diff options
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/remote/dcesrv_remote.c | 57 |
1 files changed, 46 insertions, 11 deletions
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index 9e77347fa7..9ba2419859 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -21,6 +21,8 @@ #include "includes.h" #include "rpc_server/dcerpc_server.h" +#include "auth/auth.h" + struct dcesrv_remote_private { struct dcerpc_pipe *c_pipe; @@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct NTSTATUS status; struct dcesrv_remote_private *private; const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding"); + const char *user, *pass, *domain; struct cli_credentials *credentials; + BOOL machine_account; - if (!binding) { - DEBUG(0,("You must specify a ncacn binding string\n")); - return NT_STATUS_INVALID_PARAMETER; - } + machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False); private = talloc(dce_call->conn, struct dcesrv_remote_private); if (!private) { return NT_STATUS_NO_MEMORY; } - credentials = cli_credentials_init(private); + private->c_pipe = NULL; + dce_call->context->private = private; + + if (!binding) { + DEBUG(0,("You must specify a ncacn binding string\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + user = lp_parm_string(-1, "dcerpc_remote", "user"); + pass = lp_parm_string(-1, "dcerpc_remote", "password"); + domain = lp_parm_string(-1, "dceprc_remote", "domain"); - cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED); - cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED); - cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED); + if (user && pass) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n")); + credentials = cli_credentials_init(private); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials); + cli_credentials_set_username(credentials, user, CRED_SPECIFIED); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + cli_credentials_set_password(credentials, pass, CRED_SPECIFIED); + } else if (machine_account) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n")); + credentials = cli_credentials_init(private); + cli_credentials_set_conf(credentials); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + status = cli_credentials_set_machine_account(credentials); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else if (dce_call->conn->auth_state.session_info->credentials) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n")); + credentials = dce_call->conn->auth_state.session_info->credentials; + } else { + DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n")); + return NT_STATUS_INVALID_PARAMETER; + } status = dcerpc_pipe_connect(private, &(private->c_pipe), binding, @@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct return status; } - dce_call->context->private = private; - return NT_STATUS_OK; } |