[PATCH] Ask local netlogon pipe on an AD DC
Volker Lendecke
vl at samba.org
Wed Mar 1 13:03:14 UTC 2017
Hi!
Review appreciated!
Thanks, Volker
-------------- next part --------------
>From 87b26f8cc70abe472d92df59c408c095d13a6f6c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 1 Mar 2017 13:53:39 +0100
Subject: [PATCH 1/3] rpc_client3: Fix some crashes for NULL cli_state in
cli_pipe
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 634c78b..9f1d952 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -174,7 +174,7 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n",
__FUNCTION__, action,
creds->account_name, creds->computer_name,
- smbXcli_conn_remote_name(cli->conn)));
+ cli ? smbXcli_conn_remote_name(cli->conn) : "local"));
if (!force_reauth) {
TALLOC_FREE(frame);
return NT_STATUS_OK;
@@ -189,7 +189,7 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n",
__FUNCTION__,
- smbXcli_conn_remote_name(cli->conn),
+ cli ? smbXcli_conn_remote_name(cli->conn) : "local",
nt_errstr(status)));
TALLOC_FREE(frame);
return status;
@@ -215,7 +215,7 @@ NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n",
__FUNCTION__,
creds->account_name, creds->computer_name,
- smbXcli_conn_remote_name(cli->conn)));
+ cli ? smbXcli_conn_remote_name(cli->conn) : "local"));
TALLOC_FREE(frame);
return NT_STATUS_OK;
--
2.1.4
>From 4d13fb566434f2f59a7643c509f38e635b169b76 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 1 Mar 2017 13:54:53 +0100
Subject: [PATCH 2/3] rpc_client3: Allow to connect to local unix socket
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_pipe.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 14f7fbc..176345e 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3057,6 +3057,26 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
table, presult);
case NCACN_NP:
return rpc_pipe_open_np(cli, table, presult);
+ case NCACN_UNIX_STREAM: {
+ char *socket_path;
+ NTSTATUS status;
+
+ socket_path = talloc_asprintf(talloc_tos(), "%s/DEFAULT",
+ lp_ncalrpc_dir());
+ if (socket_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = rpc_pipe_open_ncalrpc(
+ NULL, socket_path, table, presult);
+
+ DBG_DEBUG("rpc_pipe_open_ncalrpc(%s) returned %s\n",
+ socket_path, nt_errstr(status));
+
+ TALLOC_FREE(socket_path);
+
+ return status;
+ }
default:
return NT_STATUS_NOT_IMPLEMENTED;
}
--
2.1.4
>From 63d187821210bb6533db8f43e76a7b6fec27ab7a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 1 Mar 2017 13:56:19 +0100
Subject: [PATCH 3/3] winbind3: On a AD DC, ask the local netlogon pipe for
local auth
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cm.c | 10 ++++++++++
source3/winbindd/winbindd_pam.c | 5 +++++
2 files changed, 15 insertions(+)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 3df4af3..64fda34 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -3357,6 +3357,16 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
return status;
}
+ if (domain->primary && !domain->rodc &&
+ (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC)) {
+ if (domain->dcname == NULL) {
+ domain->dcname = talloc_strdup(
+ domain, lp_netbios_name());
+ }
+ return cm_connect_netlogon_transport(
+ domain, NCACN_UNIX_STREAM, cli);
+ }
+
if (domain->active_directory && domain->can_do_ncacn_ip_tcp) {
status = cm_connect_netlogon_transport(domain, NCACN_IP_TCP, cli);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 3d62522..b6a8262 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1238,6 +1238,11 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
int rc;
TALLOC_CTX *frame = talloc_stackframe();
+ if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
rc = tsocket_address_inet_from_strings(frame,
"ip",
"127.0.0.1",
--
2.1.4
More information about the samba-technical
mailing list