handles are not shared between open dcerpc connections, even when
those connections are on the same SMB socket. I have tested this with
w2k3, w2k and NT4. It seems that policy handles have a strict scope of
the dcerpc connection on which they were opened.
I realise that this goes against existing folk-law in the team, but it
seems that the previous testing (I'm not sure who did this?) was
wrong. Perhaps clients do send us policy handles from other
connections, but if they do then the correct thing to do is to fail
the operation with a dcerpc fault. I suspect that failing it with
exactly the right dcerpc fault code is important.
(This used to be commit
2ed24d29bafd9055d5782acdd595cd0f378a651a)
marshalling/unmarshalling routines in decrpc.c
*/
+enum dcerpc_transport_t {NCACN_NP, NCACN_IP_TCP};
+
+
struct dcerpc_pipe {
TALLOC_CTX *mem_ctx;
int reference_count;
unsigned flags;
struct ntlmssp_state *ntlmssp_state;
struct dcerpc_auth *auth_info;
-
+ const char *binding_string;
+
struct dcerpc_transport {
+ enum dcerpc_transport_t transport;
void *private;
NTSTATUS (*full_request)(struct dcerpc_pipe *,
TALLOC_CTX *, DATA_BLOB *, DATA_BLOB *);
};
-enum dcerpc_transport_t {NCACN_NP, NCACN_IP_TCP};
-
/* this describes a binding to a particular transport/pipe */
struct dcerpc_binding {
enum dcerpc_transport_t transport;
/*
fill in the transport methods
*/
+ (*p)->transport.transport = NCACN_NP;
(*p)->transport.private = NULL;
(*p)->transport.full_request = smb_full_request;
(*p)->transport.secondary_request = smb_secondary_request;
return NT_STATUS_OK;
}
+
+/*
+ return the SMB tree used for a dcerpc over SMB pipe
+*/
+struct cli_tree *dcerpc_smb_tree(struct dcerpc_pipe *p)
+{
+ struct smb_private *smb = p->transport.private;
+
+ if (p->transport.transport != NCACN_NP) {
+ return NULL;
+ }
+
+ return smb->tree;
+}
/*
fill in the transport methods
*/
+ (*p)->transport.transport = NCACN_IP_TCP;
(*p)->transport.private = NULL;
(*p)->transport.full_request = tcp_full_request;
(*p)->transport.secondary_request = tcp_secondary_request;
break;
}
+ /* remember the binding string for possible secondary connections */
+ if (NT_STATUS_IS_OK(status)) {
+ (*p)->binding_string = dcerpc_binding_string((*p)->mem_ctx, binding);
+ }
+
return status;
}
talloc_destroy(mem_ctx);
return status;
}
+
+
+/*
+ create a secondary dcerpc connection on SMB
+ the secondary connection will be on the same SMB connection, but
+ use a new fnum
+*/
+NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2,
+ const char *pipe_name,
+ const char *pipe_uuid,
+ uint32 pipe_version)
+{
+ NTSTATUS status;
+ struct cli_tree *tree;
+
+ tree = dcerpc_smb_tree(p);
+ if (!tree) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = dcerpc_pipe_open_smb(p2, tree, pipe_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ (*p2)->flags = p->flags;
+
+ status = dcerpc_bind_auth_none(*p2, pipe_uuid, pipe_version);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
return True;
}
+static BOOL test_SecondaryClosePrinter(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ NTSTATUS status;
+ struct dcerpc_pipe *p2;
+
+ /* only makes sense on SMB */
+ if (p->transport.transport != NCACN_NP) {
+ return True;
+ }
+
+ printf("testing close on secondary pipe\n");
+
+ status = dcerpc_secondary_smb(p, &p2,
+ DCERPC_SPOOLSS_NAME,
+ DCERPC_SPOOLSS_UUID,
+ DCERPC_SPOOLSS_VERSION);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Failed to create secondary connection\n");
+ return False;
+ }
+
+ if (test_ClosePrinter(p2, mem_ctx, handle)) {
+ printf("ERROR: Allowed close on secondary connection!\n");
+ dcerpc_pipe_close(p2);
+ return False;
+ }
+
+ dcerpc_pipe_close(p2);
+
+ return True;
+}
+
static BOOL test_OpenPrinter(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
const char *name)
{
ret = False;
}
+ if (!test_SecondaryClosePrinter(p, mem_ctx, &handle)) {
+ ret = False;
+ }
+
if (!test_ClosePrinter(p, mem_ctx, &handle)) {
ret = False;
}
ret = False;
}
+ if (!test_SecondaryClosePrinter(p, mem_ctx, &handle)) {
+ ret = False;
+ }
+
if (!test_ClosePrinter(p, mem_ctx, &handle)) {
ret = False;
}