Fix two bugs that were stopping net rpc vampire from working over secure

channel:

  - If the domain name passed to create_rpc_bind_req() is empty, use
    lp_workgroup()

  - Correctly set the auth_padding field when the send_size is a multiple
    of 8 bytes

I've tested with nt4sp6 and win2ksp0 and it seems to work, although
there are no password hashes transferred from win2k.  The empty
passwords are being protected by the secure channel encryption though.
(This used to be commit a8c11e855611c91e94787387c62ac629232cacfa)

1 files changed, 10 insertions, 2 deletions

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 4f465d7453..08cf8b1ef3 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -697,6 +697,12 @@ static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, BOOL do_netse
 
 		init_rpc_hdr_auth(&hdr_auth, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL,
 				  0x00, 1);
+
+		/* Use lp_workgroup() if domain not specified */
+
+		if (!domain || !domain[0])
+			domain = lp_workgroup();
+
 		init_rpc_auth_netsec_neg(&netsec_neg, domain, my_name);
 
 		/*
@@ -1014,8 +1020,10 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
 		 * be stored in the auth header.
 		 */
 
-		if (auth_schannel)
-			auth_padding = 8 - (send_size & 7);
+		if (auth_schannel) {
+			if (send_size % 8)
+				auth_padding = 8 - (send_size % 8);
+		}
 
 		data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + send_size +
 			((auth_verify|auth_schannel) ? RPC_HDR_AUTH_LEN : 0) +