summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-02-16 20:21:29 +1100
committerAndrew Tridgell <tridge@samba.org>2010-02-16 21:10:52 +1100
commit1e13d3fb076fca596f8c480134c6b6f877824360 (patch)
tree9d83fa8ff80f1dc42d22ec42e2af2bbeff6c9570
parent018fb2d1ae4f1fa2b85afdc8c90dd7ebb8c3fa47 (diff)
downloadsamba-1e13d3fb076fca596f8c480134c6b6f877824360.tar.gz
samba-1e13d3fb076fca596f8c480134c6b6f877824360.tar.bz2
samba-1e13d3fb076fca596f8c480134c6b6f877824360.zip
s4-dcerpc: fixed auth padding to be relative to the stub, not packet
The recent dcerpc padding changes made our padding relative to the packet header, instead of the start of the stub. Surprisingly, this broke w2k8r2 doing a dcpromo join to a s4 server. It seems that w2k8r2 is very fussy about the padding it gets in some circumstances.
-rw-r--r--source4/librpc/rpc/dcerpc.c12
-rw-r--r--source4/rpc_server/dcesrv_auth.c15
2 files changed, 17 insertions, 10 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index ccafe070ab..63ff36768b 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -318,7 +318,6 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
size_t payload_length;
enum ndr_err_code ndr_err;
size_t hdr_size = DCERPC_REQUEST_LENGTH;
- uint32_t offset;
/* non-signed packets are simpler */
if (sig_size == 0) {
@@ -365,13 +364,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
}
/* pad to 16 byte multiple in the payload portion of the
- packet. This matches what w2k3 does */
- offset = ndr->offset;
- ndr_err = ndr_push_align(ndr, 16);
+ packet. This matches what w2k3 does. Note that we can't use
+ ndr_push_align() as that is relative to the start of the
+ whole packet, whereas w2k8 wants it relative to the start
+ of the stub */
+ c->security_state.auth_info->auth_pad_length =
+ (16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
+ ndr_err = ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
- c->security_state.auth_info->auth_pad_length = ndr->offset - offset;
payload_length = pkt->u.request.stub_and_verifier.length +
c->security_state.auth_info->auth_pad_length;
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index e74b2ef167..59d8be3e24 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -378,7 +378,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
NTSTATUS status;
enum ndr_err_code ndr_err;
struct ndr_push *ndr;
- uint32_t payload_length, offset;
+ uint32_t payload_length;
DATA_BLOB creds2;
/* non-signed packets are simple */
@@ -422,13 +422,17 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
return false;
}
- /* pad to 16 byte multiple, match win2k3 */
- offset = ndr->offset;
- ndr_err = ndr_push_align(ndr, 16);
+ /* pad to 16 byte multiple in the payload portion of the
+ packet. This matches what w2k3 does. Note that we can't use
+ ndr_push_align() as that is relative to the start of the
+ whole packet, whereas w2k8 wants it relative to the start
+ of the stub */
+ dce_conn->auth_state.auth_info->auth_pad_length =
+ (16 - (pkt->u.response.stub_and_verifier.length & 15)) & 15;
+ ndr_err = ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return false;
}
- dce_conn->auth_state.auth_info->auth_pad_length = ndr->offset - offset;
payload_length = pkt->u.response.stub_and_verifier.length +
dce_conn->auth_state.auth_info->auth_pad_length;
@@ -497,6 +501,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
if (!data_blob_append(call, blob, creds2.data, creds2.length)) {
status = NT_STATUS_NO_MEMORY;
+ return false;
}
data_blob_free(&creds2);