s4:rpc_server: fix padding caclucation in dcesrv_auth_response()

[samba.git] / source4 / rpc_server / dcesrv_auth.c
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c

index 0802cd4323de251408a387d778b9e785b35cd2e9..575ba7091c260ec5f69df8964b151760d0692d1d 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -113,12 +113,13 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
         }
  
         status = gensec_update(dce_conn->auth_state.gensec_security,
-                              call,
+                              call, call->event_ctx,
                                dce_conn->auth_state.auth_info->credentials, 
                                &dce_conn->auth_state.auth_info->credentials);
         
         if (NT_STATUS_IS_OK(status)) {
                 status = gensec_session_info(dce_conn->auth_state.gensec_security,
+                                            dce_conn,
                                              &dce_conn->auth_state.session_info);
                 if (!NT_STATUS_IS_OK(status)) {
                         DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
@@ -170,11 +171,12 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call)
  
         /* Pass the extra data we got from the client down to gensec for processing */
         status = gensec_update(dce_conn->auth_state.gensec_security,
-                              call,
+                              call, call->event_ctx,
                                dce_conn->auth_state.auth_info->credentials, 
                                &dce_conn->auth_state.auth_info->credentials);
         if (NT_STATUS_IS_OK(status)) {
                 status = gensec_session_info(dce_conn->auth_state.gensec_security,
+                                            dce_conn,
                                              &dce_conn->auth_state.session_info);
                 if (!NT_STATUS_IS_OK(status)) {
                         DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
@@ -248,12 +250,13 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack
         }
  
         status = gensec_update(dce_conn->auth_state.gensec_security,
-                              call,
+                              call, call->event_ctx,
                                dce_conn->auth_state.auth_info->credentials, 
                                &dce_conn->auth_state.auth_info->credentials);
  
         if (NT_STATUS_IS_OK(status)) {
                 status = gensec_session_info(dce_conn->auth_state.gensec_security,
+                                            dce_conn,
                                              &dce_conn->auth_state.session_info);
                 if (!NT_STATUS_IS_OK(status)) {
                         DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
@@ -382,7 +385,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
         DATA_BLOB creds2;
  
         /* non-signed packets are simple */
-       if (sig_size == 0) {
+       if (dce_conn->auth_state.auth_info == NULL) {
                 status = ncacn_push_auth(blob, call, pkt, NULL);
                 return NT_STATUS_IS_OK(status);
         }
@@ -390,6 +393,10 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
         switch (dce_conn->auth_state.auth_info->auth_level) {
         case DCERPC_AUTH_LEVEL_PRIVACY:
         case DCERPC_AUTH_LEVEL_INTEGRITY:
+               if (sig_size == 0) {
+                       return false;
+               }
+
                 break;
  
         case DCERPC_AUTH_LEVEL_CONNECT:
@@ -428,7 +435,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
            whole packet, whereas w2k8 wants it relative to the start
            of the stub */
         dce_conn->auth_state.auth_info->auth_pad_length =
-               (16 - (pkt->u.response.stub_and_verifier.length & 15)) & 15;
+               DCERPC_AUTH_PAD_LENGTH(pkt->u.response.stub_and_verifier.length);
         ndr_err = ndr_push_zero(ndr,
                                 dce_conn->auth_state.auth_info->auth_pad_length);
         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {