summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/ntvfs/cifs/vfs_cifs.c29
-rw-r--r--source4/rpc_server/remote/dcesrv_remote.c57
2 files changed, 71 insertions, 15 deletions
diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c
index 5d0576e8f9..44c31d91ad 100644
--- a/source4/ntvfs/cifs/vfs_cifs.c
+++ b/source4/ntvfs/cifs/vfs_cifs.c
@@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
struct fd_event *fde;
struct cli_credentials *credentials;
+ BOOL machine_account;
/* Here we need to determine which server to connect to.
* For now we use parametric options, type cifs.
@@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
remote_share = sharename;
}
+ machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
+
private = talloc(req->tcon, struct cvfs_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
@@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (user && pass && domain) {
+ if (user && pass) {
+ DEBUG(5, ("CIFS backend: Using specified password\n"));
credentials = cli_credentials_init(private);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
- cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
+ } else if (machine_account) {
+ DEBUG(5, ("CIFS backend: Using machine account\n"));
+ credentials = cli_credentials_init(private);
+ cli_credentials_set_conf(credentials);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ status = cli_credentials_set_machine_account(credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
} else if (req->session->session_info->credentials) {
+ DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
credentials = req->session->session_info->credentials;
} else {
- DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
+ DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index 9e77347fa7..9ba2419859 100644
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -21,6 +21,8 @@
#include "includes.h"
#include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
+
struct dcesrv_remote_private {
struct dcerpc_pipe *c_pipe;
@@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
NTSTATUS status;
struct dcesrv_remote_private *private;
const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
+ const char *user, *pass, *domain;
struct cli_credentials *credentials;
+ BOOL machine_account;
- if (!binding) {
- DEBUG(0,("You must specify a ncacn binding string\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
+ machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
private = talloc(dce_call->conn, struct dcesrv_remote_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
}
- credentials = cli_credentials_init(private);
+ private->c_pipe = NULL;
+ dce_call->context->private = private;
+
+ if (!binding) {
+ DEBUG(0,("You must specify a ncacn binding string\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ user = lp_parm_string(-1, "dcerpc_remote", "user");
+ pass = lp_parm_string(-1, "dcerpc_remote", "password");
+ domain = lp_parm_string(-1, "dceprc_remote", "domain");
- cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
- cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
- cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
+ if (user && pass) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+ credentials = cli_credentials_init(private);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials);
+ cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+ } else if (machine_account) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+ credentials = cli_credentials_init(private);
+ cli_credentials_set_conf(credentials);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ status = cli_credentials_set_machine_account(credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else if (dce_call->conn->auth_state.session_info->credentials) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+ credentials = dce_call->conn->auth_state.session_info->credentials;
+ } else {
+ DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
status = dcerpc_pipe_connect(private,
&(private->c_pipe), binding,
@@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
return status;
}
- dce_call->context->private = private;
-
return NT_STATUS_OK;
}