From: Günther Deschner <gd@samba.org>
Date: Thu, 18 Nov 2021 10:43:08 +0000 (+0100)
Subject: s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_with_creds()
X-Git-Tag: tdb-1.4.6~470
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7ead1292852da371ff53fcdbd7ebd4bc1c08fbd;p=thirdparty%2Fsamba.git

s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_with_creds()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index e62d49d085c..2137c183f0e 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -143,12 +143,16 @@ NTSTATUS remote_password_change(const char *remote_machine,
 	/* Try not to give the password away too easily */
 
 	if (!pass_must_change) {
+		const struct sockaddr_storage *remote_sockaddr =
+			smbXcli_conn_remote_sockaddr(cli->conn);
+
 		result = cli_rpc_pipe_open_with_creds(cli,
 						      &ndr_table_samr,
 						      NCACN_NP,
 						      DCERPC_AUTH_TYPE_NTLMSSP,
 						      DCERPC_AUTH_LEVEL_PRIVACY,
 						      remote_machine,
+						      remote_sockaddr,
 						      creds,
 						      &pipe_hnd);
 	} else {
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 3ed0a47ab01..ddb1a73a3f6 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3264,6 +3264,7 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
 				      enum dcerpc_AuthType auth_type,
 				      enum dcerpc_AuthLevel auth_level,
 				      const char *server,
+				      const struct sockaddr_storage *remote_sockaddr,
 				      struct cli_credentials *creds,
 				      struct rpc_pipe_client **presult)
 {
@@ -3271,8 +3272,6 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
 	struct pipe_auth_data *auth = NULL;
 	const char *target_service = table->authservices->names[0];
 	NTSTATUS status;
-	const struct sockaddr_storage *remote_sockaddr =
-		smbXcli_conn_remote_sockaddr(cli->conn);
 
 	status = cli_rpc_pipe_open(cli,
 				   transport,
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 151d8a8777c..f9392515e69 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -80,6 +80,7 @@ NTSTATUS cli_rpc_pipe_open_with_creds(struct cli_state *cli,
 				      enum dcerpc_AuthType auth_type,
 				      enum dcerpc_AuthLevel auth_level,
 				      const char *server,
+				      const struct sockaddr_storage *remote_sockaddr,
 				      struct cli_credentials *creds,
 				      struct rpc_pipe_client **presult);
 
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 7acede85185..a85f0377285 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -958,7 +958,8 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 					transport,
 					auth_type,
 					auth_level,
-					smbXcli_conn_remote_name(cli->conn),
+					remote_name,
+					remote_sockaddr,
 					creds,
 					&cmd_entry->rpc_pipe);
 				break;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index ca91e1696c3..b871dc3b1f5 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -208,6 +208,7 @@ int run_rpc_command(struct net_context *c,
 					DCERPC_AUTH_TYPE_NTLMSSP,
 					DCERPC_AUTH_LEVEL_PRIVACY,
 					smbXcli_conn_remote_name(cli->conn),
+					smbXcli_conn_remote_sockaddr(cli->conn),
 					c->creds, &pipe_hnd);
 			} else {
 				nt_status = cli_rpc_pipe_open_noauth(
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index f529f455cc6..ee8ae45951e 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2445,6 +2445,8 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 	struct netlogon_creds_cli_context *p_creds;
 	struct cli_credentials *creds = NULL;
 	bool retry = false; /* allow one retry attempt for expired session */
+	const char *remote_name = NULL;
+	const struct sockaddr_storage *remote_sockaddr = NULL;
 
 	if (sid_check_is_our_sam(&domain->sid)) {
 		if (domain->rodc == false || need_rw_dc == false) {
@@ -2498,6 +2500,9 @@ retry:
 		goto anonymous;
 	}
 
+	remote_name = smbXcli_conn_remote_name(conn->cli->conn);
+	remote_sockaddr = smbXcli_conn_remote_sockaddr(conn->cli->conn);
+
 	/*
 	 * We have an authenticated connection. Use a SPNEGO
 	 * authenticated SAMR pipe with sign & seal.
@@ -2507,7 +2512,8 @@ retry:
 					      NCACN_NP,
 					      DCERPC_AUTH_TYPE_SPNEGO,
 					      conn->auth_level,
-					      smbXcli_conn_remote_name(conn->cli->conn),
+					      remote_name,
+					      remote_sockaddr,
 					      creds,
 					      &conn->samr_pipe);
 
@@ -2772,6 +2778,8 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 	struct netlogon_creds_cli_context *p_creds;
 	struct cli_credentials *creds = NULL;
 	bool retry = false; /* allow one retry attempt for expired session */
+	const char *remote_name = NULL;
+	const struct sockaddr_storage *remote_sockaddr = NULL;
 
 retry:
 	result = init_dc_connection_rpc(domain, false);
@@ -2804,6 +2812,9 @@ retry:
 		goto anonymous;
 	}
 
+	remote_name = smbXcli_conn_remote_name(conn->cli->conn);
+	remote_sockaddr = smbXcli_conn_remote_sockaddr(conn->cli->conn);
+
 	/*
 	 * We have an authenticated connection. Use a SPNEGO
 	 * authenticated LSA pipe with sign & seal.
@@ -2812,7 +2823,8 @@ retry:
 		(conn->cli, &ndr_table_lsarpc, NCACN_NP,
 		 DCERPC_AUTH_TYPE_SPNEGO,
 		 conn->auth_level,
-		 smbXcli_conn_remote_name(conn->cli->conn),
+		 remote_name,
+		 remote_sockaddr,
 		 creds,
 		 &conn->lsa_pipe);