CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id

This is better than using hardcoded values.
We need to use auth_context_id = 1 for authenticated
connections, as old Samba server (before this patchset)
will use a hardcoded value of 1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 5053de8dd7fd02a44297cacb0d0760048d195459..835aec5faecf587d81d5483e1347f18b0a1891ce 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1190,7 +1190,7 @@ static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
                                                auth->auth_type,
                                                auth->auth_level,
                                                0, /* auth_pad_length */
-                                               1, /* auth_context_id */
+                                               auth->auth_context_id,
                                                &auth_token,
                                                &auth_info);
                if (!NT_STATUS_IS_OK(ret)) {
@@ -1709,7 +1709,7 @@ static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx,
                                         auth->auth_type,
                                         auth->auth_level,
                                         0, /* auth_pad_length */
-                                        1, /* auth_context_id */
+                                        auth->auth_context_id,
                                         pauth_blob,
                                         &u.auth3.auth_info);
        if (!NT_STATUS_IS_OK(status)) {
@@ -1753,7 +1753,7 @@ static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx,
                                         auth->auth_type,
                                         auth->auth_level,
                                         0, /* auth_pad_length */
-                                        1, /* auth_context_id */
+                                        auth->auth_context_id,
                                         pauth_blob,
                                         &auth_info);
        if (!NT_STATUS_IS_OK(status)) {
@@ -2370,6 +2370,7 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
 
        result->auth_type = DCERPC_AUTH_TYPE_NONE;
        result->auth_level = DCERPC_AUTH_LEVEL_NONE;
+       result->auth_context_id = 0;
 
        status = auth_generic_client_prepare(result,
                                             &auth_generic_ctx);
@@ -2430,6 +2431,7 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
 
        result->auth_type = auth_type;
        result->auth_level = auth_level;
+       result->auth_context_id = 1;
 
        status = auth_generic_client_prepare(result,
                                             &auth_generic_ctx);