diff options
-rw-r--r-- | source4/ntvfs/cifs/vfs_cifs.c | 29 | ||||
-rw-r--r-- | source4/rpc_server/remote/dcesrv_remote.c | 57 |
2 files changed, 71 insertions, 15 deletions
diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 5d0576e8f9..44c31d91ad 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, struct fd_event *fde; struct cli_credentials *credentials; + BOOL machine_account; /* Here we need to determine which server to connect to. * For now we use parametric options, type cifs. @@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, remote_share = sharename; } + machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False); + private = talloc(req->tcon, struct cvfs_private); if (!private) { return NT_STATUS_NO_MEMORY; @@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - if (user && pass && domain) { + if (user && pass) { + DEBUG(5, ("CIFS backend: Using specified password\n")); credentials = cli_credentials_init(private); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials); cli_credentials_set_username(credentials, user, CRED_SPECIFIED); - cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } cli_credentials_set_password(credentials, pass, CRED_SPECIFIED); - cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED); + } else if (machine_account) { + DEBUG(5, ("CIFS backend: Using machine account\n")); + credentials = cli_credentials_init(private); + cli_credentials_set_conf(credentials); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + status = cli_credentials_set_machine_account(credentials); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } else if (req->session->session_info->credentials) { + DEBUG(5, ("CIFS backend: Using delegated credentials\n")); credentials = req->session->session_info->credentials; } else { - DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n")); + DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n")); return NT_STATUS_INVALID_PARAMETER; } diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index 9e77347fa7..9ba2419859 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -21,6 +21,8 @@ #include "includes.h" #include "rpc_server/dcerpc_server.h" +#include "auth/auth.h" + struct dcesrv_remote_private { struct dcerpc_pipe *c_pipe; @@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct NTSTATUS status; struct dcesrv_remote_private *private; const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding"); + const char *user, *pass, *domain; struct cli_credentials *credentials; + BOOL machine_account; - if (!binding) { - DEBUG(0,("You must specify a ncacn binding string\n")); - return NT_STATUS_INVALID_PARAMETER; - } + machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False); private = talloc(dce_call->conn, struct dcesrv_remote_private); if (!private) { return NT_STATUS_NO_MEMORY; } - credentials = cli_credentials_init(private); + private->c_pipe = NULL; + dce_call->context->private = private; + + if (!binding) { + DEBUG(0,("You must specify a ncacn binding string\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + user = lp_parm_string(-1, "dcerpc_remote", "user"); + pass = lp_parm_string(-1, "dcerpc_remote", "password"); + domain = lp_parm_string(-1, "dceprc_remote", "domain"); - cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED); - cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED); - cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED); + if (user && pass) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n")); + credentials = cli_credentials_init(private); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials); + cli_credentials_set_username(credentials, user, CRED_SPECIFIED); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + cli_credentials_set_password(credentials, pass, CRED_SPECIFIED); + } else if (machine_account) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n")); + credentials = cli_credentials_init(private); + cli_credentials_set_conf(credentials); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + status = cli_credentials_set_machine_account(credentials); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else if (dce_call->conn->auth_state.session_info->credentials) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n")); + credentials = dce_call->conn->auth_state.session_info->credentials; + } else { + DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n")); + return NT_STATUS_INVALID_PARAMETER; + } status = dcerpc_pipe_connect(private, &(private->c_pipe), binding, @@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct return status; } - dce_call->context->private = private; - return NT_STATUS_OK; } |