From 8a090265b700669ac9e1296bc3d808e8851945e6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 22 Sep 2009 00:18:03 -0700 Subject: s4-rpcserver: added support for shared handles This supports shared RPC handles across connections on all RPC interfaces. It turns out that w2k3 and w2k8 don't actually support this on all pipes. We need to test which pipes we should enable this on. --- source4/rpc_server/handles.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'source4/rpc_server/handles.c') diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c index 74b0ddc82e..085703b3d4 100644 --- a/source4/rpc_server/handles.c +++ b/source4/rpc_server/handles.c @@ -22,13 +22,15 @@ #include "includes.h" #include "../lib/util/dlinklist.h" #include "rpc_server/dcerpc_server.h" +#include "libcli/security/dom_sid.h" +#include "auth/session.h" /* destroy a rpc handle */ static int dcesrv_handle_destructor(struct dcesrv_handle *h) { - DLIST_REMOVE(h->context->assoc_group->handles, h); + DLIST_REMOVE(h->assoc_group->handles, h); return 0; } @@ -37,17 +39,25 @@ static int dcesrv_handle_destructor(struct dcesrv_handle *h) allocate a new rpc handle */ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_new(struct dcesrv_connection_context *context, - uint8_t handle_type) + uint8_t handle_type) { struct dcesrv_handle *h; + struct dom_sid *sid; - h = talloc(context, struct dcesrv_handle); + sid = context->conn->auth_state.session_info->security_token->user_sid; + + h = talloc(context->assoc_group, struct dcesrv_handle); if (!h) { return NULL; } h->data = NULL; - h->context = context; - + h->sid = dom_sid_dup(h, sid); + if (h->sid == NULL) { + talloc_free(h); + return NULL; + } + h->assoc_group = context->assoc_group; + h->iface = context->iface; h->wire_handle.handle_type = handle_type; h->wire_handle.uuid = GUID_random(); @@ -68,6 +78,9 @@ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch( uint8_t handle_type) { struct dcesrv_handle *h; + struct dom_sid *sid; + + sid = context->conn->auth_state.session_info->security_token->user_sid; if (policy_handle_empty(p)) { /* TODO: we should probably return a NULL handle here */ @@ -83,6 +96,16 @@ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch( p->handle_type, handle_type)); return NULL; } + if (!dom_sid_equal(h->sid, sid)) { + DEBUG(0,(__location__ ": Attempt to use invalid sid %s - %s\n", + dom_sid_string(context, h->sid), + dom_sid_string(context, sid))); + return NULL; + } + if (h->iface != context->iface) { + DEBUG(0,(__location__ ": Attempt to use invalid iface\n")); + return NULL; + } return h; } } -- cgit