s3/rpc_server: Fix DCERPC request unmarshalling

DCERPC requests may carry an Object GUID, who's presence is signaled by
the PFC_OBJECT_UUID flag in the PfcFlags field. Current unmarshalling
code requires that the PFC_OBJECT_UUID flag is carried in the ndr flags
as LIBNDR_FLAG_OBJECT_PRESENT.

diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index 86f22a4b8c8a2c8361f78059b07220e80d1cd9b8..8fadf1c73c334ea0d4f699f8d26169e86d2f30ce 100644 (file)
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -34,8 +34,8 @@ interface dcerpc
        } dcerpc_empty;
 
        typedef [nodiscriminant] union {
-               [default] dcerpc_empty empty;
                [case(LIBNDR_FLAG_OBJECT_PRESENT)] GUID object;
+               [default] dcerpc_empty empty;
        } dcerpc_object;
 
        typedef struct {

diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 5f8c793191d1d5b0b069ef622cae386eaaadf4b9..c1e8e9b4c6ab989aa93ba1a6267dcc3f4b38fec4 100644 (file)
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
                ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
        }
 
+       if (CVAL(ndr->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+               ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+       }
+
        ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {