The Samba-Bugzilla – Attachment 4731 Details for
Bug 6711
trusts to windows 2008 (2008 r2) not working
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 3.4
patch (text/plain), 55.15 KB, created by
Guenther Deschner
on 2009-09-23 04:43:11 UTC
(
hide
)
Description:
patch for 3.4
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2009-09-23 04:43:11 UTC
Size:
55.15 KB
patch
obsolete
>From 7272f24d3e31add7670c8b8bb020927b62bf39d0 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 10 Sep 2009 19:59:37 +0200 >Subject: [PATCH 01/12] s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct. > >Guenther >(cherry picked from commit 393a1f594d5f03a51448cdc465f92c599a93904c) >--- > source3/include/client.h | 2 ++ > source3/rpc_client/cli_pipe.c | 8 ++++++++ > 2 files changed, 10 insertions(+), 0 deletions(-) > >diff --git a/source3/include/client.h b/source3/include/client.h >index 320a90e..1914210 100644 >--- a/source3/include/client.h >+++ b/source3/include/client.h >@@ -68,6 +68,8 @@ struct cli_pipe_auth_data { > > struct rpc_cli_transport { > >+ enum dcerpc_transport_t transport; >+ > /** > * Trigger an async read from the server. May return a short read. > */ >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 9aba938..12d2b9e 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -3233,6 +3233,8 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, > goto fail; > } > >+ result->transport->transport = NCACN_IP_TCP; >+ > *presult = result; > return NT_STATUS_OK; > >@@ -3451,6 +3453,8 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, > goto fail; > } > >+ result->transport->transport = NCALRPC; >+ > *presult = result; > return NT_STATUS_OK; > >@@ -3523,6 +3527,8 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, > return status; > } > >+ result->transport->transport = NCACN_NP; >+ > DLIST_ADD(cli->pipe_list, result); > talloc_set_destructor(result, rpc_pipe_client_np_destructor); > >@@ -3581,6 +3587,8 @@ NTSTATUS rpc_pipe_open_local(TALLOC_CTX *mem_ctx, > return status; > } > >+ result->transport->transport = NCACN_INTERNAL; >+ > *presult = result; > return NT_STATUS_OK; > } >-- >1.6.2.5 > > >From 51542774216607ad96ec2bbd610a373548db9f76 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Tue, 4 Nov 2008 18:40:24 +0100 >Subject: [PATCH 02/12] s3-rpc_client: add cli_rpc_pipe_open_noauth_transport. > >Guenther >(cherry picked from commit 87f61a144b8d25c90b847940ca03ced1f77b036c) >--- > source3/include/proto.h | 4 ++++ > source3/rpc_client/cli_pipe.c | 40 ++++++++++++++++++++++++++-------------- > 2 files changed, 30 insertions(+), 14 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 802c2ed..910b49e 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -5289,6 +5289,10 @@ NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id > NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > const struct ndr_syntax_id *interface, > struct rpc_pipe_client **presult); >+NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, >+ enum dcerpc_transport_t transport, >+ const struct ndr_syntax_id *interface, >+ struct rpc_pipe_client **presult); > NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, > const struct ndr_syntax_id *interface, > enum pipe_auth_level auth_level, >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 12d2b9e..75ce7cb 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -3598,34 +3598,35 @@ NTSTATUS rpc_pipe_open_local(TALLOC_CTX *mem_ctx, > ****************************************************************************/ > > static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, >+ enum dcerpc_transport_t transport, > const struct ndr_syntax_id *interface, > struct rpc_pipe_client **presult) > { >- if (ndr_syntax_id_equal(interface, &ndr_table_drsuapi.syntax_id)) { >- /* >- * We should have a better way to figure out this drsuapi >- * speciality... >- */ >+ switch (transport) { >+ case NCACN_IP_TCP: > return rpc_pipe_open_tcp(NULL, cli->desthost, interface, > presult); >+ case NCACN_NP: >+ return rpc_pipe_open_np(cli, interface, presult); >+ default: >+ return NT_STATUS_NOT_IMPLEMENTED; > } >- >- return rpc_pipe_open_np(cli, interface, presult); > } > > /**************************************************************************** > Open a named pipe to an SMB server and bind anonymously. > ****************************************************************************/ > >-NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, >- const struct ndr_syntax_id *interface, >- struct rpc_pipe_client **presult) >+NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, >+ enum dcerpc_transport_t transport, >+ const struct ndr_syntax_id *interface, >+ struct rpc_pipe_client **presult) > { > struct rpc_pipe_client *result; > struct cli_pipe_auth_data *auth; > NTSTATUS status; > >- status = cli_rpc_pipe_open(cli, interface, &result); >+ status = cli_rpc_pipe_open(cli, transport, interface, &result); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >@@ -3684,6 +3685,17 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > } > > /**************************************************************************** >+ ****************************************************************************/ >+ >+NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, >+ const struct ndr_syntax_id *interface, >+ struct rpc_pipe_client **presult) >+{ >+ return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP, >+ interface, presult); >+} >+ >+/**************************************************************************** > Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP > ****************************************************************************/ > >@@ -3700,7 +3712,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, > struct cli_pipe_auth_data *auth; > NTSTATUS status; > >- status = cli_rpc_pipe_open(cli, interface, &result); >+ status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >@@ -3879,7 +3891,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > struct cli_pipe_auth_data *auth; > NTSTATUS status; > >- status = cli_rpc_pipe_open(cli, interface, &result); >+ status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >@@ -4055,7 +4067,7 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, > struct cli_pipe_auth_data *auth; > NTSTATUS status; > >- status = cli_rpc_pipe_open(cli, interface, &result); >+ status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >-- >1.6.2.5 > > >From 9fc86ed89a10d26f1f37ac0ed62ab73b773cb6ff Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 10 Sep 2009 22:23:21 +0200 >Subject: [PATCH 03/12] s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp and cli_rpc_pipe_open_ntlmssp. > >Guenther >(cherry picked from commit 032e01e7c13724d057b5744d7d79613449c2f24f) >--- > source3/include/proto.h | 2 ++ > source3/libsmb/passchange.c | 1 + > source3/rpc_client/cli_pipe.c | 10 ++++++++-- > source3/rpcclient/rpcclient.c | 2 ++ > source3/utils/net.h | 1 + > source3/utils/net_rpc.c | 2 ++ > source3/utils/net_rpc_samsync.c | 2 +- > source3/winbindd/winbindd_cm.c | 3 ++- > 8 files changed, 19 insertions(+), 4 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 910b49e..96c1d93 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -5295,6 +5295,7 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, > struct rpc_pipe_client **presult); > NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const char *username, >@@ -5302,6 +5303,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, > struct rpc_pipe_client **presult); > NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const char *username, >diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c >index f3cb9d6..d73b34c 100644 >--- a/source3/libsmb/passchange.c >+++ b/source3/libsmb/passchange.c >@@ -176,6 +176,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam > if (!pass_must_change) { > result = cli_rpc_pipe_open_ntlmssp(cli, > &ndr_table_samr.syntax_id, >+ NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, > domain, user, > old_passwd, >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 75ce7cb..5b8a2d4 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -3701,6 +3701,7 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, > > static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_type auth_type, > enum pipe_auth_level auth_level, > const char *domain, >@@ -3712,7 +3713,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, > struct cli_pipe_auth_data *auth; > NTSTATUS status; > >- status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result); >+ status = cli_rpc_pipe_open(cli, transport, interface, &result); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >@@ -3754,6 +3755,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, > > NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const char *username, >@@ -3762,6 +3764,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, > { > return cli_rpc_pipe_open_ntlmssp_internal(cli, > interface, >+ transport, > PIPE_AUTH_TYPE_NTLMSSP, > auth_level, > domain, >@@ -3777,6 +3780,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, > > NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const char *username, >@@ -3785,6 +3789,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, > { > return cli_rpc_pipe_open_ntlmssp_internal(cli, > interface, >+ transport, > PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, > auth_level, > domain, >@@ -3951,7 +3956,8 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, > NTSTATUS status; > > status = cli_rpc_pipe_open_spnego_ntlmssp( >- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, >+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP, >+ PIPE_AUTH_LEVEL_PRIVACY, > domain, username, password, &netlogon_pipe); > if (!NT_STATUS_IS_OK(status)) { > return status; >diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c >index 82de603..ae2a820 100644 >--- a/source3/rpcclient/rpcclient.c >+++ b/source3/rpcclient/rpcclient.c >@@ -594,6 +594,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: > ntresult = cli_rpc_pipe_open_spnego_ntlmssp( > cli, cmd_entry->interface, >+ NCACN_NP, > pipe_default_auth_level, > lp_workgroup(), > get_cmdline_auth_info_username(auth_info), >@@ -603,6 +604,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > case PIPE_AUTH_TYPE_NTLMSSP: > ntresult = cli_rpc_pipe_open_ntlmssp( > cli, cmd_entry->interface, >+ NCACN_NP, > pipe_default_auth_level, > lp_workgroup(), > get_cmdline_auth_info_username(auth_info), >diff --git a/source3/utils/net.h b/source3/utils/net.h >index d88f962..86e8b1c 100644 >--- a/source3/utils/net.h >+++ b/source3/utils/net.h >@@ -157,6 +157,7 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD }; > #define NET_FLAGS_NO_PIPE 0x00000020 /* don't open an RPC pipe */ > #define NET_FLAGS_SIGN 0x00000040 /* sign RPC connection */ > #define NET_FLAGS_SEAL 0x00000080 /* seal RPC connection */ >+#define NET_FLAGS_TCP 0x00000100 /* use ncacn_ip_tcp */ > > /* net share operation modes */ > #define NET_MODE_SHARE_MIGRATE 1 >diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c >index 3a1aeb0..168659a 100644 >--- a/source3/utils/net_rpc.c >+++ b/source3/utils/net_rpc.c >@@ -169,6 +169,8 @@ int run_rpc_command(struct net_context *c, > if (conn_flags & NET_FLAGS_SEAL) { > nt_status = cli_rpc_pipe_open_ntlmssp( > cli, interface, >+ (conn_flags & NET_FLAGS_TCP) ? >+ NCACN_IP_TCP : NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, > lp_workgroup(), c->opt_user_name, > c->opt_password, &pipe_hnd); >diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c >index 309be17..0c7f9a8 100644 >--- a/source3/utils/net_rpc_samsync.c >+++ b/source3/utils/net_rpc_samsync.c >@@ -499,7 +499,7 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) > return -1; > } else { > ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id, >- NET_FLAGS_SEAL, >+ NET_FLAGS_SEAL | NET_FLAGS_TCP, > rpc_vampire_keytab_ds_internals, argc, argv); > if (ret != 0 && dc_info.is_mixed_mode) { > printf("Fallback to NT4 vampire on Mixed-Mode AD Domain\n"); >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index 4571f22..ac22ed4 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2045,6 +2045,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > authenticated SAMR pipe with sign & seal. */ > result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli, > &ndr_table_samr.syntax_id, >+ NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, > domain_name, > machine_account, >@@ -2183,7 +2184,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > /* We have an authenticated connection. Use a NTLMSSP SPNEGO > * authenticated LSA pipe with sign & seal. */ > result = cli_rpc_pipe_open_spnego_ntlmssp >- (conn->cli, &ndr_table_lsarpc.syntax_id, >+ (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, > conn->cli->domain, conn->cli->user_name, conn->cli->password, > &conn->lsa_pipe); >-- >1.6.2.5 > > >From 02c53303afa22034d675525478700406220a391c Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 10 Sep 2009 22:23:21 +0200 >Subject: [PATCH 04/12] s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel(). > >Guenther >(cherry picked from commit bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f) >--- > source3/auth/auth_domain.c | 2 +- > source3/include/proto.h | 3 +++ > source3/libnet/libnet_join.c | 3 ++- > source3/rpc_client/cli_pipe.c | 9 ++++++--- > source3/rpcclient/rpcclient.c | 1 + > source3/utils/net_rpc.c | 2 +- > source3/utils/net_rpc_join.c | 5 +++-- > source3/winbindd/winbindd_cm.c | 7 ++++--- > 8 files changed, 21 insertions(+), 11 deletions(-) > >diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c >index f11dbe6..45150ab 100644 >--- a/source3/auth/auth_domain.c >+++ b/source3/auth/auth_domain.c >@@ -175,7 +175,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, > if (lp_client_schannel()) { > /* We also setup the creds chain in the open_schannel call. */ > result = cli_rpc_pipe_open_schannel( >- *cli, &ndr_table_netlogon.syntax_id, >+ *cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe); > } else { > result = cli_rpc_pipe_open_noauth( >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 96c1d93..8a59363 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -5315,12 +5315,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, > struct rpc_pipe_client **presult); > NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const struct dcinfo *pdc, > struct rpc_pipe_client **presult); > NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const char *username, >@@ -5328,6 +5330,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, > struct rpc_pipe_client **presult); > NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > struct rpc_pipe_client **presult); >diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c >index 5309452..03832cf 100644 >--- a/source3/libnet/libnet_join.c >+++ b/source3/libnet/libnet_join.c >@@ -1070,7 +1070,8 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, > } > > status = cli_rpc_pipe_open_schannel_with_key( >- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, >+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP, >+ PIPE_AUTH_LEVEL_PRIVACY, > netbios_domain_name, netlogon_pipe->dc, &pipe_hnd); > > cli_shutdown(cli); >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 5b8a2d4..9990f1b 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -3887,6 +3887,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli, > > NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const struct dcinfo *pdc, >@@ -3896,7 +3897,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, > struct cli_pipe_auth_data *auth; > NTSTATUS status; > >- status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result); >+ status = cli_rpc_pipe_open(cli, transport, interface, &result); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >@@ -3982,6 +3983,7 @@ static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, > > NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > const char *username, >@@ -4003,7 +4005,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, > } > > status = cli_rpc_pipe_open_schannel_with_key( >- cli, interface, auth_level, domain, netlogon_pipe->dc, >+ cli, interface, transport, auth_level, domain, netlogon_pipe->dc, > &result); > > /* Now we've bound using the session key we can close the netlog pipe. */ >@@ -4022,6 +4024,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, > > NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > const struct ndr_syntax_id *interface, >+ enum dcerpc_transport_t transport, > enum pipe_auth_level auth_level, > const char *domain, > struct rpc_pipe_client **presult) >@@ -4041,7 +4044,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, > } > > status = cli_rpc_pipe_open_schannel_with_key( >- cli, interface, auth_level, domain, netlogon_pipe->dc, >+ cli, interface, transport, auth_level, domain, netlogon_pipe->dc, > &result); > > /* Now we've bound using the session key we can close the netlog pipe. */ >diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c >index ae2a820..17ca5e7 100644 >--- a/source3/rpcclient/rpcclient.c >+++ b/source3/rpcclient/rpcclient.c >@@ -614,6 +614,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, > case PIPE_AUTH_TYPE_SCHANNEL: > ntresult = cli_rpc_pipe_open_schannel( > cli, cmd_entry->interface, >+ NCACN_NP, > pipe_default_auth_level, > lp_workgroup(), > &cmd_entry->rpc_pipe); >diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c >index 168659a..7fafa1b 100644 >--- a/source3/utils/net_rpc.c >+++ b/source3/utils/net_rpc.c >@@ -157,7 +157,7 @@ int run_rpc_command(struct net_context *c, > &ndr_table_netlogon.syntax_id))) { > /* Always try and create an schannel netlogon pipe. */ > nt_status = cli_rpc_pipe_open_schannel( >- cli, interface, >+ cli, interface, NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, domain_name, > &pipe_hnd); > if (!NT_STATUS_IS_OK(nt_status)) { >diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c >index f0e6fe7..127b306 100644 >--- a/source3/utils/net_rpc_join.c >+++ b/source3/utils/net_rpc_join.c >@@ -100,7 +100,8 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, > } > > ntret = cli_rpc_pipe_open_schannel_with_key( >- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, >+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP, >+ PIPE_AUTH_LEVEL_PRIVACY, > domain, netlogon_pipe->dc, &pipe_hnd); > > if (!NT_STATUS_IS_OK(ntret)) { >@@ -415,7 +416,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) > struct rpc_pipe_client *netlogon_schannel_pipe; > > result = cli_rpc_pipe_open_schannel_with_key( >- cli, &ndr_table_netlogon.syntax_id, >+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, domain, pipe_hnd->dc, > &netlogon_schannel_pipe); > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index ac22ed4..85333cf 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2089,7 +2089,8 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > goto anonymous; > } > result = cli_rpc_pipe_open_schannel_with_key >- (conn->cli, &ndr_table_samr.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, >+ (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, >+ PIPE_AUTH_LEVEL_PRIVACY, > domain->name, p_dcinfo, &conn->samr_pipe); > > if (!NT_STATUS_IS_OK(result)) { >@@ -2225,7 +2226,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > goto anonymous; > } > result = cli_rpc_pipe_open_schannel_with_key >- (conn->cli, &ndr_table_lsarpc.syntax_id, >+ (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, > domain->name, p_dcinfo, &conn->lsa_pipe); > >@@ -2372,7 +2373,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, > */ > > result = cli_rpc_pipe_open_schannel_with_key( >- conn->cli, &ndr_table_netlogon.syntax_id, >+ conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, > PIPE_AUTH_LEVEL_PRIVACY, domain->name, netlogon_pipe->dc, > &conn->netlogon_pipe); > >-- >1.6.2.5 > > >From 32403c64d528b0594cfae0112f05d7ec47ec7a1d Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 17 Sep 2009 07:59:25 +0200 >Subject: [PATCH 05/12] s3-winbindd: add and use winbindd_lookup_sids(). > >Guenther >(cherry picked from commit f0b52b8c3133e3696db361d9d0e7d1fff0fab991) >--- > source3/winbindd/winbindd_ads.c | 64 +++++------------------ > source3/winbindd/winbindd_proto.h | 9 +++ > source3/winbindd/winbindd_rpc.c | 101 ++++++++++++++++++++----------------- > 3 files changed, 78 insertions(+), 96 deletions(-) > >diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c >index 7828b45..227c967 100644 >--- a/source3/winbindd/winbindd_ads.c >+++ b/source3/winbindd/winbindd_ads.c >@@ -977,8 +977,6 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, > int i; > size_t num_members = 0; > ads_control args; >- struct rpc_pipe_client *cli; >- struct policy_handle lsa_policy; > DOM_SID *sid_mem_nocache = NULL; > char **names_nocache = NULL; > enum lsa_SidType *name_types_nocache = NULL; >@@ -1122,31 +1120,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, > > /* handle sids not resolved from cache by lsa_lookup_sids */ > if (num_nocache > 0) { >- unsigned int orig_timeout; > >- status = cm_connect_lsa(domain, tmp_ctx, &cli, &lsa_policy); >- >- if (!NT_STATUS_IS_OK(status)) { >- goto done; >- } >- >- /* >- * This call can take a long time >- * allow the server to time out. >- * 35 seconds should do it. >- */ >- orig_timeout = rpccli_set_timeout(cli, 35000); >- >- status = rpccli_lsa_lookup_sids(cli, tmp_ctx, >- &lsa_policy, >- num_nocache, >- sid_mem_nocache, >- &domains_nocache, >- &names_nocache, >- &name_types_nocache); >- >- /* And restore our original timeout. */ >- rpccli_set_timeout(cli, orig_timeout); >+ status = winbindd_lookup_sids(tmp_ctx, >+ domain, >+ num_nocache, >+ sid_mem_nocache, >+ &domains_nocache, >+ &names_nocache, >+ &name_types_nocache); > > if (!(NT_STATUS_IS_OK(status) || > NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || >@@ -1155,30 +1136,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, > DEBUG(1, ("lsa_lookupsids call failed with %s " > "- retrying...\n", nt_errstr(status))); > >- status = cm_connect_lsa(domain, tmp_ctx, &cli, >- &lsa_policy); >- >- if (!NT_STATUS_IS_OK(status)) { >- goto done; >- } >- >- /* >- * This call can take a long time >- * allow the server to time out. >- * 35 seconds should do it. >- */ >- orig_timeout = rpccli_set_timeout(cli, 35000); >- >- status = rpccli_lsa_lookup_sids(cli, tmp_ctx, >- &lsa_policy, >- num_nocache, >- sid_mem_nocache, >- &domains_nocache, >- &names_nocache, >- &name_types_nocache); >- >- /* And restore our original timeout. */ >- rpccli_set_timeout(cli, orig_timeout); >+ status = winbindd_lookup_sids(tmp_ctx, >+ domain, >+ num_nocache, >+ sid_mem_nocache, >+ &domains_nocache, >+ &names_nocache, >+ &name_types_nocache); > } > > if (NT_STATUS_IS_OK(status) || >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 384395f..ad80182 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -71,6 +71,15 @@ int main(int argc, char **argv, char **envp); > > /* The following definitions come from winbindd/winbindd_ads.c */ > >+/* The following definitions come from winbindd/winbindd_rpc.c */ >+ >+NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, >+ struct winbindd_domain *domain, >+ uint32_t num_sids, >+ const struct dom_sid *sids, >+ char ***domains, >+ char ***names, >+ enum lsa_SidType **types); > > /* The following definitions come from winbindd/winbindd_async.c */ > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 38b20d8..255db61 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -353,42 +353,26 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, > char **names; > enum lsa_SidType *types = NULL; > NTSTATUS result; >- struct rpc_pipe_client *cli; >- struct policy_handle lsa_policy; > NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; > char *mapped_name = NULL; >- unsigned int orig_timeout; > > DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_dbg(sid), > domain->name )); > >- result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ result = winbindd_lookup_sids(mem_ctx, >+ domain, >+ 1, >+ sid, >+ &domains, >+ &names, >+ &types); > if (!NT_STATUS_IS_OK(result)) { >- DEBUG(2,("msrpc_sid_to_name: cm_connect_lsa() failed (%s)\n", >- nt_errstr(result))); >+ DEBUG(2,("msrpc_sid_to_name: failed to lookup sids: %s\n", >+ nt_errstr(result))); > return result; > } > > >- /* >- * This call can take a long time >- * allow the server to time out. >- * 35 seconds should do it. >- */ >- orig_timeout = rpccli_set_timeout(cli, 35000); >- >- result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, >- 1, sid, &domains, &names, &types); >- >- /* And restore our original timeout. */ >- rpccli_set_timeout(cli, orig_timeout); >- >- if (!NT_STATUS_IS_OK(result)) { >- DEBUG(2,("msrpc_sid_to_name: rpccli_lsa_lookup_sids() failed (%s)\n", >- nt_errstr(result))); >- return result; >- } >- > *type = (enum lsa_SidType)types[0]; > *domain_name = domains[0]; > *name = names[0]; >@@ -418,12 +402,9 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, > { > char **domains; > NTSTATUS result; >- struct rpc_pipe_client *cli; >- struct policy_handle lsa_policy; > DOM_SID *sids; > size_t i; > char **ret_names; >- unsigned int orig_timeout; > > DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name )); > >@@ -442,24 +423,13 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, > } > } > >- result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >- if (!NT_STATUS_IS_OK(result)) { >- return result; >- } >- >- /* >- * This call can take a long time >- * allow the server to time out. >- * 35 seconds should do it. >- */ >- orig_timeout = rpccli_set_timeout(cli, 35000); >- >- result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, >- num_rids, sids, &domains, >- names, types); >- >- /* And restore our original timeout. */ >- rpccli_set_timeout(cli, orig_timeout); >+ result = winbindd_lookup_sids(mem_ctx, >+ domain, >+ num_rids, >+ sids, >+ &domains, >+ names, >+ types); > > if (!NT_STATUS_IS_OK(result) && > !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { >@@ -1222,6 +1192,45 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, > return result; > } > >+NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, >+ struct winbindd_domain *domain, >+ uint32_t num_sids, >+ const struct dom_sid *sids, >+ char ***domains, >+ char ***names, >+ enum lsa_SidType **types) >+{ >+ NTSTATUS status; >+ struct rpc_pipe_client *cli = NULL; >+ struct policy_handle lsa_policy; >+ unsigned int orig_timeout; >+ >+ status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ /* >+ * This call can take a long time >+ * allow the server to time out. >+ * 35 seconds should do it. >+ */ >+ orig_timeout = rpccli_set_timeout(cli, 35000); >+ >+ status = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, >+ num_sids, sids, domains, >+ names, types); >+ >+ /* And restore our original timeout. */ >+ rpccli_set_timeout(cli, orig_timeout); >+ >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ return status; >+} >+ > > /* the rpc backend methods are exposed via this structure */ > struct winbindd_methods msrpc_methods = { >-- >1.6.2.5 > > >From 106c1c4c073215b060726a0cd05dae9cf5c26109 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 17 Sep 2009 08:06:34 +0200 >Subject: [PATCH 06/12] s3-winbindd: add and use winbindd_lookup_names(). > >Guenther >(cherry picked from commit 99c3fc19587431efda1ae6161453d84673b32071) >--- > source3/winbindd/winbindd_proto.h | 7 ++++ > source3/winbindd/winbindd_rpc.c | 60 ++++++++++++++++++++++++------------ > 2 files changed, 47 insertions(+), 20 deletions(-) > >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index ad80182..fceb463 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -80,6 +80,13 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > char ***domains, > char ***names, > enum lsa_SidType **types); >+NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, >+ struct winbindd_domain *domain, >+ uint32_t num_names, >+ const char **names, >+ const char ***domains, >+ struct dom_sid **sids, >+ enum lsa_SidType **types); > > /* The following definitions come from winbindd/winbindd_async.c */ > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 255db61..8e1a985 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -277,11 +277,8 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > DOM_SID *sids = NULL; > enum lsa_SidType *types = NULL; > char *full_name = NULL; >- struct rpc_pipe_client *cli; >- struct policy_handle lsa_policy; > NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; > char *mapped_name = NULL; >- unsigned int orig_timeout; > > if (name == NULL || *name=='\0') { > full_name = talloc_asprintf(mem_ctx, "%s", domain_name); >@@ -311,23 +308,9 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, > DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", > full_name?full_name:"", domain_name )); > >- result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >- if (!NT_STATUS_IS_OK(result)) >- return result; >- >- /* >- * This call can take a long time >- * allow the server to time out. >- * 35 seconds should do it. >- */ >- orig_timeout = rpccli_set_timeout(cli, 35000); >- >- result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1, >- (const char**) &full_name, NULL, 1, &sids, &types); >- >- /* And restore our original timeout. */ >- rpccli_set_timeout(cli, orig_timeout); >- >+ result = winbindd_lookup_names(mem_ctx, domain, 1, >+ (const char **)&full_name, NULL, >+ &sids, &types); > if (!NT_STATUS_IS_OK(result)) > return result; > >@@ -1231,6 +1214,43 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > return status; > } > >+NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, >+ struct winbindd_domain *domain, >+ uint32_t num_names, >+ const char **names, >+ const char ***domains, >+ struct dom_sid **sids, >+ enum lsa_SidType **types) >+{ >+ NTSTATUS status; >+ struct rpc_pipe_client *cli = NULL; >+ struct policy_handle lsa_policy; >+ unsigned int orig_timeout; >+ >+ status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ /* >+ * This call can take a long time >+ * allow the server to time out. >+ * 35 seconds should do it. >+ */ >+ orig_timeout = rpccli_set_timeout(cli, 35000); >+ >+ status = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, num_names, >+ names, domains, 1, sids, types); >+ >+ /* And restore our original timeout. */ >+ rpccli_set_timeout(cli, orig_timeout); >+ >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ return status; >+} > > /* the rpc backend methods are exposed via this structure */ > struct winbindd_methods msrpc_methods = { >-- >1.6.2.5 > > >From ea64b21f6ac70aee0a2e6ee0af39313a6a71e4b2 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 11 Sep 2009 19:35:14 +0200 >Subject: [PATCH 07/12] s3-rpc_client: add rpccli_lsa_lookup_names4 wrapper. > >Guenther >(cherry picked from commit ff968712bab6c2635ef74723c6f52b0fdac4b424) >--- > source3/include/proto.h | 9 ++++ > source3/rpc_client/cli_lsarpc.c | 98 +++++++++++++++++++++++++++++--------- > 2 files changed, 84 insertions(+), 23 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 8a59363..f7f5516 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -5185,6 +5185,15 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, > int level, > DOM_SID **sids, > enum lsa_SidType **types); >+NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, int num_names, >+ const char **names, >+ const char ***dom_names, >+ int level, >+ DOM_SID **sids, >+ enum lsa_SidType **types); >+ > bool fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid); > > /* The following definitions come from rpc_client/cli_netlogon.c */ >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index 68fd96f..0c06e7b 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -342,23 +342,26 @@ fail: > > /** Lookup a list of names */ > >-NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, int num_names, >- const char **names, >- const char ***dom_names, >- int level, >- DOM_SID **sids, >- enum lsa_SidType **types) >+static NTSTATUS rpccli_lsa_lookup_names_generic(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, int num_names, >+ const char **names, >+ const char ***dom_names, >+ int level, >+ DOM_SID **sids, >+ enum lsa_SidType **types, >+ bool use_lookupnames4) > { > NTSTATUS result; > int i; > struct lsa_String *lsa_names = NULL; > struct lsa_RefDomainList *domains = NULL; > struct lsa_TransSidArray sid_array; >+ struct lsa_TransSidArray3 sid_array3; > uint32_t count = 0; > > ZERO_STRUCT(sid_array); >+ ZERO_STRUCT(sid_array3); > > lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names); > if (!lsa_names) { >@@ -369,14 +372,26 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, > init_lsa_String(&lsa_names[i], names[i]); > } > >- result = rpccli_lsa_LookupNames(cli, mem_ctx, >- pol, >- num_names, >- lsa_names, >- &domains, >- &sid_array, >- level, >- &count); >+ if (use_lookupnames4) { >+ result = rpccli_lsa_LookupNames4(cli, mem_ctx, >+ num_names, >+ lsa_names, >+ &domains, >+ &sid_array3, >+ level, >+ &count, >+ 0, >+ 0); >+ } else { >+ result = rpccli_lsa_LookupNames(cli, mem_ctx, >+ pol, >+ num_names, >+ lsa_names, >+ &domains, >+ &sid_array, >+ level, >+ &count); >+ } > > if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != > NT_STATUS_V(STATUS_SOME_UNMAPPED)) { >@@ -423,10 +438,17 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, > } > > for (i = 0; i < num_names; i++) { >- uint32_t dom_idx = sid_array.sids[i].sid_index; >- uint32_t dom_rid = sid_array.sids[i].rid; >+ uint32_t dom_idx; > DOM_SID *sid = &(*sids)[i]; > >+ if (use_lookupnames4) { >+ dom_idx = sid_array3.sids[i].sid_index; >+ (*types)[i] = sid_array3.sids[i].sid_type; >+ } else { >+ dom_idx = sid_array.sids[i].sid_index; >+ (*types)[i] = sid_array.sids[i].sid_type; >+ } >+ > /* Translate optimised sid through domain index array */ > > if (dom_idx == 0xffffffff) { >@@ -436,14 +458,16 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, > continue; > } > >- sid_copy(sid, domains->domains[dom_idx].sid); >+ if (use_lookupnames4) { >+ sid_copy(sid, sid_array3.sids[i].sid); >+ } else { >+ sid_copy(sid, domains->domains[dom_idx].sid); > >- if (dom_rid != 0xffffffff) { >- sid_append_rid(sid, dom_rid); >+ if (sid_array.sids[i].rid != 0xffffffff) { >+ sid_append_rid(sid, sid_array.sids[i].rid); >+ } > } > >- (*types)[i] = sid_array.sids[i].sid_type; >- > if (dom_names == NULL) { > continue; > } >@@ -455,3 +479,31 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, > > return result; > } >+ >+NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, int num_names, >+ const char **names, >+ const char ***dom_names, >+ int level, >+ DOM_SID **sids, >+ enum lsa_SidType **types) >+{ >+ return rpccli_lsa_lookup_names_generic(cli, mem_ctx, pol, num_names, >+ names, dom_names, level, sids, >+ types, false); >+} >+ >+NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, int num_names, >+ const char **names, >+ const char ***dom_names, >+ int level, >+ DOM_SID **sids, >+ enum lsa_SidType **types) >+{ >+ return rpccli_lsa_lookup_names_generic(cli, mem_ctx, pol, num_names, >+ names, dom_names, level, sids, >+ types, true); >+} >-- >1.6.2.5 > > >From 1318c199f0edf1152648fe4a46109f9c66f693dc Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Sun, 13 Sep 2009 00:28:49 +0200 >Subject: [PATCH 08/12] s3-rpc_client: add rpccli_lsa_lookup_sids3 wrapper. > >Guenther >(cherry picked from commit 2f9adf04e4b3e16c046cb371a428a8a70d5de041) >--- > source3/include/proto.h | 8 +++ > source3/rpc_client/cli_lsarpc.c | 91 +++++++++++++++++++++++++++++++------- > 2 files changed, 82 insertions(+), 17 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index f7f5516..e489224 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -5177,6 +5177,14 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, > char ***pdomains, > char ***pnames, > enum lsa_SidType **ptypes); >+NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const DOM_SID *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes); > NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, > TALLOC_CTX *mem_ctx, > struct policy_handle *pol, int num_names, >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index 0c06e7b..aa883d3 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -114,7 +114,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, > const DOM_SID *sids, > char **domains, > char **names, >- enum lsa_SidType *types) >+ enum lsa_SidType *types, >+ bool use_lookupsids3) > { > NTSTATUS result = NT_STATUS_OK; > TALLOC_CTX *tmp_ctx = NULL; >@@ -147,13 +148,41 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, > } > } > >- result = rpccli_lsa_LookupSids(cli, mem_ctx, >- pol, >- &sid_array, >- &ref_domains, >- &lsa_names, >- level, >- &count); >+ if (use_lookupsids3) { >+ struct lsa_TransNameArray2 lsa_names2; >+ uint32_t n; >+ >+ result = rpccli_lsa_LookupSids3(cli, mem_ctx, >+ &sid_array, >+ &ref_domains, >+ &lsa_names2, >+ level, >+ &count, >+ 0, >+ 0); >+ >+ if (!NT_STATUS_IS_ERR(result)) { >+ lsa_names.count = lsa_names2.count; >+ lsa_names.names = talloc_array(mem_ctx, struct lsa_TranslatedName, lsa_names.count); >+ if (!lsa_names.names) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ for (n=0; n < lsa_names.count; n++) { >+ lsa_names.names[n].sid_type = lsa_names2.names[n].sid_type; >+ lsa_names.names[n].name = lsa_names2.names[n].name; >+ lsa_names.names[n].sid_index = lsa_names2.names[n].sid_index; >+ } >+ } >+ >+ } else { >+ result = rpccli_lsa_LookupSids(cli, mem_ctx, >+ pol, >+ &sid_array, >+ &ref_domains, >+ &lsa_names, >+ level, >+ &count); >+ } > > DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n", > nt_errstr(result), count)); >@@ -233,14 +262,15 @@ done: > * at 20480 for win2k3, but we keep it at a save 1000 for now. */ > #define LOOKUP_SIDS_HUNK_SIZE 1000 > >-NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const DOM_SID *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes) >+static NTSTATUS rpccli_lsa_lookup_sids_generic(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const DOM_SID *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes, >+ bool use_lookupsids3) > { > NTSTATUS result = NT_STATUS_OK; > int sids_left = 0; >@@ -299,7 +329,8 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, > hunk_sids, > hunk_domains, > hunk_names, >- hunk_types); >+ hunk_types, >+ use_lookupsids3); > > if (!NT_STATUS_IS_OK(hunk_result) && > !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) && >@@ -340,6 +371,32 @@ fail: > return result; > } > >+NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const DOM_SID *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes) >+{ >+ return rpccli_lsa_lookup_sids_generic(cli, mem_ctx, pol, num_sids, sids, >+ pdomains, pnames, ptypes, false); >+} >+ >+NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const DOM_SID *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes) >+{ >+ return rpccli_lsa_lookup_sids_generic(cli, mem_ctx, pol, num_sids, sids, >+ pdomains, pnames, ptypes, true); >+} >+ > /** Lookup a list of names */ > > static NTSTATUS rpccli_lsa_lookup_names_generic(struct rpc_pipe_client *cli, >-- >1.6.2.5 > > >From f0d2909906b0e0b79a915f956b049d537bf926bb Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 17 Sep 2009 09:42:49 +0200 >Subject: [PATCH 09/12] s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc. > >Guenther >(cherry picked from commit a4b5c792c55ef90648a528d279beec32f86a9b22) >--- > source3/rpc_client/cli_lsarpc.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index aa883d3..d49fa47 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -152,6 +152,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, > struct lsa_TransNameArray2 lsa_names2; > uint32_t n; > >+ ZERO_STRUCT(lsa_names2); >+ > result = rpccli_lsa_LookupSids3(cli, mem_ctx, > &sid_array, > &ref_domains, >-- >1.6.2.5 > > >From 8ae9eb2c9503ce94be13c53d37731f431e105821 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Sat, 12 Sep 2009 23:30:39 +0200 >Subject: [PATCH 10/12] s3-winbindd: add cm_connect_lsa_tcp(). > >Guenther >(cherry picked from commit 58f2deb94024f002e3c3df47f45454edc97f47e1) >--- > source3/winbindd/winbindd.h | 1 + > source3/winbindd/winbindd_cm.c | 59 +++++++++++++++++++++++++++++++++++++ > source3/winbindd/winbindd_proto.h | 3 ++ > 3 files changed, 63 insertions(+), 0 deletions(-) > >diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h >index f3733dc..32af656 100644 >--- a/source3/winbindd/winbindd.h >+++ b/source3/winbindd/winbindd.h >@@ -122,6 +122,7 @@ struct winbindd_cm_conn { > struct policy_handle sam_connect_handle, sam_domain_handle; > > struct rpc_pipe_client *lsa_pipe; >+ struct rpc_pipe_client *lsa_pipe_tcp; > struct policy_handle lsa_policy; > > struct rpc_pipe_client *netlogon_pipe; >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index 85333cf..d2dbcb4 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -1551,6 +1551,14 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn) > } > } > >+ if (conn->lsa_pipe_tcp != NULL) { >+ TALLOC_FREE(conn->lsa_pipe_tcp); >+ /* Ok, it must be dead. Drop timeout to 0.5 sec. */ >+ if (conn->cli) { >+ cli_set_timeout(conn->cli, 500); >+ } >+ } >+ > if (conn->netlogon_pipe != NULL) { > TALLOC_FREE(conn->netlogon_pipe); > /* Ok, it must be dead. Drop timeout to 0.5 sec. */ >@@ -2157,6 +2165,57 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > return result; > } > >+/********************************************************************** >+ open an schanneld ncacn_ip_tcp connection to LSA >+***********************************************************************/ >+ >+NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, >+ TALLOC_CTX *mem_ctx, >+ struct rpc_pipe_client **cli) >+{ >+ struct winbindd_cm_conn *conn; >+ NTSTATUS status; >+ >+ DEBUG(10,("cm_connect_lsa_tcp\n")); >+ >+ status = init_dc_connection(domain); >+ if (!NT_STATUS_IS_OK(status)) { >+ goto done; >+ } >+ >+ conn = &domain->conn; >+ >+ if (conn->lsa_pipe_tcp && >+ conn->lsa_pipe_tcp->transport->transport == NCACN_IP_TCP && >+ conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY) { >+ goto done; >+ } >+ >+ TALLOC_FREE(conn->lsa_pipe_tcp); >+ >+ status = cli_rpc_pipe_open_schannel(conn->cli, >+ &ndr_table_lsarpc.syntax_id, >+ NCACN_IP_TCP, >+ PIPE_AUTH_LEVEL_PRIVACY, >+ domain->name, >+ &conn->lsa_pipe_tcp); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n", >+ nt_errstr(status))); >+ goto done; >+ } >+ >+ done: >+ if (!NT_STATUS_IS_OK(status)) { >+ TALLOC_FREE(conn->lsa_pipe_tcp); >+ return status; >+ } >+ >+ *cli = conn->lsa_pipe_tcp; >+ >+ return status; >+} >+ > NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > struct rpc_pipe_client **cli, struct policy_handle *lsa_policy) > { >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index fceb463..2aec595 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -227,6 +227,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > struct rpc_pipe_client **cli, struct policy_handle *sam_handle); > NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > struct rpc_pipe_client **cli, struct policy_handle *lsa_policy); >+NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, >+ TALLOC_CTX *mem_ctx, >+ struct rpc_pipe_client **cli); > NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, > struct rpc_pipe_client **cli); > >-- >1.6.2.5 > > >From e8b68747ebf8bbbe3f97db2a9c045897f163ec88 Mon Sep 17 00:00:00 2001 >From: =?utf-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 17 Sep 2009 09:43:36 +0200 >Subject: [PATCH 11/12] s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working. > >Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp >connection when talking to AD for LSA lookup calls. > >In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an >schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve >sids and names. > >Guenther >(cherry picked from commit 6a8ef6c424c52be861ed2a9806f917a64ec892a6) >--- > source3/winbindd/winbindd.h | 2 + > source3/winbindd/winbindd_cm.c | 2 + > source3/winbindd/winbindd_rpc.c | 64 +++++++++++++++++++++++++++++++++++--- > 3 files changed, 63 insertions(+), 5 deletions(-) > >diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h >index 32af656..16812d8 100644 >--- a/source3/winbindd/winbindd.h >+++ b/source3/winbindd/winbindd.h >@@ -183,6 +183,8 @@ struct winbindd_domain { > * to False. This variable is around so that > * we don't have to try _ex every time. */ > >+ bool can_do_ncacn_ip_tcp; >+ > /* Lookup methods for this domain (LDAP or RPC) */ > struct winbindd_methods *methods; > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index d2dbcb4..46aa3d6 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -1933,6 +1933,8 @@ done: > DEBUG(5,("set_dc_type_and_flags_connect: domain %s is %srunning active directory.\n", > domain->name, domain->active_directory ? "" : "NOT ")); > >+ domain->can_do_ncacn_ip_tcp = domain->active_directory; >+ > TALLOC_FREE(cli); > > TALLOC_FREE(mem_ctx); >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index 8e1a985..f176fb3 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -1175,6 +1175,15 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, > return result; > } > >+typedef NTSTATUS (*lookup_sids_fn_t)(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const DOM_SID *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes); >+ > NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > uint32_t num_sids, >@@ -1187,12 +1196,23 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct rpc_pipe_client *cli = NULL; > struct policy_handle lsa_policy; > unsigned int orig_timeout; >+ lookup_sids_fn_t lookup_sids_fn = rpccli_lsa_lookup_sids; > >+ if (domain->can_do_ncacn_ip_tcp) { >+ status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); >+ if (NT_STATUS_IS_OK(status)) { >+ lookup_sids_fn = rpccli_lsa_lookup_sids3; >+ goto lookup; >+ } >+ domain->can_do_ncacn_ip_tcp = false; >+ } > status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >+ lookup: > /* > * This call can take a long time > * allow the server to time out. >@@ -1200,9 +1220,14 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > */ > orig_timeout = rpccli_set_timeout(cli, 35000); > >- status = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, >- num_sids, sids, domains, >- names, types); >+ status = lookup_sids_fn(cli, >+ mem_ctx, >+ &lsa_policy, >+ num_sids, >+ sids, >+ domains, >+ names, >+ types); > > /* And restore our original timeout. */ > rpccli_set_timeout(cli, orig_timeout); >@@ -1214,6 +1239,16 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > return status; > } > >+typedef NTSTATUS (*lookup_names_fn_t)(struct rpc_pipe_client *cli, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_names, >+ const char **names, >+ const char ***dom_names, >+ int level, >+ struct dom_sid **sids, >+ enum lsa_SidType **types); >+ > NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > uint32_t num_names, >@@ -1226,12 +1261,24 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct rpc_pipe_client *cli = NULL; > struct policy_handle lsa_policy; > unsigned int orig_timeout; >+ lookup_names_fn_t lookup_names_fn = rpccli_lsa_lookup_names; > >+ if (domain->can_do_ncacn_ip_tcp) { >+ status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); >+ if (NT_STATUS_IS_OK(status)) { >+ lookup_names_fn = rpccli_lsa_lookup_names4; >+ goto lookup; >+ } >+ domain->can_do_ncacn_ip_tcp = false; >+ } > status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >+ lookup: >+ > /* > * This call can take a long time > * allow the server to time out. >@@ -1239,8 +1286,15 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > */ > orig_timeout = rpccli_set_timeout(cli, 35000); > >- status = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, num_names, >- names, domains, 1, sids, types); >+ status = lookup_names_fn(cli, >+ mem_ctx, >+ &lsa_policy, >+ num_names, >+ (const char **) names, >+ domains, >+ 1, >+ sids, >+ types); > > /* And restore our original timeout. */ > rpccli_set_timeout(cli, orig_timeout); >-- >1.6.2.5 > > >From f02ed74192daa9726834b32f360dc716bc381624 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 23 Sep 2009 06:23:50 +0200 >Subject: [PATCH 12/12] s3:winbind: Fix an uninitialized variable > (cherry picked from commit 0724649a8a7c04d015317d9dc2ae43ee87c1bd25) > >--- > source3/winbindd/winbindd_cm.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index 46aa3d6..3162362 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2182,7 +2182,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, > > status = init_dc_connection(domain); > if (!NT_STATUS_IS_OK(status)) { >- goto done; >+ return status; > } > > conn = &domain->conn; >-- >1.6.2.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 6711
: 4731 |
4734
|
4746
|
4784
|
4788
|
4800