summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-02-19 15:53:31 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-02-19 16:32:49 +1100
commit10fed057cde7649b8fc8ee6611ea588a471c2483 (patch)
tree37d917e4b6eaf60e4f5c10a6a2fdcc6760d1980d
parentaf4a7c0f4be4bb94d6299e93f22d26e2f8340e69 (diff)
downloadsamba-10fed057cde7649b8fc8ee6611ea588a471c2483.tar.gz
samba-10fed057cde7649b8fc8ee6611ea588a471c2483.tar.bz2
samba-10fed057cde7649b8fc8ee6611ea588a471c2483.zip
s4:rpc_server Record the remote connections association group ID
By recording the association group the remote server assigned to our proxied RPC connection, we can ensure we use the same value when the client wishes to use it. This isn't stored in a private pointer, as mapiproxy will want to use this feature too. Andrew Bartlett
-rw-r--r--source4/rpc_server/dcerpc_server.h3
-rw-r--r--source4/rpc_server/remote/dcesrv_remote.c42
2 files changed, 39 insertions, 6 deletions
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index d273f6eca9..3a9c8feb75 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -260,6 +260,9 @@ struct dcesrv_assoc_group {
/* parent context */
struct dcesrv_context *dce_ctx;
+
+ /* Remote association group ID (if proxied) */
+ uint32_t proxied_id;
};
/* server-wide context information for the dcerpc server */
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index e20e87b326..9c4174be96 100644
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -3,7 +3,9 @@
remote dcerpc operations
Copyright (C) Stefan (metze) Metzmacher 2004
-
+ Copyright (C) Julien Kerihuel 2008-2009
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
@@ -43,7 +45,10 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
const char *binding = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "binding");
const char *user, *pass, *domain;
struct cli_credentials *credentials;
+ bool must_free_credentials = true;
bool machine_account;
+ struct dcerpc_binding *b;
+ struct composite_context *pipe_conn_req;
machine_account = lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "use_machine_account", false);
@@ -96,17 +101,42 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
} else if (dce_call->conn->auth_state.session_info->credentials) {
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
credentials = dce_call->conn->auth_state.session_info->credentials;
+ must_free_credentials = false;
} else {
DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}
- status = dcerpc_pipe_connect(priv,
- &(priv->c_pipe), binding, table,
- credentials, dce_call->event_ctx,
- dce_call->conn->dce_ctx->lp_ctx);
+ /* parse binding string to the structure */
+ status = dcerpc_parse_binding(dce_call->context, binding, &b);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", binding));
+ return status;
+ }
+
+ DEBUG(3, ("Using binding %s\n", dcerpc_binding_string(dce_call->context, b)));
+
+ /* If we already have a remote association group ID, then use that */
+ if (dce_call->context->assoc_group->proxied_id != 0) {
+ b->assoc_group_id = dce_call->context->assoc_group->proxied_id;
+ }
+
+ pipe_conn_req = dcerpc_pipe_connect_b_send(dce_call->context, b, table,
+ credentials, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
+ status = dcerpc_pipe_connect_b_recv(pipe_conn_req, dce_call->context, &(priv->c_pipe));
+
+ if (must_free_credentials) {
+ talloc_free(credentials);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (dce_call->context->assoc_group->proxied_id == 0) {
+ dce_call->context->assoc_group->proxied_id = priv->c_pipe->assoc_group_id;
+ }
- talloc_free(credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}