s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally

The idea here is that perhaps some real client relies on this (and not just Samba torture
commands), so we need a way to support it for the 4.6 release.

If no such client emerges, it can be deprecated and removed in the normal way.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml
new file mode 100644 (file)
index 0000000..d67be29
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="lsa over netlogon"
+                 context="G"
+                 type="boolean"
+                 deprecated="1"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+       <para>Setting this deprecated option will allow the RPC server
+       in the AD DC to answer the LSARPC interface on the
+       <command>\pipe\netlogon</command> IPC pipe.</para>
+
+       <para>When enabled, this matches the behaviour of Microsoft's
+       Windows, due to their internal implementation choices.</para>
+
+       <para>If it is disabled (the default), the AD DC can offer
+       improved performance, as the netlogon server is decoupled and
+       can run as multiple processes.</para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>

diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
index 7ca18a8483c42aa8fbf4d39dccb4323e69abc418..fe5ca0bc5e9bb157ba0c63a2dd4bdd6733f694c9 100644 (file)
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm
@@ -262,8 +262,11 @@ NTSTATUS dcerpc_server_$name\_init(void)
            .name = \"$name\",
 
            /* fill in all the operations */
+#ifdef DCESRV_INTERFACE_$uname\_INIT_SERVER
+           .init_server = DCESRV_INTERFACE_$uname\_INIT_SERVER,
+#else
            .init_server = $name\__op_init_server,
-
+#endif
            .interface_by_uuid = $name\__op_interface_by_uuid,
            .interface_by_name = $name\__op_interface_by_name
        };

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index c7a2c407a58e629c113c683c5d550e647fcd5a40..2aa700619d6763b3eb0f5f6b3f53171bfdd7897d 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -43,6 +43,27 @@ static NTSTATUS dcesrv_interface_lsarpc_bind(struct dcesrv_call_state *dce_call,
        return dcesrv_interface_bind_reject_connect(dce_call, iface);
 }
 
+static NTSTATUS lsarpc__op_init_server(struct dcesrv_context *dce_ctx,
+                                      const struct dcesrv_endpoint_server *ep_server);
+static const struct dcesrv_interface dcesrv_lsarpc_interface;
+
+#define DCESRV_INTERFACE_LSARPC_INIT_SERVER    \
+       dcesrv_interface_lsarpc_init_server
+static NTSTATUS dcesrv_interface_lsarpc_init_server(struct dcesrv_context *dce_ctx,
+                                                   const struct dcesrv_endpoint_server *ep_server)
+{
+       if (lpcfg_lsa_over_netlogon(dce_ctx->lp_ctx)) {
+               NTSTATUS ret = dcesrv_interface_register(dce_ctx,
+                                               "ncacn_np:[\\pipe\\netlogon]",
+                                               &dcesrv_lsarpc_interface, NULL);
+               if (!NT_STATUS_IS_OK(ret)) {
+                       DEBUG(1,("lsarpc_op_init_server: failed to register endpoint '\\pipe\\netlogon'\n"));
+                       return ret;
+               }
+       }
+       return lsarpc__op_init_server(dce_ctx, ep_server);
+}
+
 /*
   this type allows us to distinguish handle types
 */