Fix two bugs that were stopping net rpc vampire from working over secure

channel:

  - If the domain name passed to create_rpc_bind_req() is empty, use
    lp_workgroup()

  - Correctly set the auth_padding field when the send_size is a multiple
    of 8 bytes

I've tested with nt4sp6 and win2ksp0 and it seems to work, although
there are no password hashes transferred from win2k.  The empty
passwords are being protected by the secure channel encryption though.
(This used to be commit a8c11e855611c91e94787387c62ac629232cacfa)

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 4f465d745358a2374594d45c3452b14e9a00286e..08cf8b1ef3ea9cd3a5da44b06dec50e33db0233f 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -697,6 +697,12 @@ static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, BOOL do_netse
 
                init_rpc_hdr_auth(&hdr_auth, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL,
                                  0x00, 1);
+
+               /* Use lp_workgroup() if domain not specified */
+
+               if (!domain || !domain[0])
+                       domain = lp_workgroup();
+
                init_rpc_auth_netsec_neg(&netsec_neg, domain, my_name);
 
                /*
@@ -1014,8 +1020,10 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
                 * be stored in the auth header.
                 */
 
-               if (auth_schannel)
-                       auth_padding = 8 - (send_size & 7);
+               if (auth_schannel) {
+                       if (send_size % 8)
+                               auth_padding = 8 - (send_size % 8);
+               }
 
                data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + send_size +
                        ((auth_verify|auth_schannel) ? RPC_HDR_AUTH_LEN : 0) +