From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 16 Feb 2010 11:18:16 +0000 (+1100)
Subject: s4-rpc: don't use auth padding in rpc bind requests as it breaks s3
X-Git-Url: http://git.samba.org/?p=abartlet%2Fsamba.git%2F.git;a=commitdiff_plain;h=e3a272c3f23139e69c4e671e6b7b756d727c4e61

s4-rpc: don't use auth padding in rpc bind requests as it breaks s3

The s3 RPC server returns a bind_nak if it gets a rpc bind with auth
padding. This change forces a padding length of zero to maximimise
compatibility with s3 servers.

I've left the padding code in as a #if 0 to make it easier for us to
test/fix the s3 server code, which should be changed to correctly
handle arbitrary auth padding in all rpc requests with auth trailers.
---

diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index f41236148a2..aafa283fc61 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -83,12 +83,19 @@ NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
 	}
 
 	if (auth_info) {
+#if 0
+		/* the s3 rpc server doesn't handle auth padding in
+		   bind requests. Use zero auth padding to keep us
+		   working with old servers */
 		uint32_t offset = ndr->offset;
 		ndr_err = ndr_push_align(ndr, 16);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return ndr_map_error2ntstatus(ndr_err);
 		}
 		auth_info->auth_pad_length = ndr->offset - offset;
+#else
+		auth_info->auth_pad_length = 0;
+#endif
 		ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			return ndr_map_error2ntstatus(ndr_err);