The Samba-Bugzilla – Attachment 8251 Details for
Bug 9439
ncacn_ip_tcp reconnection code for lsa lookups still broken
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v4-0-test patch
samba-4.0.0rc6-fix_rpc_tcp_ip_reconnect.patch (text/plain), 23.32 KB, created by
Andreas Schneider
on 2012-12-03 08:51:07 UTC
(
hide
)
Description:
v4-0-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2012-12-03 08:51:07 UTC
Size:
23.32 KB
patch
obsolete
>From 102e0d78cb0b881824a141cf399e793204134604 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 14:53:27 +0100 >Subject: [PATCH 1/9] s3-rpc_cli: Remove some unused wrapping code. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/rpc_client/cli_lsarpc.c | 59 ----------------------------------------- > source3/rpc_client/cli_lsarpc.h | 17 ------------ > 2 files changed, 76 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index c6e402d..0ca3dec 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -539,35 +539,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, > result); > } > >-NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes) >-{ >- NTSTATUS status; >- NTSTATUS result = NT_STATUS_UNSUCCESSFUL; >- >- status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle, >- mem_ctx, >- pol, >- num_sids, >- sids, >- pdomains, >- pnames, >- ptypes, >- true, >- &result); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- return result; >-} >- > /** Lookup a list of names */ > > static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >@@ -790,33 +761,3 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, > true, > result); > } >- >-NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_names, >- const char **names, >- const char ***dom_names, >- int level, >- struct dom_sid **sids, >- enum lsa_SidType **types) >-{ >- NTSTATUS status; >- NTSTATUS result = NT_STATUS_UNSUCCESSFUL; >- >- status = dcerpc_lsa_lookup_names4(cli->binding_handle, >- mem_ctx, >- pol, >- num_names, >- names, >- dom_names, >- level, >- sids, >- types, >- &result); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- return result; >-} >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index a26193e..878c3f4 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -158,15 +158,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, > char ***pnames, > enum lsa_SidType **ptypes, > NTSTATUS *result); >-NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes); >- > NTSTATUS dcerpc_lsa_lookup_names(struct dcerpc_binding_handle *h, > TALLOC_CTX *mem_ctx, > struct policy_handle *pol, >@@ -196,14 +187,6 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, > struct dom_sid **sids, > enum lsa_SidType **types, > NTSTATUS *result); >-NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, int num_names, >- const char **names, >- const char ***dom_names, >- int level, >- struct dom_sid **sids, >- enum lsa_SidType **types); > > bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); > >-- >1.7.11.7 > > >From 0471cfee8131ec903c1832161dedd0d92dfa59a7 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 16:57:24 +0100 >Subject: [PATCH 2/9] s3-winbindd: add cm_connect_lsat(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_cm.c | 31 +++++++++++++++++++++++++++++++ > source3/winbindd/winbindd_proto.h | 4 ++++ > 2 files changed, 35 insertions(+) > >diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c >index 57027eb..33eeb32 100644 >--- a/source3/winbindd/winbindd_cm.c >+++ b/source3/winbindd/winbindd_cm.c >@@ -2565,6 +2565,37 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > } > > /**************************************************************************** >+Open a LSA connection to a DC, suiteable for LSA lookup calls. >+****************************************************************************/ >+ >+NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, >+ TALLOC_CTX *mem_ctx, >+ struct rpc_pipe_client **cli, >+ struct policy_handle *lsa_policy) >+{ >+ NTSTATUS status; >+ >+ if (domain->can_do_ncacn_ip_tcp) { >+ status = cm_connect_lsa_tcp(domain, mem_ctx, cli); >+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { >+ invalidate_cm_connection(&domain->conn); >+ status = cm_connect_lsa_tcp(domain, mem_ctx, cli); >+ } >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ return NT_STATUS_OK; >+ } >+ >+ status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy); >+ >+ return status; >+} >+ >+/**************************************************************************** > Open the netlogon pipe to this DC. Use schannel if specified in client conf. > session key stored in conn->netlogon_pipe->dc->sess_key. > ****************************************************************************/ >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 5cc90f2..f1d44b7 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -164,6 +164,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, > NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, > TALLOC_CTX *mem_ctx, > struct rpc_pipe_client **cli); >+NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, >+ TALLOC_CTX *mem_ctx, >+ struct rpc_pipe_client **cli, >+ struct policy_handle *lsa_policy); > NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, > struct rpc_pipe_client **cli); > bool fetch_current_dc_from_gencache(TALLOC_CTX *mem_ctx, >-- >1.7.11.7 > > >From b354c55f653b2d34ccb924d3f413045f39cf74b1 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 16:57:57 +0100 >Subject: [PATCH 3/9] s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() > public. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/rpc_client/cli_lsarpc.c | 20 ++++++++++---------- > source3/rpc_client/cli_lsarpc.h | 11 ++++++++++- > 2 files changed, 20 insertions(+), 11 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index 0ca3dec..8ef2845 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -330,16 +330,16 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, > * at 20480 for win2k3, but we keep it at a save 1000 for now. */ > #define LOOKUP_SIDS_HUNK_SIZE 1000 > >-static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes, >- bool use_lookupsids3, >- NTSTATUS *presult) >+NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const struct dom_sid *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes, >+ bool use_lookupsids3, >+ NTSTATUS *presult) > { > NTSTATUS status = NT_STATUS_OK; > NTSTATUS result = NT_STATUS_OK; >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index 878c3f4..5e76ba3 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -125,7 +125,16 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, > char ***pdomains, > char ***pnames, > enum lsa_SidType **ptypes); >- >+NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ int num_sids, >+ const struct dom_sid *sids, >+ char ***pdomains, >+ char ***pnames, >+ enum lsa_SidType **ptypes, >+ bool use_lookupsids3, >+ NTSTATUS *presult); > /** > * @brief Look up the names that correspond to an array of sids. > * >-- >1.7.11.7 > > >From 37bdbbae6fed63fa35ab301c4c5d259b59b82a50 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 17:00:49 +0100 >Subject: [PATCH 4/9] s3-rpc_client: make dcerpc_lsa_lookup_names_generic() > public. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/rpc_client/cli_lsarpc.c | 22 +++++++++++----------- > source3/rpc_client/cli_lsarpc.h | 11 +++++++++++ > 2 files changed, 22 insertions(+), 11 deletions(-) > >diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c >index 8ef2845..126f370 100644 >--- a/source3/rpc_client/cli_lsarpc.c >+++ b/source3/rpc_client/cli_lsarpc.c >@@ -541,17 +541,17 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, > > /** Lookup a list of names */ > >-static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- uint32_t num_names, >- const char **names, >- const char ***dom_names, >- enum lsa_LookupNamesLevel level, >- struct dom_sid **sids, >- enum lsa_SidType **types, >- bool use_lookupnames4, >- NTSTATUS *presult) >+NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ uint32_t num_names, >+ const char **names, >+ const char ***dom_names, >+ enum lsa_LookupNamesLevel level, >+ struct dom_sid **sids, >+ enum lsa_SidType **types, >+ bool use_lookupnames4, >+ NTSTATUS *presult) > { > NTSTATUS status; > struct lsa_String *lsa_names = NULL; >diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h >index 5e76ba3..36afe0b 100644 >--- a/source3/rpc_client/cli_lsarpc.h >+++ b/source3/rpc_client/cli_lsarpc.h >@@ -196,6 +196,17 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, > struct dom_sid **sids, > enum lsa_SidType **types, > NTSTATUS *result); >+NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, >+ TALLOC_CTX *mem_ctx, >+ struct policy_handle *pol, >+ uint32_t num_names, >+ const char **names, >+ const char ***dom_names, >+ enum lsa_LookupNamesLevel level, >+ struct dom_sid **sids, >+ enum lsa_SidType **types, >+ bool use_lookupnames4, >+ NTSTATUS *presult); > > bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); > >-- >1.7.11.7 > > >From 573720731f699dd04050d81f47ae960b7e5f1bd9 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 17:03:40 +0100 >Subject: [PATCH 5/9] s3-winbindd: remove lookup_names_fn_t. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 36 +++++++++++++----------------------- > 1 file changed, 13 insertions(+), 23 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 39186f8..55cc55b 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1150,17 +1150,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > } > >-typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- uint32_t num_names, >- const char **names, >- const char ***dom_names, >- enum lsa_LookupNamesLevel level, >- struct dom_sid **sids, >- enum lsa_SidType **types, >- NTSTATUS *result); >- > static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > uint32_t num_names, >@@ -1175,12 +1164,12 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct dcerpc_binding_handle *b = NULL; > struct policy_handle lsa_policy; > unsigned int orig_timeout = 0; >- lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names; >+ bool use_lookupnames4 = false; > > if (domain->can_do_ncacn_ip_tcp) { > status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); > if (NT_STATUS_IS_OK(status)) { >- lookup_names_fn = dcerpc_lsa_lookup_names4; >+ use_lookupnames4 = true; > goto lookup; > } > domain->can_do_ncacn_ip_tcp = false; >@@ -1201,16 +1190,17 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > */ > orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); > >- status = lookup_names_fn(b, >- mem_ctx, >- &lsa_policy, >- num_names, >- (const char **) names, >- domains, >- 1, >- sids, >- types, >- &result); >+ status = dcerpc_lsa_lookup_names_generic(b, >+ mem_ctx, >+ &lsa_policy, >+ num_names, >+ (const char **) names, >+ domains, >+ 1, >+ sids, >+ types, >+ use_lookupnames4, >+ &result); > > /* And restore our original timeout. */ > dcerpc_binding_handle_set_timeout(b, orig_timeout); >-- >1.7.11.7 > > >From 00aeba605d624b2db282204f9d5cf48d47de5d1f Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Wed, 28 Nov 2012 20:41:21 +0100 >Subject: [PATCH 6/9] s3-winbindd: remove lookup_sids_fn_t. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 33 ++++++++++++--------------------- > 1 file changed, 12 insertions(+), 21 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 55cc55b..f772428 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1064,16 +1064,6 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, > return status; > } > >-typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h, >- TALLOC_CTX *mem_ctx, >- struct policy_handle *pol, >- int num_sids, >- const struct dom_sid *sids, >- char ***pdomains, >- char ***pnames, >- enum lsa_SidType **ptypes, >- NTSTATUS *result); >- > NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, > uint32_t num_sids, >@@ -1088,12 +1078,12 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct dcerpc_binding_handle *b = NULL; > struct policy_handle lsa_policy; > unsigned int orig_timeout; >- lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids; >+ bool use_lookupsids3 = false; > > if (domain->can_do_ncacn_ip_tcp) { > status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); > if (NT_STATUS_IS_OK(status)) { >- lookup_sids_fn = dcerpc_lsa_lookup_sids3; >+ use_lookupsids3 = true; > goto lookup; > } > domain->can_do_ncacn_ip_tcp = false; >@@ -1114,15 +1104,16 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > */ > orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); > >- status = lookup_sids_fn(b, >- mem_ctx, >- &lsa_policy, >- num_sids, >- sids, >- domains, >- names, >- types, >- &result); >+ status = dcerpc_lsa_lookup_sids_generic(b, >+ mem_ctx, >+ &lsa_policy, >+ num_sids, >+ sids, >+ domains, >+ names, >+ types, >+ use_lookupsids3, >+ &result); > > /* And restore our original timeout. */ > dcerpc_binding_handle_set_timeout(b, orig_timeout); >-- >1.7.11.7 > > >From 1fd7302d08e6ccbe82802a0be9863e902e32c0d4 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 29 Nov 2012 12:03:16 +0100 >Subject: [PATCH 7/9] s3-winbindd: rework reconnect logic in > winbindd_lookup_sids(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 26 ++++++++++++++------------ > 1 file changed, 14 insertions(+), 12 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index f772428..03b919f 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1079,24 +1079,20 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > struct policy_handle lsa_policy; > unsigned int orig_timeout; > bool use_lookupsids3 = false; >+ bool retried = false; > >- if (domain->can_do_ncacn_ip_tcp) { >- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); >- if (NT_STATUS_IS_OK(status)) { >- use_lookupsids3 = true; >- goto lookup; >- } >- domain->can_do_ncacn_ip_tcp = false; >- } >- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >- >+ connect: >+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >- lookup: > b = cli->binding_handle; > >+ if (cli->transport->transport == NCACN_IP_TCP) { >+ use_lookupsids3 = true; >+ } >+ > /* > * This call can take a long time > * allow the server to time out. >@@ -1119,7 +1115,8 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > dcerpc_binding_handle_set_timeout(b, orig_timeout); > > if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { >+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { > /* > * This can happen if the schannel key is not > * valid anymore, we need to invalidate the >@@ -1127,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, > * a netlogon connection first. > */ > invalidate_cm_connection(&domain->conn); >+ domain->can_do_ncacn_ip_tcp = domain->active_directory; >+ if (!retried) { >+ retried = true; >+ goto connect; >+ } > status = NT_STATUS_ACCESS_DENIED; > } > >-- >1.7.11.7 > > >From a226a79e75fb3bc28446427100e44615150d435b Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 29 Nov 2012 12:03:53 +0100 >Subject: [PATCH 8/9] s3-winbindd: rework reconnect logic in > winbindd_lookup_names(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_msrpc.c | 25 +++++++++++++------------ > 1 file changed, 13 insertions(+), 12 deletions(-) > >diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c >index 03b919f..e86838c 100644 >--- a/source3/winbindd/winbindd_msrpc.c >+++ b/source3/winbindd/winbindd_msrpc.c >@@ -1158,24 +1158,20 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > struct policy_handle lsa_policy; > unsigned int orig_timeout = 0; > bool use_lookupnames4 = false; >+ bool retried = false; > >- if (domain->can_do_ncacn_ip_tcp) { >- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); >- if (NT_STATUS_IS_OK(status)) { >- use_lookupnames4 = true; >- goto lookup; >- } >- domain->can_do_ncacn_ip_tcp = false; >- } >- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >- >+ connect: >+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >- lookup: > b = cli->binding_handle; > >+ if (cli->transport->transport == NCACN_IP_TCP) { >+ use_lookupnames4 = true; >+ } >+ > /* > * This call can take a long time > * allow the server to time out. >@@ -1199,7 +1195,8 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > dcerpc_binding_handle_set_timeout(b, orig_timeout); > > if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || >- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { >+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || >+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { > /* > * This can happen if the schannel key is not > * valid anymore, we need to invalidate the >@@ -1207,6 +1204,10 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, > * a netlogon connection first. > */ > invalidate_cm_connection(&domain->conn); >+ if (!retried) { >+ retried = true; >+ goto connect; >+ } > status = NT_STATUS_ACCESS_DENIED; > } > >-- >1.7.11.7 > > >From 5a00aec463a91a434b8cdd5bd2584dfa0472a61a Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 29 Nov 2012 14:31:19 +0100 >Subject: [PATCH 9/9] s3-winbind: use new reconnect logic in rpc_lookup_sids() > also. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Volker, please check. > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >--- > source3/winbindd/winbindd_rpc.c | 23 +++++++---------------- > 1 file changed, 7 insertions(+), 16 deletions(-) > >diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c >index a3faf42..a96dbb1 100644 >--- a/source3/winbindd/winbindd_rpc.c >+++ b/source3/winbindd/winbindd_rpc.c >@@ -1057,6 +1057,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, > > static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, > struct winbindd_domain *domain, >+ struct rpc_pipe_client *cli, > struct lsa_SidArray *sids, > struct lsa_RefDomainList **pdomains, > struct lsa_TransNameArray **pnames) >@@ -1064,15 +1065,8 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, > struct lsa_TransNameArray2 lsa_names2; > struct lsa_TransNameArray *names; > uint32_t i, count; >- struct rpc_pipe_client *cli; > NTSTATUS status, result; > >- status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli); >- if (!NT_STATUS_IS_OK(status)) { >- domain->can_do_ncacn_ip_tcp = false; >- return status; >- } >- > ZERO_STRUCT(lsa_names2); > status = dcerpc_lsa_LookupSids3(cli->binding_handle, > mem_ctx, >@@ -1122,19 +1116,16 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, > uint32_t count; > NTSTATUS status, result; > >- if (domain->can_do_ncacn_ip_tcp) { >- status = rpc_try_lookup_sids3(mem_ctx, domain, sids, >- pdomains, pnames); >- if (!NT_STATUS_IS_ERR(status)) { >- return status; >- } >- } >- >- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); >+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); > if (!NT_STATUS_IS_OK(status)) { > return status; > } > >+ if (cli->transport->transport == NCACN_IP_TCP) { >+ return rpc_try_lookup_sids3(mem_ctx, domain, cli, sids, >+ pdomains, pnames); >+ } >+ > names = talloc_zero(mem_ctx, struct lsa_TransNameArray); > if (names == NULL) { > return NT_STATUS_NO_MEMORY; >-- >1.7.11.7 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 9439
:
8243
| 8251