Ok, this is a hack. On a netsec bind reply I did not see anything

useful in the auth verifier yet. So this patch ignores it.

Really checking this would be a lot more intrusive: in rpc_api_pipe we
would have to distinguish between binds and normal requests, or have
more state in the netsec info of cli_state, which is also somewhat
hackish.

Volker
(This used to be commit 8de04fcf680a9bc5054965577eb500e0541ffe66)

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 223d6a707e9c5b941c40136572f836c5ad4cf300..4f465d745358a2374594d45c3452b14e9a00286e 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -307,6 +307,26 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
                prs_struct auth_verf;
 
                if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
+
+                       if ( (auth_len == 12) &&
+                            (cli->auth_info.seq_num == 0) ) {
+
+                               /* This is the reply to our bind. Ok,
+                                   the sequence number can wrap
+                                   around. But this only means that
+                                   every 4 billion request we
+                                   misdetect a wrong length in a
+                                   reply. This is an error condition
+                                   which will lead to failure anyway
+                                   later.
+
+                                  The reply contains a
+                                  RPC_AUTH_VERIFIER with no content
+                                  (12 bytes), so ignore it.
+                               */
+                               return True;
+                       }
+
                        DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
                        return False;
                }