From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 21 Nov 2018 19:06:21 +0000 (+0100)
Subject: s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_... 
X-Git-Tag: talloc-2.1.15~60
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=70b00c7567aeef4027f3d4d55c74bb37a2e9e673

s4:rpc_server: only use context within op_bind() hooks and dcesrv_interface_bind_*() functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 10caf248db4..307a7f09b74 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -47,7 +47,8 @@
 static NTSTATUS dcesrv_interface_backupkey_bind(struct dcesrv_call_state *dce_call,
 						const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_require_privacy(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_require_privacy(context, iface);
 }
 
 static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
index 9cd912594c5..05113a9cc74 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
@@ -54,7 +54,8 @@
 static NTSTATUS dcesrv_interface_backupkey_bind(struct dcesrv_call_state *dce_call,
 						const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_require_privacy(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_require_privacy(context, iface);
 }
 
 static const unsigned rsa_with_var_num[] = { 1, 2, 840, 113549, 1, 1, 1 };
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index a79556dfc00..9717a24d637 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -781,44 +781,31 @@ static void dcesrv_prepare_context_auth(struct dcesrv_call_state *dce_call)
 					context->allow_connect);
 }
 
-NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_call,
+NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_connection_context *context,
 						 const struct dcesrv_interface *iface)
 {
-	if (dce_call->context == NULL) {
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
 	/*
 	 * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4)
 	 * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5).
 	 */
-	dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET;
+	context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET;
 	return NT_STATUS_OK;
 }
 
-NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_call_state *dce_call,
+NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_connection_context *context,
 					       const struct dcesrv_interface *iface)
 {
-	if (dce_call->context == NULL) {
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
+	context->min_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
 	return NT_STATUS_OK;
 }
 
-_PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_call_state *dce_call,
+_PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_connection_context *context,
 						       const struct dcesrv_interface *iface)
 {
-	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
-	const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
+	struct loadparm_context *lp_ctx = context->conn->dce_ctx->lp_ctx;
+	const struct dcesrv_endpoint *endpoint = context->conn->endpoint;
 	enum dcerpc_transport_t transport =
 		dcerpc_binding_get_transport(endpoint->ep_description);
-	struct dcesrv_connection_context *context = dce_call->context;
-
-	if (context == NULL) {
-		return NT_STATUS_INTERNAL_ERROR;
-	}
 
 	if (transport == NCALRPC) {
 		context->allow_connect = true;
@@ -837,18 +824,13 @@ _PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_call_state
 	return NT_STATUS_OK;
 }
 
-_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_call_state *dce_call,
+_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_connection_context *context,
 						      const struct dcesrv_interface *iface)
 {
-	struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
-	const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
+	struct loadparm_context *lp_ctx = context->conn->dce_ctx->lp_ctx;
+	const struct dcesrv_endpoint *endpoint = context->conn->endpoint;
 	enum dcerpc_transport_t transport =
 		dcerpc_binding_get_transport(endpoint->ep_description);
-	struct dcesrv_connection_context *context = dce_call->context;
-
-	if (context == NULL) {
-		return NT_STATUS_INTERNAL_ERROR;
-	}
 
 	if (transport == NCALRPC) {
 		context->allow_connect = true;
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index f4ea993520f..dfe48883353 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -527,13 +527,13 @@ _PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call,
 				    enum dcerpc_AuthType *auth_type,
 				    enum dcerpc_AuthLevel *auth_level);
 
-_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_call,
+_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_connection_context *context,
 							  const struct dcesrv_interface *iface);
-_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_call_state *dce_call,
+_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_connection_context *context,
 						        const struct dcesrv_interface *iface);
-_PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_call_state *dce_call,
+_PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_connection_context *context,
 						       const struct dcesrv_interface *iface);
-_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_call_state *dce_call,
+_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_connection_context *context,
 						      const struct dcesrv_interface *iface);
 
 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_assoc(
diff --git a/source4/rpc_server/dcesrv_mgmt.c b/source4/rpc_server/dcesrv_mgmt.c
index ecb90d8848e..210a86de6ee 100644
--- a/source4/rpc_server/dcesrv_mgmt.c
+++ b/source4/rpc_server/dcesrv_mgmt.c
@@ -39,7 +39,8 @@
 static NTSTATUS dcesrv_interface_mgmt_bind(struct dcesrv_call_state *dce_call,
 					     const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_allow_connect(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_allow_connect(context, iface);
 }
 
 /* 
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 1f7a2e198a7..7c2ca8e4d52 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -33,7 +33,8 @@
 static NTSTATUS dcesrv_interface_dnsserver_bind(struct dcesrv_call_state *dce_call,
 					        const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_require_integrity(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_require_integrity(context, iface);
 }
 
 #define DNSSERVER_STATE_MAGIC 0xc9657ab4
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 415e8db084e..347823ebca3 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -47,7 +47,8 @@
 static NTSTATUS dcesrv_interface_drsuapi_bind(struct dcesrv_call_state *dce_call,
 					      const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_require_privacy(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_require_privacy(context, iface);
 }
 
 /* 
diff --git a/source4/rpc_server/echo/rpc_echo.c b/source4/rpc_server/echo/rpc_echo.c
index 49c9e23c678..e00eaecbd45 100644
--- a/source4/rpc_server/echo/rpc_echo.c
+++ b/source4/rpc_server/echo/rpc_echo.c
@@ -31,7 +31,8 @@
 static NTSTATUS dcesrv_interface_rpcecho_bind(struct dcesrv_call_state *dce_call,
 					      const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_allow_connect(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_allow_connect(context, iface);
 }
 
 static NTSTATUS dcesrv_echo_AddOne(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_AddOne *r)
diff --git a/source4/rpc_server/epmapper/rpc_epmapper.c b/source4/rpc_server/epmapper/rpc_epmapper.c
index 6b934d7d1b4..7e9c2614f29 100644
--- a/source4/rpc_server/epmapper/rpc_epmapper.c
+++ b/source4/rpc_server/epmapper/rpc_epmapper.c
@@ -29,7 +29,8 @@
 static NTSTATUS dcesrv_interface_epmapper_bind(struct dcesrv_call_state *dce_call,
 					     const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_allow_connect(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_allow_connect(context, iface);
 }
 
 typedef uint32_t error_status_t;
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 8575db6b204..4a1bf60ac64 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -40,7 +40,8 @@
 static NTSTATUS dcesrv_interface_lsarpc_bind(struct dcesrv_call_state *dce_call,
 					     const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_reject_connect(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_reject_connect(context, iface);
 }
 
 static NTSTATUS lsarpc__op_init_server(struct dcesrv_context *dce_ctx,
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 21374a209fb..ca3dba374b9 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -60,7 +60,8 @@
 static NTSTATUS dcesrv_interface_netlogon_bind(struct dcesrv_call_state *dce_call,
 					       const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_reject_connect(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_reject_connect(context, iface);
 }
 
 #define NETLOGON_SERVER_PIPE_STATE_MAGIC 0x4f555358
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 921d2965d7c..0ddbaae835d 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -46,7 +46,8 @@
 static NTSTATUS dcesrv_interface_samr_bind(struct dcesrv_call_state *dce_call,
 					     const struct dcesrv_interface *iface)
 {
-	return dcesrv_interface_bind_reject_connect(dce_call, iface);
+	struct dcesrv_connection_context *context = dce_call->context;
+	return dcesrv_interface_bind_reject_connect(context, iface);
 }
 
 /* these query macros make samr_Query[User|Group|Alias]Info a bit easier to read */