The branch, v3-6-test has been updated
via 4ab547a s3-winbind: use new reconnect logic in rpc_lookup_sids()
also.
via c64473a s3-winbindd: rework reconnect logic in
winbindd_lookup_names().
via 7cdebbe s3-winbindd: rework reconnect logic in
winbindd_lookup_sids().
via 1c13408 s3-winbindd: remove lookup_sids_fn_t.
via ea68747 s3-winbindd: remove lookup_names_fn_t.
via 4a86c29 s3-rpc_client: make dcerpc_lsa_lookup_names_generic()
public.
via bb5e0a9 s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
via 5ccb4e5 s3-winbindd: add cm_connect_lsat().
via 83ac277 s3-rpc_cli: Remove some unused wrapping code.
via bbaa714 s3: Make winbindd_lookup_names static
from d7fdb05 spoolss: fix segfault when "default devmode" is disabled
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 4ab547a8ddcb45e479079361a601e08476954110
Author: Günther Deschner <g...@samba.org>
Date: Thu Nov 29 14:31:19 2012 +0100
s3-winbind: use new reconnect logic in rpc_lookup_sids() also.
Volker, please check.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
The last 10 patches address bug #9439 - ncacn_ip_tcp reconnection code for
lsa
lookups still broken.
commit c64473ab88ca36462e7976bf0006bc092386894c
Author: Günther Deschner <g...@samba.org>
Date: Thu Nov 29 12:03:53 2012 +0100
s3-winbindd: rework reconnect logic in winbindd_lookup_names().
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit 7cdebbe5122c7174bc7e74297bf1e891cb14fe78
Author: Günther Deschner <g...@samba.org>
Date: Thu Nov 29 12:03:16 2012 +0100
s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit 1c1340846926f97bda823f4fac1fea86b4b6f0d1
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 28 20:41:21 2012 +0100
s3-winbindd: remove lookup_sids_fn_t.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit ea687479739d6d6e371e641cf0aa432e355a2fce
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 28 17:03:40 2012 +0100
s3-winbindd: remove lookup_names_fn_t.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit 4a86c29fa5140a5a3ad68967abef5eeffaf448c1
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 28 17:00:49 2012 +0100
s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit bb5e0a95f62354129ef3569a23298091d58a02e3
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 28 16:57:57 2012 +0100
s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit 5ccb4e5a90aa1b681380899d56971dfc7ceb1b34
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 28 16:57:24 2012 +0100
s3-winbindd: add cm_connect_lsat().
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit 83ac2771622d90e50ef27778a8227872571b9af3
Author: Günther Deschner <g...@samba.org>
Date: Wed Nov 28 14:53:27 2012 +0100
s3-rpc_cli: Remove some unused wrapping code.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
commit bbaa7142d168949019d989c2d853717faad30cb0
Author: Volker Lendecke <v...@samba.org>
Date: Tue Sep 6 18:33:35 2011 +0200
s3: Make winbindd_lookup_names static
Autobuild-User: Volker Lendecke <vlen...@samba.org>
Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104
(cherry picked from commit fd65e5eb8cdd38917a574734c9079cd75e4e1be0)
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_client/cli_lsarpc.c | 101 ++++++----------------------
source3/rpc_client/cli_lsarpc.h | 39 ++++++-----
source3/winbindd/winbindd_cm.c | 31 +++++++++
source3/winbindd/winbindd_msrpc.c | 131 +++++++++++++++++--------------------
source3/winbindd/winbindd_proto.h | 11 +--
source3/winbindd/winbindd_rpc.c | 23 ++-----
6 files changed, 145 insertions(+), 191 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 99e0262..330774d 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -330,16 +330,16 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct
dcerpc_binding_handle *h,
* at 20480 for win2k3, but we keep it at a save 1000 for now. */
#define LOOKUP_SIDS_HUNK_SIZE 1000
-static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_sids,
- const struct dom_sid *sids,
- char ***pdomains,
- char ***pnames,
- enum lsa_SidType **ptypes,
- bool use_lookupsids3,
- NTSTATUS *presult)
+NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_sids,
+ const struct dom_sid *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes,
+ bool use_lookupsids3,
+ NTSTATUS *presult)
{
NTSTATUS status = NT_STATUS_OK;
NTSTATUS result = NT_STATUS_OK;
@@ -539,48 +539,19 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct
dcerpc_binding_handle *h,
result);
}
-NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_sids,
- const struct dom_sid *sids,
- char ***pdomains,
- char ***pnames,
- enum lsa_SidType **ptypes)
-{
- NTSTATUS status;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle,
- mem_ctx,
- pol,
- num_sids,
- sids,
- pdomains,
- pnames,
- ptypes,
- true,
- &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return result;
-}
-
/** Lookup a list of names */
-static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle
*h,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- uint32_t num_names,
- const char **names,
- const char ***dom_names,
- enum lsa_LookupNamesLevel level,
- struct dom_sid **sids,
- enum lsa_SidType **types,
- bool use_lookupnames4,
- NTSTATUS *presult)
+NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ uint32_t num_names,
+ const char **names,
+ const char ***dom_names,
+ enum lsa_LookupNamesLevel level,
+ struct dom_sid **sids,
+ enum lsa_SidType **types,
+ bool use_lookupnames4,
+ NTSTATUS *presult)
{
NTSTATUS status;
struct lsa_String *lsa_names = NULL;
@@ -790,33 +761,3 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct
dcerpc_binding_handle *h,
true,
result);
}
-
-NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_names,
- const char **names,
- const char ***dom_names,
- int level,
- struct dom_sid **sids,
- enum lsa_SidType **types)
-{
- NTSTATUS status;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- status = dcerpc_lsa_lookup_names4(cli->binding_handle,
- mem_ctx,
- pol,
- num_names,
- names,
- dom_names,
- level,
- sids,
- types,
- &result);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- return result;
-}
diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h
index a26193e..36afe0b 100644
--- a/source3/rpc_client/cli_lsarpc.h
+++ b/source3/rpc_client/cli_lsarpc.h
@@ -125,7 +125,16 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client
*cli,
char ***pdomains,
char ***pnames,
enum lsa_SidType **ptypes);
-
+NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_sids,
+ const struct dom_sid *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes,
+ bool use_lookupsids3,
+ NTSTATUS *presult);
/**
* @brief Look up the names that correspond to an array of sids.
*
@@ -158,15 +167,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct
dcerpc_binding_handle *h,
char ***pnames,
enum lsa_SidType **ptypes,
NTSTATUS *result);
-NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_sids,
- const struct dom_sid *sids,
- char ***pdomains,
- char ***pnames,
- enum lsa_SidType **ptypes);
-
NTSTATUS dcerpc_lsa_lookup_names(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
struct policy_handle *pol,
@@ -196,14 +196,17 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct
dcerpc_binding_handle *h,
struct dom_sid **sids,
enum lsa_SidType **types,
NTSTATUS *result);
-NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol, int num_names,
- const char **names,
- const char ***dom_names,
- int level,
- struct dom_sid **sids,
- enum lsa_SidType **types);
+NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ uint32_t num_names,
+ const char **names,
+ const char ***dom_names,
+ enum lsa_LookupNamesLevel level,
+ struct dom_sid **sids,
+ enum lsa_SidType **types,
+ bool use_lookupnames4,
+ NTSTATUS *presult);
bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid
*psid);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 9a02789..28583fd 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2568,6 +2568,37 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
}
/****************************************************************************
+Open a LSA connection to a DC, suiteable for LSA lookup calls.
+****************************************************************************/
+
+NTSTATUS cm_connect_lsat(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client **cli,
+ struct policy_handle *lsa_policy)
+{
+ NTSTATUS status;
+
+ if (domain->can_do_ncacn_ip_tcp) {
+ status = cm_connect_lsa_tcp(domain, mem_ctx, cli);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
+ invalidate_cm_connection(&domain->conn);
+ status = cm_connect_lsa_tcp(domain, mem_ctx, cli);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+ }
+
+ status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy);
+
+ return status;
+}
+
+/****************************************************************************
Open the netlogon pipe to this DC. Use schannel if specified in client conf.
session key stored in conn->netlogon_pipe->dc->sess_key.
****************************************************************************/
diff --git a/source3/winbindd/winbindd_msrpc.c
b/source3/winbindd/winbindd_msrpc.c
index 921cdb5..b14a4f8 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -35,6 +35,13 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ uint32_t num_names,
+ const char **names,
+ const char ***domains,
+ struct dom_sid **sids,
+ enum lsa_SidType **types);
/* Query display info for a domain. This returns enough information plus a
bit extra to give an overview of domain users for the User Manager
@@ -1057,16 +1064,6 @@ static NTSTATUS msrpc_password_policy(struct
winbindd_domain *domain,
return status;
}
-typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_sids,
- const struct dom_sid *sids,
- char ***pdomains,
- char ***pnames,
- enum lsa_SidType **ptypes,
- NTSTATUS *result);
-
NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
uint32_t num_sids,
@@ -1081,25 +1078,21 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
struct dcerpc_binding_handle *b = NULL;
struct policy_handle lsa_policy;
unsigned int orig_timeout;
- lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids;
-
- if (domain->can_do_ncacn_ip_tcp) {
- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
- if (NT_STATUS_IS_OK(status)) {
- lookup_sids_fn = dcerpc_lsa_lookup_sids3;
- goto lookup;
- }
- domain->can_do_ncacn_ip_tcp = false;
- }
- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ bool use_lookupsids3 = false;
+ bool retried = false;
+ connect:
+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- lookup:
b = cli->binding_handle;
+ if (cli->transport->transport == NCACN_IP_TCP) {
+ use_lookupsids3 = true;
+ }
+
/*
* This call can take a long time
* allow the server to time out.
@@ -1107,21 +1100,23 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
*/
orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000);
- status = lookup_sids_fn(b,
- mem_ctx,
- &lsa_policy,
- num_sids,
- sids,
- domains,
- names,
- types,
- &result);
+ status = dcerpc_lsa_lookup_sids_generic(b,
+ mem_ctx,
+ &lsa_policy,
+ num_sids,
+ sids,
+ domains,
+ names,
+ types,
+ use_lookupsids3,
+ &result);
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
@@ -1129,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
* a netlogon connection first.
*/
invalidate_cm_connection(&domain->conn);
+ domain->can_do_ncacn_ip_tcp = domain->active_directory;
+ if (!retried) {
+ retried = true;
+ goto connect;
+ }
status = NT_STATUS_ACCESS_DENIED;
}
@@ -1143,24 +1143,13 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
+static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
uint32_t num_names,
const char **names,
- const char ***dom_names,
- enum lsa_LookupNamesLevel level,
+ const char ***domains,
struct dom_sid **sids,
- enum lsa_SidType **types,
- NTSTATUS *result);
-
-NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
- uint32_t num_names,
- const char **names,
- const char ***domains,
- struct dom_sid **sids,
- enum lsa_SidType **types)
+ enum lsa_SidType **types)
{
NTSTATUS status;
NTSTATUS result;
@@ -1168,25 +1157,21 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
struct dcerpc_binding_handle *b = NULL;
struct policy_handle lsa_policy;
unsigned int orig_timeout = 0;
- lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names;
-
- if (domain->can_do_ncacn_ip_tcp) {
- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
- if (NT_STATUS_IS_OK(status)) {
- lookup_names_fn = dcerpc_lsa_lookup_names4;
- goto lookup;
- }
- domain->can_do_ncacn_ip_tcp = false;
- }
- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ bool use_lookupnames4 = false;
+ bool retried = false;
+ connect:
+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- lookup:
b = cli->binding_handle;
+ if (cli->transport->transport == NCACN_IP_TCP) {
+ use_lookupnames4 = true;
+ }
+
/*
* This call can take a long time
* allow the server to time out.
@@ -1194,22 +1179,24 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
*/
orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000);
- status = lookup_names_fn(b,
- mem_ctx,
- &lsa_policy,
- num_names,
- (const char **) names,
- domains,
- 1,
- sids,
- types,
- &result);
+ status = dcerpc_lsa_lookup_names_generic(b,
+ mem_ctx,
+ &lsa_policy,
+ num_names,
+ (const char **) names,
+ domains,
+ 1,
+ sids,
+ types,
+ use_lookupnames4,
+ &result);
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
@@ -1217,6 +1204,10 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
* a netlogon connection first.
*/
invalidate_cm_connection(&domain->conn);
+ if (!retried) {
+ retried = true;
+ goto connect;
+ }
status = NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/winbindd/winbindd_proto.h
b/source3/winbindd/winbindd_proto.h
index 41292d4..a38d54c 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -47,13 +47,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
char ***domains,
char ***names,
enum lsa_SidType **types);
-NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
- uint32_t num_names,
- const char **names,
- const char ***domains,
- struct dom_sid **sids,
- enum lsa_SidType **types);
NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
struct lsa_SidArray *sids,
@@ -170,6 +163,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
struct rpc_pipe_client **cli);
+NTSTATUS cm_connect_lsat(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client **cli,
+ struct policy_handle *lsa_policy);
NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
struct rpc_pipe_client **cli);
bool fetch_current_dc_from_gencache(TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index bf438a6..9a95e57 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -1033,6 +1033,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
+ struct rpc_pipe_client *cli,
struct lsa_SidArray *sids,
struct lsa_RefDomainList **pdomains,
struct lsa_TransNameArray **pnames)
@@ -1040,15 +1041,8 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
struct lsa_TransNameArray2 lsa_names2;
struct lsa_TransNameArray *names;
--
Samba Shared Repository
