diff options
-rw-r--r-- | source/winbindd/winbindd.h | 1 | ||||
-rw-r--r-- | source/winbindd/winbindd_cm.c | 59 | ||||
-rw-r--r-- | source/winbindd/winbindd_proto.h | 3 |
3 files changed, 63 insertions, 0 deletions
diff --git a/source/winbindd/winbindd.h b/source/winbindd/winbindd.h index d8e6ec4c7fc..f97eed07fc3 100644 --- a/source/winbindd/winbindd.h +++ b/source/winbindd/winbindd.h @@ -122,6 +122,7 @@ struct winbindd_cm_conn { POLICY_HND sam_connect_handle, sam_domain_handle; struct rpc_pipe_client *lsa_pipe; + struct rpc_pipe_client *lsa_pipe_tcp; POLICY_HND lsa_policy; struct rpc_pipe_client *netlogon_pipe; diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c index 176104abce6..2f823cb6066 100644 --- a/source/winbindd/winbindd_cm.c +++ b/source/winbindd/winbindd_cm.c @@ -1542,6 +1542,14 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn) } } + if (conn->lsa_pipe_tcp != NULL) { + TALLOC_FREE(conn->lsa_pipe_tcp); + /* Ok, it must be dead. Drop timeout to 0.5 sec. */ + if (conn->cli) { + cli_set_timeout(conn->cli, 500); + } + } + if (conn->netlogon_pipe != NULL) { TALLOC_FREE(conn->netlogon_pipe); /* Ok, it must be dead. Drop timeout to 0.5 sec. */ @@ -2150,6 +2158,57 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, return result; } +/********************************************************************** + open an schanneld ncacn_ip_tcp connection to LSA +***********************************************************************/ + +NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli) +{ + struct winbindd_cm_conn *conn; + NTSTATUS status; + + DEBUG(10,("cm_connect_lsa_tcp\n")); + + status = init_dc_connection(domain); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + conn = &domain->conn; + + if (conn->lsa_pipe_tcp && + conn->lsa_pipe_tcp->transport_type == NCACN_IP_TCP && + conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + goto done; + } + + TALLOC_FREE(conn->lsa_pipe_tcp); + + status = cli_rpc_pipe_open_schannel(conn->cli, + &ndr_table_lsarpc.syntax_id, + NCACN_IP_TCP, + PIPE_AUTH_LEVEL_PRIVACY, + domain->name, + &conn->lsa_pipe_tcp); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n", + nt_errstr(status))); + goto done; + } + + done: + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(conn->lsa_pipe_tcp); + return status; + } + + *cli = conn->lsa_pipe_tcp; + + return status; +} + NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, POLICY_HND *lsa_policy) { diff --git a/source/winbindd/winbindd_proto.h b/source/winbindd/winbindd_proto.h index 9203c5a9743..53d424be5af 100644 --- a/source/winbindd/winbindd_proto.h +++ b/source/winbindd/winbindd_proto.h @@ -233,6 +233,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, POLICY_HND *sam_handle); NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, struct rpc_pipe_client **cli, POLICY_HND *lsa_policy); +NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **cli); NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, struct rpc_pipe_client **cli); |