s4:rpc_server: replace dce_conn->allow_request with auth->auth_finished
authorStefan Metzmacher <metze@samba.org>
Thu, 22 Nov 2018 09:30:47 +0000 (10:30 +0100)
committerJeremy Allison <jra@samba.org>
Sat, 12 Jan 2019 02:13:37 +0000 (03:13 +0100)
They both had the same lifetime and the disconnect case is now
caught by auth->auth_invalid = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/rpc_server/dcerpc_server.c
source4/rpc_server/dcerpc_server.h
source4/rpc_server/dcesrv_auth.c

index 54ab2d0..e763b58 100644 (file)
@@ -666,7 +666,6 @@ static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
 
        call->conn->allow_bind = false;
        call->conn->allow_alter = false;
-       call->conn->allow_request = false;
 
        call->conn->default_auth_state->auth_invalid = true;
 
@@ -1851,7 +1850,7 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
        struct ndr_pull *pull;
        NTSTATUS status;
 
-       if (!call->conn->allow_request) {
+       if (!auth->auth_finished) {
                return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
        }
 
@@ -2038,7 +2037,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
        /* we have to check the signing here, before combining the
           pdus */
        if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
-               if (!call->conn->allow_request) {
+               if (!call->auth_state->auth_finished) {
                        return dcesrv_fault_disconnect(call,
                                        DCERPC_NCA_S_PROTO_ERROR);
                }
@@ -2476,7 +2475,6 @@ static void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, cons
 
        dce_conn->allow_bind = false;
        dce_conn->allow_alter = false;
-       dce_conn->allow_request = false;
 
        dce_conn->default_auth_state->auth_invalid = true;
 
index c720816..4b6c0d1 100644 (file)
@@ -297,7 +297,6 @@ struct dcesrv_connection {
         */
        bool allow_bind;
        bool allow_alter;
-       bool allow_request;
 
        /* the association group the connection belongs to */
        struct dcesrv_assoc_group *assoc_group;
index 392a25c..98827ff 100644 (file)
@@ -279,7 +279,6 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 
 NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
 {
-       struct dcesrv_connection *dce_conn = call->conn;
        struct dcesrv_auth *auth = call->auth_state;
        const char *pdu = "<unknown>";
 
@@ -320,7 +319,6 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
                return status;
        }
        auth->auth_finished = true;
-       dce_conn->allow_request = true;
 
        if (call->pkt.ptype != DCERPC_PKT_AUTH3) {
                return NT_STATUS_OK;
@@ -348,7 +346,6 @@ NTSTATUS dcesrv_auth_prepare_bind_ack(struct dcesrv_call_state *call, struct nca
 
        if (call->pkt.auth_length == 0) {
                auth->auth_finished = true;
-               dce_conn->allow_request = true;
                return NT_STATUS_OK;
        }
 
@@ -521,7 +518,6 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
                          DATA_BLOB *payload_and_verifier)
 {
        struct ncacn_packet *pkt = &call->pkt;
-       struct dcesrv_connection *dce_conn = call->conn;
        struct dcesrv_auth *auth = call->auth_state;
        const struct dcerpc_auth tmp_auth = {
                .auth_type = auth->auth_type,
@@ -530,7 +526,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
        };
        NTSTATUS status;
 
-       if (!dce_conn->allow_request) {
+       if (!auth->auth_finished) {
                call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
                return false;
        }