s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally

The idea here is that perhaps some real client relies on this (and not just Samba torture
commands), so we need a way to support it for the 4.6 release.

If no such client emerges, it can be deprecated and removed in the normal way.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

docs-xml/smbdotconf/protocol/lsaovernetlogon.xml

@@ -0,0 +1,21 @@
+<samba:parameter name="lsa over netlogon"
+                 context="G"
+                 type="boolean"
+                 deprecated="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>Setting this deprecated option will allow the RPC server
+	in the AD DC to answer the LSARPC interface on the
+	<command>\pipe\netlogon</command> IPC pipe.</para>
+
+	<para>When enabled, this matches the behaviour of Microsoft's
+	Windows, due to their internal implementation choices.</para>
+
+	<para>If it is disabled (the default), the AD DC can offer
+	improved performance, as the netlogon server is decoupled and
+	can run as multiple processes.</para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>

pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm

@@ -262,8 +262,11 @@ NTSTATUS dcerpc_server_$name\_init(void)
 	    .name = \"$name\",
 
 	    /* fill in all the operations */
+#ifdef DCESRV_INTERFACE_$uname\_INIT_SERVER
+	    .init_server = DCESRV_INTERFACE_$uname\_INIT_SERVER,
+#else
 	    .init_server = $name\__op_init_server,
-
+#endif
 	    .interface_by_uuid = $name\__op_interface_by_uuid,
 	    .interface_by_name = $name\__op_interface_by_name
 	};

source4/rpc_server/lsa/dcesrv_lsa.c

@@ -43,6 +43,27 @@ static NTSTATUS dcesrv_interface_lsarpc_bind(struct dcesrv_call_state *dce_call,
 	return dcesrv_interface_bind_reject_connect(dce_call, iface);
 }
 
+static NTSTATUS lsarpc__op_init_server(struct dcesrv_context *dce_ctx,
+				       const struct dcesrv_endpoint_server *ep_server);
+static const struct dcesrv_interface dcesrv_lsarpc_interface;
+
+#define DCESRV_INTERFACE_LSARPC_INIT_SERVER	\
+       dcesrv_interface_lsarpc_init_server
+static NTSTATUS dcesrv_interface_lsarpc_init_server(struct dcesrv_context *dce_ctx,
+						    const struct dcesrv_endpoint_server *ep_server)
+{
+	if (lpcfg_lsa_over_netlogon(dce_ctx->lp_ctx)) {
+		NTSTATUS ret = dcesrv_interface_register(dce_ctx,
+						"ncacn_np:[\\pipe\\netlogon]",
+						&dcesrv_lsarpc_interface, NULL);
+		if (!NT_STATUS_IS_OK(ret)) {
+			DEBUG(1,("lsarpc_op_init_server: failed to register endpoint '\\pipe\\netlogon'\n"));
+			return ret;
+		}
+	}
+	return lsarpc__op_init_server(dce_ctx, ep_server);
+}
+
 /*
   this type allows us to distinguish handle types
 */