The Samba-Bugzilla – Attachment 18572 Details for
Bug 15680
Trust domains are not created
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.21
v4-21-fix-trust-win2026.patch (text/plain), 44.59 KB, created by
Andreas Schneider
on 2025-02-18 06:56:08 UTC
(
hide
)
Description:
patch for 4.21
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2025-02-18 06:56:08 UTC
Size:
44.59 KB
patch
obsolete
>From 0ec61035e2b1ac88f271f26222fd388f2843468c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 12 Feb 2025 12:35:20 +0100 >Subject: [PATCH 1/8] s3:rpc_client: Add cli_rpc_pipe_reopen_np_noauth() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(backported from commit d2ac6221db48b93581d7ce48d31f8851c88b77bc) >--- > source3/rpc_client/cli_pipe.c | 88 +++++++++++++++++++++++++++++++++++ > source3/rpc_client/cli_pipe.h | 2 + > 2 files changed, 90 insertions(+) > >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index cf551f6f548..35fe3e5a65f 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -3456,6 +3456,94 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > presult); > } > >+/**************************************************************************** >+ * Reopen a connection with the same parameters. >+ * >+ * This is useful if we try an RPC function the server doesn't know about and >+ * disconnects us. >+ ****************************************************************************/ >+NTSTATUS cli_rpc_pipe_reopen_np_noauth(struct rpc_pipe_client *rpccli) >+{ >+ TALLOC_CTX *frame = talloc_stackframe(); >+ enum dcerpc_transport_t transport; >+ struct cli_state *cli = NULL; >+ struct rpc_client_association *assoc = NULL; >+ struct rpc_client_connection *new_conn = NULL; >+ struct pipe_auth_data *new_auth = NULL; >+ NTSTATUS status; >+ >+ if (rpccli->assoc == NULL) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INVALID_PARAMETER_MIX; >+ } >+ >+ transport = dcerpc_binding_get_transport(rpccli->assoc->binding); >+ if (transport != NCACN_NP) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INVALID_PARAMETER_MIX; >+ } >+ >+ if (rpccli->np_cli == NULL) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INVALID_PARAMETER_MIX; >+ } >+ cli = rpccli->np_cli; >+ >+ /* >+ * close the old connection >+ */ >+ TALLOC_FREE(rpccli->conn); >+ >+ /* >+ * Free the auth context >+ */ >+ TALLOC_FREE(rpccli->auth); >+ >+ /* >+ * Reset the association >+ */ >+ assoc = talloc_move(frame, &rpccli->assoc); >+ status = dcerpc_binding_set_assoc_group_id(assoc->binding, 0); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ assoc->features.negotiated = 0; >+ if (assoc->features.client != 0) { >+ assoc->features.negotiation_done = false; >+ } >+ assoc->next_call_id = 0; >+ >+ status = rpc_client_connection_np(cli, >+ assoc, >+ &new_conn); >+ if (!NT_STATUS_IS_OK(status)) { >+ TALLOC_FREE(frame); >+ return status; >+ } >+ >+ rpccli->assoc = talloc_move(rpccli, &assoc); >+ rpccli->conn = talloc_move(rpccli, &new_conn); >+ >+ /* rpc_pipe_bind_send should allocate an id... */ >+ rpccli->pres_context_id = UINT16_MAX; >+ rpccli->verified_pcontext = false; >+ >+ status = rpccli_anon_bind_data(rpccli, &new_auth); >+ if (!NT_STATUS_IS_OK(status)) { >+ TALLOC_FREE(frame); >+ return status; >+ } >+ >+ status = rpc_pipe_bind(rpccli, new_auth); >+ if (!NT_STATUS_IS_OK(status)) { >+ TALLOC_FREE(frame); >+ return status; >+ } >+ >+ TALLOC_FREE(frame); >+ return NT_STATUS_OK; >+} >+ > /**************************************************************************** > Open a named pipe to an SMB server and bind using the mech specified > >diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h >index d9826ca8e5c..007e9d01c04 100644 >--- a/source3/rpc_client/cli_pipe.h >+++ b/source3/rpc_client/cli_pipe.h >@@ -84,6 +84,8 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > const struct ndr_interface_table *table, > struct rpc_pipe_client **presult); > >+NTSTATUS cli_rpc_pipe_reopen_np_noauth(struct rpc_pipe_client *rpccli); >+ > NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, > enum dcerpc_transport_t transport, > const struct ndr_interface_table *table, >-- >2.48.1 > > >From 289c3a67c7f1b846a643ebfacd271a7cd043ce58 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 12 Feb 2025 14:17:30 +0100 >Subject: [PATCH 2/8] s3:rpc_cerver: Use dcerpc_lsa_open_policy3() for internal > RPC > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 0c68d9bc0cd5873f7b59be0fe93d64d6d47b5a57) >--- > source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c >index 2ba16d423e3..e5abcbdbd84 100644 >--- a/source3/rpc_server/netlogon/srv_netlog_nt.c >+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c >@@ -460,7 +460,7 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(struct pipes_struct *p, > return status; > } > >- status = dcerpc_lsa_open_policy_fallback( >+ status = dcerpc_lsa_open_policy3( > h, > p->mem_ctx, > NULL, >-- >2.48.1 > > >From d5041f867f163ce973d004f67ccdcd7136803a10 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 12 Feb 2025 12:45:19 +0100 >Subject: [PATCH 3/8] s3:rpc_client: Use cli_rpc_pipe_reopen_np_noauth() for > OpenPolicy fallback > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 3bbe35d42c4d4a0ce663580dfb035b6beb329ebb) >--- > source3/lib/netapi/localgroup.c | 2 +- > source3/rpc_client/cli_lsarpc.c | 15 ++++++++++- > source3/rpc_client/cli_lsarpc.h | 4 +-- > source3/rpcclient/cmd_lsarpc.c | 48 ++++++++++++++++----------------- > source3/utils/net_rpc.c | 6 ++--- > source3/utils/net_rpc_rights.c | 4 +-- > source3/utils/net_rpc_trust.c | 2 +- > source3/winbindd/winbindd_cm.c | 2 +- > source3/wscript_build | 2 +- > 9 files changed, 49 insertions(+), 36 deletions(-) > >diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c >index a63fca4366a..db72b1d15b6 100644 >--- a/source3/lib/netapi/localgroup.c >+++ b/source3/lib/netapi/localgroup.c >@@ -984,7 +984,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx, > init_lsa_String(&names, name); > > status = dcerpc_lsa_open_policy_fallback( >- b, >+ lsa_pipe, > mem_ctx, > lsa_pipe->srv_name_slash, > false, >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index cf2572ed61c..fcb0e9b0f1e 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -24,6 +24,7 @@ > > #include "includes.h" > #include "rpc_client/rpc_client.h" >+#include "rpc_client/cli_pipe.h" > #include "../librpc/gen_ndr/ndr_lsa_c.h" > #include "rpc_client/cli_lsarpc.h" > #include "rpc_client/init_lsa.h" >@@ -167,7 +168,7 @@ NTSTATUS dcerpc_lsa_open_policy3(struct dcerpc_binding_handle *h, > result); > } > >-NTSTATUS dcerpc_lsa_open_policy_fallback(struct dcerpc_binding_handle *h, >+NTSTATUS dcerpc_lsa_open_policy_fallback(struct rpc_pipe_client *rpccli, > TALLOC_CTX *mem_ctx, > const char *srv_name_slash, > bool sec_qos, >@@ -177,7 +178,9 @@ NTSTATUS dcerpc_lsa_open_policy_fallback(struct dcerpc_binding_handle *h, > struct policy_handle *pol, > NTSTATUS *result) > { >+ struct dcerpc_binding_handle *h = rpccli->binding_handle; > NTSTATUS status; >+ bool policy2 = false; > > status = dcerpc_lsa_open_policy3(h, > mem_ctx, >@@ -189,6 +192,16 @@ NTSTATUS dcerpc_lsa_open_policy_fallback(struct dcerpc_binding_handle *h, > pol, > result); > if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) { >+ policy2 = true; >+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { >+ status = cli_rpc_pipe_reopen_np_noauth(rpccli); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ policy2 = true; >+ } >+ >+ if (policy2) { > *out_version = 1; > *out_revision_info = (union lsa_revision_info) { > .info1 = { >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index 0a0f399346e..269dec1ec44 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -120,7 +120,7 @@ NTSTATUS dcerpc_lsa_open_policy3(struct dcerpc_binding_handle *h, > * This first calls lsa_open_policy3 and falls back to lsa_open_policy2 in case > * it isn't implemented. > * >- * @param[in] h The dcerpc binding handle to use. >+ * @param[in] rpccli The rpc pipe client structure to use. > * > * @param[in] mem_ctx The memory context to use. > * >@@ -139,7 +139,7 @@ NTSTATUS dcerpc_lsa_open_policy3(struct dcerpc_binding_handle *h, > * > * @return A corresponding NTSTATUS error code for the connection. > */ >-NTSTATUS dcerpc_lsa_open_policy_fallback(struct dcerpc_binding_handle *h, >+NTSTATUS dcerpc_lsa_open_policy_fallback(struct rpc_pipe_client *rpccli, > TALLOC_CTX *mem_ctx, > const char *srv_name_slash, > bool sec_qos, >diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c >index 0903c043a84..1506e517d36 100644 >--- a/source3/rpcclient/cmd_lsarpc.c >+++ b/source3/rpcclient/cmd_lsarpc.c >@@ -186,7 +186,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli, > uint32_t out_version = 0; > > status = dcerpc_lsa_open_policy_fallback( >- b, >+ cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -938,7 +938,7 @@ static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli, > if (!NT_STATUS_IS_OK(status)) > goto done; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1004,7 +1004,7 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli, > if (!NT_STATUS_IS_OK(status)) > goto done; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1089,7 +1089,7 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli, > if (!NT_STATUS_IS_OK(status)) > goto done; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1156,7 +1156,7 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli, > if (!NT_STATUS_IS_OK(status)) > goto done; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1227,7 +1227,7 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli, > if (!NT_STATUS_IS_OK(status)) > goto done; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1295,7 +1295,7 @@ static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1358,7 +1358,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, > if (argc == 2) > sscanf(argv[1], "%x", &sec_info); > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1463,7 +1463,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, > if (argc == 3) > info_class = atoi(argv[2]); > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1531,7 +1531,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, > if (argc == 3) > info_class = atoi(argv[2]); > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1611,7 +1611,7 @@ static NTSTATUS cmd_lsa_set_trustdominfo(struct rpc_pipe_client *cli, > return NT_STATUS_INVALID_PARAMETER; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1689,7 +1689,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, > if (argc == 3) > info_class = atoi(argv[2]); > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1809,7 +1809,7 @@ static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli, > goto done; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -1918,7 +1918,7 @@ static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli, > goto done; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2019,7 +2019,7 @@ static NTSTATUS cmd_lsa_create_secret(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2079,7 +2079,7 @@ static NTSTATUS cmd_lsa_delete_secret(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2158,7 +2158,7 @@ static NTSTATUS cmd_lsa_query_secret(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2261,7 +2261,7 @@ static NTSTATUS cmd_lsa_set_secret(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2352,7 +2352,7 @@ static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2427,7 +2427,7 @@ static NTSTATUS cmd_lsa_store_private_data(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2497,7 +2497,7 @@ static NTSTATUS cmd_lsa_create_trusted_domain(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2587,7 +2587,7 @@ static NTSTATUS cmd_lsa_create_trusted_domain_ex3(struct rpc_pipe_client *cli, > goto done; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2701,7 +2701,7 @@ static NTSTATUS cmd_lsa_create_trusted_domain_ex2(struct rpc_pipe_client *cli, > goto done; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >@@ -2789,7 +2789,7 @@ static NTSTATUS cmd_lsa_delete_trusted_domain(struct rpc_pipe_client *cli, > return NT_STATUS_OK; > } > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c >index b04be2efea7..98435a276c6 100644 >--- a/source3/utils/net_rpc.c >+++ b/source3/utils/net_rpc.c >@@ -6632,7 +6632,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, > > b = pipe_hnd->binding_handle; > >- nt_status = dcerpc_lsa_open_policy_fallback(b, >+ nt_status = dcerpc_lsa_open_policy_fallback(pipe_hnd, > frame, > pipe_hnd->srv_name_slash, > true, >@@ -6916,7 +6916,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, > > b = pipe_hnd->binding_handle; > >- nt_status = dcerpc_lsa_open_policy_fallback(b, >+ nt_status = dcerpc_lsa_open_policy_fallback(pipe_hnd, > mem_ctx, > pipe_hnd->srv_name_slash, > false, >@@ -7109,7 +7109,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) > > b = pipe_hnd->binding_handle; > >- nt_status = dcerpc_lsa_open_policy_fallback(b, >+ nt_status = dcerpc_lsa_open_policy_fallback(pipe_hnd, > mem_ctx, > pipe_hnd->srv_name_slash, > true, >diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c >index 267ce6576e6..a3b2a6dc80e 100644 >--- a/source3/utils/net_rpc_rights.c >+++ b/source3/utils/net_rpc_rights.c >@@ -507,7 +507,7 @@ static NTSTATUS rpc_rights_grant_internal(struct net_context *c, > if (!NT_STATUS_IS_OK(status)) > goto done; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(pipe_hnd, > mem_ctx, > pipe_hnd->srv_name_slash, > true, >@@ -593,7 +593,7 @@ static NTSTATUS rpc_rights_revoke_internal(struct net_context *c, > if (!NT_STATUS_IS_OK(status)) > return status; > >- status = dcerpc_lsa_open_policy_fallback(b, >+ status = dcerpc_lsa_open_policy_fallback(pipe_hnd, > mem_ctx, > pipe_hnd->srv_name_slash, > true, >diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c >index a3354ad68d4..a37d9a90ac9 100644 >--- a/source3/utils/net_rpc_trust.c >+++ b/source3/utils/net_rpc_trust.c >@@ -235,7 +235,7 @@ static NTSTATUS connect_and_get_info(TALLOC_CTX *mem_ctx, > } > > status = dcerpc_lsa_open_policy_fallback( >- (*pipe_hnd)->binding_handle, >+ (*pipe_hnd), > mem_ctx, > (*pipe_hnd)->srv_name_slash, > false, >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index f33e0bcb165..7c8acb0b856 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2296,7 +2296,7 @@ no_dssetup: > return; > } > >- status = dcerpc_lsa_open_policy_fallback(cli->binding_handle, >+ status = dcerpc_lsa_open_policy_fallback(cli, > mem_ctx, > cli->srv_name_slash, > true, >diff --git a/source3/wscript_build b/source3/wscript_build >index 824f961c1ec..643b1768388 100644 >--- a/source3/wscript_build >+++ b/source3/wscript_build >@@ -1037,7 +1037,7 @@ bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR', > > bld.SAMBA3_LIBRARY('libcli_lsa3', > source='rpc_client/cli_lsarpc.c', >- deps='RPC_NDR_LSA INIT_LSA', >+ deps='RPC_NDR_LSA INIT_LSA msrpc3', > private_library=True) > > bld.SAMBA3_LIBRARY('libcli_netlogon3', >-- >2.48.1 > > >From 0ab39239fbf1554e25a289aefa732c43a805a259 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 17 Jul 2024 17:39:24 +0200 >Subject: [PATCH 4/8] dcesrv_core: Make dcesrv_call_disconnect_after() public > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit a094a29e426cc79e23bb4d866334d7735159fb41) >--- > librpc/rpc/dcesrv_core.c | 4 ++-- > librpc/rpc/dcesrv_core.h | 3 +++ > 2 files changed, 5 insertions(+), 2 deletions(-) > >diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c >index 66478001640..7fb23d49d61 100644 >--- a/librpc/rpc/dcesrv_core.c >+++ b/librpc/rpc/dcesrv_core.c >@@ -783,8 +783,8 @@ static void dcesrv_call_set_list(struct dcesrv_call_state *call, > } > } > >-static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call, >- const char *reason) >+void dcesrv_call_disconnect_after(struct dcesrv_call_state *call, >+ const char *reason) > { > struct dcesrv_auth *a = NULL; > >diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h >index 90f5bd21d64..0b69af575b2 100644 >--- a/librpc/rpc/dcesrv_core.h >+++ b/librpc/rpc/dcesrv_core.h >@@ -566,6 +566,9 @@ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call, > NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call, > DATA_BLOB *session_key); > >+void dcesrv_call_disconnect_after(struct dcesrv_call_state *call, >+ const char *reason); >+ > /* a useful macro for generating a RPC fault in the backend code */ > #define DCESRV_FAULT(code) do { \ > dce_call->fault_code = code; \ >-- >2.48.1 > > >From da7ed2687ebf4ecd11d2f49e5d8dc613617a079b Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 17 Jul 2024 18:11:49 +0200 >Subject: [PATCH 5/8] librpc:pyrpc: Allow new authenticated rpc connection on > the same transport as the basis_connection > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 2c171fb1b8c88034a98c3aaf052e99ba5dbbafd9) >--- > source4/librpc/rpc/pyrpc_util.c | 78 +++++++++++++++++++++++++++++---- > 1 file changed, 70 insertions(+), 8 deletions(-) > >diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c >index a0910b4f802..211370d6706 100644 >--- a/source4/librpc/rpc/pyrpc_util.c >+++ b/source4/librpc/rpc/pyrpc_util.c >@@ -179,6 +179,8 @@ PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, Py > struct dcerpc_pipe *base_pipe; > PyObject *py_base; > PyTypeObject *ClientConnection_Type; >+ struct loadparm_context *lp_ctx = NULL; >+ struct cli_credentials *credentials = NULL; > > py_base = PyImport_ImportModule("samba.dcerpc.base"); > if (py_base == NULL) { >@@ -223,16 +225,76 @@ PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, Py > return NULL; > } > >- status = dcerpc_secondary_context(base_pipe, &ret->pipe, table); >- if (!NT_STATUS_IS_OK(status)) { >- PyErr_SetNTSTATUS(status); >- Py_DECREF(ret); >- Py_DECREF(py_base); >- Py_DECREF(ClientConnection_Type); >- return NULL; >+ if (py_lp_ctx != Py_None) { >+ lp_ctx = lpcfg_from_py_object(ret->ev, py_lp_ctx); >+ if (lp_ctx == NULL) { >+ PyErr_SetString(PyExc_TypeError, "Expected loadparm context"); >+ Py_DECREF(ret); >+ return NULL; >+ } >+ } >+ >+ if (py_credentials != Py_None) { >+ credentials = cli_credentials_from_py_object(py_credentials); >+ if (credentials == NULL) { >+ PyErr_SetString(PyExc_TypeError, "Expected credentials"); >+ Py_DECREF(ret); >+ return NULL; >+ } >+ } >+ >+ if (credentials != NULL) { >+ struct dcerpc_binding *binding = NULL; >+ >+ if (lp_ctx == NULL) { >+ PyErr_SetString( >+ PyExc_TypeError, >+ "Expected a loadparm context together " >+ "with provided credentials"); >+ Py_DECREF(ret); >+ Py_DECREF(py_base); >+ Py_DECREF(ClientConnection_Type); >+ return NULL; >+ } >+ >+ status = dcerpc_parse_binding(ret->mem_ctx, >+ binding_string, >+ &binding); >+ if (!NT_STATUS_IS_OK(status)) { >+ PyErr_SetNTSTATUS(status); >+ Py_DECREF(ret); >+ Py_DECREF(py_base); >+ Py_DECREF(ClientConnection_Type); >+ return NULL; >+ } >+ >+ status = dcerpc_secondary_auth_connection(base_pipe, >+ binding, >+ table, >+ credentials, >+ lp_ctx, >+ ret->mem_ctx, >+ &ret->pipe); >+ TALLOC_FREE(binding); >+ if (!NT_STATUS_IS_OK(status)) { >+ PyErr_SetNTSTATUS(status); >+ Py_DECREF(ret); >+ Py_DECREF(py_base); >+ Py_DECREF(ClientConnection_Type); >+ return NULL; >+ } >+ } else { >+ status = dcerpc_secondary_context(base_pipe, &ret->pipe, table); >+ if (!NT_STATUS_IS_OK(status)) { >+ PyErr_SetNTSTATUS(status); >+ Py_DECREF(ret); >+ Py_DECREF(py_base); >+ Py_DECREF(ClientConnection_Type); >+ return NULL; >+ } >+ ret->pipe = talloc_steal(ret->mem_ctx, ret->pipe); > } > >- ret->pipe = talloc_steal(ret->mem_ctx, ret->pipe); > Py_XDECREF(ClientConnection_Type); > Py_XDECREF(py_base); > } else { >-- >2.48.1 > > >From fd4c0e6f52c65743249a75ee7fb92d38f8d84940 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 17 Feb 2025 15:41:06 +0100 >Subject: [PATCH 6/8] pidl: Update documentation for DCERPC interface > connections > >https://realpython.com/documenting-python-code/ > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 73ce15e7d5b7ea867849f1aa4fa5390830660f11) >--- > pidl/lib/Parse/Pidl/Samba4/Python.pm | 29 +++++++++++++++++++++++----- > 1 file changed, 24 insertions(+), 5 deletions(-) > >diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm >index 63f0f72605d..9bcdea3b15b 100644 >--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm >+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm >@@ -1547,11 +1547,30 @@ sub Interface($$$) > $self->pidl(""); > > my $signature = >-"\"$interface->{NAME}(binding, lp_ctx=None, credentials=None) -> connection\\n\" >-\"\\n\" >-\"binding should be a DCE/RPC binding string (for example: ncacn_ip_tcp:127.0.0.1)\\n\" >-\"lp_ctx should be a path to a smb.conf file or a param.LoadParm object\\n\" >-\"credentials should be a credentials.Credentials object.\\n\\n\""; >+"\"$interface->{NAME}(binding, lp_ctx=None, credentials=None, basis_connection=None) -> connection\\n\" >+\"\\n\\n\" >+\"Parameters\\n\" >+\"----------\\n\" >+\"binding : str\\n\" >+\" A DCE/RPC binding string (for example: ncacn_ip_tcp:127.0.0.1)\\n\" >+\"lp_ctx : param.LoadParm\\n\" >+\" Should be a path to a smb.conf file or a param.LoadParm object\\n\" >+\"credentials : credentials.Credentials, optional\\n\" >+\" A credentials.Credentials object (default is None).\\n\" >+\"basis_connection : samba.dcerpc.ClientConnection, optional\\n\" >+\" A $interface->{NAME} client connection object (default is None).\\n\" >+\"\\n\\n\" >+\"Returns\\n\" >+\"-------\\n\" >+\"samba.dcerpc.ClientConnection\\n\" >+\" A ClientConnection object\\n\" >+\"\\n\\n\" >+\"Raises\\n\" >+\"------\\n\" >+\"samba.NTSTATUSError\\n\" >+\" An NTSTATUS error\\n\" >+\"\\n\""; >+ > > my $docstring = $self->DocString($interface, $interface->{NAME}); > >-- >2.48.1 > > >From 476a58027d1b4cdd6d5ab26a573c01cb1dc75e31 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 13 Feb 2025 10:31:49 +0100 >Subject: [PATCH 7/8] python:lsa_utils: Don't use optional arguments for > OpenPolicyFallback() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(backported from commit f9a3fc19f1e212c54351c3f94978e66fceeb8835) >--- > python/samba/lsa_utils.py | 4 ++-- > python/samba/netcmd/domain/trust.py | 1 + > python/samba/tests/dcerpc/lsa_utils.py | 6 ++++-- > 3 files changed, 7 insertions(+), 4 deletions(-) > >diff --git a/python/samba/lsa_utils.py b/python/samba/lsa_utils.py >index 043e65f3341..571beb46c85 100644 >--- a/python/samba/lsa_utils.py >+++ b/python/samba/lsa_utils.py >@@ -35,8 +35,8 @@ def OpenPolicyFallback( > system_name: str, > in_version: int, > in_revision_info: lsa.revision_info1, >- sec_qos: bool = False, >- access_mask: int = 0, >+ sec_qos: bool, >+ access_mask: int, > ): > attr = lsa.ObjectAttribute() > if sec_qos: >diff --git a/python/samba/netcmd/domain/trust.py b/python/samba/netcmd/domain/trust.py >index 0784fa5e282..f39d4814a11 100644 >--- a/python/samba/netcmd/domain/trust.py >+++ b/python/samba/netcmd/domain/trust.py >@@ -222,6 +222,7 @@ class DomainTrustCommand(Command): > b''.decode('utf-8'), > in_version, > in_revision_info1, >+ False, > policy_access > ) > >diff --git a/python/samba/tests/dcerpc/lsa_utils.py b/python/samba/tests/dcerpc/lsa_utils.py >index 229f57ec546..fee9a45419b 100644 >--- a/python/samba/tests/dcerpc/lsa_utils.py >+++ b/python/samba/tests/dcerpc/lsa_utils.py >@@ -79,7 +79,8 @@ class CreateTrustedDomain(TestCase): > '', > in_version, > in_revision_info1, >- access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED >+ False, >+ security.SEC_FLAG_MAXIMUM_ALLOWED > ) > self.assertIsNotNone(pol_handle) > >@@ -168,7 +169,8 @@ class CreateTrustedDomain(TestCase): > '', > in_version, > in_revision_info1, >- access_mask=security.SEC_FLAG_MAXIMUM_ALLOWED >+ False, >+ security.SEC_FLAG_MAXIMUM_ALLOWED > ) > self.assertIsNotNone(pol_handle) > >-- >2.48.1 > > >From f3bdf21ce365f75185a9e1beb57645d566e81552 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 17 Jul 2024 18:12:31 +0200 >Subject: [PATCH 8/8] python:lsa_utils: Fix fallback to OpenPolicy2 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 > >Pair-Programmed-With: Andreas Schneider <asn@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >Signed-off-by: Stefan Metzmacher <metze@samba.org> >(backported from commit a814f5d90a3fb85a94c9516dba224037e8fd76f1) >--- > python/samba/lsa_utils.py | 63 +++++++++------- > python/samba/netcmd/domain/trust.py | 92 +++++++++++------------- > python/samba/tests/dcerpc/lsa_utils.py | 45 +++++++----- > python/samba/tests/krb5/kdc_base_test.py | 1 - > 4 files changed, 110 insertions(+), 91 deletions(-) > >diff --git a/python/samba/lsa_utils.py b/python/samba/lsa_utils.py >index 571beb46c85..506dc399c93 100644 >--- a/python/samba/lsa_utils.py >+++ b/python/samba/lsa_utils.py >@@ -20,24 +20,27 @@ from samba.dcerpc import lsa, drsblobs, misc > from samba.ndr import ndr_pack > from samba import ( > NTSTATUSError, >+ ntstatus, > aead_aes_256_cbc_hmac_sha512, > arcfour_encrypt, > ) >-from samba.ntstatus import ( >- NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE >-) > from samba import crypto > from secrets import token_bytes >+# FIXME from collections.abc import Callable > > > def OpenPolicyFallback( >- conn: lsa.lsarpc, >+ # new_lsa_conn: Callable[[], lsa.lsarpc], - FIXME the type doesn't work >+ # with python version 3.6 (CentOS8, SLES15). >+ new_lsa_conn, > system_name: str, > in_version: int, > in_revision_info: lsa.revision_info1, > sec_qos: bool, > access_mask: int, > ): >+ conn = new_lsa_conn() >+ > attr = lsa.ObjectAttribute() > if sec_qos: > qos = lsa.QosInfo() >@@ -48,26 +51,38 @@ def OpenPolicyFallback( > > attr.sec_qos = qos > >- try: >- out_version, out_rev_info, policy = conn.OpenPolicy3( >- system_name, >- attr, >- access_mask, >- in_version, >- in_revision_info >- ) >- except NTSTATUSError as e: >- if e.args[0] == NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE: >- out_version = 1 >- out_rev_info = lsa.revision_info1() >- out_rev_info.revision = 1 >- out_rev_info.supported_features = 0 >- >- policy = conn.OpenPolicy2(system_name, attr, access_mask) >- else: >- raise >- >- return out_version, out_rev_info, policy >+ open_policy2 = False >+ if in_revision_info is not None: >+ try: >+ out_version, out_rev_info, policy = conn.OpenPolicy3( >+ system_name, >+ attr, >+ access_mask, >+ in_version, >+ in_revision_info >+ ) >+ except NTSTATUSError as e: >+ if e.args[0] == ntstatus.NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE: >+ open_policy2 = True >+ if e.args[0] == ntstatus.NT_STATUS_ACCESS_DENIED: >+ # We need a new connection >+ conn = new_lsa_conn(basis_connection=conn) >+ >+ open_policy2 = True >+ else: >+ raise >+ else: >+ open_policy2 = True >+ >+ if open_policy2: >+ out_version = 1 >+ out_rev_info = lsa.revision_info1() >+ out_rev_info.revision = 1 >+ out_rev_info.supported_features = 0 >+ >+ policy = conn.OpenPolicy2(system_name, attr, access_mask) >+ >+ return conn, out_version, out_rev_info, policy > > > def CreateTrustedDomainRelax( >diff --git a/python/samba/netcmd/domain/trust.py b/python/samba/netcmd/domain/trust.py >index f39d4814a11..f3d75f84137 100644 >--- a/python/samba/netcmd/domain/trust.py >+++ b/python/samba/netcmd/domain/trust.py >@@ -125,8 +125,13 @@ class DomainTrustCommand(Command): > self.local_creds = local_creds > return self.local_server > >- def new_local_lsa_connection(self): >- return lsa.lsarpc(self.local_binding_string, self.local_lp, self.local_creds) >+ def new_local_lsa_connection(self, basis_connection=None): >+ return lsa.lsarpc( >+ self.local_binding_string, >+ self.local_lp, >+ self.local_creds, >+ basis_connection=basis_connection >+ ) > > def new_local_netlogon_connection(self): > return netlogon.netlogon(self.local_binding_string, self.local_lp, self.local_creds) >@@ -203,13 +208,23 @@ class DomainTrustCommand(Command): > self.remote_creds = remote_creds > return self.remote_server > >- def new_remote_lsa_connection(self): >- return lsa.lsarpc(self.remote_binding_string, self.local_lp, self.remote_creds) >+ def new_remote_lsa_connection(self, basis_connection=None): >+ return lsa.lsarpc( >+ self.remote_binding_string, >+ self.local_lp, >+ self.remote_creds, >+ basis_connection=basis_connection >+ ) > >- def new_remote_netlogon_connection(self): >- return netlogon.netlogon(self.remote_binding_string, self.local_lp, self.remote_creds) >+ def new_remote_netlogon_connection(self, basis_connection=None): >+ return netlogon.netlogon( >+ self.remote_binding_string, >+ self.local_lp, >+ self.remote_creds, >+ basis_connection=basis_connection >+ ) > >- def get_lsa_info(self, conn, policy_access): >+ def get_lsa_info(self, conn_fn, policy_access): > in_version = 1 > in_revision_info1 = lsa.revision_info1() > in_revision_info1.revision = 1 >@@ -217,9 +232,9 @@ class DomainTrustCommand(Command): > lsa.LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER > ) > >- out_version, out_revision_info1, policy = OpenPolicyFallback( >- conn, >- b''.decode('utf-8'), >+ conn, out_version, out_revision_info1, policy = OpenPolicyFallback( >+ conn_fn, >+ '', > in_version, > in_revision_info1, > False, >@@ -228,7 +243,7 @@ class DomainTrustCommand(Command): > > info = conn.QueryInfoPolicy2(policy, lsa.LSA_POLICY_INFO_DNS) > >- return (policy, out_version, out_revision_info1, info) >+ return (conn, policy, out_version, out_revision_info1, info) > > def get_netlogon_dc_unc(self, conn, server, domain): > try: >@@ -508,19 +523,15 @@ class cmd_domain_trust_show(DomainTrustCommand): > def run(self, domain, sambaopts=None, versionopts=None, localdcopts=None): > > self.setup_local_server(sambaopts, localdcopts) >- try: >- local_lsa = self.new_local_lsa_connection() >- except RuntimeError as error: >- raise self.LocalRuntimeError(self, error, "failed to connect lsa server") >- > try: > local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION > ( >+ local_lsa, > local_policy, > local_version, > local_revision_info1, > local_lsa_info >- ) = self.get_lsa_info(local_lsa, local_policy_access) >+ ) = self.get_lsa_info(self.new_local_lsa_connection, local_policy_access) > except RuntimeError as error: > raise self.LocalRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -649,19 +660,16 @@ class cmd_domain_trust_modify(DomainTrustCommand): > raise CommandError("modification arguments are required, try --help") > > self.setup_local_server(sambaopts, localdcopts) >- try: >- local_lsa = self.new_local_lsa_connection() >- except RuntimeError as error: >- raise self.LocalRuntimeError(self, error, "failed to connect to lsa server") > > try: > local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION > ( >+ local_lsa, > local_policy, > local_version, > local_revision_info1, > local_lsa_info >- ) = self.get_lsa_info(local_lsa, local_policy_access) >+ ) = self.get_lsa_info(self.new_local_lsa_connection, local_policy_access) > except RuntimeError as error: > raise self.LocalRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -908,18 +916,15 @@ class cmd_domain_trust_create(DomainTrustCommand): > remote_trust_info.trust_attributes |= lsa.LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL > > local_server = self.setup_local_server(sambaopts, localdcopts) >- try: >- local_lsa = self.new_local_lsa_connection() >- except RuntimeError as error: >- raise self.LocalRuntimeError(self, error, "failed to connect lsa server") > > try: > ( >+ local_lsa, > local_policy, > local_version, > local_revision_info1, > local_lsa_info >- ) = self.get_lsa_info(local_lsa, local_policy_access) >+ ) = self.get_lsa_info(self.new_local_lsa_connection, local_policy_access) > except RuntimeError as error: > raise self.LocalRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -933,18 +938,14 @@ class cmd_domain_trust_create(DomainTrustCommand): > except RuntimeError as error: > raise self.RemoteRuntimeError(self, error, "failed to locate remote server") > >- try: >- remote_lsa = self.new_remote_lsa_connection() >- except RuntimeError as error: >- raise self.RemoteRuntimeError(self, error, "failed to connect lsa server") >- > try: > ( >+ remote_lsa, > remote_policy, > remote_version, > remote_revision_info1, > remote_lsa_info >- ) = self.get_lsa_info(remote_lsa, remote_policy_access) >+ ) = self.get_lsa_info(self.new_remote_lsa_connection, remote_policy_access) > except RuntimeError as error: > raise self.RemoteRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -1297,18 +1298,15 @@ class cmd_domain_trust_delete(DomainTrustCommand): > remote_policy_access |= lsa.LSA_POLICY_CREATE_SECRET > > self.setup_local_server(sambaopts, localdcopts) >- try: >- local_lsa = self.new_local_lsa_connection() >- except RuntimeError as error: >- raise self.LocalRuntimeError(self, error, "failed to connect lsa server") > > try: > ( >+ local_lsa, > local_policy, > local_version, > local_revision_info1, > local_lsa_info >- ) = self.get_lsa_info(local_lsa, local_policy_access) >+ ) = self.get_lsa_info(self.new_local_lsa_connection, local_policy_access) > except RuntimeError as error: > raise self.LocalRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -1338,18 +1336,14 @@ class cmd_domain_trust_delete(DomainTrustCommand): > except RuntimeError as error: > raise self.RemoteRuntimeError(self, error, "failed to locate remote server") > >- try: >- remote_lsa = self.new_remote_lsa_connection() >- except RuntimeError as error: >- raise self.RemoteRuntimeError(self, error, "failed to connect lsa server") >- > try: > ( >+ remote_lsa, > remote_policy, > remote_version, > remote_revision_info1, > remote_lsa_info >- ) = self.get_lsa_info(remote_lsa, remote_policy_access) >+ ) = self.get_lsa_info(self.new_remote_lsa_connection, remote_policy_access) > except RuntimeError as error: > raise self.RemoteRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -1450,18 +1444,15 @@ class cmd_domain_trust_validate(DomainTrustCommand): > local_policy_access = lsa.LSA_POLICY_VIEW_LOCAL_INFORMATION > > local_server = self.setup_local_server(sambaopts, localdcopts) >- try: >- local_lsa = self.new_local_lsa_connection() >- except RuntimeError as error: >- raise self.LocalRuntimeError(self, error, "failed to connect lsa server") > > try: > ( >+ local_lsa, > local_policy, > local_version, > local_revision_info1, > local_lsa_info >- ) = self.get_lsa_info(local_lsa, local_policy_access) >+ ) = self.get_lsa_info(self.new_local_lsa_connection, local_policy_access) > except RuntimeError as error: > raise self.LocalRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >@@ -1897,11 +1888,12 @@ class cmd_domain_trust_namespaces(DomainTrustCommand): > > try: > ( >+ local_lsa, > local_policy, > local_version, > local_revision_info1, > local_lsa_info >- ) = self.get_lsa_info(local_lsa, local_policy_access) >+ ) = self.get_lsa_info(self.new_local_lsa_connection, local_policy_access) > except RuntimeError as error: > raise self.LocalRuntimeError(self, error, "failed to query LSA_POLICY_INFO_DNS") > >diff --git a/python/samba/tests/dcerpc/lsa_utils.py b/python/samba/tests/dcerpc/lsa_utils.py >index fee9a45419b..8a3e7d24276 100644 >--- a/python/samba/tests/dcerpc/lsa_utils.py >+++ b/python/samba/tests/dcerpc/lsa_utils.py >@@ -35,6 +35,7 @@ from samba.lsa_utils import ( > > > class CreateTrustedDomain(TestCase): >+ smbencrypt = True > > def get_user_creds(self): > c = Credentials() >@@ -47,26 +48,35 @@ class CreateTrustedDomain(TestCase): > c.set_password(password) > return c > >- def _create_trust_relax(self, smbencrypt=True): >+ def new_lsa_conn(self, basis_connection=None): > creds = self.get_user_creds() >- >- if smbencrypt: >+ if self.smbencrypt: > creds.set_smb_encryption(SMB_ENCRYPTION_REQUIRED) > else: > creds.set_smb_encryption(SMB_ENCRYPTION_OFF) > > lp = self.get_loadparm() >- > binding_string = ( > "ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')) > ) >- lsa_conn = lsa.lsarpc(binding_string, lp, creds) > >- if smbencrypt: >+ lsa_conn = lsa.lsarpc( >+ binding_string, >+ lp, >+ creds, >+ basis_connection=basis_connection >+ ) >+ >+ if self.smbencrypt: > self.assertTrue(lsa_conn.transport_encrypted()) > else: > self.assertFalse(lsa_conn.transport_encrypted()) > >+ return lsa_conn >+ >+ def _create_trust_relax(self, smbencrypt=True): >+ self.smbencrypt = smbencrypt >+ > in_version = 1 > in_revision_info1 = lsa.revision_info1() > in_revision_info1.revision = 1 >@@ -74,8 +84,13 @@ class CreateTrustedDomain(TestCase): > lsa.LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER > ) > >- out_version, out_revision_info1, pol_handle = OpenPolicyFallback( >+ ( > lsa_conn, >+ out_version, >+ out_revision_info1, >+ pol_handle >+ ) = OpenPolicyFallback( >+ self.new_lsa_conn, > '', > in_version, > in_revision_info1, >@@ -148,14 +163,7 @@ class CreateTrustedDomain(TestCase): > self.assertIsNone(trustdom_handle) > > def _create_trust_fallback(self): >- creds = self.get_user_creds() >- >- lp = self.get_loadparm() >- >- binding_string = ( >- "ncacn_np:%s" % (samba.tests.env_get_var_value('SERVER')) >- ) >- lsa_conn = lsa.lsarpc(binding_string, lp, creds) >+ self.smbencrypt = True > > in_version = 1 > in_revision_info1 = lsa.revision_info1() >@@ -164,8 +172,13 @@ class CreateTrustedDomain(TestCase): > lsa.LSA_FEATURE_TDO_AUTH_INFO_AES_CIPHER > ) > >- out_version, out_revision_info1, pol_handle = OpenPolicyFallback( >+ ( > lsa_conn, >+ out_version, >+ out_revision_info1, >+ pol_handle >+ ) = OpenPolicyFallback( >+ self.new_lsa_conn, > '', > in_version, > in_revision_info1, >diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py >index 66e222caa47..440cd641dd5 100644 >--- a/python/samba/tests/krb5/kdc_base_test.py >+++ b/python/samba/tests/krb5/kdc_base_test.py >@@ -54,7 +54,6 @@ from samba.credentials import ( > from samba.crypto import des_crypt_blob_16, md4_hash_blob > from samba.dcerpc import ( > claims, >- dcerpc, > drsblobs, > drsuapi, > krb5ccache, >-- >2.48.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18572">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 15680
:
18375
|
18378
|
18379
|
18384
|
18571
|
18572
|
18650