctx, 
-					    ndr->data + DCERPC_REQUEST_LENGTH, 
-					    ndr->offset - DCERPC_REQUEST_LENGTH,
+					    blob->data + DCERPC_REQUEST_LENGTH, 
+					    pkt->u.request.stub_and_verifier.length,
 					    blob->data,
 					    blob->length - 
 					    p->security_state.auth_info->credentials.length,
author	Andrew Tridgell <tridge@samba.org>	2004-09-12 06:38:00 +0000
committer	Andrew Tridgell <tridge@samba.org>	2004-09-12 06:38:00 +0000
commit	69d38a9e83539bef936c435773882b5050fec796 (patch)
tree	0abb7760c578da384e7c85b876df28ded719788f /source/librpc/rpc/dcerpc.c
parent	fbcf3b0db593718a951fabadb11aa950d11d93f9 (diff)
download	samba-69d38a9e83539bef936c435773882b5050fec796.tar.gz samba-69d38a9e83539bef936c435773882b5050fec796.tar.xz samba-69d38a9e83539bef936c435773882b5050fec796.zip