sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
5f365e71c1
samba-mirror/source4/librpc/rpc/dcerpc_secondary.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

433 lines
12 KiB
C
Raw Normal View History

r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
/*
Unix SMB/CIFS implementation.
dcerpc connect functions
Copyright (C) Andrew Tridgell 2003
Copyright (C) Jelmer Vernooij 2004
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2007
Copyright (C) Rafal Szczesniak 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
s4:librpc: make all but dcerpc_pipe->binding_handle internal struct members We could use a dcerpc_internal.h for struct dcecli_security and struct dcecli_connection, but in struct dcerpc_pipe we still expose binding_handle and changing that would require way too much work for now... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-19 00:35:20 +03:00
#define SOURCE4_LIBRPC_INTERNALS 1
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
#include "includes.h"
#include "libcli/composite/composite.h"
#include "lib/events/events.h"
#include "librpc/rpc/dcerpc.h"
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-04-02 06:53:27 +04:00
#include "librpc/rpc/dcerpc_proto.h"
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
#include "auth/credentials/credentials.h"
r26313: Fix more uses of static loadparm. (This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-06 18:54:34 +03:00
#include "param/param.h"
r26376: Add context for libcli_resolve. (This used to be commit 459e1466a411d6f83b7372e248566e6e71c745fc)
2007-12-10 20:41:19 +03:00
#include "libcli/resolve/resolve.h"
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
#include "lib/util/util_net.h"
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
struct sec_conn_state {
struct dcerpc_pipe *pipe;
struct dcerpc_pipe *pipe2;
s4:librpc/rpc: set "localaddress" and reset "host" for ncacn_ip_tcp We should remember local and remote ip address in dcerpc_pipe->binding. Note: that we still have the "target_hostname" unmodified, if present. This way dcerpc_pipe->binding can be used to create a secondary connection that is a additional connection for the existing association group. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 19:28:54 +04:00
struct dcerpc_binding *binding;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
};
static void continue_open_smb(struct composite_context *ctx);
static void continue_open_tcp(struct composite_context *ctx);
s4:librpc/rpc: avoid using dcerpc_unix_socket_path() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_unix_socket_path() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 12:53:49 +04:00
static void continue_open_ncalrpc(struct composite_context *ctx);
static void continue_open_ncacn_unix(struct composite_context *ctx);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
static void continue_pipe_open(struct composite_context *c);
/*
Send request to create a secondary dcerpc connection from a primary
connection
*/
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-04-02 06:53:27 +04:00
_PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
s4:librpc/rpc: pass dcerpc_binding arround as 'const' This should only be modified by the owner. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-12 15:19:48 +04:00
const struct dcerpc_binding *b)
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
{
struct composite_context *c;
struct sec_conn_state *s;
struct composite_context *pipe_smb_req;
struct composite_context *pipe_tcp_req;
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
const char *localaddress = NULL;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
struct composite_context *pipe_ncalrpc_req;
s4:librpc/rpc: avoid using dcerpc_unix_socket_path() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_unix_socket_path() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 12:53:49 +04:00
const char *ncalrpc_dir = NULL;
struct composite_context *pipe_unix_req;
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
const char *host;
s4:librpc/rpc: use dcerpc_binding_get_string_option() for "host" and "target_hostname" Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 13:03:09 +04:00
const char *target_hostname;
s4:librpc/rpc: make use of dcerpc_binding_get_string_option("endpoint") Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 14:30:38 +04:00
const char *endpoint;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
/* composite context allocation and setup */
c = composite_create(p, p->conn->event_ctx);
if (c == NULL) return NULL;
s = talloc_zero(c, struct sec_conn_state);
if (composite_nomem(s, c)) return c;
c->private_data = s;
s->pipe = p;
s4:librpc/rpc: set "localaddress" and reset "host" for ncacn_ip_tcp We should remember local and remote ip address in dcerpc_pipe->binding. Note: that we still have the "target_hostname" unmodified, if present. This way dcerpc_pipe->binding can be used to create a secondary connection that is a additional connection for the existing association group. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 19:28:54 +04:00
s->binding = dcerpc_binding_dup(s, b);
if (composite_nomem(s->binding, c)) return c;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
/* initialise second dcerpc pipe based on primary pipe's event context */
Finish removal of iconv_convenience in public API's.
2010-05-09 19:20:01 +04:00
s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
if (composite_nomem(s->pipe2, c)) return c;
Remove another use of global_loadparm.
2008-11-02 02:26:04 +03:00
if (DEBUGLEVEL >= 10)
s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir;
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
host = dcerpc_binding_get_string_option(s->binding, "host");
if (host == NULL) {
/*
* We may fallback to the host of the given connection
*/
host = dcerpc_binding_get_string_option(s->pipe->binding,
"host");
}
s4:librpc/rpc: use dcerpc_binding_get_string_option() for "host" and "target_hostname" Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 13:03:09 +04:00
target_hostname = dcerpc_binding_get_string_option(s->binding, "target_hostname");
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
if (target_hostname == NULL) {
/*
* We may fallback to the target_hostname of the given connection
*/
target_hostname = dcerpc_binding_get_string_option(s->pipe->binding,
"target_hostname");
}
s4:librpc/rpc: make use of dcerpc_binding_get_string_option("endpoint") Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 14:30:38 +04:00
endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
if (endpoint == NULL) {
/*
* We may fallback to the endpoint of the given connection
*/
endpoint = dcerpc_binding_get_string_option(s->pipe->binding, "endpoint");
}
if (endpoint == NULL) {
composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
return c;
}
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
/* open second dcerpc pipe using the same transport as for primary pipe */
switch (s->pipe->conn->transport.transport) {
case NCACN_NP:
s4:librpc/rpc: make use of dcerpc_binding_get_string_option("endpoint") Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 14:30:38 +04:00
pipe_smb_req = dcerpc_secondary_smb_send(s->pipe->conn,
s->pipe2->conn,
endpoint);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
composite_continue(c, pipe_smb_req, continue_open_smb, c);
return c;
case NCACN_IP_TCP:
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
if (host == NULL) {
composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
s4:librpc/rpc: remove we should not redo the name resolving for secondary tcp connections metze
2008-12-18 02:09:17 +03:00
return c;
}
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
if (!is_ipaddress(host)) {
/*
* We may fallback to the host of the given connection
*/
host = dcerpc_binding_get_string_option(s->pipe->binding,
"host");
if (host == NULL) {
composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
return c;
}
if (!is_ipaddress(host)) {
composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
return c;
}
}
localaddress = dcerpc_binding_get_string_option(s->binding,
s4:librpc/rpc: use dcerpc_binding_[g|set]_string_option("localaddress") We should avoid deferencing struct dcerpc_binding if possible. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 18:39:55 +04:00
"localaddress");
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
if (localaddress == NULL) {
/*
* We may fallback to the localaddress of the given connection
*/
localaddress = dcerpc_binding_get_string_option(s->pipe->binding,
"localaddress");
}
s4:librpc/rpc: use dcerpc_binding_[g|set]_string_option("localaddress") We should avoid deferencing struct dcerpc_binding if possible. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 18:39:55 +04:00
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
pipe_tcp_req = dcerpc_pipe_open_tcp_send(s->pipe2->conn,
s4:librpc/rpc: avoid using dcerpc_socket_peer_addr() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_socket_peer_addr() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-14 04:08:31 +04:00
localaddress,
host,
s4:librpc/rpc: use dcerpc_binding_get_string_option() for "host" and "target_hostname" Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 13:03:09 +04:00
target_hostname,
s4:librpc/rpc: make use of dcerpc_binding_get_string_option("endpoint") Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 14:30:38 +04:00
atoi(endpoint),
s4:librpc/rpc: remove we should not redo the name resolving for secondary tcp connections metze
2008-12-18 02:09:17 +03:00
resolve_context_init(s));
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
composite_continue(c, pipe_tcp_req, continue_open_tcp, c);
return c;
case NCALRPC:
s4:librpc/rpc: avoid using dcerpc_unix_socket_path() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_unix_socket_path() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 12:53:49 +04:00
ncalrpc_dir = dcerpc_binding_get_string_option(s->binding,
"ncalrpc_dir");
if (ncalrpc_dir == NULL) {
ncalrpc_dir = dcerpc_binding_get_string_option(s->pipe->binding,
"ncalrpc_dir");
}
if (ncalrpc_dir == NULL) {
composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
return c;
}
pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn,
ncalrpc_dir,
endpoint);
composite_continue(c, pipe_ncalrpc_req, continue_open_ncalrpc, c);
return c;
Remove two more uses of global loadparm by remember required details for secondary DCE/RPC connections.
2008-09-30 06:01:47 +04:00
case NCACN_UNIX_STREAM:
s4:librpc/rpc: avoid using dcerpc_unix_socket_path() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_unix_socket_path() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 12:53:49 +04:00
pipe_unix_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn,
endpoint);
composite_continue(c, pipe_unix_req, continue_open_ncacn_unix, c);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
return c;
default:
/* looks like a transport we don't support */
composite_error(c, NT_STATUS_NOT_SUPPORTED);
}
return c;
}
/*
Stage 2 of secondary_connection: Receive result of pipe open request on smb
*/
static void continue_open_smb(struct composite_context *ctx)
{
struct composite_context *c = talloc_get_type(ctx->async.private_data,
struct composite_context);
s4:librpc/rpc: make use of dcerpc_secondary_smb_send/recv() in dcerpc_secondary_context() This avoids the use of dcerpc_smb_tree(), which is a layer violation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17 09:18:19 +04:00
c->status = dcerpc_secondary_smb_recv(ctx);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
if (!composite_is_ok(c)) return;
continue_pipe_open(c);
}
/*
Stage 2 of secondary_connection: Receive result of pipe open request on tcp/ip
*/
static void continue_open_tcp(struct composite_context *ctx)
{
struct composite_context *c = talloc_get_type(ctx->async.private_data,
struct composite_context);
s4:librpc/rpc: set "localaddress" and reset "host" for ncacn_ip_tcp We should remember local and remote ip address in dcerpc_pipe->binding. Note: that we still have the "target_hostname" unmodified, if present. This way dcerpc_pipe->binding can be used to create a secondary connection that is a additional connection for the existing association group. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 19:28:54 +04:00
struct sec_conn_state *s = talloc_get_type_abort(c->private_data,
struct sec_conn_state);
char *localaddr = NULL;
char *remoteaddr = NULL;
s4:librpc/rpc: return the local/remote ip from dcerpc_pipe_open_tcp_recv() It's important that the caller can remember the ips, so that a secondary connection can use the same addresses in order to get association group binding to work. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 19:27:22 +04:00
s4:librpc/rpc: set "localaddress" and reset "host" for ncacn_ip_tcp We should remember local and remote ip address in dcerpc_pipe->binding. Note: that we still have the "target_hostname" unmodified, if present. This way dcerpc_pipe->binding can be used to create a secondary connection that is a additional connection for the existing association group. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 19:28:54 +04:00
c->status = dcerpc_pipe_open_tcp_recv(ctx, s, &localaddr, &remoteaddr);
if (!composite_is_ok(c)) return;
c->status = dcerpc_binding_set_string_option(s->binding,
"localaddress",
localaddr);
if (!composite_is_ok(c)) return;
c->status = dcerpc_binding_set_string_option(s->binding,
"host",
remoteaddr);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
if (!composite_is_ok(c)) return;
continue_pipe_open(c);
}
/*
Stage 2 of secondary_connection: Receive result of pipe open request on ncalrpc
*/
s4:librpc/rpc: avoid using dcerpc_unix_socket_path() We use information stored in the dcerpc_binding in order to open a secondary connection. The goals are: - dcerpc_secondary_connection_* should just use the dcerpc_binding information for the first connection and just call dcerpc_pipe_connect_* - Get rid of dcerpc_pipe->transport.* and just use a tstream_context. All other details should be maintained only by the higher levels. - Hide dcerpc_pipe and dcecli_connection behind dcerpc_binding_handle. - Have just one entry point to create a new connection. For source4/librpc this will be dcerpc_pipe_connect_*. For source3/rpc_client we need a similar function. - We'll have a new dcerpc_connection layer, with also just one entry point to create a new connection. - Replace dcerpc_pipe and dcecli_connection with the new dcerpc_connection layer. - Replace rpc_pipe_client with the new dcerpc_connection layer. - When the client side is unified we can change the server as it needs to act as a client in order to register the endpoint mappings. - Then the core of the server will be changed to use the new dcerpc_connection layer. As dcerpc_unix_socket_path() uses p->transport.private_data as 'struct sock_private', we should avoid it. We can then remove dcerpc_unix_socket_path() and 'struct sock_private'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-02-13 12:53:49 +04:00
static void continue_open_ncalrpc(struct composite_context *ctx)
{
struct composite_context *c = talloc_get_type(ctx->async.private_data,
struct composite_context);
c->status = dcerpc_pipe_open_pipe_recv(ctx);
if (!composite_is_ok(c)) return;
continue_pipe_open(c);
}
/*
Stage 2 of secondary_connection: Receive result of pipe open request on ncacn_unix
*/
static void continue_open_ncacn_unix(struct composite_context *ctx)
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
{
struct composite_context *c = talloc_get_type(ctx->async.private_data,
struct composite_context);
s4:librpc/rpc: use the correct _recv function in continue_open_pipe() We start with dcerpc_pipe_open_unix_stream_send() so we need to call dcerpc_pipe_open_unix_stream_recv(). It was just luck that it worked before... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-04 14:06:21 +04:00
c->status = dcerpc_pipe_open_unix_stream_recv(ctx);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
if (!composite_is_ok(c)) return;
continue_pipe_open(c);
}
/*
Stage 3 of secondary_connection: Get binding data and flags from primary pipe
and say if we're done ok.
*/
static void continue_pipe_open(struct composite_context *c)
{
struct sec_conn_state *s;
s = talloc_get_type(c->private_data, struct sec_conn_state);
s->pipe2->conn->flags = s->pipe->conn->flags;
s4:librpc: use dcerpc_binding_dup() instead of talloc_reference() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-09-19 20:23:37 +04:00
s->pipe2->binding = dcerpc_binding_dup(s->pipe2, s->binding);
if (composite_nomem(s->pipe2->binding, c)) {
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
return;
}
composite_done(c);
}
/*
Receive result of secondary rpc connection request and return
second dcerpc pipe.
*/
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-04-02 06:53:27 +04:00
_PUBLIC_ NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
struct dcerpc_pipe **p2)
{
NTSTATUS status = composite_wait(c);
struct sec_conn_state *s;
s = talloc_get_type(c->private_data, struct sec_conn_state);
if (NT_STATUS_IS_OK(status)) {
*p2 = talloc_steal(s->pipe, s->pipe2);
}
talloc_free(c);
return status;
}
/*
Create a secondary DCERPC connection, then bind (and possibly
authenticate) using the supplied credentials.
This creates a second connection, to the same host (and on ncacn_np on the same connection) as the first
*/
struct sec_auth_conn_state {
struct dcerpc_pipe *pipe2;
s4:librpc/rpc: pass dcerpc_binding arround as 'const' This should only be modified by the owner. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-12 15:19:48 +04:00
const struct dcerpc_binding *binding;
r24551: rename dcerpc_interface_table -> ndr_interface_table rename dcerpc_interface_list -> ndr_interface_list and move them to libndr.h metze (This used to be commit 4adbebef5df2f833d2d4bfcdda72a34179d52f5c)
2007-08-20 00:46:45 +04:00
const struct ndr_interface_table *table;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
struct cli_credentials *credentials;
struct composite_context *ctx;
r26327: Explicit loadparm_context for RPC client functions. (This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
2007-12-07 04:37:04 +03:00
struct loadparm_context *lp_ctx;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
};
static void dcerpc_secondary_auth_connection_bind(struct composite_context *ctx);
static void dcerpc_secondary_auth_connection_continue(struct composite_context *ctx);
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-04-02 06:53:27 +04:00
_PUBLIC_ struct composite_context* dcerpc_secondary_auth_connection_send(struct dcerpc_pipe *p,
s4:librpc/rpc: pass dcerpc_binding arround as 'const' This should only be modified by the owner. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-12 15:19:48 +04:00
const struct dcerpc_binding *binding,
r24551: rename dcerpc_interface_table -> ndr_interface_table rename dcerpc_interface_list -> ndr_interface_list and move them to libndr.h metze (This used to be commit 4adbebef5df2f833d2d4bfcdda72a34179d52f5c)
2007-08-20 00:46:45 +04:00
const struct ndr_interface_table *table,
r26327: Explicit loadparm_context for RPC client functions. (This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
2007-12-07 04:37:04 +03:00
struct cli_credentials *credentials,
struct loadparm_context *lp_ctx)
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
{
struct composite_context *c, *secondary_conn_ctx;
struct sec_auth_conn_state *s;
/* composite context allocation and setup */
c = composite_create(p, p->conn->event_ctx);
if (c == NULL) return NULL;
s = talloc_zero(c, struct sec_auth_conn_state);
if (composite_nomem(s, c)) return c;
c->private_data = s;
s->ctx = c;
s->binding = binding;
s->table = table;
s->credentials = credentials;
r26327: Explicit loadparm_context for RPC client functions. (This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
2007-12-07 04:37:04 +03:00
s->lp_ctx = lp_ctx;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
secondary_conn_ctx = dcerpc_secondary_connection_send(p, binding);
if (composite_nomem(secondary_conn_ctx, s->ctx)) {
talloc_free(c);
return NULL;
}
composite_continue(s->ctx, secondary_conn_ctx, dcerpc_secondary_auth_connection_bind,
s);
return c;
}
/*
Stage 2 of secondary_auth_connection:
Having made the secondary connection, we will need to do an (authenticated) bind
*/
static void dcerpc_secondary_auth_connection_bind(struct composite_context *ctx)
{
struct composite_context *secondary_auth_ctx;
struct sec_auth_conn_state *s = talloc_get_type(ctx->async.private_data,
struct sec_auth_conn_state);
s->ctx->status = dcerpc_secondary_connection_recv(ctx, &s->pipe2);
if (!composite_is_ok(s->ctx)) return;
r26327: Explicit loadparm_context for RPC client functions. (This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
2007-12-07 04:37:04 +03:00
secondary_auth_ctx = dcerpc_pipe_auth_send(s->pipe2, s->binding, s->table, s->credentials,
s->lp_ctx);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
composite_continue(s->ctx, secondary_auth_ctx, dcerpc_secondary_auth_connection_continue, s);
}
/*
Stage 3 of secondary_auth_connection: Receive result of authenticated bind request
*/
static void dcerpc_secondary_auth_connection_continue(struct composite_context *ctx)
{
struct sec_auth_conn_state *s = talloc_get_type(ctx->async.private_data,
struct sec_auth_conn_state);
s->ctx->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe2);
if (!composite_is_ok(s->ctx)) return;
composite_done(s->ctx);
}
/*
Receive an authenticated pipe, created as a secondary connection
*/
Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-04-02 06:53:27 +04:00
_PUBLIC_ NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c,
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 15:27:29 +04:00
TALLOC_CTX *mem_ctx,
struct dcerpc_pipe **p)
{
NTSTATUS status = composite_wait(c);
struct sec_auth_conn_state *s;
s = talloc_get_type(c->private_data, struct sec_auth_conn_state);
if (NT_STATUS_IS_OK(status)) {
*p = talloc_steal(mem_ctx, s->pipe2);
}
talloc_free(c);
return status;
}
s4:librpc/rpc: add dcerpc_secondary_auth_connection() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-17 12:31:51 +04:00
_PUBLIC_ NTSTATUS dcerpc_secondary_auth_connection(struct dcerpc_pipe *p,
const struct dcerpc_binding *binding,
const struct ndr_interface_table *table,
struct cli_credentials *credentials,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
struct dcerpc_pipe **p2)
{
struct composite_context *c;
c = dcerpc_secondary_auth_connection_send(p, binding, table,
credentials, lp_ctx);
return dcerpc_secondary_auth_connection_recv(c, mem_ctx, p2);
}
Copy Permalink