s3-dcerpc: Move marshalling of dcerpc_auth_header in the callers

1 files changed, 50 insertions, 48 deletions

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 6de2e80b45..e725181807 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1588,38 +1588,16 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
 					uint32 ss_padding_len,
 					DATA_BLOB *rpc_out)
 {
-	DATA_BLOB auth_info;
+	uint16_t data_and_pad_len = rpc_out->length
+					- DCERPC_RESPONSE_LENGTH
+					- DCERPC_AUTH_TRAILER_LENGTH;
+	DATA_BLOB auth_blob;
 	NTSTATUS status;
-	DATA_BLOB auth_blob = data_blob_null;
-	uint16_t data_and_pad_len = rpc_out->length - DCERPC_RESPONSE_LENGTH;
 
 	if (!cli->auth->a_u.auth_ntlmssp_state) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* marshall the dcerpc_auth with an actually empty auth_blob.
-	 * this is needed because the ntmlssp signature includes the
-	 * auth header */
-	status = dcerpc_push_dcerpc_auth(rpc_out->data,
-					map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
-					cli->auth->auth_level,
-					ss_padding_len,
-					1 /* context id. */,
-					&auth_blob,
-					&auth_info);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	/* append the header */
-	if (!data_blob_append(NULL, rpc_out,
-				auth_info.data, auth_info.length)) {
-		DEBUG(0, ("Failed to add %u bytes auth blob.\n",
-			  (unsigned int)auth_info.length));
-		return NT_STATUS_NO_MEMORY;
-	}
-	data_blob_free(&auth_info);
-
 	switch (cli->auth->auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		/* Data portion is encrypted. */
@@ -1662,7 +1640,7 @@ static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli,
 	if (!data_blob_append(NULL, rpc_out,
 				auth_blob.data, auth_blob.length)) {
 		DEBUG(0, ("Failed to add %u bytes auth blob.\n",
-			  (unsigned int)auth_info.length));
+			  (unsigned int)auth_blob.length));
 		return NT_STATUS_NO_MEMORY;
 	}
 	data_blob_free(&auth_blob);
@@ -1678,12 +1656,12 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 					uint32 ss_padding_len,
 					DATA_BLOB *rpc_out)
 {
-	DATA_BLOB auth_info;
 	struct schannel_state *sas = cli->auth->a_u.schannel_auth;
 	uint8_t *data_p = rpc_out->data + DCERPC_RESPONSE_LENGTH;
 	size_t data_and_pad_len = rpc_out->length
-					- DCERPC_RESPONSE_LENGTH;
-	DATA_BLOB blob;
+					- DCERPC_RESPONSE_LENGTH
+					- DCERPC_AUTH_TRAILER_LENGTH;
+	DATA_BLOB auth_blob;
 	NTSTATUS status;
 
 	if (!sas) {
@@ -1700,7 +1678,7 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 						true,
 						data_p,
 						data_and_pad_len,
-						&blob);
+						&auth_blob);
 		break;
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		status = netsec_outgoing_packet(sas,
@@ -1708,7 +1686,7 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 						false,
 						data_p,
 						data_and_pad_len,
-						&blob);
+						&auth_blob);
 		break;
 	default:
 		status = NT_STATUS_INTERNAL_ERROR;
@@ -1722,27 +1700,15 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
+		dump_NL_AUTH_SIGNATURE(talloc_tos(), &auth_blob);
 	}
 
-	/* Finally marshall the blob. */
-	status = dcerpc_push_dcerpc_auth(rpc_out->data,
-		   map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
-					cli->auth->auth_level,
-					ss_padding_len,
-					1 /* context id. */,
-					&blob,
-					&auth_info);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-	data_blob_free(&blob);
-
+	/* Finally attach the blob. */
 	if (!data_blob_append(NULL, rpc_out,
-				auth_info.data, auth_info.length)) {
+				auth_blob.data, auth_blob.length)) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	data_blob_free(&auth_info);
+	data_blob_free(&auth_blob);
 
 	return NT_STATUS_OK;
 }
@@ -1915,6 +1881,8 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
 	char pad[8] = { 0, };
 	NTSTATUS status;
 	union dcerpc_payload u;
+	DATA_BLOB auth_info;
+	DATA_BLOB auth_blob = data_blob_null;
 
 	data_left = state->req_data->length - state->req_data_sent;
 
@@ -1967,6 +1935,40 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
 		}
 	}
 
+	switch (state->cli->auth->auth_type) {
+	case PIPE_AUTH_TYPE_NONE:
+		break;
+	case PIPE_AUTH_TYPE_NTLMSSP:
+	case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+	case PIPE_AUTH_TYPE_SCHANNEL:
+		/* marshall the dcerpc_auth with an actually empty auth_blob.
+		 * This is needed because the ntmlssp signature includes the
+		 * auth header */
+		status = dcerpc_push_dcerpc_auth(state->rpc_out.data,
+						 map_pipe_auth_type_to_rpc_auth_type(state->cli->auth->auth_type),
+						 state->cli->auth->auth_level,
+						 ss_padding,
+						 1 /* context id. */,
+						 &auth_blob,
+						 &auth_info);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		/* append the header */
+		if (!data_blob_append(NULL, &state->rpc_out,
+					auth_info.data, auth_info.length)) {
+			DEBUG(0, ("Failed to add %u bytes auth blob.\n",
+				  (unsigned int)auth_info.length));
+			return NT_STATUS_NO_MEMORY;
+		}
+		data_blob_free(&auth_info);
+		break;
+
+	default:
+		break;
+	}
+
 	/* Generate any auth sign/seal and add the auth footer. */
 	switch (state->cli->auth->auth_type) {
 	case PIPE_AUTH_TYPE_NONE: