s3-winbindd: add cm_connect_lsa_tcp().

Guenther
(cherry picked from commit 58f2deb94024f002e3c3df47f45454edc97f47e1)

diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index f3733dc131d996dff6d15812df525817bfea11d6..32af6565b141be8579f0a851c37f84571db03eba 100644 (file)
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -122,6 +122,7 @@ struct winbindd_cm_conn {
        struct policy_handle sam_connect_handle, sam_domain_handle;
 
        struct rpc_pipe_client *lsa_pipe;
+       struct rpc_pipe_client *lsa_pipe_tcp;
        struct policy_handle lsa_policy;
 
        struct rpc_pipe_client *netlogon_pipe;

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 85333cf77a03f09f4d0fe520a6d5fa4d5431e294..d2dbcb4194861c80b07f2201f444b061462588fe 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1551,6 +1551,14 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn)
                }
        }
 
+       if (conn->lsa_pipe_tcp != NULL) {
+               TALLOC_FREE(conn->lsa_pipe_tcp);
+               /* Ok, it must be dead. Drop timeout to 0.5 sec. */
+               if (conn->cli) {
+                       cli_set_timeout(conn->cli, 500);
+               }
+       }
+
        if (conn->netlogon_pipe != NULL) {
                TALLOC_FREE(conn->netlogon_pipe);
                /* Ok, it must be dead. Drop timeout to 0.5 sec. */
@@ -2157,6 +2165,57 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        return result;
 }
 
+/**********************************************************************
+ open an schanneld ncacn_ip_tcp connection to LSA
+***********************************************************************/
+
+NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
+                           TALLOC_CTX *mem_ctx,
+                           struct rpc_pipe_client **cli)
+{
+       struct winbindd_cm_conn *conn;
+       NTSTATUS status;
+
+       DEBUG(10,("cm_connect_lsa_tcp\n"));
+
+       status = init_dc_connection(domain);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto done;
+       }
+
+       conn = &domain->conn;
+
+       if (conn->lsa_pipe_tcp &&
+           conn->lsa_pipe_tcp->transport->transport == NCACN_IP_TCP &&
+           conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+               goto done;
+       }
+
+       TALLOC_FREE(conn->lsa_pipe_tcp);
+
+       status = cli_rpc_pipe_open_schannel(conn->cli,
+                                           &ndr_table_lsarpc.syntax_id,
+                                           NCACN_IP_TCP,
+                                           PIPE_AUTH_LEVEL_PRIVACY,
+                                           domain->name,
+                                           &conn->lsa_pipe_tcp);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n",
+                       nt_errstr(status)));
+               goto done;
+       }
+
+ done:
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(conn->lsa_pipe_tcp);
+               return status;
+       }
+
+       *cli = conn->lsa_pipe_tcp;
+
+       return status;
+}
+
 NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                        struct rpc_pipe_client **cli, struct policy_handle *lsa_policy)
 {

diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index fceb463d72170e7e394dd139e04dd9a2ee6bada1..2aec595ddab66e3ee9ccf23406aa9ac8fbfca8ba 100644 (file)
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -227,6 +227,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                        struct rpc_pipe_client **cli, struct policy_handle *sam_handle);
 NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                        struct rpc_pipe_client **cli, struct policy_handle *lsa_policy);
+NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
+                           TALLOC_CTX *mem_ctx,
+                           struct rpc_pipe_client **cli);
 NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
                             struct rpc_pipe_client **cli);