diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-11-08 13:28:07 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2019-01-12 03:13:37 +0100 |
commit | e2a05c3ad8668ee723c71378ccf83a612f9cb255 (patch) | |
tree | 60c02d739e3f617a7b85446c8f8a1cdcaca0f6b3 /source4 | |
parent | 58021612583e087ecbc2885bc1b258bced6009b5 (diff) | |
download | samba-e2a05c3ad8668ee723c71378ccf83a612f9cb255.tar.gz |
s4:rpc_server: allocate struct dcesrv_auth with talloc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 68 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.h | 2 | ||||
-rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 7 |
3 files changed, 50 insertions, 27 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 5211619c09f..ee53a7fbacc 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -531,6 +531,37 @@ _PUBLIC_ NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call, return NT_STATUS_OK; } +static struct dcesrv_auth *dcesrv_auth_create(struct dcesrv_connection *conn) +{ + const struct dcesrv_endpoint *ep = conn->endpoint; + enum dcerpc_transport_t transport = + dcerpc_binding_get_transport(ep->ep_description); + struct dcesrv_auth *auth = NULL; + + auth = talloc_zero(conn, struct dcesrv_auth); + if (auth == NULL) { + return NULL; + } + + switch (transport) { + case NCACN_NP: + auth->session_key_fn = dcesrv_remote_session_key; + break; + case NCALRPC: + case NCACN_UNIX_STREAM: + auth->session_key_fn = dcesrv_local_fixed_session_key; + break; + default: + /* + * All other's get a NULL pointer, which + * results in NT_STATUS_NO_USER_SESSION_KEY + */ + break; + } + + return auth; +} + /* connect to a dcerpc endpoint */ @@ -544,8 +575,7 @@ static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, uint32_t state_flags, struct dcesrv_connection **_p) { - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(ep->ep_description); + struct dcesrv_auth *auth = NULL; struct dcesrv_connection *p; if (!session_info) { @@ -555,11 +585,6 @@ static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, p = talloc_zero(mem_ctx, struct dcesrv_connection); NT_STATUS_HAVE_NO_MEMORY(p); - if (!talloc_reference(p, session_info)) { - talloc_free(p); - return NT_STATUS_NO_MEMORY; - } - p->dce_ctx = dce_ctx; p->endpoint = ep; p->packet_log_dir = lpcfg_lock_directory(dce_ctx->lp_ctx); @@ -572,23 +597,20 @@ static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, p->max_xmit_frag = 5840; p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE; - p->auth_state.session_info = session_info; - switch (transport) { - case NCACN_NP: - p->auth_state.session_key_fn = dcesrv_remote_session_key; - break; - case NCALRPC: - case NCACN_UNIX_STREAM: - p->auth_state.session_key_fn = dcesrv_local_fixed_session_key; - break; - default: - /* - * All other's get a NULL pointer, which - * results in NT_STATUS_NO_USER_SESSION_KEY - */ - break; + auth = dcesrv_auth_create(p); + if (auth == NULL) { + talloc_free(p); + return NT_STATUS_NO_MEMORY; } + auth->session_info = talloc_reference(auth, session_info); + if (auth->session_info == NULL) { + talloc_free(p); + return NT_STATUS_NO_MEMORY; + } + + p->default_auth_state = auth; + /* * For now we only support NDR32. */ @@ -2000,7 +2022,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, talloc_steal(call, blob.data); call->pkt = *pkt; - call->auth_state = &dce_conn->auth_state; + call->auth_state = dce_conn->default_auth_state; talloc_set_destructor(call, dcesrv_call_dequeue); diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 41613cb0899..d3c0a080b27 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -289,7 +289,7 @@ struct dcesrv_connection { const struct tsocket_address *remote_address; /* the current authentication state */ - struct dcesrv_auth auth_state; + struct dcesrv_auth *default_auth_state; /* * remember which pdu types are allowed diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index a32bbea9a03..23f3332ae4c 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -122,7 +122,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) auth->auth_context_id = call->in_auth_info.auth_context_id; server_credentials - = cli_credentials_init(call); + = cli_credentials_init(auth); if (!server_credentials) { DEBUG(1, ("Failed to init server credentials\n")); return false; @@ -136,7 +136,8 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) return false; } - status = samba_server_gensec_start(dce_conn, call->event_ctx, + status = samba_server_gensec_start(auth, + call->event_ctx, call->msg_ctx, call->conn->dce_ctx->lp_ctx, server_credentials, @@ -276,7 +277,7 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status) } status = gensec_session_info(auth->gensec_security, - dce_conn, + auth, &auth->session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to establish session_info: %s\n", |