From 31d625bcd2b0cb33dd98a37c202f5b371b871362 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Dec 2016 09:06:25 +1300 Subject: [PATCH] s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally The idea here is that perhaps some real client relies on this (and not just Samba torture commands), so we need a way to support it for the 4.6 release. If no such client emerges, it can be deprecated and removed in the normal way. Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- .../smbdotconf/protocol/lsaovernetlogon.xml | 21 +++++++++++++++++++ pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm | 5 ++++- source4/rpc_server/lsa/dcesrv_lsa.c | 21 +++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 docs-xml/smbdotconf/protocol/lsaovernetlogon.xml diff --git a/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml new file mode 100644 index 00000000000..d67be29ae30 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/lsaovernetlogon.xml @@ -0,0 +1,21 @@ + + + Setting this deprecated option will allow the RPC server + in the AD DC to answer the LSARPC interface on the + \pipe\netlogon IPC pipe. + + When enabled, this matches the behaviour of Microsoft's + Windows, due to their internal implementation choices. + + If it is disabled (the default), the AD DC can offer + improved performance, as the netlogon server is decoupled and + can run as multiple processes. + + + +no + diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm index 7ca18a8483c..fe5ca0bc5e9 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm @@ -262,8 +262,11 @@ NTSTATUS dcerpc_server_$name\_init(void) .name = \"$name\", /* fill in all the operations */ +#ifdef DCESRV_INTERFACE_$uname\_INIT_SERVER + .init_server = DCESRV_INTERFACE_$uname\_INIT_SERVER, +#else .init_server = $name\__op_init_server, - +#endif .interface_by_uuid = $name\__op_interface_by_uuid, .interface_by_name = $name\__op_interface_by_name }; diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index c7a2c407a58..2aa700619d6 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -43,6 +43,27 @@ static NTSTATUS dcesrv_interface_lsarpc_bind(struct dcesrv_call_state *dce_call, return dcesrv_interface_bind_reject_connect(dce_call, iface); } +static NTSTATUS lsarpc__op_init_server(struct dcesrv_context *dce_ctx, + const struct dcesrv_endpoint_server *ep_server); +static const struct dcesrv_interface dcesrv_lsarpc_interface; + +#define DCESRV_INTERFACE_LSARPC_INIT_SERVER \ + dcesrv_interface_lsarpc_init_server +static NTSTATUS dcesrv_interface_lsarpc_init_server(struct dcesrv_context *dce_ctx, + const struct dcesrv_endpoint_server *ep_server) +{ + if (lpcfg_lsa_over_netlogon(dce_ctx->lp_ctx)) { + NTSTATUS ret = dcesrv_interface_register(dce_ctx, + "ncacn_np:[\\pipe\\netlogon]", + &dcesrv_lsarpc_interface, NULL); + if (!NT_STATUS_IS_OK(ret)) { + DEBUG(1,("lsarpc_op_init_server: failed to register endpoint '\\pipe\\netlogon'\n")); + return ret; + } + } + return lsarpc__op_init_server(dce_ctx, ep_server); +} + /* this type allows us to distinguish handle types */ -- 2.34.1