s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/selftest/knownfail.d/rpcclient_schannel b/selftest/knownfail.d/rpcclient_schannel
index 9881cc3c0cdf0404f65fbfe24093aea87bf0ff4b..5498837ee29c757186e5eb67adb4da000eee6fde 100644 (file)
--- a/selftest/knownfail.d/rpcclient_schannel
+++ b/selftest/knownfail.d/rpcclient_schannel
@@ -1,3 +1 @@
 ^samba.blackbox.rpcclient_schannel.ncacn_np.getusername.fips\(ad_member_fips:local\)
-^samba.blackbox.rpcclient_schannel.ncacn_ip_tcp.lookupsids\(ad_member:local\)
-^samba.blackbox.rpcclient_schannel.ncacn_ip_tcp.lookupsids\(ad_member_fips:local\)

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 025190cb860c8baedf5b200b77b87402d0f353a3..02705f1c70c1f3db122af10e6c5a72db9ea4ba08 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1297,11 +1297,18 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
        TALLOC_FREE(creds);
 
        if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) {
-               status = cli_rpc_pipe_open_schannel_with_creds(cli,
-                                                              &ndr_table_netlogon,
-                                                              NCACN_NP,
-                                                              netlogon_creds,
-                                                              &passwordset_pipe);
+               const char *remote_name = smbXcli_conn_remote_name(cli->conn);
+               const struct sockaddr_storage *remote_sockaddr =
+                       smbXcli_conn_remote_sockaddr(cli->conn);
+
+               status = cli_rpc_pipe_open_schannel_with_creds(
+                               cli,
+                               &ndr_table_netlogon,
+                               NCACN_NP,
+                               netlogon_creds,
+                               remote_name,
+                               remote_sockaddr,
+                               &passwordset_pipe);
                if (!NT_STATUS_IS_OK(status)) {
                        TALLOC_FREE(frame);
                        return status;
@@ -1700,6 +1707,8 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
        uint32_t netlogon_flags = 0;
        NTSTATUS status;
        int flags = CLI_FULL_CONNECTION_IPC;
+       const char *remote_name = NULL;
+       const struct sockaddr_storage *remote_sockaddr = NULL;
 
        if (!dc_name) {
                TALLOC_FREE(frame);
@@ -1800,9 +1809,15 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
                return NT_STATUS_OK;
        }
 
+       remote_name = smbXcli_conn_remote_name(cli->conn);
+       remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
+
        status = cli_rpc_pipe_open_schannel_with_creds(
                cli, &ndr_table_netlogon, NCACN_NP,
-               netlogon_creds, &netlogon_pipe);
+               netlogon_creds,
+               remote_name,
+               remote_sockaddr,
+               &netlogon_pipe);
 
        TALLOC_FREE(netlogon_pipe);
 
@@ -1810,7 +1825,7 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
                DEBUG(0,("libnet_join_ok: failed to open schannel session "
                        "on netlogon pipe to server %s for domain %s. "
                        "Error was %s\n",
-                       smbXcli_conn_remote_name(cli->conn),
+                       remote_name,
                        netbios_domain_name, nt_errstr(status)));
                cli_shutdown(cli);
                TALLOC_FREE(frame);

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 7e62907256b2ca24a2755947e0f995584c5df270..8dca089bbf5252942e67e3a6f55436bdd3dde256 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3388,15 +3388,14 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
                                               const struct ndr_interface_table *table,
                                               enum dcerpc_transport_t transport,
                                               struct netlogon_creds_cli_context *netlogon_creds,
+                                              const char *remote_name,
+                                              const struct sockaddr_storage *remote_sockaddr,
                                               struct rpc_pipe_client **_rpccli)
 {
        TALLOC_CTX *frame = talloc_stackframe();
        struct rpc_pipe_client *rpccli;
        struct netlogon_creds_cli_lck *lck;
        NTSTATUS status;
-       const char *remote_name = smbXcli_conn_remote_name(cli->conn);
-       const struct sockaddr_storage *remote_sockaddr =
-               smbXcli_conn_remote_sockaddr(cli->conn);
 
        status = netlogon_creds_cli_lck(
                netlogon_creds, NETLOGON_CREDS_CLI_LCK_EXCLUSIVE,

diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 43cd5f0b96cfb3ace3350d94eecdacdba840d12c..53c992b75ec96bb457cc904b207b808c73a23bf2 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -96,6 +96,8 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
                                               const struct ndr_interface_table *table,
                                               enum dcerpc_transport_t transport,
                                               struct netlogon_creds_cli_context *netlogon_creds,
+                                              const char *remote_name,
+                                              const struct sockaddr_storage *remote_sockaddr,
                                               struct rpc_pipe_client **_rpccli);
 
 NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,

diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 9877ea6c5422c7e38b0144b59fc452d9c3ca1b94..c33fc5baa179be209ae7a79302d5e5a7183b94fb 100644 (file)
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -95,6 +95,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
                status = cli_rpc_pipe_open_schannel_with_creds(cli, table,
                                                               transport,
                                                               netlogon_creds,
+                                                              remote_name,
+                                                              remote_sockaddr,
                                                               &result);
                if (!NT_STATUS_IS_OK(status)) {
                        TALLOC_FREE(frame);

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index ee8ae45951ee342fa9ef071c9ed497c5c452afab..5cdc53a2339710ac4204401cf411dfd329ebcf9d 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2580,6 +2580,8 @@ retry:
        TALLOC_FREE(creds);
        status = cli_rpc_pipe_open_schannel_with_creds(
                conn->cli, &ndr_table_samr, NCACN_NP, p_creds,
+               remote_name,
+               remote_sockaddr,
                &conn->samr_pipe);
 
        if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)
@@ -2722,6 +2724,8 @@ static NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
        struct winbindd_cm_conn *conn;
        struct netlogon_creds_cli_context *p_creds = NULL;
        NTSTATUS status;
+       const char *remote_name = NULL;
+       const struct sockaddr_storage *remote_sockaddr = NULL;
 
        DEBUG(10,("cm_connect_lsa_tcp\n"));
 
@@ -2748,11 +2752,17 @@ static NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
                goto done;
        }
 
-       status = cli_rpc_pipe_open_schannel_with_creds(conn->cli,
-                                                      &ndr_table_lsarpc,
-                                                      NCACN_IP_TCP,
-                                                      p_creds,
-                                                      &conn->lsa_pipe_tcp);
+       remote_name = smbXcli_conn_remote_name(conn->cli->conn);
+       remote_sockaddr = smbXcli_conn_remote_sockaddr(conn->cli->conn);
+
+       status = cli_rpc_pipe_open_schannel_with_creds(
+                       conn->cli,
+                       &ndr_table_lsarpc,
+                       NCACN_IP_TCP,
+                       p_creds,
+                       remote_name,
+                       remote_sockaddr,
+                       &conn->lsa_pipe_tcp);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10,("cli_rpc_pipe_open_schannel_with_key failed: %s\n",
                        nt_errstr(status)));
@@ -2885,6 +2895,8 @@ retry:
        TALLOC_FREE(creds);
        result = cli_rpc_pipe_open_schannel_with_creds(
                conn->cli, &ndr_table_lsarpc, NCACN_NP, p_creds,
+               remote_name,
+               remote_sockaddr,
                &conn->lsa_pipe);
 
        if (NT_STATUS_EQUAL(result, NT_STATUS_NETWORK_SESSION_EXPIRED)