The branch, master has been updated
via 4e98f93775762de18b0dfc31080af5c443324c70 (commit)
via 12c70251568a0c8b30215e5453c3ea6194c3503c (commit)
via bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f (commit)
via 032e01e7c13724d057b5744d7d79613449c2f24f (commit)
via 12acf6ca7268a8804d20051347b960c07c18d981 (commit)
via 87f61a144b8d25c90b847940ca03ced1f77b036c (commit)
from f009fa15a17d29e41e04eb950bafaea084d2c31d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4e98f93775762de18b0dfc31080af5c443324c70
Author: Günther Deschner <[email protected]>
Date: Fri Sep 11 00:20:59 2009 +0200
s3-rpcclient: make netlogon credential setup also work for interdomain
trusts.
Guenther
commit 12c70251568a0c8b30215e5453c3ea6194c3503c
Author: Günther Deschner <[email protected]>
Date: Thu Sep 10 22:56:05 2009 +0200
s3-rpcclient: avoid using lp_workgroup() unconditionally for crypto.
Guenther
commit bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f
Author: Günther Deschner <[email protected]>
Date: Thu Sep 10 22:32:34 2009 +0200
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().
Guenther
commit 032e01e7c13724d057b5744d7d79613449c2f24f
Author: Günther Deschner <[email protected]>
Date: Thu Sep 10 22:23:21 2009 +0200
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp
and cli_rpc_pipe_open_ntlmssp.
Guenther
commit 12acf6ca7268a8804d20051347b960c07c18d981
Author: Günther Deschner <[email protected]>
Date: Thu Sep 10 22:22:24 2009 +0200
s3-rpcclient: use cli_rpc_pipe_open_noauth_transport in rpcclient.
Guenther
commit 87f61a144b8d25c90b847940ca03ced1f77b036c
Author: Günther Deschner <[email protected]>
Date: Tue Nov 4 18:40:24 2008 +0100
s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_domain.c | 2 +-
source3/include/proto.h | 9 ++++++
source3/libnet/libnet_join.c | 3 +-
source3/libsmb/passchange.c | 1 +
source3/rpc_client/cli_pipe.c | 55 +++++++++++++++++++++++++++------------
source3/rpcclient/rpcclient.c | 49 ++++++++++++++++++++++++----------
source3/utils/net.h | 1 +
source3/utils/net_rpc.c | 4 ++-
source3/utils/net_rpc_join.c | 5 ++-
source3/utils/net_rpc_samsync.c | 2 +-
source3/winbindd/winbindd_cm.c | 10 ++++---
11 files changed, 99 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 6aca443..85210e6 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -176,7 +176,7 @@ static NTSTATUS connect_to_domain_password_server(struct
cli_state **cli,
if (lp_client_schannel()) {
/* We also setup the creds chain in the open_schannel call. */
result = cli_rpc_pipe_open_schannel(
- *cli, &ndr_table_netlogon.syntax_id,
+ *cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain, &netlogon_pipe);
} else {
result = cli_rpc_pipe_open_noauth(
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 865abbf..abc76e8 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5311,8 +5311,13 @@ NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id
NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult);
+NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
+ const struct ndr_syntax_id
*interface,
+ struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
const char *username,
@@ -5320,6 +5325,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
const char *username,
@@ -5331,12 +5337,14 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id
*interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
struct
netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult);
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id
*interface,
+ enum dcerpc_transport_t
transport,
enum pipe_auth_level
auth_level,
const char *domain,
const char *username,
@@ -5344,6 +5352,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct
cli_state *cli,
struct rpc_pipe_client
**presult);
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
struct rpc_pipe_client **presult);
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 6967ae9..7794e03 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1135,7 +1135,8 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ PIPE_AUTH_LEVEL_PRIVACY,
netbios_domain_name, &netlogon_pipe->dc, &pipe_hnd);
cli_shutdown(cli);
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index c83247a..ab95161 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -176,6 +176,7 @@ NTSTATUS remote_password_change(const char *remote_machine,
const char *user_nam
if (!pass_must_change) {
result = cli_rpc_pipe_open_ntlmssp(cli,
&ndr_table_samr.syntax_id,
+ NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
domain, user,
old_passwd,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 0c3fc94..ab9b5fe 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3597,34 +3597,35 @@ NTSTATUS rpc_pipe_open_local(TALLOC_CTX *mem_ctx,
****************************************************************************/
static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult)
{
- if (ndr_syntax_id_equal(interface, &ndr_table_drsuapi.syntax_id)) {
- /*
- * We should have a better way to figure out this drsuapi
- * speciality...
- */
+ switch (transport) {
+ case NCACN_IP_TCP:
return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
presult);
+ case NCACN_NP:
+ return rpc_pipe_open_np(cli, interface, presult);
+ default:
+ return NT_STATUS_NOT_IMPLEMENTED;
}
-
- return rpc_pipe_open_np(cli, interface, presult);
}
/****************************************************************************
Open a named pipe to an SMB server and bind anonymously.
****************************************************************************/
-NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
+ const struct ndr_syntax_id
*interface,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -3683,11 +3684,23 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
}
/****************************************************************************
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
+{
+ return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
+ interface, presult);
+}
+
+/****************************************************************************
Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
****************************************************************************/
static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
const struct ndr_syntax_id
*interface,
+ enum dcerpc_transport_t
transport,
enum pipe_auth_type
auth_type,
enum pipe_auth_level
auth_level,
const char *domain,
@@ -3699,7 +3712,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct
cli_state *cli,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -3741,6 +3754,7 @@ static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct
cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
const char *username,
@@ -3749,6 +3763,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
interface,
+ transport,
PIPE_AUTH_TYPE_NTLMSSP,
auth_level,
domain,
@@ -3764,6 +3779,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
const char *username,
@@ -3772,6 +3788,7 @@ NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct
cli_state *cli,
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
interface,
+ transport,
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
auth_level,
domain,
@@ -3871,6 +3888,7 @@ NTSTATUS get_schannel_session_key(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id
*interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
struct
netlogon_creds_CredentialState **pdc,
@@ -3880,7 +3898,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct
cli_state *cli,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -3940,7 +3958,8 @@ static NTSTATUS
get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
NTSTATUS status;
status = cli_rpc_pipe_open_spnego_ntlmssp(
- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ PIPE_AUTH_LEVEL_PRIVACY,
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -3965,6 +3984,7 @@ static NTSTATUS
get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id
*interface,
+ enum dcerpc_transport_t
transport,
enum pipe_auth_level
auth_level,
const char *domain,
const char *username,
@@ -3986,7 +4006,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct
cli_state *cli,
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ cli, interface, transport, auth_level, domain,
&netlogon_pipe->dc,
&result);
/* Now we've bound using the session key we can close the netlog pipe.
*/
@@ -4005,6 +4025,7 @@ NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct
cli_state *cli,
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_level auth_level,
const char *domain,
struct rpc_pipe_client **presult)
@@ -4024,7 +4045,7 @@ NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ cli, interface, transport, auth_level, domain,
&netlogon_pipe->dc,
&result);
/* Now we've bound using the session key we can close the netlog pipe.
*/
@@ -4056,7 +4077,7 @@ NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 475dce5..c0268f3 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -642,15 +642,17 @@ static NTSTATUS do_cmd(struct cli_state *cli,
if ((cmd_entry->interface != NULL) && (cmd_entry->rpc_pipe == NULL)) {
switch (pipe_default_auth_type) {
case PIPE_AUTH_TYPE_NONE:
- ntresult = cli_rpc_pipe_open_noauth(
- cli, cmd_entry->interface,
+ ntresult = cli_rpc_pipe_open_noauth_transport(
+ cli, default_transport,
+ cmd_entry->interface,
&cmd_entry->rpc_pipe);
break;
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
ntresult = cli_rpc_pipe_open_spnego_ntlmssp(
cli, cmd_entry->interface,
+ default_transport,
pipe_default_auth_level,
- lp_workgroup(),
+ get_cmdline_auth_info_domain(auth_info),
get_cmdline_auth_info_username(auth_info),
get_cmdline_auth_info_password(auth_info),
&cmd_entry->rpc_pipe);
@@ -658,8 +660,9 @@ static NTSTATUS do_cmd(struct cli_state *cli,
case PIPE_AUTH_TYPE_NTLMSSP:
ntresult = cli_rpc_pipe_open_ntlmssp(
cli, cmd_entry->interface,
+ default_transport,
pipe_default_auth_level,
- lp_workgroup(),
+ get_cmdline_auth_info_domain(auth_info),
get_cmdline_auth_info_username(auth_info),
get_cmdline_auth_info_password(auth_info),
&cmd_entry->rpc_pipe);
@@ -667,8 +670,9 @@ static NTSTATUS do_cmd(struct cli_state *cli,
case PIPE_AUTH_TYPE_SCHANNEL:
ntresult = cli_rpc_pipe_open_schannel(
cli, cmd_entry->interface,
+ default_transport,
pipe_default_auth_level,
- lp_workgroup(),
+ get_cmdline_auth_info_domain(auth_info),
&cmd_entry->rpc_pipe);
break;
default:
@@ -692,18 +696,20 @@ static NTSTATUS do_cmd(struct cli_state *cli,
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
uint32 sec_channel_type;
uchar trust_password[16];
-
- if
(!secrets_fetch_trust_account_password(lp_workgroup(),
- trust_password,
- NULL,
&sec_channel_type)) {
- return NT_STATUS_UNSUCCESSFUL;
+ const char *machine_account;
+
+ if
(!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info),
+ trust_password, &machine_account,
+ &sec_channel_type))
+ {
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
-
+
ntresult =
rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
cli->desthost, /* server name
*/
- lp_workgroup(), /* domain */
+
get_cmdline_auth_info_domain(auth_info), /* domain */
global_myname(), /* client name
*/
- global_myname(), /* machine
account name */
+ machine_account, /* machine
account name */
trust_password,
sec_channel_type,
&neg_flags);
@@ -824,6 +830,7 @@ out_free:
uint32_t flags = 0;
struct dcerpc_binding *binding = NULL;
const char *binding_string = NULL;
+ char *user, *domain, *q;
/* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */
@@ -961,12 +968,24 @@ out_free:
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
+ user = talloc_strdup(frame,
get_cmdline_auth_info_username(rpcclient_auth_info));
+ SMB_ASSERT(user != NULL);
+ domain = talloc_strdup(frame, lp_workgroup());
+ SMB_ASSERT(domain != NULL);
+ set_cmdline_auth_info_domain(rpcclient_auth_info, domain);
+
+ if ((q = strchr_m(user,'\\'))) {
+ *q = 0;
+ set_cmdline_auth_info_domain(rpcclient_auth_info, user);
+ set_cmdline_auth_info_username(rpcclient_auth_info, q+1);
+ }
+
nt_status = cli_full_connection(&cli, global_myname(), binding->host,
opt_ipaddr ? &server_ss : NULL,
opt_port,
"IPC$", "IPC",
get_cmdline_auth_info_username(rpcclient_auth_info),
- lp_workgroup(),
+
get_cmdline_auth_info_domain(rpcclient_auth_info),
get_cmdline_auth_info_password(rpcclient_auth_info),
flags,
get_cmdline_auth_info_signing_state(rpcclient_auth_info),
@@ -982,7 +1001,7 @@ out_free:
nt_status = cli_cm_force_encryption(cli,
get_cmdline_auth_info_username(rpcclient_auth_info),
get_cmdline_auth_info_password(rpcclient_auth_info),
- lp_workgroup(),
+
get_cmdline_auth_info_domain(rpcclient_auth_info),
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
result = 1;
diff --git a/source3/utils/net.h b/source3/utils/net.h
index c12c45e..765b61b 100644
--- a/source3/utils/net.h
+++ b/source3/utils/net.h
@@ -170,6 +170,7 @@ enum netdom_domain_t { ND_TYPE_NT4, ND_TYPE_AD };
#define NET_FLAGS_NO_PIPE 0x00000020 /* don't open
an RPC pipe */
#define NET_FLAGS_SIGN 0x00000040 /* sign RPC
connection */
#define NET_FLAGS_SEAL 0x00000080 /* seal RPC
connection */
+#define NET_FLAGS_TCP 0x00000100 /* use
ncacn_ip_tcp */
/* net share operation modes */
#define NET_MODE_SHARE_MIGRATE 1
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 73f8b0b..5495392 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -158,7 +158,7 @@ int run_rpc_command(struct net_context *c,
&ndr_table_netlogon.syntax_id))) {
/* Always try and create an schannel netlogon pipe. */
nt_status = cli_rpc_pipe_open_schannel(
- cli, interface,
+ cli, interface, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain_name,
&pipe_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -170,6 +170,8 @@ int run_rpc_command(struct net_context *c,
if (conn_flags & NET_FLAGS_SEAL) {
nt_status = cli_rpc_pipe_open_ntlmssp(
cli, interface,
+ (conn_flags & NET_FLAGS_TCP) ?
+ NCACN_IP_TCP : NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
lp_workgroup(), c->opt_user_name,
c->opt_password, &pipe_hnd);
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index f55f8f1..dbe7735 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -101,7 +101,8 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char
*domain,
}
ntret = cli_rpc_pipe_open_schannel_with_key(
- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ PIPE_AUTH_LEVEL_PRIVACY,
domain, &netlogon_pipe->dc, &pipe_hnd);
if (!NT_STATUS_IS_OK(ntret)) {
@@ -418,7 +419,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc,
const char **argv)
struct rpc_pipe_client *netlogon_schannel_pipe;
result = cli_rpc_pipe_open_schannel_with_key(
- cli, &ndr_table_netlogon.syntax_id,
+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY, domain, &pipe_hnd->dc,
&netlogon_schannel_pipe);
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index d7a5bc1..89568ee 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -502,7 +502,7 @@ int rpc_vampire_keytab(struct net_context *c, int argc,
const char **argv)
return -1;
} else {
ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id,
- NET_FLAGS_SEAL,
+ NET_FLAGS_SEAL | NET_FLAGS_TCP,
rpc_vampire_keytab_ds_internals, argc,
argv);
if (ret != 0 && dc_info.is_mixed_mode) {
printf(_("Fallback to NT4 vampire on Mixed-Mode AD "
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 50742c1..3418022 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2055,6 +2055,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
authenticated SAMR pipe with sign & seal. */
result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli,
&ndr_table_samr.syntax_id,
+ NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
domain_name,
machine_account,
@@ -2098,7 +2099,8 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
goto anonymous;
}
result = cli_rpc_pipe_open_schannel_with_key
- (conn->cli, &ndr_table_samr.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP,
+ PIPE_AUTH_LEVEL_PRIVACY,
domain->name, &p_creds, &conn->samr_pipe);
if (!NT_STATUS_IS_OK(result)) {
@@ -2193,7 +2195,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
/* We have an authenticated connection. Use a NTLMSSP SPNEGO
* authenticated LSA pipe with sign & seal. */
result = cli_rpc_pipe_open_spnego_ntlmssp
- (conn->cli, &ndr_table_lsarpc.syntax_id,
+ (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
PIPE_AUTH_LEVEL_PRIVACY,
conn->cli->domain, conn->cli->user_name, conn->cli->password,
&conn->lsa_pipe);
@@ -2234,7 +2236,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
goto anonymous;
}
result = cli_rpc_pipe_open_schannel_with_key
- (conn->cli, &ndr_table_lsarpc.syntax_id,
+ (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP,
--
Samba Shared Repository
