From 3dd92a1fb265f71c08a7fad9989aed34706b5306 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 6 Sep 2011 18:33:35 +0200 Subject: [PATCH 01/10] s3: Make winbindd_lookup_names static Autobuild-User: Volker Lendecke Autobuild-Date: Tue Sep 6 20:03:56 CEST 2011 on sn-devel-104 (cherry picked from commit fd65e5eb8cdd38917a574734c9079cd75e4e1be0) --- source3/winbindd/winbindd_msrpc.c | 21 ++++++++++++++------- source3/winbindd/winbindd_proto.h | 7 ------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 921cdb5..f4e3943 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -35,6 +35,13 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND +static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + uint32_t num_names, + const char **names, + const char ***domains, + struct dom_sid **sids, + enum lsa_SidType **types); /* Query display info for a domain. This returns enough information plus a bit extra to give an overview of domain users for the User Manager @@ -1154,13 +1161,13 @@ typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, enum lsa_SidType **types, NTSTATUS *result); -NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, - struct winbindd_domain *domain, - uint32_t num_names, - const char **names, - const char ***domains, - struct dom_sid **sids, - enum lsa_SidType **types) +static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + uint32_t num_names, + const char **names, + const char ***domains, + struct dom_sid **sids, + enum lsa_SidType **types) { NTSTATUS status; NTSTATUS result; diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 41292d4..4a65087 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -47,13 +47,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, char ***domains, char ***names, enum lsa_SidType **types); -NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, - struct winbindd_domain *domain, - uint32_t num_names, - const char **names, - const char ***domains, - struct dom_sid **sids, - enum lsa_SidType **types); NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, struct lsa_SidArray *sids, -- 1.7.11.7 From c7e91c9d5ff3377a4584c171706d9dbe9a7fb770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 14:53:27 +0100 Subject: [PATCH 02/10] s3-rpc_cli: Remove some unused wrapping code. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/rpc_client/cli_lsarpc.c | 59 ----------------------------------------- source3/rpc_client/cli_lsarpc.h | 17 ------------ 2 files changed, 76 deletions(-) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 99e0262..d294c95 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -539,35 +539,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, result); } -NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes) -{ - NTSTATUS status; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - status = dcerpc_lsa_lookup_sids_generic(cli->binding_handle, - mem_ctx, - pol, - num_sids, - sids, - pdomains, - pnames, - ptypes, - true, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - return result; -} - /** Lookup a list of names */ static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, @@ -790,33 +761,3 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, true, result); } - -NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_names, - const char **names, - const char ***dom_names, - int level, - struct dom_sid **sids, - enum lsa_SidType **types) -{ - NTSTATUS status; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - status = dcerpc_lsa_lookup_names4(cli->binding_handle, - mem_ctx, - pol, - num_names, - names, - dom_names, - level, - sids, - types, - &result); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - return result; -} diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h index a26193e..878c3f4 100644 --- a/source3/rpc_client/cli_lsarpc.h +++ b/source3/rpc_client/cli_lsarpc.h @@ -158,15 +158,6 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, char ***pnames, enum lsa_SidType **ptypes, NTSTATUS *result); -NTSTATUS rpccli_lsa_lookup_sids3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes); - NTSTATUS dcerpc_lsa_lookup_names(struct dcerpc_binding_handle *h, TALLOC_CTX *mem_ctx, struct policy_handle *pol, @@ -196,14 +187,6 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, struct dom_sid **sids, enum lsa_SidType **types, NTSTATUS *result); -NTSTATUS rpccli_lsa_lookup_names4(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, int num_names, - const char **names, - const char ***dom_names, - int level, - struct dom_sid **sids, - enum lsa_SidType **types); bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); -- 1.7.11.7 From 45fb7fcff5f73f1819e44a44fe8b612393a5dd08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 16:57:24 +0100 Subject: [PATCH 03/10] s3-winbindd: add cm_connect_lsat(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/winbindd/winbindd_cm.c | 31 +++++++++++++++++++++++++++++++ source3/winbindd/winbindd_proto.h | 4 ++++ 2 files changed, 35 insertions(+) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index d129e1f..2f26df4 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2564,6 +2564,37 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, } /**************************************************************************** +Open a LSA connection to a DC, suiteable for LSA lookup calls. +****************************************************************************/ + +NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli, + struct policy_handle *lsa_policy) +{ + NTSTATUS status; + + if (domain->can_do_ncacn_ip_tcp) { + status = cm_connect_lsa_tcp(domain, mem_ctx, cli); + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { + invalidate_cm_connection(&domain->conn); + status = cm_connect_lsa_tcp(domain, mem_ctx, cli); + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return NT_STATUS_OK; + } + + status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy); + + return status; +} + +/**************************************************************************** Open the netlogon pipe to this DC. Use schannel if specified in client conf. session key stored in conn->netlogon_pipe->dc->sess_key. ****************************************************************************/ diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 4a65087..a38d54c 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -163,6 +163,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli); +NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli, + struct policy_handle *lsa_policy); NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, struct rpc_pipe_client **cli); bool fetch_current_dc_from_gencache(TALLOC_CTX *mem_ctx, -- 1.7.11.7 From f17833ce40e87db30ca90a9c0dfe77c27b016aca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 16:57:57 +0100 Subject: [PATCH 04/10] s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/rpc_client/cli_lsarpc.c | 20 ++++++++++---------- source3/rpc_client/cli_lsarpc.h | 11 ++++++++++- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index d294c95..e573aef 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -330,16 +330,16 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h, * at 20480 for win2k3, but we keep it at a save 1000 for now. */ #define LOOKUP_SIDS_HUNK_SIZE 1000 -static NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes, - bool use_lookupsids3, - NTSTATUS *presult) +NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + int num_sids, + const struct dom_sid *sids, + char ***pdomains, + char ***pnames, + enum lsa_SidType **ptypes, + bool use_lookupsids3, + NTSTATUS *presult) { NTSTATUS status = NT_STATUS_OK; NTSTATUS result = NT_STATUS_OK; diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h index 878c3f4..5e76ba3 100644 --- a/source3/rpc_client/cli_lsarpc.h +++ b/source3/rpc_client/cli_lsarpc.h @@ -125,7 +125,16 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, char ***pdomains, char ***pnames, enum lsa_SidType **ptypes); - +NTSTATUS dcerpc_lsa_lookup_sids_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + int num_sids, + const struct dom_sid *sids, + char ***pdomains, + char ***pnames, + enum lsa_SidType **ptypes, + bool use_lookupsids3, + NTSTATUS *presult); /** * @brief Look up the names that correspond to an array of sids. * -- 1.7.11.7 From 50c986799b3b05de60fe0c616f2fbf30d5a8e393 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 17:00:49 +0100 Subject: [PATCH 05/10] s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/rpc_client/cli_lsarpc.c | 22 +++++++++++----------- source3/rpc_client/cli_lsarpc.h | 11 +++++++++++ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e573aef..330774d 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -541,17 +541,17 @@ NTSTATUS dcerpc_lsa_lookup_sids3(struct dcerpc_binding_handle *h, /** Lookup a list of names */ -static NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - uint32_t num_names, - const char **names, - const char ***dom_names, - enum lsa_LookupNamesLevel level, - struct dom_sid **sids, - enum lsa_SidType **types, - bool use_lookupnames4, - NTSTATUS *presult) +NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + uint32_t num_names, + const char **names, + const char ***dom_names, + enum lsa_LookupNamesLevel level, + struct dom_sid **sids, + enum lsa_SidType **types, + bool use_lookupnames4, + NTSTATUS *presult) { NTSTATUS status; struct lsa_String *lsa_names = NULL; diff --git a/source3/rpc_client/cli_lsarpc.h b/source3/rpc_client/cli_lsarpc.h index 5e76ba3..36afe0b 100644 --- a/source3/rpc_client/cli_lsarpc.h +++ b/source3/rpc_client/cli_lsarpc.h @@ -196,6 +196,17 @@ NTSTATUS dcerpc_lsa_lookup_names4(struct dcerpc_binding_handle *h, struct dom_sid **sids, enum lsa_SidType **types, NTSTATUS *result); +NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h, + TALLOC_CTX *mem_ctx, + struct policy_handle *pol, + uint32_t num_names, + const char **names, + const char ***dom_names, + enum lsa_LookupNamesLevel level, + struct dom_sid **sids, + enum lsa_SidType **types, + bool use_lookupnames4, + NTSTATUS *presult); bool fetch_domain_sid( char *domain, char *remote_machine, struct dom_sid *psid); -- 1.7.11.7 From d000ae742a1c63ddf5d36ad0a3968026149b4886 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 17:03:40 +0100 Subject: [PATCH 06/10] s3-winbindd: remove lookup_names_fn_t. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/winbindd/winbindd_msrpc.c | 36 +++++++++++++----------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index f4e3943..889d9a8 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1150,17 +1150,6 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - uint32_t num_names, - const char **names, - const char ***dom_names, - enum lsa_LookupNamesLevel level, - struct dom_sid **sids, - enum lsa_SidType **types, - NTSTATUS *result); - static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, uint32_t num_names, @@ -1175,12 +1164,12 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct dcerpc_binding_handle *b = NULL; struct policy_handle lsa_policy; unsigned int orig_timeout = 0; - lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names; + bool use_lookupnames4 = false; if (domain->can_do_ncacn_ip_tcp) { status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); if (NT_STATUS_IS_OK(status)) { - lookup_names_fn = dcerpc_lsa_lookup_names4; + use_lookupnames4 = true; goto lookup; } domain->can_do_ncacn_ip_tcp = false; @@ -1201,16 +1190,17 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, */ orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); - status = lookup_names_fn(b, - mem_ctx, - &lsa_policy, - num_names, - (const char **) names, - domains, - 1, - sids, - types, - &result); + status = dcerpc_lsa_lookup_names_generic(b, + mem_ctx, + &lsa_policy, + num_names, + (const char **) names, + domains, + 1, + sids, + types, + use_lookupnames4, + &result); /* And restore our original timeout. */ dcerpc_binding_handle_set_timeout(b, orig_timeout); -- 1.7.11.7 From 478419fa36e10d32a27eedfb67a3c711fec8411d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 28 Nov 2012 20:41:21 +0100 Subject: [PATCH 07/10] s3-winbindd: remove lookup_sids_fn_t. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/winbindd/winbindd_msrpc.c | 33 ++++++++++++--------------------- 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 889d9a8..4bee586 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1064,16 +1064,6 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, return status; } -typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h, - TALLOC_CTX *mem_ctx, - struct policy_handle *pol, - int num_sids, - const struct dom_sid *sids, - char ***pdomains, - char ***pnames, - enum lsa_SidType **ptypes, - NTSTATUS *result); - NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, uint32_t num_sids, @@ -1088,12 +1078,12 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct dcerpc_binding_handle *b = NULL; struct policy_handle lsa_policy; unsigned int orig_timeout; - lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids; + bool use_lookupsids3 = false; if (domain->can_do_ncacn_ip_tcp) { status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); if (NT_STATUS_IS_OK(status)) { - lookup_sids_fn = dcerpc_lsa_lookup_sids3; + use_lookupsids3 = true; goto lookup; } domain->can_do_ncacn_ip_tcp = false; @@ -1114,15 +1104,16 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, */ orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); - status = lookup_sids_fn(b, - mem_ctx, - &lsa_policy, - num_sids, - sids, - domains, - names, - types, - &result); + status = dcerpc_lsa_lookup_sids_generic(b, + mem_ctx, + &lsa_policy, + num_sids, + sids, + domains, + names, + types, + use_lookupsids3, + &result); /* And restore our original timeout. */ dcerpc_binding_handle_set_timeout(b, orig_timeout); -- 1.7.11.7 From 2271fc6684c4e4246230762dcfeb9d9d3fc1d6dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 29 Nov 2012 12:03:16 +0100 Subject: [PATCH 08/10] s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/winbindd/winbindd_msrpc.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 4bee586..97751c6 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1079,24 +1079,20 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct policy_handle lsa_policy; unsigned int orig_timeout; bool use_lookupsids3 = false; + bool retried = false; - if (domain->can_do_ncacn_ip_tcp) { - status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); - if (NT_STATUS_IS_OK(status)) { - use_lookupsids3 = true; - goto lookup; - } - domain->can_do_ncacn_ip_tcp = false; - } - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - + connect: + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } - lookup: b = cli->binding_handle; + if (cli->transport->transport == NCACN_IP_TCP) { + use_lookupsids3 = true; + } + /* * This call can take a long time * allow the server to time out. @@ -1119,7 +1115,8 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, dcerpc_binding_handle_set_timeout(b, orig_timeout); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || - NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1127,6 +1124,11 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, * a netlogon connection first. */ invalidate_cm_connection(&domain->conn); + domain->can_do_ncacn_ip_tcp = domain->active_directory; + if (!retried) { + retried = true; + goto connect; + } status = NT_STATUS_ACCESS_DENIED; } -- 1.7.11.7 From 443371e8ffc9d87d25e1da7d5ce46bd877e8164a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 29 Nov 2012 12:03:53 +0100 Subject: [PATCH 09/10] s3-winbindd: rework reconnect logic in winbindd_lookup_names(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Guenther Signed-off-by: Günther Deschner --- source3/winbindd/winbindd_msrpc.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 97751c6..b14a4f8 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -1158,24 +1158,20 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct policy_handle lsa_policy; unsigned int orig_timeout = 0; bool use_lookupnames4 = false; + bool retried = false; - if (domain->can_do_ncacn_ip_tcp) { - status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); - if (NT_STATUS_IS_OK(status)) { - use_lookupnames4 = true; - goto lookup; - } - domain->can_do_ncacn_ip_tcp = false; - } - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); - + connect: + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } - lookup: b = cli->binding_handle; + if (cli->transport->transport == NCACN_IP_TCP) { + use_lookupnames4 = true; + } + /* * This call can take a long time * allow the server to time out. @@ -1199,7 +1195,8 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, dcerpc_binding_handle_set_timeout(b, orig_timeout); if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || - NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || + NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1207,6 +1204,10 @@ static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, * a netlogon connection first. */ invalidate_cm_connection(&domain->conn); + if (!retried) { + retried = true; + goto connect; + } status = NT_STATUS_ACCESS_DENIED; } -- 1.7.11.7 From 165b32dba363fdd13d234f18fab88b96d9ae7abb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 29 Nov 2012 14:31:19 +0100 Subject: [PATCH 10/10] s3-winbind: use new reconnect logic in rpc_lookup_sids() also. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Volker, please check. Guenther Signed-off-by: Günther Deschner --- source3/winbindd/winbindd_rpc.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index bf438a6..9a95e57 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -1033,6 +1033,7 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, + struct rpc_pipe_client *cli, struct lsa_SidArray *sids, struct lsa_RefDomainList **pdomains, struct lsa_TransNameArray **pnames) @@ -1040,15 +1041,8 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, struct lsa_TransNameArray2 lsa_names2; struct lsa_TransNameArray *names; uint32_t i, count; - struct rpc_pipe_client *cli; NTSTATUS status, result; - status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli); - if (!NT_STATUS_IS_OK(status)) { - domain->can_do_ncacn_ip_tcp = false; - return status; - } - ZERO_STRUCT(lsa_names2); status = dcerpc_lsa_LookupSids3(cli->binding_handle, mem_ctx, @@ -1098,19 +1092,16 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, uint32_t count; NTSTATUS status, result; - if (domain->can_do_ncacn_ip_tcp) { - status = rpc_try_lookup_sids3(mem_ctx, domain, sids, - pdomains, pnames); - if (!NT_STATUS_IS_ERR(status)) { - return status; - } - } - - status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(status)) { return status; } + if (cli->transport->transport == NCACN_IP_TCP) { + return rpc_try_lookup_sids3(mem_ctx, domain, cli, sids, + pdomains, pnames); + } + names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray); if (names == NULL) { return NT_STATUS_NO_MEMORY; -- 1.7.11.7