s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info...

Don't send plaintext on the wire because of an internal error...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 48f2c383e1d7f52114223cd2a54857426bf64025)

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 9600822791f0700acbfa6bf9795e075c1971653d..9984ea2ca49ab9ea66347971d08afc60f428d10a 100644 (file)
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -802,13 +802,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcecli_connection *c,
        size_t hdr_size = DCERPC_REQUEST_LENGTH;
 
        /* non-signed packets are simpler */
-       if (sig_size == 0) {
+       if (c->security_state.auth_info == NULL) {
                return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
        }
 
        switch (c->security_state.auth_info->auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
        case DCERPC_AUTH_LEVEL_INTEGRITY:
+               if (sig_size == 0) {
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
                break;
 
        case DCERPC_AUTH_LEVEL_CONNECT: