sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-12 20:58:37 +03:00
Code

s3:rpc_client: Add remote name and socket to cli_rpc_pipe_open_bind_schannel()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 62aa769667464451cda672fc073e52a8e52ae4c1)
This commit is contained in:
Andreas Schneider 2021-11-18 11:47:26 +01:00 committed by Stefan Metzmacher
parent 16d886511f
commit aca47d48f5
6 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
source3/rpc_client/cli_netlogon.c
View File

@ -368,15 +368,22 @@ again:
}
}
remote_name = smbXcli_conn_remote_name(cli->conn);
remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
do_serverauth = force_reauth || !found_existing_creds;
if (!do_serverauth) {
/*
* Do the quick schannel bind without a reauth
*/
status = cli_rpc_pipe_open_bind_schannel(
cli, &ndr_table_netlogon, transport, creds_ctx,
&rpccli);
status = cli_rpc_pipe_open_bind_schannel(cli,
&ndr_table_netlogon,
transport,
creds_ctx,
remote_name,
remote_sockaddr,
&rpccli);
if (!retry && NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
DBG_DEBUG("Retrying with serverauthenticate\n");
TALLOC_FREE(lck);
@ -426,9 +433,6 @@ again:
goto fail;
}
remote_name = smbXcli_conn_remote_name(cli->conn);
remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
status = cli_rpc_pipe_open_noauth_transport(cli,
transport,
&ndr_table_netlogon,
@ -443,8 +447,13 @@ again:
goto done;
}
status = cli_rpc_pipe_open_bind_schannel(
cli, &ndr_table_netlogon, transport, creds_ctx, &rpccli);
status = cli_rpc_pipe_open_bind_schannel(cli,
&ndr_table_netlogon,
transport,
creds_ctx,
remote_name,
remote_sockaddr,
&rpccli);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("cli_rpc_pipe_open_bind_schannel "
"failed: %s\n", nt_errstr(status));

17
source3/rpc_client/cli_pipe.c
View File

@ -3425,6 +3425,8 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
struct netlogon_creds_cli_context *netlogon_creds,
const char *remote_name,
const struct sockaddr_storage *remote_sockaddr,
struct rpc_pipe_client **_rpccli)
{
struct rpc_pipe_client *rpccli;
@ -3433,9 +3435,6 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
struct cli_credentials *cli_creds;
enum dcerpc_AuthLevel auth_level;
NTSTATUS status;
const char *remote_name = smbXcli_conn_remote_name(cli->conn);
const struct sockaddr_storage *remote_sockaddr =
smbXcli_conn_remote_sockaddr(cli->conn);
status = cli_rpc_pipe_open(cli,
transport,
@ -3500,6 +3499,9 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
struct rpc_pipe_client *rpccli;
struct netlogon_creds_cli_lck *lck;
NTSTATUS status;
const char *remote_name = smbXcli_conn_remote_name(cli->conn);
const struct sockaddr_storage *remote_sockaddr =
smbXcli_conn_remote_sockaddr(cli->conn);
status = netlogon_creds_cli_lck(
netlogon_creds, NETLOGON_CREDS_CLI_LCK_EXCLUSIVE,
@ -3511,8 +3513,13 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
return status;
}
status = cli_rpc_pipe_open_bind_schannel(
cli, table, transport, netlogon_creds, &rpccli);
status = cli_rpc_pipe_open_bind_schannel(cli,
table,
transport,
netlogon_creds,
remote_name,
remote_sockaddr,
&rpccli);
if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
netlogon_creds_cli_delete_lck(netlogon_creds);
}

4
source3/rpc_client/cli_pipe.h
View File

@ -95,6 +95,8 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
struct netlogon_creds_cli_context *netlogon_creds,
const char *remote_name,
const struct sockaddr_storage *remote_sockaddr,
struct rpc_pipe_client **_rpccli);
NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
const struct ndr_interface_table *table,
@ -107,6 +109,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
const char *domain,
const char *remote_name,
const struct sockaddr_storage *remote_sockaddr,
struct rpc_pipe_client **presult,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **pcreds);

5
source3/rpc_client/cli_pipe_schannel.c
View File

@ -42,12 +42,13 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_interface_table *table,
enum dcerpc_transport_t transport,
const char *domain,
const char *remote_name,
const struct sockaddr_storage *remote_sockaddr,
struct rpc_pipe_client **presult,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_cli_context **pcreds)
{
TALLOC_CTX *frame = talloc_stackframe();
const char *dc_name = smbXcli_conn_remote_name(cli->conn);
struct rpc_pipe_client *result = NULL;
NTSTATUS status;
struct cli_credentials *cli_creds = NULL;
@ -63,7 +64,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
}
status = rpccli_create_netlogon_creds_ctx(cli_creds,
dc_name,
remote_name,
msg_ctx,
frame,
&netlogon_creds);

2
source3/rpcclient/rpcclient.c
View File

@ -968,6 +968,8 @@ static NTSTATUS do_cmd(struct cli_state *cli,
cmd_entry->table,
transport,
rpcclient_netlogon_domain,
remote_name,
remote_sockaddr,
&cmd_entry->rpc_pipe,
rpcclient_msg_ctx,
&rpcclient_netlogon_creds);

7
source3/utils/net_rpc.c
View File

@ -194,11 +194,18 @@ int run_rpc_command(struct net_context *c,
if (lp_client_schannel()
&& (ndr_syntax_id_equal(&table->syntax_id,
&ndr_table_netlogon.syntax_id))) {
const char *remote_name =
smbXcli_conn_remote_name(cli->conn);
const struct sockaddr_storage *remote_sockaddr =
smbXcli_conn_remote_sockaddr(cli->conn);
/* Always try and create an schannel netlogon pipe. */
TALLOC_FREE(c->netlogon_creds);
nt_status = cli_rpc_pipe_open_schannel(
cli, c->msg_ctx, table, NCACN_NP,
domain_name,
remote_name,
remote_sockaddr,
&pipe_hnd, c, &c->netlogon_creds);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",