diff options
| author | Samuel Cabrero <scabrero@samba.org> | 2019-10-03 17:35:03 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-18 16:07:37 +0000 |
| commit | 55ad4ae7ffcb3221675070b9cb939c29e00f25f4 (patch) | |
| tree | 5186c9442a494090c59a058077ea7b5ce7ee151b /source4 | |
| parent | b0ecc8ef55dc7e8c7ce9f7f3ca325358f62debfb (diff) | |
| download | samba-55ad4ae7ffcb3221675070b9cb939c29e00f25f4.tar.gz | |
s4:rpc_server: Find association groups through context callbacks
Split the association group management from the server code, the s3 and
s4 implementation will handle differently.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/rpc_server/dcerpc_server.c | 86 | ||||
| -rw-r--r-- | source4/rpc_server/dcerpc_server.h | 3 | ||||
| -rw-r--r-- | source4/rpc_server/service_rpc.c | 1 | ||||
| -rw-r--r-- | source4/torture/rpc/spoolss_notify.c | 1 |
4 files changed, 55 insertions, 36 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 39a25241316..e125f61cdee 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -127,6 +127,52 @@ static struct dcesrv_assoc_group *dcesrv_assoc_group_new(struct dcesrv_connectio return assoc_group; } +NTSTATUS dcesrv_assoc_group_find(struct dcesrv_call_state *call) +{ + /* + if provided, check the assoc_group is valid + */ + if (call->pkt.u.bind.assoc_group_id != 0) { + call->conn->assoc_group = + dcesrv_assoc_group_reference(call->conn, + call->pkt.u.bind.assoc_group_id); + } else { + call->conn->assoc_group = dcesrv_assoc_group_new(call->conn); + } + + /* + * The NETLOGON server does not use handles and so + * there is no need to support association groups, but + * we need to give back a number regardless. + * + * We have to do this when it is not run as a single process, + * because then it can't see the other valid association + * groups. We handle this genericly for all endpoints not + * running in single process mode. + * + * We know which endpoint we are on even before checking the + * iface UUID, so for simplicity we enforce the same policy + * for all interfaces on the endpoint. + * + * This means that where NETLOGON + * shares an endpoint (such as ncalrpc or of 'lsa over + * netlogon' is set) we will still check association groups. + * + */ + + if (call->conn->assoc_group == NULL && + !call->conn->endpoint->use_single_process) { + call->conn->assoc_group + = dcesrv_assoc_group_new(call->conn); + } + + if (call->conn->assoc_group == NULL) { + /* TODO Return correct status */ + return NT_STATUS_UNSUCCESSFUL; + } + + return NT_STATUS_OK; +} /* see if two endpoints match @@ -1032,42 +1078,10 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) call->conn->max_recv_frag = max_rep; call->conn->max_xmit_frag = max_rep; - /* - if provided, check the assoc_group is valid - */ - if (call->pkt.u.bind.assoc_group_id != 0) { - call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn, - call->pkt.u.bind.assoc_group_id); - } else { - call->conn->assoc_group = dcesrv_assoc_group_new(call->conn); - } - - /* - * The NETLOGON server does not use handles and so - * there is no need to support association groups, but - * we need to give back a number regardless. - * - * We have to do this when it is not run as a single process, - * because then it can't see the other valid association - * groups. We handle this genericly for all endpoints not - * running in single process mode. - * - * We know which endpoint we are on even before checking the - * iface UUID, so for simplicity we enforce the same policy - * for all interfaces on the endpoint. - * - * This means that where NETLOGON - * shares an endpoint (such as ncalrpc or of 'lsa over - * netlogon' is set) we will still check association groups. - * - */ - - if (call->conn->assoc_group == NULL && - !call->conn->endpoint->use_single_process) { - call->conn->assoc_group - = dcesrv_assoc_group_new(call->conn); - } - if (call->conn->assoc_group == NULL) { + status = call->conn->dce_ctx->callbacks.assoc_group.find(call); + if (!NT_STATUS_IS_OK(status)) { + DBG_NOTICE("Failed to find assoc_group 0x%08x: %s\n", + call->pkt.u.bind.assoc_group_id, nt_errstr(status)); return dcesrv_bind_nak(call, 0); } diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 18956524f6f..3fc32750b44 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -373,6 +373,9 @@ struct dcesrv_context_callbacks { struct dcesrv_call_state *call, struct gensec_security **out); } auth; + struct { + NTSTATUS (*find)(struct dcesrv_call_state *); + } assoc_group; }; /* server-wide context information for the dcerpc server */ diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index 778d7b964a9..ef4bfab237a 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -43,6 +43,7 @@ struct dcesrv_context_callbacks srv_callbacks = { .log.successful_authz = log_successful_dcesrv_authz_event, .auth.gensec_prepare = dcesrv_gensec_prepare, + .assoc_group.find = dcesrv_assoc_group_find, }; /* diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c index 91f9f92b7d8..33d49c9092a 100644 --- a/source4/torture/rpc/spoolss_notify.c +++ b/source4/torture/rpc/spoolss_notify.c @@ -37,6 +37,7 @@ struct dcesrv_context_callbacks srv_cb = { .log.successful_authz = log_successful_dcesrv_authz_event, .auth.gensec_prepare = dcesrv_gensec_prepare, + .assoc_group.find = dcesrv_assoc_group_find, }; static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context, |