diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-12-12 13:49:35 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-01-12 03:13:41 +0100 |
commit | b3659fb52d8da81cf68f45c163d9d232b1d48425 (patch) | |
tree | 3a79d11ca3b0e43b6d33210c991914f982f09d4a | |
parent | a8feb556318049ee0da2db372bbc58cb5bdc63e4 (diff) | |
download | samba-b3659fb52d8da81cf68f45c163d9d232b1d48425.tar.gz |
s4:rpc_server: only share assoc group ids on the same transport
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | selftest/knownfail.d/test_assoc_group_fail3 | 1 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 43 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.h | 5 |
3 files changed, 34 insertions, 15 deletions
diff --git a/selftest/knownfail.d/test_assoc_group_fail3 b/selftest/knownfail.d/test_assoc_group_fail3 deleted file mode 100644 index 037f2b7c7a5..00000000000 --- a/selftest/knownfail.d/test_assoc_group_fail3 +++ /dev/null @@ -1 +0,0 @@ -^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_assoc_group_fail3 diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index a36d91d9341..96886eaa76e 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -65,18 +65,34 @@ static struct dcesrv_assoc_group *dcesrv_assoc_group_find(struct dcesrv_context /* take a reference to an existing association group */ -static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(TALLOC_CTX *mem_ctx, - struct dcesrv_context *dce_ctx, +static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(struct dcesrv_connection *conn, uint32_t id) { + const struct dcesrv_endpoint *endpoint = conn->endpoint; + enum dcerpc_transport_t transport = + dcerpc_binding_get_transport(endpoint->ep_description); struct dcesrv_assoc_group *assoc_group; - assoc_group = dcesrv_assoc_group_find(dce_ctx, id); + assoc_group = dcesrv_assoc_group_find(conn->dce_ctx, id); if (assoc_group == NULL) { - DEBUG(2,(__location__ ": Failed to find assoc_group 0x%08x\n", id)); + DBG_NOTICE("Failed to find assoc_group 0x%08x\n", id); + return NULL; + } + if (assoc_group->transport != transport) { + const char *at = + derpc_transport_string_by_transport( + assoc_group->transport); + const char *ct = + derpc_transport_string_by_transport( + transport); + + DBG_NOTICE("assoc_group 0x%08x (transport %s) " + "is not available on transport %s", + id, at, ct); return NULL; } - return talloc_reference(mem_ctx, assoc_group); + + return talloc_reference(conn, assoc_group); } static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group) @@ -93,13 +109,16 @@ static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group) /* allocate a new association group */ -static struct dcesrv_assoc_group *dcesrv_assoc_group_new(TALLOC_CTX *mem_ctx, - struct dcesrv_context *dce_ctx) +static struct dcesrv_assoc_group *dcesrv_assoc_group_new(struct dcesrv_connection *conn) { + struct dcesrv_context *dce_ctx = conn->dce_ctx; + const struct dcesrv_endpoint *endpoint = conn->endpoint; + enum dcerpc_transport_t transport = + dcerpc_binding_get_transport(endpoint->ep_description); struct dcesrv_assoc_group *assoc_group; int id; - assoc_group = talloc_zero(mem_ctx, struct dcesrv_assoc_group); + assoc_group = talloc_zero(conn, struct dcesrv_assoc_group); if (assoc_group == NULL) { return NULL; } @@ -111,6 +130,7 @@ static struct dcesrv_assoc_group *dcesrv_assoc_group_new(TALLOC_CTX *mem_ctx, return NULL; } + assoc_group->transport = transport; assoc_group->id = id; assoc_group->dce_ctx = dce_ctx; @@ -1003,11 +1023,9 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) */ if (call->pkt.u.bind.assoc_group_id != 0) { call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn, - call->conn->dce_ctx, call->pkt.u.bind.assoc_group_id); } else { - call->conn->assoc_group = dcesrv_assoc_group_new(call->conn, - call->conn->dce_ctx); + call->conn->assoc_group = dcesrv_assoc_group_new(call->conn); } /* @@ -1033,8 +1051,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) if (call->conn->assoc_group == NULL && !call->conn->endpoint->use_single_process) { call->conn->assoc_group - = dcesrv_assoc_group_new(call->conn, - call->conn->dce_ctx); + = dcesrv_assoc_group_new(call->conn); } if (call->conn->assoc_group == NULL) { return dcesrv_bind_nak(call, 0); diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 44bf6e6989c..312721824ae 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -348,7 +348,10 @@ struct dcesrv_endpoint_server { struct dcesrv_assoc_group { /* the wire id */ uint32_t id; - + + /* The transport this is valid on */ + enum dcerpc_transport_t transport; + /* list of handles in this association group */ struct dcesrv_handle *handles; |