From: Stefan Metzmacher Date: Fri, 20 Sep 2024 08:03:11 +0000 (+0200) Subject: s3:rpc_client: pass remote_{name,sockaddr} to rpccli_connect_netlogon() X-Git-Tag: tdb-1.4.13~1073 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d1a3c74eb92d93b5964402efb5fd32c4b7ffaf33;p=thirdparty%2Fsamba.git s3:rpc_client: pass remote_{name,sockaddr} to rpccli_connect_netlogon() Otherwise this can only work with NCACN_NP... Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 79467c4c437..76ffe5ed2bb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1184,6 +1184,7 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *passwordset_pipe = NULL; struct cli_credentials *cli_creds; struct netlogon_creds_cli_context *netlogon_creds = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; size_t len = 0; bool ok; DATA_BLOB new_trust_blob = data_blob_null; @@ -1220,6 +1221,8 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, r->in.passed_machine_password, CRED_SPECIFIED); + remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); + status = rpccli_create_netlogon_creds_ctx(cli_creds, r->in.dc_name, r->in.msg_ctx, @@ -1232,6 +1235,8 @@ static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx, status = rpccli_connect_netlogon(cli, NCACN_NP, + r->in.dc_name, + remote_sockaddr, netlogon_creds, true, /* force_reauth */ cli_creds, @@ -1630,6 +1635,7 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, struct netlogon_creds_cli_context *netlogon_creds = NULL; NTSTATUS status; int flags = CLI_FULL_CONNECTION_IPC; + const struct sockaddr_storage *remote_sockaddr = NULL; if (!dc_name) { TALLOC_FREE(frame); @@ -1688,6 +1694,8 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, return status; } + remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); + status = rpccli_create_netlogon_creds_ctx(cli_creds, dc_name, msg_ctx, @@ -1701,6 +1709,8 @@ NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, status = rpccli_connect_netlogon(cli, NCACN_NP, + dc_name, + remote_sockaddr, netlogon_creds, true, /* force_reauth */ cli_creds, diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 528d46c07c7..7f0ab7c82ed 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -301,6 +301,8 @@ NTSTATUS rpccli_setup_netlogon_creds( NTSTATUS rpccli_connect_netlogon( struct cli_state *cli, enum dcerpc_transport_t transport, + const char *remote_name, + const struct sockaddr_storage *remote_sockaddr, struct netlogon_creds_cli_context *creds_ctx, bool force_reauth, struct cli_credentials *trust_creds, @@ -318,8 +320,6 @@ NTSTATUS rpccli_connect_netlogon( struct rpc_pipe_client *rpccli; NTSTATUS status; bool retry = false; - const char *remote_name = NULL; - const struct sockaddr_storage *remote_sockaddr = NULL; sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds); if (sec_chan_type == SEC_CHAN_NULL) { @@ -380,9 +380,6 @@ again: } } - remote_name = smbXcli_conn_remote_name(cli->conn); - remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); - do_serverauth = force_reauth || !found_existing_creds; if (!do_serverauth) { diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h index 9440411a3f0..ce37d12318a 100644 --- a/source3/rpc_client/cli_netlogon.h +++ b/source3/rpc_client/cli_netlogon.h @@ -48,6 +48,8 @@ NTSTATUS rpccli_setup_netlogon_creds( NTSTATUS rpccli_connect_netlogon( struct cli_state *cli, enum dcerpc_transport_t transport, + const char *remote_name, + const struct sockaddr_storage *remote_sockaddr, struct netlogon_creds_cli_context *creds_ctx, bool force_reauth, struct cli_credentials *trust_creds, diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 9d59876970a..4eaf2ccd9cc 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -3201,6 +3201,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, NTSTATUS result; enum netr_SchannelType sec_chan_type; struct cli_credentials *creds = NULL; + const char *remote_name = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; *cli = NULL; @@ -3230,6 +3232,9 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, TALLOC_FREE(conn->netlogon_pipe); TALLOC_FREE(conn->netlogon_creds_ctx); + remote_name = smbXcli_conn_remote_name(conn->cli->conn); + remote_sockaddr = smbXcli_conn_remote_sockaddr(conn->cli->conn); + result = winbindd_get_trust_credentials(domain, talloc_tos(), true, /* netlogon */ @@ -3250,11 +3255,6 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, sec_chan_type = cli_credentials_get_secure_channel_type(creds); if (sec_chan_type == SEC_CHAN_NULL) { - const char *remote_name = - smbXcli_conn_remote_name(conn->cli->conn); - const struct sockaddr_storage *remote_sockaddr = - smbXcli_conn_remote_sockaddr(conn->cli->conn); - if (transport == NCACN_IP_TCP) { DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL " "for %s, deny NCACN_IP_TCP and let the " @@ -3295,10 +3295,13 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, return result; } - result = rpccli_connect_netlogon( - conn->cli, transport, - conn->netlogon_creds_ctx, conn->netlogon_force_reauth, creds, - &conn->netlogon_pipe); + result = rpccli_connect_netlogon(conn->cli, + transport, + remote_name, + remote_sockaddr, + conn->netlogon_creds_ctx, + conn->netlogon_force_reauth, creds, + &conn->netlogon_pipe); conn->netlogon_force_reauth = false; if (!NT_STATUS_IS_OK(result)) { DBG_DEBUG("rpccli_connect_netlogon failed: %s\n",