s4-rpc: don't use auth padding in rpc bind requests as it breaks s3

The s3 RPC server returns a bind_nak if it gets a rpc bind with auth
padding. This change forces a padding length of zero to maximimise
compatibility with s3 servers.

I've left the padding code in as a #if 0 to make it easier for us to
test/fix the s3 server code, which should be changed to correctly
handle arbitrary auth padding in all rpc requests with auth trailers.

diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index f41236148a255da48cfa08ed3183db6be59b449c..aafa283fc61736aff4e4f078562ef26d636c8dce 100644 (file)
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -83,12 +83,19 @@ NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
        }
 
        if (auth_info) {
+#if 0
+               /* the s3 rpc server doesn't handle auth padding in
+                  bind requests. Use zero auth padding to keep us
+                  working with old servers */
                uint32_t offset = ndr->offset;
                ndr_err = ndr_push_align(ndr, 16);
                if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                        return ndr_map_error2ntstatus(ndr_err);
                }
                auth_info->auth_pad_length = ndr->offset - offset;
+#else
+               auth_info->auth_pad_length = 0;
+#endif
                ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
                if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                        return ndr_map_error2ntstatus(ndr_err);