From: Andrew Bartlett Date: Sun, 13 Nov 2016 21:11:05 +0000 (+1300) Subject: s4-rpc_server: Do not check association groups for NETLOGON X-Git-Tag: samba-4.6.0rc1~170 X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=b81cf02834bdd5b0925949cc9d42897aa3054746 s4-rpc_server: Do not check association groups for NETLOGON If this RPC server is not going to use handles (actually a generic flag) then do not check the assocation group provided. This in turn allows us to easily make NETLOGON run in multiple processes. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index ca7a006ded7..8ed9df5b0b4 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -816,6 +816,33 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) call->conn->assoc_group = dcesrv_assoc_group_new(call->conn, call->conn->dce_ctx); } + + /* + * The NETLOGON server does not use handles and so + * there is no need to support association groups, but + * we need to give back a number regardless. + * + * We have to do this when it is not run as a single process, + * because then it can't see the other valid association + * groups. We handle this genericly for all endpoints not + * running in single process mode. + * + * We know which endpoint we are on even before checking the + * iface UUID, so for simplicity we enforce the same policy + * for all interfaces on the endpoint. + * + * This means that where NETLOGON + * shares an endpoint (such as ncalrpc or of 'lsa over + * netlogon' is set) we will still check association groups. + * + */ + + if (call->conn->assoc_group == NULL && + !call->conn->endpoint->use_single_process) { + call->conn->assoc_group + = dcesrv_assoc_group_new(call->conn, + call->conn->dce_ctx); + } if (call->conn->assoc_group == NULL) { return dcesrv_bind_nak(call, 0); }