Stefan (metze) Metzmacher metze at
Wed Mar 19 00:33:12 MDT 2014

Hi Andrew,

>>>> here's new stuff in my
>>>> branch.
>>>> Please review and push:-)
>>> There're some updates in this branch, which also fix the regressions
>>> Andrew found.
>> Any idea why didn't our tests find that regression?
>> Andrew Bartlett
> 305f97ceb5bc2c00d2e1725a3e45482d4e59bac2
>  s4:libcli/clilsa: make use of dcerpc_pipe_connect_b()
> Can you explain what calling this over and over with the same binding
> the "connection" does?
> 	status = dcerpc_binding_set_pointer_option(binding,
> +						   "connection",
> +						   struct smbXcli_conn,
> +						   cli->transport->conn);
> +	if (!NT_STATUS_IS_OK(status)) {
> +		talloc_free(lsa);
> +		return status;
> +	}
> +
> +	status = dcerpc_binding_set_pointer_option(binding,
> +						   "connection",
> +						   struct smbXcli_session,
> +						   cli->session->smbXcli);
> +	if (!NT_STATUS_IS_OK(status)) {
> +		talloc_free(lsa);
> +		return status;
> +	}
> +
> +	status = dcerpc_binding_set_pointer_option(binding,
> +						   "connection",
> +						   struct smbXcli_tcon,
> +						   lsa->ipc_tree->smbXcli);
> There is a similar pattern in 04061bb3bf6d63cfa76028a6c878df9d3fe7af2c
> s4:torture/samba3rpc: split out pipe_bind_smbXcli() and go via
> dcerpc_pipe_connect_b();a=commitdiff;h=47b0885d5f3e9e3b46930c976078deb5fbf70da5

Makes use of it.

The point is that we had a lot of functions and layers to establish a
dcerpc connection.
Which was way to complex and very hard to rework when I'll switch to the
new dcerpc infrastrature
has the work in progress for this.

I just want to have a single function to create a dcerpc connection,
which will just
take a dcerpc_binding. For now I've reduced it to two functions
and dcerpc_secondary_auth_connection*, while
dcerpc_secondary_auth_connection() might be a wrapper
around dcerpc_pipe_connect_b() later.

The idea is that the dcerpc_binding holds enough information to allow
all needed ways
to establish a connection.

The above example remembers the details of the ncacn_np transport layer
(smbXcli_conn, smbXcli_session and smbXcli_tcon), which allow
us to reuse an existing smb connection, so that the connection just
starts with
with smb1cli_ntcreate* or smb2cli_create* via
and just opens a new handle to a named pipe, instead of opening a new
smb connection.

So for now dcerpc_pipe->binding, will describe the current connection,
including the transport "connection" details and the association group
so that it has enough information to open a secondary connection.

> Otherwise, I'm quite happy with the series.  Next I'll test the AD
> password lockout stuff using this branch rather than your hacks. 



More information about the samba-technical mailing list