diff options
-rw-r--r-- | source4/rpc_server/dcerpc_server.h | 3 | ||||
-rw-r--r-- | source4/rpc_server/remote/dcesrv_remote.c | 42 |
2 files changed, 39 insertions, 6 deletions
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index d273f6eca9..3a9c8feb75 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -260,6 +260,9 @@ struct dcesrv_assoc_group { /* parent context */ struct dcesrv_context *dce_ctx; + + /* Remote association group ID (if proxied) */ + uint32_t proxied_id; }; /* server-wide context information for the dcerpc server */ diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index e20e87b326..9c4174be96 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -3,7 +3,9 @@ remote dcerpc operations Copyright (C) Stefan (metze) Metzmacher 2004 - + Copyright (C) Julien Kerihuel 2008-2009 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2010 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or @@ -43,7 +45,10 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct const char *binding = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "binding"); const char *user, *pass, *domain; struct cli_credentials *credentials; + bool must_free_credentials = true; bool machine_account; + struct dcerpc_binding *b; + struct composite_context *pipe_conn_req; machine_account = lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "use_machine_account", false); @@ -96,17 +101,42 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct } else if (dce_call->conn->auth_state.session_info->credentials) { DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n")); credentials = dce_call->conn->auth_state.session_info->credentials; + must_free_credentials = false; } else { DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n")); return NT_STATUS_INVALID_PARAMETER; } - status = dcerpc_pipe_connect(priv, - &(priv->c_pipe), binding, table, - credentials, dce_call->event_ctx, - dce_call->conn->dce_ctx->lp_ctx); + /* parse binding string to the structure */ + status = dcerpc_parse_binding(dce_call->context, binding, &b); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", binding)); + return status; + } + + DEBUG(3, ("Using binding %s\n", dcerpc_binding_string(dce_call->context, b))); + + /* If we already have a remote association group ID, then use that */ + if (dce_call->context->assoc_group->proxied_id != 0) { + b->assoc_group_id = dce_call->context->assoc_group->proxied_id; + } + + pipe_conn_req = dcerpc_pipe_connect_b_send(dce_call->context, b, table, + credentials, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx); + status = dcerpc_pipe_connect_b_recv(pipe_conn_req, dce_call->context, &(priv->c_pipe)); + + if (must_free_credentials) { + talloc_free(credentials); + } + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (dce_call->context->assoc_group->proxied_id == 0) { + dce_call->context->assoc_group->proxied_id = priv->c_pipe->assoc_group_id; + } - talloc_free(credentials); if (!NT_STATUS_IS_OK(status)) { return status; } |