s3-winbindd: add cm_connect_lsa_tcp().

Guenther
(cherry picked from commit 58f2deb94024f002e3c3df47f45454edc97f47e1)
(cherry picked from commit 7e4e12f120c666f31af042ab59fd9478017740ea)

diff --git a/source/winbindd/winbindd.h b/source/winbindd/winbindd.h
index d8e6ec4c7fcd63cc2b26d4bd783ce35100a20bfb..f97eed07fc3204887e8b2039c9de086fa1c958e0 100644 (file)
--- a/source/winbindd/winbindd.h
+++ b/source/winbindd/winbindd.h
@@ -122,6 +122,7 @@ struct winbindd_cm_conn {
        POLICY_HND sam_connect_handle, sam_domain_handle;
 
        struct rpc_pipe_client *lsa_pipe;
+       struct rpc_pipe_client *lsa_pipe_tcp;
        POLICY_HND lsa_policy;
 
        struct rpc_pipe_client *netlogon_pipe;

diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c
index 176104abce6ddfb0beddfe7aeb2fc83f21a2503a..2f823cb606613134c1e0da3e0f8eafc16dd3c8fb 100644 (file)
--- a/source/winbindd/winbindd_cm.c
+++ b/source/winbindd/winbindd_cm.c
@@ -1542,6 +1542,14 @@ void invalidate_cm_connection(struct winbindd_cm_conn *conn)
                }
        }
 
+       if (conn->lsa_pipe_tcp != NULL) {
+               TALLOC_FREE(conn->lsa_pipe_tcp);
+               /* Ok, it must be dead. Drop timeout to 0.5 sec. */
+               if (conn->cli) {
+                       cli_set_timeout(conn->cli, 500);
+               }
+       }
+
        if (conn->netlogon_pipe != NULL) {
                TALLOC_FREE(conn->netlogon_pipe);
                /* Ok, it must be dead. Drop timeout to 0.5 sec. */
@@ -2150,6 +2158,57 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
        return result;
 }
 
+/**********************************************************************
+ open an schanneld ncacn_ip_tcp connection to LSA
+***********************************************************************/
+
+NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
+                           TALLOC_CTX *mem_ctx,
+                           struct rpc_pipe_client **cli)
+{
+       struct winbindd_cm_conn *conn;
+       NTSTATUS status;
+
+       DEBUG(10,("cm_connect_lsa_tcp\n"));
+
+       status = init_dc_connection(domain);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto done;
+       }
+
+       conn = &domain->conn;
+
+       if (conn->lsa_pipe_tcp &&
+           conn->lsa_pipe_tcp->transport_type == NCACN_IP_TCP &&
+           conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+               goto done;
+       }
+
+       TALLOC_FREE(conn->lsa_pipe_tcp);
+
+       status = cli_rpc_pipe_open_schannel(conn->cli,
+                                           &ndr_table_lsarpc.syntax_id,
+                                           NCACN_IP_TCP,
+                                           PIPE_AUTH_LEVEL_PRIVACY,
+                                           domain->name,
+                                           &conn->lsa_pipe_tcp);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n",
+                       nt_errstr(status)));
+               goto done;
+       }
+
+ done:
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(conn->lsa_pipe_tcp);
+               return status;
+       }
+
+       *cli = conn->lsa_pipe_tcp;
+
+       return status;
+}
+
 NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                        struct rpc_pipe_client **cli, POLICY_HND *lsa_policy)
 {

diff --git a/source/winbindd/winbindd_proto.h b/source/winbindd/winbindd_proto.h
index 9203c5a9743b753ec0444792ef1a009e2c8239ab..53d424be5af7ed931ac4f63d0b0e1fddd8d97e9f 100644 (file)
--- a/source/winbindd/winbindd_proto.h
+++ b/source/winbindd/winbindd_proto.h
@@ -233,6 +233,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                        struct rpc_pipe_client **cli, POLICY_HND *sam_handle);
 NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
                        struct rpc_pipe_client **cli, POLICY_HND *lsa_policy);
+NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
+                           TALLOC_CTX *mem_ctx,
+                           struct rpc_pipe_client **cli);
 NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
                             struct rpc_pipe_client **cli);