From: Andreas Schneider <asn@samba.org>
Date: Thu, 18 Nov 2021 10:47:26 +0000 (+0100)
Subject: s3:rpc_client: Add remote name and socket to cli_rpc_pipe_open_bind_schannel()
X-Git-Tag: tdb-1.4.6~469
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62aa769667464451cda672fc073e52a8e52ae4c1;p=thirdparty%2Fsamba.git

s3:rpc_client: Add remote name and socket to cli_rpc_pipe_open_bind_schannel()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index c5a967a64a4..049186e5a51 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -368,15 +368,22 @@ again:
 		}
 	}
 
+	remote_name = smbXcli_conn_remote_name(cli->conn);
+	remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
+
 	do_serverauth = force_reauth || !found_existing_creds;
 
 	if (!do_serverauth) {
 		/*
 		 * Do the quick schannel bind without a reauth
 		 */
-		status = cli_rpc_pipe_open_bind_schannel(
-			cli, &ndr_table_netlogon, transport, creds_ctx,
-			&rpccli);
+		status = cli_rpc_pipe_open_bind_schannel(cli,
+							 &ndr_table_netlogon,
+							 transport,
+							 creds_ctx,
+							 remote_name,
+							 remote_sockaddr,
+							 &rpccli);
 		if (!retry && NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
 			DBG_DEBUG("Retrying with serverauthenticate\n");
 			TALLOC_FREE(lck);
@@ -426,9 +433,6 @@ again:
 			goto fail;
 		}
 
-		remote_name = smbXcli_conn_remote_name(cli->conn);
-		remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
-
 		status = cli_rpc_pipe_open_noauth_transport(cli,
 							    transport,
 							    &ndr_table_netlogon,
@@ -443,8 +447,13 @@ again:
 		goto done;
 	}
 
-	status = cli_rpc_pipe_open_bind_schannel(
-		cli, &ndr_table_netlogon, transport, creds_ctx, &rpccli);
+	status = cli_rpc_pipe_open_bind_schannel(cli,
+						 &ndr_table_netlogon,
+						 transport,
+						 creds_ctx,
+						 remote_name,
+						 remote_sockaddr,
+						 &rpccli);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_DEBUG("cli_rpc_pipe_open_bind_schannel "
 			  "failed: %s\n", nt_errstr(status));
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index ddb1a73a3f6..7e62907256b 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3320,6 +3320,8 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
 	const struct ndr_interface_table *table,
 	enum dcerpc_transport_t transport,
 	struct netlogon_creds_cli_context *netlogon_creds,
+	const char *remote_name,
+	const struct sockaddr_storage *remote_sockaddr,
 	struct rpc_pipe_client **_rpccli)
 {
 	struct rpc_pipe_client *rpccli;
@@ -3328,9 +3330,6 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
 	struct cli_credentials *cli_creds;
 	enum dcerpc_AuthLevel auth_level;
 	NTSTATUS status;
-	const char *remote_name = smbXcli_conn_remote_name(cli->conn);
-	const struct sockaddr_storage *remote_sockaddr =
-		smbXcli_conn_remote_sockaddr(cli->conn);
 
 	status = cli_rpc_pipe_open(cli,
 				   transport,
@@ -3395,6 +3394,9 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
 	struct rpc_pipe_client *rpccli;
 	struct netlogon_creds_cli_lck *lck;
 	NTSTATUS status;
+	const char *remote_name = smbXcli_conn_remote_name(cli->conn);
+	const struct sockaddr_storage *remote_sockaddr =
+		smbXcli_conn_remote_sockaddr(cli->conn);
 
 	status = netlogon_creds_cli_lck(
 		netlogon_creds, NETLOGON_CREDS_CLI_LCK_EXCLUSIVE,
@@ -3406,8 +3408,13 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
 		return status;
 	}
 
-	status = cli_rpc_pipe_open_bind_schannel(
-		cli, table, transport, netlogon_creds, &rpccli);
+	status = cli_rpc_pipe_open_bind_schannel(cli,
+						 table,
+						 transport,
+						 netlogon_creds,
+						 remote_name,
+						 remote_sockaddr,
+						 &rpccli);
 	if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
 		netlogon_creds_cli_delete_lck(netlogon_creds);
 	}
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index f9392515e69..43cd5f0b96c 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -89,6 +89,8 @@ NTSTATUS cli_rpc_pipe_open_bind_schannel(
 	const struct ndr_interface_table *table,
 	enum dcerpc_transport_t transport,
 	struct netlogon_creds_cli_context *netlogon_creds,
+	const char *remote_name,
+	const struct sockaddr_storage *remote_sockaddr,
 	struct rpc_pipe_client **_rpccli);
 NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli,
 					       const struct ndr_interface_table *table,
@@ -101,6 +103,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
 				    const struct ndr_interface_table *table,
 				    enum dcerpc_transport_t transport,
 				    const char *domain,
+				    const char *remote_name,
+				    const struct sockaddr_storage *remote_sockaddr,
 				    struct rpc_pipe_client **presult,
 				    TALLOC_CTX *mem_ctx,
 				    struct netlogon_creds_cli_context **pcreds);
diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c
index 8a8177be2e5..9877ea6c542 100644
--- a/source3/rpc_client/cli_pipe_schannel.c
+++ b/source3/rpc_client/cli_pipe_schannel.c
@@ -42,12 +42,13 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
 				    const struct ndr_interface_table *table,
 				    enum dcerpc_transport_t transport,
 				    const char *domain,
+				    const char *remote_name,
+				    const struct sockaddr_storage *remote_sockaddr,
 				    struct rpc_pipe_client **presult,
 				    TALLOC_CTX *mem_ctx,
 				    struct netlogon_creds_cli_context **pcreds)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
-	const char *dc_name = smbXcli_conn_remote_name(cli->conn);
 	struct rpc_pipe_client *result = NULL;
 	NTSTATUS status;
 	struct cli_credentials *cli_creds = NULL;
@@ -63,7 +64,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
 	}
 
 	status = rpccli_create_netlogon_creds_ctx(cli_creds,
-						  dc_name,
+						  remote_name,
 						  msg_ctx,
 						  frame,
 						  &netlogon_creds);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index a85f0377285..b89534f2225 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -970,6 +970,8 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 					cmd_entry->table,
 					transport,
 					rpcclient_netlogon_domain,
+					remote_name,
+					remote_sockaddr,
 					&cmd_entry->rpc_pipe,
 					rpcclient_msg_ctx,
 					&rpcclient_netlogon_creds);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index b871dc3b1f5..97c0158d612 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -188,11 +188,18 @@ int run_rpc_command(struct net_context *c,
 		if (lp_client_schannel()
 		    && (ndr_syntax_id_equal(&table->syntax_id,
 					    &ndr_table_netlogon.syntax_id))) {
+			const char *remote_name =
+				smbXcli_conn_remote_name(cli->conn);
+			const struct sockaddr_storage *remote_sockaddr =
+				smbXcli_conn_remote_sockaddr(cli->conn);
+
 			/* Always try and create an schannel netlogon pipe. */
 			TALLOC_FREE(c->netlogon_creds);
 			nt_status = cli_rpc_pipe_open_schannel(
 				cli, c->msg_ctx, table, NCACN_NP,
 				domain_name,
+				remote_name,
+				remote_sockaddr,
 				&pipe_hnd, c, &c->netlogon_creds);
 			if (!NT_STATUS_IS_OK(nt_status)) {
 				DEBUG(0, ("Could not initialise schannel netlogon pipe. Error was %s\n",