s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_noauth_transport()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 59fb9dbdebb8564238991031a0a27f86834dd5e8..8a17107617cc923a25f9cd5c5ba8dd226d085306 100644 (file)
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -401,11 +401,16 @@ static NTSTATUS winexe_svc_install(
        bool need_conf = false;
        NTSTATUS status;
        WERROR werr;
+       const char *remote_name = smbXcli_conn_remote_name(cli->conn);
+       const struct sockaddr_storage *remote_sockaddr =
+               smbXcli_conn_remote_sockaddr(cli->conn);
 
        status = cli_rpc_pipe_open_noauth_transport(
                cli,
                NCACN_NP,
                &ndr_table_svcctl,
+               remote_name,
+               remote_sockaddr,
                &rpccli);
        if (!NT_STATUS_IS_OK(status)) {
                DBG_WARNING("cli_rpc_pipe_open_noauth_transport failed: %s\n",
@@ -416,7 +421,7 @@ static NTSTATUS winexe_svc_install(
        status = dcerpc_svcctl_OpenSCManagerW(
                rpccli->binding_handle,
                frame,
-               smbXcli_conn_remote_name(cli->conn),
+               remote_name,
                NULL,
                SEC_FLAG_MAXIMUM_ALLOWED,
                &scmanager_handle,
@@ -717,11 +722,16 @@ static NTSTATUS winexe_svc_uninstall(
        struct SERVICE_STATUS service_status;
        NTSTATUS status;
        WERROR werr;
+       const char *remote_name = smbXcli_conn_remote_name(cli->conn);
+       const struct sockaddr_storage *remote_sockaddr =
+               smbXcli_conn_remote_sockaddr(cli->conn);
 
        status = cli_rpc_pipe_open_noauth_transport(
                cli,
                NCACN_NP,
                &ndr_table_svcctl,
+               remote_name,
+               remote_sockaddr,
                &rpccli);
        if (!NT_STATUS_IS_OK(status)) {
                DBG_WARNING("cli_rpc_pipe_open_noauth_transport failed: %s\n",
@@ -732,7 +742,7 @@ static NTSTATUS winexe_svc_uninstall(
        status = dcerpc_svcctl_OpenSCManagerW(
                rpccli->binding_handle,
                frame,
-               smbXcli_conn_remote_name(cli->conn),
+               remote_name,
                NULL,
                SEC_FLAG_MAXIMUM_ALLOWED,
                &scmanager_handle,

diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 175f83d67501fa92c083d721040ea7145f91403d..c5a967a64a443268d0dfd5dd32336cc015c93e30 100644 (file)
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -168,6 +168,8 @@ NTSTATUS rpccli_setup_netlogon_creds_locked(
        const struct samr_Password *nt_hashes[2] = { NULL, NULL };
        uint8_t idx_nt_hashes = 0;
        NTSTATUS status;
+       const char *remote_name = NULL;
+       const struct sockaddr_storage *remote_sockaddr = NULL;
 
        status = netlogon_creds_cli_get(creds_ctx, frame, &creds);
        if (NT_STATUS_IS_OK(status)) {
@@ -177,10 +179,16 @@ NTSTATUS rpccli_setup_netlogon_creds_locked(
                        action = "overwrite";
                }
 
+               if (cli != NULL) {
+                       remote_name = smbXcli_conn_remote_name(cli->conn);
+               } else {
+                       remote_name = "<UNKNOWN>";
+               }
+
                DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n",
                         __FUNCTION__, action,
                         creds->account_name, creds->computer_name,
-                        smbXcli_conn_remote_name(cli->conn)));
+                        remote_name));
                if (!force_reauth) {
                        goto done;
                }
@@ -200,14 +208,19 @@ NTSTATUS rpccli_setup_netlogon_creds_locked(
                num_nt_hashes = 2;
        }
 
+       remote_name = smbXcli_conn_remote_name(cli->conn);
+       remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
+
        status = cli_rpc_pipe_open_noauth_transport(cli,
                                                    transport,
                                                    &ndr_table_netlogon,
+                                                   remote_name,
+                                                   remote_sockaddr,
                                                    &netlogon_pipe);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n",
                         __FUNCTION__,
-                        smbXcli_conn_remote_name(cli->conn),
+                        remote_name,
                         nt_errstr(status)));
                TALLOC_FREE(frame);
                return status;
@@ -233,7 +246,7 @@ NTSTATUS rpccli_setup_netlogon_creds_locked(
        DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n",
                 __FUNCTION__,
                 creds->account_name, creds->computer_name,
-                smbXcli_conn_remote_name(cli->conn)));
+                remote_name));
 
 done:
        if (negotiate_flags != NULL) {
@@ -293,6 +306,8 @@ NTSTATUS rpccli_connect_netlogon(
        struct rpc_pipe_client *rpccli;
        NTSTATUS status;
        bool retry = false;
+       const char *remote_name = NULL;
+       const struct sockaddr_storage *remote_sockaddr = NULL;
 
        sec_chan_type = cli_credentials_get_secure_channel_type(trust_creds);
        if (sec_chan_type == SEC_CHAN_NULL) {
@@ -411,8 +426,15 @@ again:
                        goto fail;
                }
 
-               status = cli_rpc_pipe_open_noauth_transport(
-                       cli, transport, &ndr_table_netlogon, &rpccli);
+               remote_name = smbXcli_conn_remote_name(cli->conn);
+               remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
+
+               status = cli_rpc_pipe_open_noauth_transport(cli,
+                                                           transport,
+                                                           &ndr_table_netlogon,
+                                                           remote_name,
+                                                           remote_sockaddr,
+                                                           &rpccli);
                if (!NT_STATUS_IS_OK(status)) {
                        DBG_DEBUG("cli_rpc_pipe_open_noauth_transport "
                                  "failed: %s\n", nt_errstr(status));

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 7ed48023357efbf1daa7221ba42f9770901d726e..3ed0a47ab01eb449b86c1f1e316cde1a4b6a5c48 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -3160,15 +3160,13 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
 NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
                                            enum dcerpc_transport_t transport,
                                            const struct ndr_interface_table *table,
+                                           const char *remote_name,
+                                           const struct sockaddr_storage *remote_sockaddr,
                                            struct rpc_pipe_client **presult)
 {
        struct rpc_pipe_client *result;
        struct pipe_auth_data *auth;
        NTSTATUS status;
-       const char *remote_name = smbXcli_conn_remote_name(cli->conn);
-       const struct sockaddr_storage *remote_sockaddr =
-               smbXcli_conn_remote_sockaddr(cli->conn);
-
 
        status = cli_rpc_pipe_open(cli,
                                   transport,
@@ -3243,8 +3241,15 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
                                  const struct ndr_interface_table *table,
                                  struct rpc_pipe_client **presult)
 {
+       const char *remote_name = smbXcli_conn_remote_name(cli->conn);
+       const struct sockaddr_storage *remote_sockaddr =
+               smbXcli_conn_remote_sockaddr(cli->conn);
+
        return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
-                                                 table, presult);
+                                                 table,
+                                                 remote_name,
+                                                 remote_sockaddr,
+                                                 presult);
 }
 
 /****************************************************************************

diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 7547ea095e61ad7a0fffe551d571eccca292bd8f..151d8a8777cfcad810e48ed0b7395d86cc586fb9 100644 (file)
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -64,6 +64,8 @@ NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
 NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
                                            enum dcerpc_transport_t transport,
                                            const struct ndr_interface_table *table,
+                                           const char *remote_name,
+                                           const struct sockaddr_storage *remote_sockaddr,
                                            struct rpc_pipe_client **presult);
 
 /****************************************************************************

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 379fa3872eafe53bb26d76336952df0ec79784e0..7acede8518558531834b83a63b71eae281504668 100644 (file)
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -879,9 +879,45 @@ static NTSTATUS do_cmd(struct cli_state *cli,
        enum dcerpc_transport_t transport;
 
        TALLOC_CTX *mem_ctx = talloc_stackframe();
+       const char *remote_name = NULL;
+       const struct sockaddr_storage *remote_sockaddr = NULL;
+       struct sockaddr_storage remote_ss = {
+               .ss_family = AF_UNSPEC,
+       };
 
        transport = dcerpc_binding_get_transport(binding);
 
+       if (cli != NULL) {
+               remote_name = smbXcli_conn_remote_name(cli->conn);
+               remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
+       } else {
+               const char *remote_host =
+                       dcerpc_binding_get_string_option(binding, "host");
+               remote_name = dcerpc_binding_get_string_option(
+                               binding, "target_hostname");
+
+               if (remote_host != NULL) {
+                       int af = AF_UNSPEC;
+
+                       if (remote_name == NULL) {
+                               remote_name = dcerpc_binding_get_string_option(
+                                               binding, "host");
+                       }
+
+                       if (is_ipaddress_v4(remote_host)) {
+                               af = AF_INET;
+                       } else if (is_ipaddress_v6(remote_host)) {
+                               af = AF_INET6;
+                       }
+                       if (af != AF_UNSPEC) {
+                               int ok = inet_pton(af, remote_host, &remote_ss);
+                               if (ok) {
+                                       remote_sockaddr = &remote_ss;
+                               }
+                       }
+               }
+       }
+
        /* Open pipe */
 
        if ((cmd_entry->table != NULL) && (cmd_entry->rpc_pipe == NULL)) {
@@ -906,6 +942,8 @@ static NTSTATUS do_cmd(struct cli_state *cli,
                                ntresult = cli_rpc_pipe_open_noauth_transport(
                                        cli, transport,
                                        cmd_entry->table,
+                                       remote_name,
+                                       remote_sockaddr,
                                        &cmd_entry->rpc_pipe);
                                break;
                        case DCERPC_AUTH_TYPE_SPNEGO:

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 3f46c6f4dad864cb9da5fab4636be3a79938ca5d..f529f455cc65e9b75222b70861c57dfc2b8c1306 100644 (file)
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -3070,6 +3070,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
 
        sec_chan_type = cli_credentials_get_secure_channel_type(creds);
        if (sec_chan_type == SEC_CHAN_NULL) {
+               const char *remote_name =
+                       smbXcli_conn_remote_name(conn->cli->conn);
+               const struct sockaddr_storage *remote_sockaddr =
+                       smbXcli_conn_remote_sockaddr(conn->cli->conn);
+
                if (transport == NCACN_IP_TCP) {
                        DBG_NOTICE("get_secure_channel_type gave SEC_CHAN_NULL "
                                   "for %s, deny NCACN_IP_TCP and let the "
@@ -3086,6 +3091,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
                        conn->cli,
                        transport,
                        &ndr_table_netlogon,
+                       remote_name,
+                       remote_sockaddr,
                        &conn->netlogon_pipe);
                if (!NT_STATUS_IS_OK(result)) {
                        invalidate_cm_connection(domain);