diff options
-rw-r--r-- | source3/winbindd/winbindd.h | 1 | ||||
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 59 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 3 |
3 files changed, 63 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index b61017e513..c0df6fde3e 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -115,6 +115,7 @@ struct winbindd_cm_conn { struct policy_handle sam_connect_handle, sam_domain_handle; struct rpc_pipe_client *lsa_pipe; + struct rpc_pipe_client *lsa_pipe_tcp; struct policy_handle lsa_policy; struct rpc_pipe_client *netlogon_pipe; diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 450bb1bc06..b430fbb401 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1561,6 +1561,14 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn) } } + if (conn->lsa_pipe_tcp != NULL) { + TALLOC_FREE(conn->lsa_pipe_tcp); + /* Ok, it must be dead. Drop timeout to 0.5 sec. */ + if (conn->cli) { + cli_set_timeout(conn->cli, 500); + } + } + if (conn->netlogon_pipe != NULL) { TALLOC_FREE(conn->netlogon_pipe); /* Ok, it must be dead. Drop timeout to 0.5 sec. */ @@ -2167,6 +2175,57 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, return result; } +/********************************************************************** + open an schanneld ncacn_ip_tcp connection to LSA +***********************************************************************/ + +NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli) +{ + struct winbindd_cm_conn *conn; + NTSTATUS status; + + DEBUG(10,("cm_connect_lsa_tcp\n")); + + status = init_dc_connection(domain); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + conn = &domain->conn; + + if (conn->lsa_pipe_tcp && + conn->lsa_pipe_tcp->transport->transport == NCACN_IP_TCP && + conn->lsa_pipe_tcp->auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) { + goto done; + } + + TALLOC_FREE(conn->lsa_pipe_tcp); + + status = cli_rpc_pipe_open_schannel(conn->cli, + &ndr_table_lsarpc.syntax_id, + NCACN_IP_TCP, + DCERPC_AUTH_LEVEL_PRIVACY, + domain->name, + &conn->lsa_pipe_tcp); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n", + nt_errstr(status))); + goto done; + } + + done: + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(conn->lsa_pipe_tcp); + return status; + } + + *cli = conn->lsa_pipe_tcp; + + return status; +} + NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, struct policy_handle *lsa_policy) { diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 427579faf1..49034d79b7 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -247,6 +247,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, struct policy_handle *sam_handle); NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, struct policy_handle *lsa_policy); +NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli); NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, struct rpc_pipe_client **cli); |