sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-24 13:57:43 +03:00
Code

s4:rpc_server: only share assoc group ids on the same transport

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2018-12-12 13:49:35 +01:00 committed by Jeremy Allison
parent a8feb55631
commit b3659fb52d
3 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selftest/knownfail.d/test_assoc_group_fail3
View File

@ -1 +0,0 @@
^samba.tests.dcerpc.raw_protocol.*.TestDCERPC_BIND.test_assoc_group_fail3

43
source4/rpc_server/dcerpc_server.c
View File

@ -65,18 +65,34 @@ static struct dcesrv_assoc_group *dcesrv_assoc_group_find(struct dcesrv_context
/* /*
take a reference to an existing association group take a reference to an existing association group
*/ */
static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(TALLOC_CTX *mem_ctx, static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(struct dcesrv_connection *conn,
struct dcesrv_context *dce_ctx,
uint32_t id) uint32_t id)
{ {
const struct dcesrv_endpoint *endpoint = conn->endpoint;
enum dcerpc_transport_t transport =
dcerpc_binding_get_transport(endpoint->ep_description);
struct dcesrv_assoc_group *assoc_group; struct dcesrv_assoc_group *assoc_group;
assoc_group = dcesrv_assoc_group_find(dce_ctx, id); assoc_group = dcesrv_assoc_group_find(conn->dce_ctx, id);
if (assoc_group == NULL) { if (assoc_group == NULL) {
DEBUG(2,(__location__ ": Failed to find assoc_group 0x%08x\n", id)); DBG_NOTICE("Failed to find assoc_group 0x%08x\n", id);
return NULL; return NULL;
} }
return talloc_reference(mem_ctx, assoc_group); if (assoc_group->transport != transport) {
const char *at =
derpc_transport_string_by_transport(
assoc_group->transport);
const char *ct =
derpc_transport_string_by_transport(
transport);
DBG_NOTICE("assoc_group 0x%08x (transport %s) "
"is not available on transport %s",
id, at, ct);
return NULL;
}
return talloc_reference(conn, assoc_group);
} }
static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group) static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group)
@ -93,13 +109,16 @@ static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group)
/* /*
allocate a new association group allocate a new association group
*/ */
static struct dcesrv_assoc_group *dcesrv_assoc_group_new(TALLOC_CTX *mem_ctx, static struct dcesrv_assoc_group *dcesrv_assoc_group_new(struct dcesrv_connection *conn)
struct dcesrv_context *dce_ctx)
{ {
struct dcesrv_context *dce_ctx = conn->dce_ctx;
const struct dcesrv_endpoint *endpoint = conn->endpoint;
enum dcerpc_transport_t transport =
dcerpc_binding_get_transport(endpoint->ep_description);
struct dcesrv_assoc_group *assoc_group; struct dcesrv_assoc_group *assoc_group;
int id; int id;
assoc_group = talloc_zero(mem_ctx, struct dcesrv_assoc_group); assoc_group = talloc_zero(conn, struct dcesrv_assoc_group);
if (assoc_group == NULL) { if (assoc_group == NULL) {
return NULL; return NULL;
} }
@ -111,6 +130,7 @@ static struct dcesrv_assoc_group *dcesrv_assoc_group_new(TALLOC_CTX *mem_ctx,
return NULL; return NULL;
} }
assoc_group->transport = transport;
assoc_group->id = id; assoc_group->id = id;
assoc_group->dce_ctx = dce_ctx; assoc_group->dce_ctx = dce_ctx;
@ -1003,11 +1023,9 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
*/ */
if (call->pkt.u.bind.assoc_group_id != 0) { if (call->pkt.u.bind.assoc_group_id != 0) {
call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn, call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn,
call->conn->dce_ctx,
call->pkt.u.bind.assoc_group_id); call->pkt.u.bind.assoc_group_id);
} else { } else {
call->conn->assoc_group = dcesrv_assoc_group_new(call->conn, call->conn->assoc_group = dcesrv_assoc_group_new(call->conn);
call->conn->dce_ctx);
} }
/* /*
@ -1033,8 +1051,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
if (call->conn->assoc_group == NULL && if (call->conn->assoc_group == NULL &&
!call->conn->endpoint->use_single_process) { !call->conn->endpoint->use_single_process) {
call->conn->assoc_group call->conn->assoc_group
= dcesrv_assoc_group_new(call->conn, = dcesrv_assoc_group_new(call->conn);
call->conn->dce_ctx);
} }
if (call->conn->assoc_group == NULL) { if (call->conn->assoc_group == NULL) {
return dcesrv_bind_nak(call, 0); return dcesrv_bind_nak(call, 0);

5
source4/rpc_server/dcerpc_server.h
View File

@ -348,7 +348,10 @@ struct dcesrv_endpoint_server {
struct dcesrv_assoc_group { struct dcesrv_assoc_group {
/* the wire id */ /* the wire id */
uint32_t id; uint32_t id;
/* The transport this is valid on */
enum dcerpc_transport_t transport;
/* list of handles in this association group */ /* list of handles in this association group */
struct dcesrv_handle *handles; struct dcesrv_handle *handles;