s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind

gensec_sig_size() is for gensec_{sign,seal}_packet() instead of gensec_wrap().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index db7335ec81efda4da27e27c25fd64f8d45723d89..720ee7852feb8375d631d47d917d3a1f02d43460 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -250,11 +250,12 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
        } while (rc == LDAP_SASL_BIND_IN_PROGRESS && !NT_STATUS_IS_OK(nt_status));
        
        if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
-               uint32_t sig_size = gensec_sig_size(auth_generic_state->gensec_security, 0);
-               ads->ldap.out.max_unwrapped = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED - sig_size;
-               ads->ldap.out.sig_size = sig_size;
+               size_t max_wrapped = gensec_max_wrapped_size(auth_generic_state->gensec_security);
+               ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security);
+
+               ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped;
                ads->ldap.in.min_wrapped = ads->ldap.out.sig_size;
-               ads->ldap.in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED;
+               ads->ldap.in.max_wrapped = max_wrapped;
                status = ads_setup_sasl_wrapping(ads, &ads_sasl_ntlmssp_ops, auth_generic_state->gensec_security);
                if (!ADS_ERR_OK(status)) {
                        DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n",