From 8dbe9d785bd3b3d7bdca1e9854dc0516047d5e5a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 19 Jun 2015 01:07:49 +0200
Subject: [PATCH] s3:libads/sasl: use gensec_max_{input,wrapped}_size() in
 ads_sasl_spnego_ntlmssp_bind

gensec_sig_size() is for gensec_{sign,seal}_packet() instead of gensec_wrap().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source3/libads/sasl.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index db7335ec81e..720ee7852fe 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -250,11 +250,12 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
 	} while (rc == LDAP_SASL_BIND_IN_PROGRESS && !NT_STATUS_IS_OK(nt_status));
 	
 	if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
-		uint32_t sig_size = gensec_sig_size(auth_generic_state->gensec_security, 0);
-		ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - sig_size;
-		ads->ldap.out.sig_size = sig_size;
+		size_t max_wrapped = gensec_max_wrapped_size(auth_generic_state->gensec_security);
+		ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security);
+
+		ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped;
 		ads->ldap.in.min_wrapped = ads->ldap.out.sig_size;
-		ads->ldap.in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED;
+		ads->ldap.in.max_wrapped = max_wrapped;
 		status = ads_setup_sasl_wrapping(ads, &ads_sasl_ntlmssp_ops, auth_generic_state->gensec_security);
 		if (!ADS_ERR_OK(status)) {
 			DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n",
-- 
2.11.4.GIT