From bb3e0ce8fc932f5146044c548730f454a0119800 Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Thu, 18 Nov 2021 11:31:00 +0100 Subject: [PATCH] s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_noauth_transport() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767 Pair-Programmed-With: Andreas Schneider Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher --- examples/winexe/winexe.c | 14 ++++++++++-- source3/rpc_client/cli_netlogon.c | 32 ++++++++++++++++++++++---- source3/rpc_client/cli_pipe.c | 15 ++++++++---- source3/rpc_client/cli_pipe.h | 2 ++ source3/rpcclient/rpcclient.c | 38 +++++++++++++++++++++++++++++++ source3/winbindd/winbindd_cm.c | 7 ++++++ 6 files changed, 96 insertions(+), 12 deletions(-) diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c index 59fb9dbdebb..8a17107617c 100644 --- a/examples/winexe/winexe.c +++ b/examples/winexe/winexe.c @@ -401,11 +401,16 @@ static NTSTATUS winexe_svc_install( bool need_conf = false; NTSTATUS status; WERROR werr; + const char *remote_name = smbXcli_conn_remote_name(cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(cli->conn); status = cli_rpc_pipe_open_noauth_transport( cli, NCACN_NP, &ndr_table_svcctl, + remote_name, + remote_sockaddr, &rpccli); if (!NT_STATUS_IS_OK(status)) { DBG_WARNING("cli_rpc_pipe_open_noauth_transport failed: %s\n", @@ -416,7 +421,7 @@ static NTSTATUS winexe_svc_install( status = dcerpc_svcctl_OpenSCManagerW( rpccli->binding_handle, frame, - smbXcli_conn_remote_name(cli->conn), + remote_name, NULL, SEC_FLAG_MAXIMUM_ALLOWED, &scmanager_handle, @@ -717,11 +722,16 @@ static NTSTATUS winexe_svc_uninstall( struct SERVICE_STATUS service_status; NTSTATUS status; WERROR werr; + const char *remote_name = smbXcli_conn_remote_name(cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(cli->conn); status = cli_rpc_pipe_open_noauth_transport( cli, NCACN_NP, &ndr_table_svcctl, + remote_name, + remote_sockaddr, &rpccli); if (!NT_STATUS_IS_OK(status)) { DBG_WARNING("cli_rpc_pipe_open_noauth_transport failed: %s\n", @@ -732,7 +742,7 @@ static NTSTATUS winexe_svc_uninstall( status = dcerpc_svcctl_OpenSCManagerW( rpccli->binding_handle, frame, - smbXcli_conn_remote_name(cli->conn), + remote_name, NULL, SEC_FLAG_MAXIMUM_ALLOWED, &scmanager_handle, diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 175f83d6750..c5a967a64a4 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -168,6 +168,8 @@ NTSTATUS rpccli_setup_netlogon_creds_locked( const struct samr_Password *nt_hashes[2] = { NULL, NULL }; uint8_t idx_nt_hashes = 0; NTSTATUS status; + const char *remote_name = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; status = netlogon_creds_cli_get(creds_ctx, frame, &creds); if (NT_STATUS_IS_OK(status)) { @@ -177,10 +179,16 @@ NTSTATUS rpccli_setup_netlogon_creds_locked( action = "overwrite"; } + if (cli != NULL) { + remote_name = smbXcli_conn_remote_name(cli->conn); + } else { + remote_name = ""; + } + DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n", __FUNCTION__, action, creds->account_name, creds->computer_name, - smbXcli_conn_remote_name(cli->conn))); + remote_name)); if (!force_reauth) { goto done; } @@ -200,14 +208,19 @@ NTSTATUS rpccli_setup_netlogon_creds_locked( num_nt_hashes = 2; } + remote_name = smbXcli_conn_remote_name(cli->conn); + remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); + status = cli_rpc_pipe_open_noauth_transport(cli, transport, &ndr_table_netlogon, + remote_name, + remote_sockaddr, &netlogon_pipe); if (!NT_STATUS_IS_OK(status)) { DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n", __FUNCTION__, - smbXcli_conn_remote_name(cli->conn), + remote_name, nt_errstr(status))); TALLOC_FREE(frame); return status; @@ -233,7 +246,7 @@ NTSTATUS rpccli_setup_netlogon_creds_locked( DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n", __FUNCTION__, creds->account_name, creds->computer_name, - smbXcli_conn_remote_name(cli->conn))); + remote_name)); done: if (negotiate_flags != NULL) { @@ -293,6 +306,8 @@ NTSTATUS rpccli_connect_netlogon( struct rpc_pipe_client *rpccli; NTSTATUS status; bool retry = false; + const char *remote_name = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds); if (sec_chan_type == SEC_CHAN_NULL) { @@ -411,8 +426,15 @@ again: goto fail; } - status = cli_rpc_pipe_open_noauth_transport( - cli, transport, &ndr_table_netlogon, &rpccli); + remote_name = smbXcli_conn_remote_name(cli->conn); + remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); + + status = cli_rpc_pipe_open_noauth_transport(cli, + transport, + &ndr_table_netlogon, + remote_name, + remote_sockaddr, + &rpccli); if (!NT_STATUS_IS_OK(status)) { DBG_DEBUG("cli_rpc_pipe_open_noauth_transport " "failed: %s\n", nt_errstr(status)); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 7ed48023357..3ed0a47ab01 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3160,15 +3160,13 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, enum dcerpc_transport_t transport, const struct ndr_interface_table *table, + const char *remote_name, + const struct sockaddr_storage *remote_sockaddr, struct rpc_pipe_client **presult) { struct rpc_pipe_client *result; struct pipe_auth_data *auth; NTSTATUS status; - const char *remote_name = smbXcli_conn_remote_name(cli->conn); - const struct sockaddr_storage *remote_sockaddr = - smbXcli_conn_remote_sockaddr(cli->conn); - status = cli_rpc_pipe_open(cli, transport, @@ -3243,8 +3241,15 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, const struct ndr_interface_table *table, struct rpc_pipe_client **presult) { + const char *remote_name = smbXcli_conn_remote_name(cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(cli->conn); + return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP, - table, presult); + table, + remote_name, + remote_sockaddr, + presult); } /**************************************************************************** diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 7547ea095e6..151d8a8777c 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -64,6 +64,8 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli, enum dcerpc_transport_t transport, const struct ndr_interface_table *table, + const char *remote_name, + const struct sockaddr_storage *remote_sockaddr, struct rpc_pipe_client **presult); /**************************************************************************** diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 379fa3872ea..7acede85185 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -879,9 +879,45 @@ static NTSTATUS do_cmd(struct cli_state *cli, enum dcerpc_transport_t transport; TALLOC_CTX *mem_ctx = talloc_stackframe(); + const char *remote_name = NULL; + const struct sockaddr_storage *remote_sockaddr = NULL; + struct sockaddr_storage remote_ss = { + .ss_family = AF_UNSPEC, + }; transport = dcerpc_binding_get_transport(binding); + if (cli != NULL) { + remote_name = smbXcli_conn_remote_name(cli->conn); + remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn); + } else { + const char *remote_host = + dcerpc_binding_get_string_option(binding, "host"); + remote_name = dcerpc_binding_get_string_option( + binding, "target_hostname"); + + if (remote_host != NULL) { + int af = AF_UNSPEC; + + if (remote_name == NULL) { + remote_name = dcerpc_binding_get_string_option( + binding, "host"); + } + + if (is_ipaddress_v4(remote_host)) { + af = AF_INET; + } else if (is_ipaddress_v6(remote_host)) { + af = AF_INET6; + } + if (af != AF_UNSPEC) { + int ok = inet_pton(af, remote_host, &remote_ss); + if (ok) { + remote_sockaddr = &remote_ss; + } + } + } + } + /* Open pipe */ if ((cmd_entry->table != NULL) && (cmd_entry->rpc_pipe == NULL)) { @@ -906,6 +942,8 @@ static NTSTATUS do_cmd(struct cli_state *cli, ntresult = cli_rpc_pipe_open_noauth_transport( cli, transport, cmd_entry->table, + remote_name, + remote_sockaddr, &cmd_entry->rpc_pipe); break; case DCERPC_AUTH_TYPE_SPNEGO: diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3f46c6f4dad..f529f455cc6 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -3070,6 +3070,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, sec_chan_type = cli_credentials_get_secure_channel_type(creds); if (sec_chan_type == SEC_CHAN_NULL) { + const char *remote_name = + smbXcli_conn_remote_name(conn->cli->conn); + const struct sockaddr_storage *remote_sockaddr = + smbXcli_conn_remote_sockaddr(conn->cli->conn); + if (transport == NCACN_IP_TCP) { DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL " "for %s, deny NCACN_IP_TCP and let the " @@ -3086,6 +3091,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, conn->cli, transport, &ndr_table_netlogon, + remote_name, + remote_sockaddr, &conn->netlogon_pipe); if (!NT_STATUS_IS_OK(result)) { invalidate_cm_connection(domain); -- 2.34.1