-
- /* check signature or unseal the packet */
- switch (dce_conn->auth_state.auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
- full_packet->data + hdr_size,
- pkt->u.request.stub_and_verifier.length,
- full_packet->data,
- full_packet->length-
- call->in_auth_info.credentials.length,
- &call->in_auth_info.credentials);
- memcpy(pkt->u.request.stub_and_verifier.data,
- full_packet->data + hdr_size,
- pkt->u.request.stub_and_verifier.length);
- break;
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PACKET:
- status = gensec_check_packet(dce_conn->auth_state.gensec_security,
- pkt->u.request.stub_and_verifier.data,
- pkt->u.request.stub_and_verifier.length,
- full_packet->data,
- full_packet->length-
- call->in_auth_info.credentials.length,
- &call->in_auth_info.credentials);
- break;
-
- case DCERPC_AUTH_LEVEL_CONNECT:
- /* for now we ignore possible signatures here */
- status = NT_STATUS_OK;
- break;
-
- default:
- status = NT_STATUS_INVALID_LEVEL;
- break;
- }
-
- /*
- * remove the indicated amount of padding
- * overflow is checked about!
- */
- pkt->u.request.stub_and_verifier.length -= call->in_auth_info.auth_pad_length;
-