1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3:rpc_client: pass remote_{name,sockaddr} to rpccli_connect_netlogon()

Otherwise this can only work with NCACN_NP...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Stefan Metzmacher 2024-09-20 10:03:11 +02:00 committed by Ralph Boehme
parent 10d34de8d3
commit d1a3c74eb9
4 changed files with 26 additions and 14 deletions

View File

@ -1184,6 +1184,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *passwordset_pipe = NULL;
struct cli_credentials *cli_creds;
struct netlogon_creds_cli_context *netlogon_creds = NULL;
const struct sockaddr_storage *remote_sockaddr = NULL;
size_t len = 0;
bool ok;
DATA_BLOB new_trust_blob = data_blob_null;
@ -1220,6 +1221,8 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
r->in.passed_machine_password,
CRED_SPECIFIED);
remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
status = rpccli_create_netlogon_creds_ctx(cli_creds,
r->in.dc_name,
r->in.msg_ctx,
@ -1232,6 +1235,8 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
status = rpccli_connect_netlogon(cli,
NCACN_NP,
r->in.dc_name,
remote_sockaddr,
netlogon_creds,
true, /* force_reauth */
cli_creds,
@ -1630,6 +1635,7 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
struct netlogon_creds_cli_context *netlogon_creds = NULL;
NTSTATUS status;
int flags = CLI_FULL_CONNECTION_IPC;
const struct sockaddr_storage *remote_sockaddr = NULL;
if (!dc_name) {
TALLOC_FREE(frame);
@ -1688,6 +1694,8 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
return status;
}
remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
status = rpccli_create_netlogon_creds_ctx(cli_creds,
dc_name,
msg_ctx,
@ -1701,6 +1709,8 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
status = rpccli_connect_netlogon(cli,
NCACN_NP,
dc_name,
remote_sockaddr,
netlogon_creds,
true, /* force_reauth */
cli_creds,

View File

@ -301,6 +301,8 @@ NTSTATUS rpccli_setup_netlogon_creds(
NTSTATUS rpccli_connect_netlogon(
struct cli_state *cli,
enum dcerpc_transport_t transport,
const char *remote_name,
const struct sockaddr_storage *remote_sockaddr,
struct netlogon_creds_cli_context *creds_ctx,
bool force_reauth,
struct cli_credentials *trust_creds,
@ -318,8 +320,6 @@ NTSTATUS rpccli_connect_netlogon(
struct rpc_pipe_client *rpccli;
NTSTATUS status;
bool retry = false;
const char *remote_name = NULL;
const struct sockaddr_storage *remote_sockaddr = NULL;
sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds);
if (sec_chan_type == SEC_CHAN_NULL) {
@ -380,9 +380,6 @@ again:
}
}
remote_name = smbXcli_conn_remote_name(cli->conn);
remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
do_serverauth = force_reauth || !found_existing_creds;
if (!do_serverauth) {

View File

@ -48,6 +48,8 @@ NTSTATUS rpccli_setup_netlogon_creds(
NTSTATUS rpccli_connect_netlogon(
struct cli_state *cli,
enum dcerpc_transport_t transport,
const char *remote_name,
const struct sockaddr_storage *remote_sockaddr,
struct netlogon_creds_cli_context *creds_ctx,
bool force_reauth,
struct cli_credentials *trust_creds,

View File

@ -3201,6 +3201,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
NTSTATUS result;
enum netr_SchannelType sec_chan_type;
struct cli_credentials *creds = NULL;
const char *remote_name = NULL;
const struct sockaddr_storage *remote_sockaddr = NULL;
*cli = NULL;
@ -3230,6 +3232,9 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
TALLOC_FREE(conn->netlogon_pipe);
TALLOC_FREE(conn->netlogon_creds_ctx);
remote_name = smbXcli_conn_remote_name(conn->cli->conn);
remote_sockaddr = smbXcli_conn_remote_sockaddr(conn->cli->conn);
result = winbindd_get_trust_credentials(domain,
talloc_tos(),
true, /* netlogon */
@ -3250,11 +3255,6 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
sec_chan_type = cli_credentials_get_secure_channel_type(creds);
if (sec_chan_type == SEC_CHAN_NULL) {
const char *remote_name =
smbXcli_conn_remote_name(conn->cli->conn);
const struct sockaddr_storage *remote_sockaddr =
smbXcli_conn_remote_sockaddr(conn->cli->conn);
if (transport == NCACN_IP_TCP) {
DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL "
"for %s, deny NCACN_IP_TCP and let the "
@ -3295,9 +3295,12 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
return result;
}
result = rpccli_connect_netlogon(
conn->cli, transport,
conn->netlogon_creds_ctx, conn->netlogon_force_reauth, creds,
result = rpccli_connect_netlogon(conn->cli,
transport,
remote_name,
remote_sockaddr,
conn->netlogon_creds_ctx,
conn->netlogon_force_reauth, creds,
&conn->netlogon_pipe);
conn->netlogon_force_reauth = false;
if (!NT_STATUS_IS_OK(result)) {