s4:rpc_server: allocate struct dcesrv_auth with talloc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2018-11-08 13:28:07 +0100
committer: Jeremy Allison <jra@samba.org> 2019-01-12 03:13:37 +0100
commit: e2a05c3ad8668ee723c71378ccf83a612f9cb255 (patch)
tree: 60c02d739e3f617a7b85446c8f8a1cdcaca0f6b3 /source4
parent: 58021612583e087ecbc2885bc1b258bced6009b5 (diff)
download: samba-e2a05c3ad8668ee723c71378ccf83a612f9cb255.tar.gz
3 files changed, 50 insertions, 27 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 5211619c09f..ee53a7fbacc 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -531,6 +531,37 @@ _PUBLIC_ NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
 	return NT_STATUS_OK;
 }
 
+static struct dcesrv_auth *dcesrv_auth_create(struct dcesrv_connection *conn)
+{
+	const struct dcesrv_endpoint *ep = conn->endpoint;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(ep->ep_description);
+	struct dcesrv_auth *auth = NULL;
+
+	auth = talloc_zero(conn, struct dcesrv_auth);
+	if (auth == NULL) {
+		return NULL;
+	}
+
+	switch (transport) {
+	case NCACN_NP:
+		auth->session_key_fn = dcesrv_remote_session_key;
+		break;
+	case NCALRPC:
+	case NCACN_UNIX_STREAM:
+		auth->session_key_fn = dcesrv_local_fixed_session_key;
+		break;
+	default:
+		/*
+		 * All other's get a NULL pointer, which
+		 * results in NT_STATUS_NO_USER_SESSION_KEY
+		 */
+		break;
+	}
+
+	return auth;
+}
+
 /*
   connect to a dcerpc endpoint
 */
@@ -544,8 +575,7 @@ static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
 				 uint32_t state_flags,
 				 struct dcesrv_connection **_p)
 {
-	enum dcerpc_transport_t transport =
-		dcerpc_binding_get_transport(ep->ep_description);
+	struct dcesrv_auth *auth = NULL;
 	struct dcesrv_connection *p;
 
 	if (!session_info) {
@@ -555,11 +585,6 @@ static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
 	p = talloc_zero(mem_ctx, struct dcesrv_connection);
 	NT_STATUS_HAVE_NO_MEMORY(p);
 
-	if (!talloc_reference(p, session_info)) {
-		talloc_free(p);
-		return NT_STATUS_NO_MEMORY;
-	}
-
 	p->dce_ctx = dce_ctx;
 	p->endpoint = ep;
 	p->packet_log_dir = lpcfg_lock_directory(dce_ctx->lp_ctx);
@@ -572,23 +597,20 @@ static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
 	p->max_xmit_frag = 5840;
 	p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
 
-	p->auth_state.session_info = session_info;
-	switch (transport) {
-	case NCACN_NP:
-		p->auth_state.session_key_fn = dcesrv_remote_session_key;
-		break;
-	case NCALRPC:
-	case NCACN_UNIX_STREAM:
-		p->auth_state.session_key_fn = dcesrv_local_fixed_session_key;
-		break;
-	default:
-		/*
-		 * All other's get a NULL pointer, which
-		 * results in NT_STATUS_NO_USER_SESSION_KEY
-		 */
-		break;
+	auth = dcesrv_auth_create(p);
+	if (auth == NULL) {
+		talloc_free(p);
+		return NT_STATUS_NO_MEMORY;
 	}
 
+	auth->session_info = talloc_reference(auth, session_info);
+	if (auth->session_info == NULL) {
+		talloc_free(p);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	p->default_auth_state = auth;
+
 	/*
 	 * For now we only support NDR32.
 	 */
@@ -2000,7 +2022,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 	talloc_steal(call, blob.data);
 	call->pkt = *pkt;
 
-	call->auth_state = &dce_conn->auth_state;
+	call->auth_state = dce_conn->default_auth_state;
 
 	talloc_set_destructor(call, dcesrv_call_dequeue);
 
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 41613cb0899..d3c0a080b27 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -289,7 +289,7 @@ struct dcesrv_connection {
 	const struct tsocket_address *remote_address;
 
 	/* the current authentication state */
-	struct dcesrv_auth auth_state;
+	struct dcesrv_auth *default_auth_state;
 
 	/*
 	 * remember which pdu types are allowed
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index a32bbea9a03..23f3332ae4c 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -122,7 +122,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 	auth->auth_context_id = call->in_auth_info.auth_context_id;
 
 	server_credentials 
-		= cli_credentials_init(call);
+		= cli_credentials_init(auth);
 	if (!server_credentials) {
 		DEBUG(1, ("Failed to init server credentials\n"));
 		return false;
@@ -136,7 +136,8 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 		return false;
 	}
 
-	status = samba_server_gensec_start(dce_conn, call->event_ctx, 
+	status = samba_server_gensec_start(auth,
+					   call->event_ctx,
 					   call->msg_ctx,
 					   call->conn->dce_ctx->lp_ctx,
 					   server_credentials,
@@ -276,7 +277,7 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
 	}
 
 	status = gensec_session_info(auth->gensec_security,
-				     dce_conn,
+				     auth,
 				     &auth->session_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to establish session_info: %s\n",
author	Stefan Metzmacher <metze@samba.org>	2018-11-08 13:28:07 +0100
committer	Jeremy Allison <jra@samba.org>	2019-01-12 03:13:37 +0100
commit	e2a05c3ad8668ee723c71378ccf83a612f9cb255 (patch)
tree	60c02d739e3f617a7b85446c8f8a1cdcaca0f6b3 /source4
parent	58021612583e087ecbc2885bc1b258bced6009b5 (diff)
download	samba-e2a05c3ad8668ee723c71378ccf83a612f9cb255.tar.gz