summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-11-05 06:36:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:46 -0500
commit79cb46c1af526635c31b03612cd9f0d9ea97a5be (patch)
treee9d8128d62da0e32cd864010f34e20a906e75c2a
parentd3b91ae169b17881dfba4848a7cae30b95a97c70 (diff)
downloadsamba-79cb46c1af526635c31b03612cd9f0d9ea97a5be.tar.gz
samba-79cb46c1af526635c31b03612cd9f0d9ea97a5be.tar.bz2
samba-79cb46c1af526635c31b03612cd9f0d9ea97a5be.zip
r11513: Add the ability to use the local machine account instead of a static
password or delegation. Add the ability to delegate for RPC pipes on the RPC proxy backend (the backend itself seems be having problems however). Andrew Bartlett (This used to be commit a7e946bc37e4acfbe2c483b4f1ead0341f9b3d19)
-rw-r--r--source4/ntvfs/cifs/vfs_cifs.c29
-rw-r--r--source4/rpc_server/remote/dcesrv_remote.c57
2 files changed, 71 insertions, 15 deletions
diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c
index 5d0576e8f9..44c31d91ad 100644
--- a/source4/ntvfs/cifs/vfs_cifs.c
+++ b/source4/ntvfs/cifs/vfs_cifs.c
@@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
struct fd_event *fde;
struct cli_credentials *credentials;
+ BOOL machine_account;
/* Here we need to determine which server to connect to.
* For now we use parametric options, type cifs.
@@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
remote_share = sharename;
}
+ machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
+
private = talloc(req->tcon, struct cvfs_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
@@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (user && pass && domain) {
+ if (user && pass) {
+ DEBUG(5, ("CIFS backend: Using specified password\n"));
credentials = cli_credentials_init(private);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
- cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
+ } else if (machine_account) {
+ DEBUG(5, ("CIFS backend: Using machine account\n"));
+ credentials = cli_credentials_init(private);
+ cli_credentials_set_conf(credentials);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ status = cli_credentials_set_machine_account(credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
} else if (req->session->session_info->credentials) {
+ DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
credentials = req->session->session_info->credentials;
} else {
- DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
+ DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index 9e77347fa7..9ba2419859 100644
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -21,6 +21,8 @@
#include "includes.h"
#include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
+
struct dcesrv_remote_private {
struct dcerpc_pipe *c_pipe;
@@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
NTSTATUS status;
struct dcesrv_remote_private *private;
const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
+ const char *user, *pass, *domain;
struct cli_credentials *credentials;
+ BOOL machine_account;
- if (!binding) {
- DEBUG(0,("You must specify a ncacn binding string\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
+ machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
private = talloc(dce_call->conn, struct dcesrv_remote_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
}
- credentials = cli_credentials_init(private);
+ private->c_pipe = NULL;
+ dce_call->context->private = private;
+
+ if (!binding) {
+ DEBUG(0,("You must specify a ncacn binding string\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ user = lp_parm_string(-1, "dcerpc_remote", "user");
+ pass = lp_parm_string(-1, "dcerpc_remote", "password");
+ domain = lp_parm_string(-1, "dceprc_remote", "domain");
- cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
- cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
- cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
+ if (user && pass) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+ credentials = cli_credentials_init(private);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials);
+ cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+ } else if (machine_account) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+ credentials = cli_credentials_init(private);
+ cli_credentials_set_conf(credentials);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ status = cli_credentials_set_machine_account(credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else if (dce_call->conn->auth_state.session_info->credentials) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+ credentials = dce_call->conn->auth_state.session_info->credentials;
+ } else {
+ DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
status = dcerpc_pipe_connect(private,
&(private->c_pipe), binding,
@@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
return status;
}
- dce_call->context->private = private;
-
return NT_STATUS_OK;
}