This will allow the NETLOGON server in the AD DC to declare that it does not use
handles, and so allow some more flexibility with association groups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
}
static const struct dcesrv_interface dcesrv\_$name\_interface = {
- .name = \"$name\",
- .syntax_id = {".print_uuid($uuid).",$if_version},
- .bind = $name\__op_bind,
- .unbind = $name\__op_unbind,
- .ndr_pull = $name\__op_ndr_pull,
- .dispatch = $name\__op_dispatch,
- .reply = $name\__op_reply,
- .ndr_push = $name\__op_ndr_push
+ .name = \"$name\",
+ .syntax_id = {".print_uuid($uuid).",$if_version},
+ .bind = $name\__op_bind,
+ .unbind = $name\__op_unbind,
+ .ndr_pull = $name\__op_ndr_pull,
+ .dispatch = $name\__op_dispatch,
+ .reply = $name\__op_reply,
+ .ndr_push = $name\__op_ndr_push,
+#ifdef DCESRV_INTERFACE_$uname\_FLAGS
+ .flags = DCESRV_INTERFACE_$uname\_FLAGS
+#else
+ .flags = 0
+#endif
};
";
/* for any private use by the interface code */
const void *private_data;
+
+ uint64_t flags;
};
+#define DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED 0x00000001
+
enum dcesrv_call_list {
DCESRV_LIST_NONE,
DCESRV_LIST_CALL_LIST,
#define DCESRV_INTERFACE_MGMT_BIND(call, iface) \
dcesrv_interface_mgmt_bind(call, iface)
+/*
+ * This #define allows the mgmt interface to accept invalid
+ * association groups, because association groups are to coordinate
+ * handles, and handles are not used in mgmt. This in turn avoids
+ * the need to coordinate these across multiple possible NETLOGON
+ * processes, as an mgmt interface is added to each
+ */
+
+#define DCESRV_INTERFACE_MGMT_FLAGS DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED
+
static NTSTATUS dcesrv_interface_mgmt_bind(struct dcesrv_call_state *dce_call,
const struct dcesrv_interface *iface)
{
struct dcesrv_handle *h;
struct dom_sid *sid;
+ /*
+ * For simplicty, ensure we abort here for an interface that has no handles (programmer error)
+ */
+ SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
+
sid = &context->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
h = talloc_zero(context->conn->assoc_group, struct dcesrv_handle);
struct dcesrv_handle *h;
struct dom_sid *sid;
+ /*
+ * For simplicty, ensure we abort here for an interface that has no handles (programmer error)
+ */
+ SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
+
sid = &context->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
if (ndr_policy_handle_empty(p)) {
#define DCESRV_INTERFACE_NETLOGON_BIND(call, iface) \
dcesrv_interface_netlogon_bind(call, iface)
+/*
+ * This #define allows the netlogon interface to accept invalid
+ * association groups, because association groups are to coordinate
+ * handles, and handles are not used in NETLOGON. This in turn avoids
+ * the need to coordinate these across multiple possible NETLOGON
+ * processes
+ */
+#define DCESRV_INTERFACE_NETLOGON_FLAGS DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED
+
static NTSTATUS dcesrv_interface_netlogon_bind(struct dcesrv_call_state *dce_call,
const struct dcesrv_interface *iface)
{
iface->ndr_push = remote_op_ndr_push;
iface->private_data = if_tabl;
+ iface->flags = 0;
return true;
}