From: Günther Deschner Date: Thu, 18 Nov 2021 10:52:18 +0000 (+0100) Subject: s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds() X-Git-Tag: tdb-1.4.6~468 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6bf3a39b11832ad2feb655e29da84f8b5aac298e;p=thirdparty%2Fsamba.git s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767 Pair-Programmed-With: Andreas Schneider Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher --- diff --git a/selftest/knownfail.d/rpcclient_schannel b/selftest/knownfail.d/rpcclient_schannel index 9881cc3c0cd..5498837ee29 100644 --- a/selftest/knownfail.d/rpcclient_schannel +++ b/selftest/knownfail.d/rpcclient_schannel @@ -1,3 +1 @@ ^samba.blackbox.rpcclient_schannel.ncacn_np.getusername.fips\(ad_member_fips:local\) -^samba.blackbox.rpcclient_schannel.ncacn_ip_tcp.lookupsids\(ad_member:local\) -^samba.blackbox.rpcclient_schannel.ncacn_ip_tcp.lookupsids\(ad_member_fips:local\) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 025190cb860..02705f1c70c 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1297,11 +1297,18 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, TALLOC_FREE(creds); if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) { - status = cli_rpc_pipe_open_schannel_with_creds(cli, - &ndr_table_netlogon, - NCACN_NP, - netlogon_creds, - &passwordset_pipe); + const char *remote_name = smbXcli_conn_remote_name(cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(cli->conn); + + status = cli_rpc_pipe_open_schannel_with_creds( + cli, + &ndr_table_netlogon, + NCACN_NP, + netlogon_creds, + remote_name, + remote_sockaddr, + &passwordset_pipe); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); return status; @@ -1700,6 +1707,8 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, uint32_t netlogon_flags = 0; NTSTATUS status; int flags = CLI_FULL_CONNECTION_IPC; + const char *remote_name = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; if (!dc_name) { TALLOC_FREE(frame); @@ -1800,9 +1809,15 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, return NT_STATUS_OK; } + remote_name = smbXcli_conn_remote_name(cli->conn); + remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); + status = cli_rpc_pipe_open_schannel_with_creds( cli, &ndr_table_netlogon, NCACN_NP, - netlogon_creds, &netlogon_pipe); + netlogon_creds, + remote_name, + remote_sockaddr, + &netlogon_pipe); TALLOC_FREE(netlogon_pipe); @@ -1810,7 +1825,7 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, DEBUG(0,("libnet_join_ok: failed to open schannel session " "on netlogon pipe to server %s for domain %s. " "Error was %s\n", - smbXcli_conn_remote_name(cli->conn), + remote_name, netbios_domain_name, nt_errstr(status))); cli_shutdown(cli); TALLOC_FREE(frame); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 7e62907256b..8dca089bbf5 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3388,15 +3388,14 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli, const struct ndr_interface_table *table, enum dcerpc_transport_t transport, struct netlogon_creds_cli_context *netlogon_creds, + const char *remote_name, + const struct sockaddr_storage *remote_sockaddr, struct rpc_pipe_client **_rpccli) { TALLOC_CTX *frame = talloc_stackframe(); struct rpc_pipe_client *rpccli; struct netlogon_creds_cli_lck *lck; NTSTATUS status; - const char *remote_name = smbXcli_conn_remote_name(cli->conn); - const struct sockaddr_storage *remote_sockaddr = - smbXcli_conn_remote_sockaddr(cli->conn); status = netlogon_creds_cli_lck( netlogon_creds, NETLOGON_CREDS_CLI_LCK_EXCLUSIVE, diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 43cd5f0b96c..53c992b75ec 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -96,6 +96,8 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_creds(struct cli_state *cli, const struct ndr_interface_table *table, enum dcerpc_transport_t transport, struct netlogon_creds_cli_context *netlogon_creds, + const char *remote_name, + const struct sockaddr_storage *remote_sockaddr, struct rpc_pipe_client **_rpccli); NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, diff --git a/source3/rpc_client/cli_pipe_schannel.c b/source3/rpc_client/cli_pipe_schannel.c index 9877ea6c542..c33fc5baa17 100644 --- a/source3/rpc_client/cli_pipe_schannel.c +++ b/source3/rpc_client/cli_pipe_schannel.c @@ -95,6 +95,8 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, status = cli_rpc_pipe_open_schannel_with_creds(cli, table, transport, netlogon_creds, + remote_name, + remote_sockaddr, &result); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index ee8ae45951e..5cdc53a2339 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2580,6 +2580,8 @@ retry: TALLOC_FREE(creds); status = cli_rpc_pipe_open_schannel_with_creds( conn->cli, &ndr_table_samr, NCACN_NP, p_creds, + remote_name, + remote_sockaddr, &conn->samr_pipe); if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) @@ -2722,6 +2724,8 @@ static NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, struct winbindd_cm_conn *conn; struct netlogon_creds_cli_context *p_creds = NULL; NTSTATUS status; + const char *remote_name = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; DEBUG(10,("cm_connect_lsa_tcp\n")); @@ -2748,11 +2752,17 @@ static NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, goto done; } - status = cli_rpc_pipe_open_schannel_with_creds(conn->cli, - &ndr_table_lsarpc, - NCACN_IP_TCP, - p_creds, - &conn->lsa_pipe_tcp); + remote_name = smbXcli_conn_remote_name(conn->cli->conn); + remote_sockaddr = smbXcli_conn_remote_sockaddr(conn->cli->conn); + + status = cli_rpc_pipe_open_schannel_with_creds( + conn->cli, + &ndr_table_lsarpc, + NCACN_IP_TCP, + p_creds, + remote_name, + remote_sockaddr, + &conn->lsa_pipe_tcp); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("cli_rpc_pipe_open_schannel_with_key failed: %s\n", nt_errstr(status))); @@ -2885,6 +2895,8 @@ retry: TALLOC_FREE(creds); result = cli_rpc_pipe_open_schannel_with_creds( conn->cli, &ndr_table_lsarpc, NCACN_NP, p_creds, + remote_name, + remote_sockaddr, &conn->lsa_pipe); if (NT_STATUS_EQUAL(result, NT_STATUS_NETWORK_SESSION_EXPIRED)