From 102e0d78cb0b881824a141cf399e793204134604 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 14:53:27 +0100 Subject: [PATCH 1/9] s3-rpc_cli: Remove some unused wrapping code. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_lsarpc.c | 59 ----------------------------------------- source3/rpc_client/cli_lsarpc.h | 17 ------------ 2 files changed, 76 deletions(-) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index c6e402d..0ca3dec 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -539,35 +539,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, result); } -NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes) -{ - NTSTATUS status; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle, - mem_ctx, - pol, - num_sids, - sids, - pdomains, - pnames, - ptypes, - true, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - return result; -} - /** Lookup a list of names */ static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, @@ -790,33 +761,3 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, true, result); } - -NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_names, - const char **names, - const char ***dom_names, - int level, - struct dom_sid **sids, - enum lsa_SidType **types) -{ - NTSTATUS status; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - status = dcerpc_lsa_lookup_names4(cli->binding_handle, - mem_ctx, - pol, - num_names, - names, - dom_names, - level, - sids, - types, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - return result; -} diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h index a26193e..878c3f4 100644 --- a/source3/rpc_client/cli_lsarpc.h +++ b/source3/rpc_client/cli_lsarpc.h @@ -158,15 +158,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, char ***pnames, enum lsa_SidType **ptypes, NTSTATUS *result); -NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes); - NTSTATUS dcerpc_lsa_lookup_names(struct dcerpc_binding_handle *h, TALLOC_CTX *mem_ctx, struct policy_handle *pol, @@ -196,14 +187,6 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, struct dom_sid **sids, enum lsa_SidType **types, NTSTATUS *result); -NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, int num_names, - const char **names, - const char ***dom_names, - int level, - struct dom_sid **sids, - enum lsa_SidType **types); bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); -- 1.7.11.7 From 0471cfee8131ec903c1832161dedd0d92dfa59a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 16:57:24 +0100 Subject: [PATCH 2/9] s3-winbindd: add cm_connect_lsat(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/winbindd/winbindd_cm.c | 31 +++++++++++++++++++++++++++++++ source3/winbindd/winbindd_proto.h | 4 ++++ 2 files changed, 35 insertions(+) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 57027eb..33eeb32 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2565,6 +2565,37 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } /**************************************************************************** +Open a LSA connection to a DC, suiteable for LSA lookup calls. +****************************************************************************/ + +NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli, + struct policy_handle *lsa_policy) +{ + NTSTATUS status; + + if (domain->can_do_ncacn_ip_tcp) { + status = cm_connect_lsa_tcp(domain, mem_ctx, cli); + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { + invalidate_cm_connection(&domain->conn); + status = cm_connect_lsa_tcp(domain, mem_ctx, cli); + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return NT_STATUS_OK; + } + + status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy); + + return status; +} + +/**************************************************************************** Open the netlogon pipe to this DC. Use schannel if specified in client conf. session key stored in conn->netlogon_pipe->dc->sess_key. ****************************************************************************/ diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 5cc90f2..f1d44b7 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -164,6 +164,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli); +NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli, + struct policy_handle *lsa_policy); NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, struct rpc_pipe_client **cli); bool fetch_current_dc_from_gencache(TALLOC_CTX *mem_ctx, -- 1.7.11.7 From b354c55f653b2d34ccb924d3f413045f39cf74b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 16:57:57 +0100 Subject: [PATCH 3/9] s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_lsarpc.c | 20 ++++++++++---------- source3/rpc_client/cli_lsarpc.h | 11 ++++++++++- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0ca3dec..8ef2845 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -330,16 +330,16 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, * at 20480 for win2k3, but we keep it at a save 1000 for now. */ #define LOOKUP_SIDS_HUNK_SIZE 1000 -static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes, - bool use_lookupsids3, - NTSTATUS *presult) +NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + int num_sids, + const struct dom_sid *sids, + char ***pdomains, + char ***pnames, + enum lsa_SidType **ptypes, + bool use_lookupsids3, + NTSTATUS *presult) { NTSTATUS status = NT_STATUS_OK; NTSTATUS result = NT_STATUS_OK; diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h index 878c3f4..5e76ba3 100644 --- a/source3/rpc_client/cli_lsarpc.h +++ b/source3/rpc_client/cli_lsarpc.h @@ -125,7 +125,16 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, char ***pdomains, char ***pnames, enum lsa_SidType **ptypes); - +NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + int num_sids, + const struct dom_sid *sids, + char ***pdomains, + char ***pnames, + enum lsa_SidType **ptypes, + bool use_lookupsids3, + NTSTATUS *presult); /** * @brief Look up the names that correspond to an array of sids. * -- 1.7.11.7 From 37bdbbae6fed63fa35ab301c4c5d259b59b82a50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 17:00:49 +0100 Subject: [PATCH 4/9] s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/rpc_client/cli_lsarpc.c | 22 +++++++++++----------- source3/rpc_client/cli_lsarpc.h | 11 +++++++++++ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 8ef2845..126f370 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -541,17 +541,17 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, /** Lookup a list of names */ -static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - uint32_t num_names, - const char **names, - const char ***dom_names, - enum lsa_LookupNamesLevel level, - struct dom_sid **sids, - enum lsa_SidType **types, - bool use_lookupnames4, - NTSTATUS *presult) +NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + uint32_t num_names, + const char **names, + const char ***dom_names, + enum lsa_LookupNamesLevel level, + struct dom_sid **sids, + enum lsa_SidType **types, + bool use_lookupnames4, + NTSTATUS *presult) { NTSTATUS status; struct lsa_String *lsa_names = NULL; diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h index 5e76ba3..36afe0b 100644 --- a/source3/rpc_client/cli_lsarpc.h +++ b/source3/rpc_client/cli_lsarpc.h @@ -196,6 +196,17 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, struct dom_sid **sids, enum lsa_SidType **types, NTSTATUS *result); +NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + uint32_t num_names, + const char **names, + const char ***dom_names, + enum lsa_LookupNamesLevel level, + struct dom_sid **sids, + enum lsa_SidType **types, + bool use_lookupnames4, + NTSTATUS *presult); bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); -- 1.7.11.7 From 573720731f699dd04050d81f47ae960b7e5f1bd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 17:03:40 +0100 Subject: [PATCH 5/9] s3-winbindd: remove lookup_names_fn_t. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/winbindd/winbindd_msrpc.c | 36 +++++++++++++----------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 39186f8..55cc55b 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1150,17 +1150,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - uint32_t num_names, - const char **names, - const char ***dom_names, - enum lsa_LookupNamesLevel level, - struct dom_sid **sids, - enum lsa_SidType **types, - NTSTATUS *result); - static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, uint32_t num_names, @@ -1175,12 +1164,12 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct dcerpc_binding_handle *b = NULL; struct policy_handle lsa_policy; unsigned int orig_timeout = 0; - lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names; + bool use_lookupnames4 = false; if (domain->can_do_ncacn_ip_tcp) { status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); if (NT_STATUS_IS_OK(status)) { - lookup_names_fn = dcerpc_lsa_lookup_names4; + use_lookupnames4 = true; goto lookup; } domain->can_do_ncacn_ip_tcp = false; @@ -1201,16 +1190,17 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, */ orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); - status = lookup_names_fn(b, - mem_ctx, - &lsa_policy, - num_names, - (const char **) names, - domains, - 1, - sids, - types, - &result); + status = dcerpc_lsa_lookup_names_generic(b, + mem_ctx, + &lsa_policy, + num_names, + (const char **) names, + domains, + 1, + sids, + types, + use_lookupnames4, + &result); /* And restore our original timeout. */ dcerpc_binding_handle_set_timeout(b, orig_timeout); -- 1.7.11.7 From 00aeba605d624b2db282204f9d5cf48d47de5d1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 20:41:21 +0100 Subject: [PATCH 6/9] s3-winbindd: remove lookup_sids_fn_t. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/winbindd/winbindd_msrpc.c | 33 ++++++++++++--------------------- 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 55cc55b..f772428 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1064,16 +1064,6 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, return status; } -typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes, - NTSTATUS *result); - NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, uint32_t num_sids, @@ -1088,12 +1078,12 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct dcerpc_binding_handle *b = NULL; struct policy_handle lsa_policy; unsigned int orig_timeout; - lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids; + bool use_lookupsids3 = false; if (domain->can_do_ncacn_ip_tcp) { status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); if (NT_STATUS_IS_OK(status)) { - lookup_sids_fn = dcerpc_lsa_lookup_sids3; + use_lookupsids3 = true; goto lookup; } domain->can_do_ncacn_ip_tcp = false; @@ -1114,15 +1104,16 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, */ orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); - status = lookup_sids_fn(b, - mem_ctx, - &lsa_policy, - num_sids, - sids, - domains, - names, - types, - &result); + status = dcerpc_lsa_lookup_sids_generic(b, + mem_ctx, + &lsa_policy, + num_sids, + sids, + domains, + names, + types, + use_lookupsids3, + &result); /* And restore our original timeout. */ dcerpc_binding_handle_set_timeout(b, orig_timeout); -- 1.7.11.7 From 1fd7302d08e6ccbe82802a0be9863e902e32c0d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 29 Nov 2012 12:03:16 +0100 Subject: [PATCH 7/9] s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/winbindd/winbindd_msrpc.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index f772428..03b919f 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1079,24 +1079,20 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct policy_handle lsa_policy; unsigned int orig_timeout; bool use_lookupsids3 = false; + bool retried = false; - if (domain->can_do_ncacn_ip_tcp) { - status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); - if (NT_STATUS_IS_OK(status)) { - use_lookupsids3 = true; - goto lookup; - } - domain->can_do_ncacn_ip_tcp = false; - } - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - + connect: + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } - lookup: b = cli->binding_handle; + if (cli->transport->transport == NCACN_IP_TCP) { + use_lookupsids3 = true; + } + /* * This call can take a long time * allow the server to time out. @@ -1119,7 +1115,8 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, dcerpc_binding_handle_set_timeout(b, orig_timeout); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || - NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1127,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, * a netlogon connection first. */ invalidate_cm_connection(&domain->conn); + domain->can_do_ncacn_ip_tcp = domain->active_directory; + if (!retried) { + retried = true; + goto connect; + } status = NT_STATUS_ACCESS_DENIED; } -- 1.7.11.7 From a226a79e75fb3bc28446427100e44615150d435b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 29 Nov 2012 12:03:53 +0100 Subject: [PATCH 8/9] s3-winbindd: rework reconnect logic in winbindd_lookup_names(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/winbindd/winbindd_msrpc.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 03b919f..e86838c 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1158,24 +1158,20 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct policy_handle lsa_policy; unsigned int orig_timeout = 0; bool use_lookupnames4 = false; + bool retried = false; - if (domain->can_do_ncacn_ip_tcp) { - status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); - if (NT_STATUS_IS_OK(status)) { - use_lookupnames4 = true; - goto lookup; - } - domain->can_do_ncacn_ip_tcp = false; - } - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - + connect: + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } - lookup: b = cli->binding_handle; + if (cli->transport->transport == NCACN_IP_TCP) { + use_lookupnames4 = true; + } + /* * This call can take a long time * allow the server to time out. @@ -1199,7 +1195,8 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, dcerpc_binding_handle_set_timeout(b, orig_timeout); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || - NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1207,6 +1204,10 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, * a netlogon connection first. */ invalidate_cm_connection(&domain->conn); + if (!retried) { + retried = true; + goto connect; + } status = NT_STATUS_ACCESS_DENIED; } -- 1.7.11.7 From 5a00aec463a91a434b8cdd5bd2584dfa0472a61a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 29 Nov 2012 14:31:19 +0100 Subject: [PATCH 9/9] s3-winbind: use new reconnect logic in rpc_lookup_sids() also. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Volker, please check. Guenther Signed-off-by: Günther Deschner Reviewed-by: Andreas Schneider --- source3/winbindd/winbindd_rpc.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index a3faf42..a96dbb1 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -1057,6 +1057,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, + struct rpc_pipe_client *cli, struct lsa_SidArray *sids, struct lsa_RefDomainList **pdomains, struct lsa_TransNameArray **pnames) @@ -1064,15 +1065,8 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, struct lsa_TransNameArray2 lsa_names2; struct lsa_TransNameArray *names; uint32_t i, count; - struct rpc_pipe_client *cli; NTSTATUS status, result; - status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli); - if (!NT_STATUS_IS_OK(status)) { - domain->can_do_ncacn_ip_tcp = false; - return status; - } - ZERO_STRUCT(lsa_names2); status = dcerpc_lsa_LookupSids3(cli->binding_handle, mem_ctx, @@ -1122,19 +1116,16 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, uint32_t count; NTSTATUS status, result; - if (domain->can_do_ncacn_ip_tcp) { - status = rpc_try_lookup_sids3(mem_ctx, domain, sids, - pdomains, pnames); - if (!NT_STATUS_IS_ERR(status)) { - return status; - } - } - - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } + if (cli->transport->transport == NCACN_IP_TCP) { + return rpc_try_lookup_sids3(mem_ctx, domain, cli, sids, + pdomains, pnames); + } + names = talloc_zero(mem_ctx, struct lsa_TransNameArray); if (names == NULL) { return NT_STATUS_NO_MEMORY; -- 1.7.11.7