diff options
Diffstat (limited to 'source4/rpc_server/handles.c')
-rw-r--r-- | source4/rpc_server/handles.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c index 74b0ddc82e..085703b3d4 100644 --- a/source4/rpc_server/handles.c +++ b/source4/rpc_server/handles.c @@ -22,13 +22,15 @@ #include "includes.h" #include "../lib/util/dlinklist.h" #include "rpc_server/dcerpc_server.h" +#include "libcli/security/dom_sid.h" +#include "auth/session.h" /* destroy a rpc handle */ static int dcesrv_handle_destructor(struct dcesrv_handle *h) { - DLIST_REMOVE(h->context->assoc_group->handles, h); + DLIST_REMOVE(h->assoc_group->handles, h); return 0; } @@ -37,17 +39,25 @@ static int dcesrv_handle_destructor(struct dcesrv_handle *h) allocate a new rpc handle */ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_new(struct dcesrv_connection_context *context, - uint8_t handle_type) + uint8_t handle_type) { struct dcesrv_handle *h; + struct dom_sid *sid; - h = talloc(context, struct dcesrv_handle); + sid = context->conn->auth_state.session_info->security_token->user_sid; + + h = talloc(context->assoc_group, struct dcesrv_handle); if (!h) { return NULL; } h->data = NULL; - h->context = context; - + h->sid = dom_sid_dup(h, sid); + if (h->sid == NULL) { + talloc_free(h); + return NULL; + } + h->assoc_group = context->assoc_group; + h->iface = context->iface; h->wire_handle.handle_type = handle_type; h->wire_handle.uuid = GUID_random(); @@ -68,6 +78,9 @@ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch( uint8_t handle_type) { struct dcesrv_handle *h; + struct dom_sid *sid; + + sid = context->conn->auth_state.session_info->security_token->user_sid; if (policy_handle_empty(p)) { /* TODO: we should probably return a NULL handle here */ @@ -83,6 +96,16 @@ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch( p->handle_type, handle_type)); return NULL; } + if (!dom_sid_equal(h->sid, sid)) { + DEBUG(0,(__location__ ": Attempt to use invalid sid %s - %s\n", + dom_sid_string(context, h->sid), + dom_sid_string(context, sid))); + return NULL; + } + if (h->iface != context->iface) { + DEBUG(0,(__location__ ": Attempt to use invalid iface\n")); + return NULL; + } return h; } } |