From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 20 Jun 2015 15:47:14 +0000 (+0200)
Subject: s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as... 
X-Git-Tag: samba-4.1.20~23
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=62966ebc287803bbe7482b41fa529e2bddc8b4dc

s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error

Don't send plaintext on the wire because of an internal error...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1bf7ab49b4459e81ab2b82d9668b3d7cb76372f4)
---

diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index c891cc62b7a..38189cde69c 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -385,7 +385,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
 	DATA_BLOB creds2;
 
 	/* non-signed packets are simple */
-	if (sig_size == 0) {
+	if (dce_conn->auth_state.auth_info == NULL) {
 		status = ncacn_push_auth(blob, call, pkt, NULL);
 		return NT_STATUS_IS_OK(status);
 	}
@@ -393,6 +393,10 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call,
 	switch (dce_conn->auth_state.auth_info->auth_level) {
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
+		if (sig_size == 0) {
+			return false;
+		}
+
 		break;
 
 	case DCERPC_AUTH_LEVEL_CONNECT: