s4:librpc/rpc: correctly sign or seal rpc request with an object guid
[kai/samba.git] / source4 / librpc / rpc / dcerpc.c
index 5bbcc5e91c81bb4c45acedc9f4a8fede62a489f8..c1e3e26ee988be9107fe0e4d1ccf7573ca76f8cd 100644 (file)
@@ -334,6 +334,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
        DATA_BLOB creds2;
        size_t payload_length;
        enum ndr_err_code ndr_err;
        DATA_BLOB creds2;
        size_t payload_length;
        enum ndr_err_code ndr_err;
+       size_t hdr_size = DCERPC_REQUEST_LENGTH;
 
        /* non-signed packets are simpler */
        if (sig_size == 0) {
 
        /* non-signed packets are simpler */
        if (sig_size == 0) {
@@ -367,6 +368,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 
        if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
                ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
 
        if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
                ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+               hdr_size += 16;
        }
 
        ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
        }
 
        ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
@@ -415,7 +417,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
        case DCERPC_AUTH_LEVEL_PRIVACY:
                status = gensec_seal_packet(c->security_state.generic_state, 
                                            mem_ctx, 
        case DCERPC_AUTH_LEVEL_PRIVACY:
                status = gensec_seal_packet(c->security_state.generic_state, 
                                            mem_ctx, 
-                                           blob->data + DCERPC_REQUEST_LENGTH, 
+                                           blob->data + hdr_size,
                                            payload_length,
                                            blob->data,
                                            blob->length,
                                            payload_length,
                                            blob->data,
                                            blob->length,
@@ -428,7 +430,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
        case DCERPC_AUTH_LEVEL_INTEGRITY:
                status = gensec_sign_packet(c->security_state.generic_state, 
                                            mem_ctx, 
        case DCERPC_AUTH_LEVEL_INTEGRITY:
                status = gensec_sign_packet(c->security_state.generic_state, 
                                            mem_ctx, 
-                                           blob->data + DCERPC_REQUEST_LENGTH, 
+                                           blob->data + hdr_size,
                                            payload_length, 
                                            blob->data,
                                            blob->length,
                                            payload_length, 
                                            blob->data,
                                            blob->length,