diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-07-16 11:27:29 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:01:08 -0500 |
| commit | c86e98aa8070137834f0587b613e215db8802f27 (patch) | |
| tree | 1782cf9a4d8aefb40bc962adbb337da90b48682e /source4/winbind/wb_init_domain.c | |
| parent | 3ccf9ff2ab468d91b9843139df2dfdccbe24c7a1 (diff) | |
| download | samba-c86e98aa8070137834f0587b613e215db8802f27.tar.gz samba-c86e98aa8070137834f0587b613e215db8802f27.tar.bz2 samba-c86e98aa8070137834f0587b613e215db8802f27.zip | |
r23890: Allow wbinfo -a to work against Samba4's winbind.
Add a test for wbinfo -a to test_member.sh
Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to
use the same SamLogon code as auth_winbind uses.
In my previous code, we did not bind to the LSA and SAMR pipes, before
attempting operations. We now do this (how we passed any tests before
is beyond me).
This required some rework, particularly to make it easier to setup
secondary connections. The new rpc_secondary_auth_connection()
function also performs the bind.
The dcerpc_connect.c file was getting to big, so things have been
merged into dcerpc_secondary.c.
Andrew Bartlett
(This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
Diffstat (limited to 'source4/winbind/wb_init_domain.c')
| -rw-r--r-- | source4/winbind/wb_init_domain.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 69ea9c7533..cdc1491f2b 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -202,7 +202,7 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx) talloc_get_type(ctx->async.private_data, struct init_domain_state); - state->ctx->status = dcerpc_pipe_connect_b_recv(ctx, state, + state->ctx->status = dcerpc_pipe_connect_b_recv(ctx, state->domain, &state->domain->netlogon_pipe); if (!composite_is_ok(state->ctx)) { @@ -224,13 +224,17 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx) /* this will make the secondary connection on the same IPC$ share, secured with SPNEGO or NTLMSSP */ - ctx = dcerpc_secondary_connection_send(state->domain->netlogon_pipe, - state->domain->lsa_binding); + ctx = dcerpc_secondary_auth_connection_send(state->domain->netlogon_pipe, + state->domain->lsa_binding, + &dcerpc_table_lsarpc, + state->domain->schannel_creds + ); composite_continue(state->ctx, ctx, init_domain_recv_lsa_pipe, state); } static bool retry_with_schannel(struct init_domain_state *state, struct dcerpc_binding *binding, + const struct dcerpc_interface_table *table, void (*continuation)(struct composite_context *)) { struct composite_context *ctx; @@ -246,8 +250,10 @@ static bool retry_with_schannel(struct init_domain_state *state, /* Try again, likewise on the same IPC$ share, secured with SCHANNEL */ - ctx = dcerpc_secondary_connection_send(state->domain->netlogon_pipe, - binding); + ctx = dcerpc_secondary_auth_connection_send(state->domain->netlogon_pipe, + binding, + table, + state->domain->schannel_creds); composite_continue(state->ctx, ctx, continuation, state); return true; } else { @@ -264,10 +270,11 @@ static void init_domain_recv_lsa_pipe(struct composite_context *ctx) talloc_get_type(ctx->async.private_data, struct init_domain_state); - state->ctx->status = dcerpc_secondary_connection_recv(ctx, - &state->domain->lsa_pipe); + state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state->domain, + &state->domain->lsa_pipe); if (NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_LOGON_FAILURE)) { if (retry_with_schannel(state, state->domain->lsa_binding, + &dcerpc_table_lsarpc, init_domain_recv_lsa_pipe)) { return; } @@ -307,6 +314,7 @@ static void init_domain_recv_lsa_policy(struct rpc_request *req) if ((!NT_STATUS_IS_OK(state->ctx->status) || !NT_STATUS_IS_OK(state->lsa_openpolicy.out.result))) { if (retry_with_schannel(state, state->domain->lsa_binding, + &dcerpc_table_lsarpc, init_domain_recv_lsa_pipe)) { return; } |