rpc_server: be more strict with the incoming assoc_group_id

Allow 0 and 0x12345678 only.
This fixes the RPC-HANDLES test.

metze
(This used to be commit c123e597cc84685abf2b0d3564e1a26d80bbef2f)

1 files changed, 12 insertions, 12 deletions

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index a2ca897981..ac36825acd 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -543,20 +543,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
 	uint32_t context_id;
 	const struct dcesrv_interface *iface;
 
-#if 0
-	/* It is not safe to enable this check - windows clients
-	 * (WinXP in particular) will use it for NETLOGON calls, for
-	 * the subsequent SCHANNEL bind.  It turns out that NETLOGON
-	 * calls include no policy handles, so it is safe there.  Let
-	 * the failure occour on the attempt to reuse a poilcy handle,
-	 * rather than here */
-
-	/* Association groups allow policy handles to be shared across
-	 * multiple client connections.  We don't implement this yet. */
-	if (call->pkt.u.bind.assoc_group_id != 0) {
+	/*
+	 * Association groups allow policy handles to be shared across
+	 * multiple client connections.  We don't implement this yet.
+	 *
+	 * So we just allow 0 if the client wants to create a new
+	 * association group.
+	 *
+	 * And we allow the 0x12345678 value, we give away as
+	 * assoc_group_id back to the clients
+	 */
+	if (call->pkt.u.bind.assoc_group_id != 0 &&
+	    call->pkt.u.bind.assoc_group_id != 0x12345678) {
 		return dcesrv_bind_nak(call, 0);	
 	}
-#endif
 
 	if (call->pkt.u.bind.num_contexts < 1 ||
 	    call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) {