The Samba-Bugzilla – Attachment 8243 Details for
Bug 9439
ncacn_ip_tcp reconnection code for lsa lookups still broken
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 3.6.x
v3-6-test-lsat (text/plain), 25.59 KB, created by
Guenther Deschner
on 2012-11-30 12:12:18 UTC
(
hide
)
Description:
patch for 3.6.x
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2012-11-30 12:12:18 UTC
Size:
25.59 KB
patch
obsolete
>From 3dd92a1fb265f71c08a7fad9989aed34706b5306 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 6 Sep 2011 18:33:35 +0200 >Subject: [PATCH 01/10] s3: Make winbindd_lookup_names static > >Autobuild-User: Volker Lendecke <vlendec@samba.org> >Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104 >(cherry picked from commit fd65e5eb8cdd38917a574734c9079cd75e4e1be0) >--- > source3/winbindd/winbindd_msrpc.c | 21 ++++++++++++++------- > source3/winbindd/winbindd_proto.h | 7 ------- > 2 files changed, 14 insertions(+), 14 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 921cdb5..f4e3943 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -35,6 +35,13 @@ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_WINBIND > >+static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, >+ struct winbindd_domain *domain, >+ uint32_t num_names, >+ const char **names, >+ const char ***domains, >+ struct dom_sid **sids, >+ enum lsa_SidType **types); > > /* Query display info for a domain. This returns enough information plus a > bit extra to give an overview of domain users for the User Manager >@@ -1154,13 +1161,13 @@ typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, > enum lsa_SidType **types, > NTSTATUS *result); > >-NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, >- struct winbindd_domain *domain, >- uint32_t num_names, >- const char **names, >- const char ***domains, >- struct dom_sid **sids, >- enum lsa_SidType **types) >+static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, >+ struct winbindd_domain *domain, >+ uint32_t num_names, >+ const char **names, >+ const char ***domains, >+ struct dom_sid **sids, >+ enum lsa_SidType **types) > { > NTSTATUS status; > NTSTATUS result; >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 41292d4..4a65087 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -47,13 +47,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > char ***domains, > char ***names, > enum lsa_SidType **types); >-NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, >- struct winbindd_domain *domain, >- uint32_t num_names, >- const char **names, >- const char ***domains, >- struct dom_sid **sids, >- enum lsa_SidType **types); > NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > struct lsa_SidArray *sids, >-- >1.7.11.7 > > >From c7e91c9d5ff3377a4584c171706d9dbe9a7fb770 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 14:53:27 +0100 >Subject: [PATCH 02/10] s3-rpc_cli: Remove some unused wrapping code. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/rpc_client/cli_lsarpc.c | 59 ----------------------------------------- > source3/rpc_client/cli_lsarpc.h | 17 ------------ > 2 files changed, 76 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index 99e0262..d294c95 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -539,35 +539,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, > result); > } > >-NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes) >-{ >- NTSTATUS status; >- NTSTATUS result = NT_STATUS_UNSUCCESSFUL; >- >- status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle, >- mem_ctx, >- pol, >- num_sids, >- sids, >- pdomains, >- pnames, >- ptypes, >- true, >- &result); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- return result; >-} >- > /** Lookup a list of names */ > > static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >@@ -790,33 +761,3 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, > true, > result); > } >- >-NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_names, >- const char **names, >- const char ***dom_names, >- int level, >- struct dom_sid **sids, >- enum lsa_SidType **types) >-{ >- NTSTATUS status; >- NTSTATUS result = NT_STATUS_UNSUCCESSFUL; >- >- status = dcerpc_lsa_lookup_names4(cli->binding_handle, >- mem_ctx, >- pol, >- num_names, >- names, >- dom_names, >- level, >- sids, >- types, >- &result); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- return result; >-} >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index a26193e..878c3f4 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -158,15 +158,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, > char ***pnames, > enum lsa_SidType **ptypes, > NTSTATUS *result); >-NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes); >- > NTSTATUS dcerpc_lsa_lookup_names(struct dcerpc_binding_handle *h, > TALLOC_CTX *mem_ctx, > struct policy_handle *pol, >@@ -196,14 +187,6 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, > struct dom_sid **sids, > enum lsa_SidType **types, > NTSTATUS *result); >-NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, int num_names, >- const char **names, >- const char ***dom_names, >- int level, >- struct dom_sid **sids, >- enum lsa_SidType **types); > > bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); > >-- >1.7.11.7 > > >From 45fb7fcff5f73f1819e44a44fe8b612393a5dd08 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 16:57:24 +0100 >Subject: [PATCH 03/10] s3-winbindd: add cm_connect_lsat(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_cm.c | 31 +++++++++++++++++++++++++++++++ > source3/winbindd/winbindd_proto.h | 4 ++++ > 2 files changed, 35 insertions(+) > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index d129e1f..2f26df4 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2564,6 +2564,37 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > } > > /**************************************************************************** >+Open a LSA connection to a DC, suiteable for LSA lookup calls. >+****************************************************************************/ >+ >+NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, >+ TALLOC_CTX *mem_ctx, >+ struct rpc_pipe_client **cli, >+ struct policy_handle *lsa_policy) >+{ >+ NTSTATUS status; >+ >+ if (domain->can_do_ncacn_ip_tcp) { >+ status = cm_connect_lsa_tcp(domain, mem_ctx, cli); >+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { >+ invalidate_cm_connection(&domain->conn); >+ status = cm_connect_lsa_tcp(domain, mem_ctx, cli); >+ } >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ return NT_STATUS_OK; >+ } >+ >+ status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy); >+ >+ return status; >+} >+ >+/**************************************************************************** > Open the netlogon pipe to this DC. Use schannel if specified in client conf. > session key stored in conn->netlogon_pipe->dc->sess_key. > ****************************************************************************/ >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 4a65087..a38d54c 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -163,6 +163,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, > TALLOC_CTX *mem_ctx, > struct rpc_pipe_client **cli); >+NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, >+ TALLOC_CTX *mem_ctx, >+ struct rpc_pipe_client **cli, >+ struct policy_handle *lsa_policy); > NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, > struct rpc_pipe_client **cli); > bool fetch_current_dc_from_gencache(TALLOC_CTX *mem_ctx, >-- >1.7.11.7 > > >From f17833ce40e87db30ca90a9c0dfe77c27b016aca Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 16:57:57 +0100 >Subject: [PATCH 04/10] s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() > public. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/rpc_client/cli_lsarpc.c | 20 ++++++++++---------- > source3/rpc_client/cli_lsarpc.h | 11 ++++++++++- > 2 files changed, 20 insertions(+), 11 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index d294c95..e573aef 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -330,16 +330,16 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, > * at 20480 for win2k3, but we keep it at a save 1000 for now. */ > #define LOOKUP_SIDS_HUNK_SIZE 1000 > >-static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes, >- bool use_lookupsids3, >- NTSTATUS *presult) >+NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const struct dom_sid *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes, >+ bool use_lookupsids3, >+ NTSTATUS *presult) > { > NTSTATUS status = NT_STATUS_OK; > NTSTATUS result = NT_STATUS_OK; >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index 878c3f4..5e76ba3 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -125,7 +125,16 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, > char ***pdomains, > char ***pnames, > enum lsa_SidType **ptypes); >- >+NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const struct dom_sid *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes, >+ bool use_lookupsids3, >+ NTSTATUS *presult); > /** > * @brief Look up the names that correspond to an array of sids. > * >-- >1.7.11.7 > > >From 50c986799b3b05de60fe0c616f2fbf30d5a8e393 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 17:00:49 +0100 >Subject: [PATCH 05/10] s3-rpc_client: make dcerpc_lsa_lookup_names_generic() > public. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/rpc_client/cli_lsarpc.c | 22 +++++++++++----------- > source3/rpc_client/cli_lsarpc.h | 11 +++++++++++ > 2 files changed, 22 insertions(+), 11 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index e573aef..330774d 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -541,17 +541,17 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, > > /** Lookup a list of names */ > >-static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- uint32_t num_names, >- const char **names, >- const char ***dom_names, >- enum lsa_LookupNamesLevel level, >- struct dom_sid **sids, >- enum lsa_SidType **types, >- bool use_lookupnames4, >- NTSTATUS *presult) >+NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ uint32_t num_names, >+ const char **names, >+ const char ***dom_names, >+ enum lsa_LookupNamesLevel level, >+ struct dom_sid **sids, >+ enum lsa_SidType **types, >+ bool use_lookupnames4, >+ NTSTATUS *presult) > { > NTSTATUS status; > struct lsa_String *lsa_names = NULL; >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index 5e76ba3..36afe0b 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -196,6 +196,17 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, > struct dom_sid **sids, > enum lsa_SidType **types, > NTSTATUS *result); >+NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ uint32_t num_names, >+ const char **names, >+ const char ***dom_names, >+ enum lsa_LookupNamesLevel level, >+ struct dom_sid **sids, >+ enum lsa_SidType **types, >+ bool use_lookupnames4, >+ NTSTATUS *presult); > > bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); > >-- >1.7.11.7 > > >From d000ae742a1c63ddf5d36ad0a3968026149b4886 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 17:03:40 +0100 >Subject: [PATCH 06/10] s3-winbindd: remove lookup_names_fn_t. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 36 +++++++++++++----------------------- > 1 file changed, 13 insertions(+), 23 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index f4e3943..889d9a8 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1150,17 +1150,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > } > >-typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- uint32_t num_names, >- const char **names, >- const char ***dom_names, >- enum lsa_LookupNamesLevel level, >- struct dom_sid **sids, >- enum lsa_SidType **types, >- NTSTATUS *result); >- > static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > uint32_t num_names, >@@ -1175,12 +1164,12 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct dcerpc_binding_handle *b = NULL; > struct policy_handle lsa_policy; > unsigned int orig_timeout = 0; >- lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names; >+ bool use_lookupnames4 = false; > > if (domain->can_do_ncacn_ip_tcp) { > status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); > if (NT_STATUS_IS_OK(status)) { >- lookup_names_fn = dcerpc_lsa_lookup_names4; >+ use_lookupnames4 = true; > goto lookup; > } > domain->can_do_ncacn_ip_tcp = false; >@@ -1201,16 +1190,17 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > */ > orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); > >- status = lookup_names_fn(b, >- mem_ctx, >- &lsa_policy, >- num_names, >- (const char **) names, >- domains, >- 1, >- sids, >- types, >- &result); >+ status = dcerpc_lsa_lookup_names_generic(b, >+ mem_ctx, >+ &lsa_policy, >+ num_names, >+ (const char **) names, >+ domains, >+ 1, >+ sids, >+ types, >+ use_lookupnames4, >+ &result); > > /* And restore our original timeout. */ > dcerpc_binding_handle_set_timeout(b, orig_timeout); >-- >1.7.11.7 > > >From 478419fa36e10d32a27eedfb67a3c711fec8411d Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 20:41:21 +0100 >Subject: [PATCH 07/10] s3-winbindd: remove lookup_sids_fn_t. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 33 ++++++++++++--------------------- > 1 file changed, 12 insertions(+), 21 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 889d9a8..4bee586 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1064,16 +1064,6 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, > return status; > } > >-typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes, >- NTSTATUS *result); >- > NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > uint32_t num_sids, >@@ -1088,12 +1078,12 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct dcerpc_binding_handle *b = NULL; > struct policy_handle lsa_policy; > unsigned int orig_timeout; >- lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids; >+ bool use_lookupsids3 = false; > > if (domain->can_do_ncacn_ip_tcp) { > status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); > if (NT_STATUS_IS_OK(status)) { >- lookup_sids_fn = dcerpc_lsa_lookup_sids3; >+ use_lookupsids3 = true; > goto lookup; > } > domain->can_do_ncacn_ip_tcp = false; >@@ -1114,15 +1104,16 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > */ > orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); > >- status = lookup_sids_fn(b, >- mem_ctx, >- &lsa_policy, >- num_sids, >- sids, >- domains, >- names, >- types, >- &result); >+ status = dcerpc_lsa_lookup_sids_generic(b, >+ mem_ctx, >+ &lsa_policy, >+ num_sids, >+ sids, >+ domains, >+ names, >+ types, >+ use_lookupsids3, >+ &result); > > /* And restore our original timeout. */ > dcerpc_binding_handle_set_timeout(b, orig_timeout); >-- >1.7.11.7 > > >From 2271fc6684c4e4246230762dcfeb9d9d3fc1d6dd Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 29 Nov 2012 12:03:16 +0100 >Subject: [PATCH 08/10] s3-winbindd: rework reconnect logic in > winbindd_lookup_sids(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 26 ++++++++++++++------------ > 1 file changed, 14 insertions(+), 12 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 4bee586..97751c6 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1079,24 +1079,20 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct policy_handle lsa_policy; > unsigned int orig_timeout; > bool use_lookupsids3 = false; >+ bool retried = false; > >- if (domain->can_do_ncacn_ip_tcp) { >- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); >- if (NT_STATUS_IS_OK(status)) { >- use_lookupsids3 = true; >- goto lookup; >- } >- domain->can_do_ncacn_ip_tcp = false; >- } >- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >- >+ connect: >+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >- lookup: > b = cli->binding_handle; > >+ if (cli->transport->transport == NCACN_IP_TCP) { >+ use_lookupsids3 = true; >+ } >+ > /* > * This call can take a long time > * allow the server to time out. >@@ -1119,7 +1115,8 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > dcerpc_binding_handle_set_timeout(b, orig_timeout); > > if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { >+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { > /* > * This can happen if the schannel key is not > * valid anymore, we need to invalidate the >@@ -1127,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > * a netlogon connection first. > */ > invalidate_cm_connection(&domain->conn); >+ domain->can_do_ncacn_ip_tcp = domain->active_directory; >+ if (!retried) { >+ retried = true; >+ goto connect; >+ } > status = NT_STATUS_ACCESS_DENIED; > } > >-- >1.7.11.7 > > >From 443371e8ffc9d87d25e1da7d5ce46bd877e8164a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 29 Nov 2012 12:03:53 +0100 >Subject: [PATCH 09/10] s3-winbindd: rework reconnect logic in > winbindd_lookup_names(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 25 +++++++++++++------------ > 1 file changed, 13 insertions(+), 12 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 97751c6..b14a4f8 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1158,24 +1158,20 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct policy_handle lsa_policy; > unsigned int orig_timeout = 0; > bool use_lookupnames4 = false; >+ bool retried = false; > >- if (domain->can_do_ncacn_ip_tcp) { >- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); >- if (NT_STATUS_IS_OK(status)) { >- use_lookupnames4 = true; >- goto lookup; >- } >- domain->can_do_ncacn_ip_tcp = false; >- } >- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >- >+ connect: >+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >- lookup: > b = cli->binding_handle; > >+ if (cli->transport->transport == NCACN_IP_TCP) { >+ use_lookupnames4 = true; >+ } >+ > /* > * This call can take a long time > * allow the server to time out. >@@ -1199,7 +1195,8 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > dcerpc_binding_handle_set_timeout(b, orig_timeout); > > if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { >+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { > /* > * This can happen if the schannel key is not > * valid anymore, we need to invalidate the >@@ -1207,6 +1204,10 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > * a netlogon connection first. > */ > invalidate_cm_connection(&domain->conn); >+ if (!retried) { >+ retried = true; >+ goto connect; >+ } > status = NT_STATUS_ACCESS_DENIED; > } > >-- >1.7.11.7 > > >From 165b32dba363fdd13d234f18fab88b96d9ae7abb Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 29 Nov 2012 14:31:19 +0100 >Subject: [PATCH 10/10] s3-winbind: use new reconnect logic in > rpc_lookup_sids() also. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Volker, please check. > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >--- > source3/winbindd/winbindd_rpc.c | 23 +++++++---------------- > 1 file changed, 7 insertions(+), 16 deletions(-) > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index bf438a6..9a95e57 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -1033,6 +1033,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, > > static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, >+ struct rpc_pipe_client *cli, > struct lsa_SidArray *sids, > struct lsa_RefDomainList **pdomains, > struct lsa_TransNameArray **pnames) >@@ -1040,15 +1041,8 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, > struct lsa_TransNameArray2 lsa_names2; > struct lsa_TransNameArray *names; > uint32_t i, count; >- struct rpc_pipe_client *cli; > NTSTATUS status, result; > >- status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli); >- if (!NT_STATUS_IS_OK(status)) { >- domain->can_do_ncacn_ip_tcp = false; >- return status; >- } >- > ZERO_STRUCT(lsa_names2); > status = dcerpc_lsa_LookupSids3(cli->binding_handle, > mem_ctx, >@@ -1098,19 +1092,16 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, > uint32_t count; > NTSTATUS status, result; > >- if (domain->can_do_ncacn_ip_tcp) { >- status = rpc_try_lookup_sids3(mem_ctx, domain, sids, >- pdomains, pnames); >- if (!NT_STATUS_IS_ERR(status)) { >- return status; >- } >- } >- >- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >+ if (cli->transport->transport == NCACN_IP_TCP) { >+ return rpc_try_lookup_sids3(mem_ctx, domain, cli, sids, >+ pdomains, pnames); >+ } >+ > names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray); > if (names == NULL) { > return NT_STATUS_NO_MEMORY; >-- >1.7.11.7 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8243">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 9439
: 8243 |
8251