From 844b331d257b02c073cc0dc4a6e229e6b9645949 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 30 Sep 2008 05:01:19 +0200
Subject: s4:rpc_server: correctly handle dcerpc requests with object uuids

metze
---
 source4/rpc_server/dcerpc_server.c |  8 ++++----
 source4/rpc_server/dcesrv_auth.c   | 10 ++++++++--
 2 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'source4')

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index e5f59d0cf9..893055d3b1 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -870,10 +870,6 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
 	call->context	= context;
 	call->ndr_pull	= pull;
 
-	if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
-		pull->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
-	}
-
 	if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) {
 		pull->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
@@ -1112,6 +1108,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (CVAL(blob.data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+	}
+
 	ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, &call->pkt);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		talloc_free(dce_conn->partial_input.data);
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index 16bf4eb7ed..52d5631cfd 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -287,6 +287,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 	struct ndr_pull *ndr;
 	NTSTATUS status;
 	enum ndr_err_code ndr_err;
+	size_t hdr_size = DCERPC_REQUEST_LENGTH;
 
 	if (!dce_conn->auth_state.auth_info ||
 	    !dce_conn->auth_state.gensec_security) {
@@ -335,6 +336,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+		hdr_size += 16;
+	}
+
 	ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		talloc_free(ndr);
@@ -346,13 +352,13 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet)
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		status = gensec_unseal_packet(dce_conn->auth_state.gensec_security,
 					      call,
-					      full_packet->data + DCERPC_REQUEST_LENGTH,
+					      full_packet->data + hdr_size,
 					      pkt->u.request.stub_and_verifier.length, 
 					      full_packet->data,
 					      full_packet->length-auth.credentials.length,
 					      &auth.credentials);
 		memcpy(pkt->u.request.stub_and_verifier.data, 
-		       full_packet->data + DCERPC_REQUEST_LENGTH,
+		       full_packet->data + hdr_size,
 		       pkt->u.request.stub_and_verifier.length);
 		break;
 
-- 
cgit