samba/samba-4.9-fix_net_ads_krb5....

From 01b912069337c8dd2eab6be006813dc7fbc2f882 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstephen@redhat.com>
Date: Mon, 17 Dec 2018 11:26:11 -0500
Subject: [PATCH] s3: net: Do not set NET_FLAGS_ANONYMOUS with -k

This affects net rpc getsid and net rpc changetrustpw commands.
This avoids an anonymous IPC connection being made when -k is used,
this only affects net rpc getsid and net rpc changetrustpw commands.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13726

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
---
 source3/utils/net_rpc.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index b99a036fca1..67fff2f4d1b 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -316,6 +316,12 @@ static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,
 
 int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
 {
+	int conn_flags = NET_FLAGS_PDC;
+
+	if (!c->opt_user_specified && !c->opt_kerberos) {
+		conn_flags |= NET_FLAGS_ANONYMOUS;
+	}
+
 	if (c->display_usage) {
 		d_printf(  "%s\n"
 			   "net rpc changetrustpw\n"
@@ -326,7 +332,7 @@ int net_rpc_changetrustpw(struct net_context *c, int argc, const char **argv)
 	}
 
 	return run_rpc_command(c, NULL, &ndr_table_netlogon,
-			       NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC,
+			       conn_flags,
 			       rpc_changetrustpw_internals,
 			       argc, argv);
 }
@@ -863,7 +869,7 @@ int net_rpc_getsid(struct net_context *c, int argc, const char **argv)
 {
 	int conn_flags = NET_FLAGS_PDC;
 
-	if (!c->opt_user_specified) {
+	if (!c->opt_user_specified && !c->opt_kerberos) {
 		conn_flags |= NET_FLAGS_ANONYMOUS;
 	}
 
-- 
2.20.1
Rebase on 4.9.1 from el 7.7 With DC support 5 years ago			`From 01b912069337c8dd2eab6be006813dc7fbc2f882 Mon Sep 17 00:00:00 2001`
			`From: Justin Stephenson <jstephen@redhat.com>`
			`Date: Mon, 17 Dec 2018 11:26:11 -0500`
			`Subject: [PATCH] s3: net: Do not set NET_FLAGS_ANONYMOUS with -k`

			`This affects net rpc getsid and net rpc changetrustpw commands.`
			`This avoids an anonymous IPC connection being made when -k is used,`
			`this only affects net rpc getsid and net rpc changetrustpw commands.`

			`BUG: https://bugzilla.samba.org/show_bug.cgi?id=13726`

			`Signed-off-by: Justin Stephenson <jstephen@redhat.com>`
			`Reviewed-by: Andreas Schneider <asn@samba.org>`
			`Reviewed-by: Noel Power <npower@samba.org>`
			`---`
			`source3/utils/net_rpc.c \| 10 ++++++++--`
			`1 file changed, 8 insertions(+), 2 deletions(-)`

			`diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c`
			`index b99a036fca1..67fff2f4d1b 100644`
			`--- a/source3/utils/net_rpc.c`
			`+++ b/source3/utils/net_rpc.c`
			`@@ -316,6 +316,12 @@ static NTSTATUS rpc_changetrustpw_internals(struct net_context *c,`

			`int net_rpc_changetrustpw(struct net_context c, int argc, const char *argv)`
			`{`
			`+ int conn_flags = NET_FLAGS_PDC;`
			`+`
			`+ if (!c->opt_user_specified && !c->opt_kerberos) {`
			`+ conn_flags \|= NET_FLAGS_ANONYMOUS;`
			`+ }`
			`+`
			`if (c->display_usage) {`
			`d_printf( "%s\n"`
			`"net rpc changetrustpw\n"`
			`@@ -326,7 +332,7 @@ int net_rpc_changetrustpw(struct net_context c, int argc, const char *argv)`
			`}`

			`return run_rpc_command(c, NULL, &ndr_table_netlogon,`
			`- NET_FLAGS_ANONYMOUS \| NET_FLAGS_PDC,`
			`+ conn_flags,`
			`rpc_changetrustpw_internals,`
			`argc, argv);`
			`}`
			`@@ -863,7 +869,7 @@ int net_rpc_getsid(struct net_context c, int argc, const char *argv)`
			`{`
			`int conn_flags = NET_FLAGS_PDC;`

			`- if (!c->opt_user_specified) {`
			`+ if (!c->opt_user_specified && !c->opt_kerberos) {`
			`conn_flags \|= NET_FLAGS_ANONYMOUS;`
			`}`

			`--`
			`2.20.1`