From 79cb46c1af526635c31b03612cd9f0d9ea97a5be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Nov 2005 06:36:42 +0000 Subject: r11513: Add the ability to use the local machine account instead of a static password or delegation. Add the ability to delegate for RPC pipes on the RPC proxy backend (the backend itself seems be having problems however). Andrew Bartlett (This used to be commit a7e946bc37e4acfbe2c483b4f1ead0341f9b3d19) --- source4/ntvfs/cifs/vfs_cifs.c | 29 +++++++++++++--- source4/rpc_server/remote/dcesrv_remote.c | 57 +++++++++++++++++++++++++------ 2 files changed, 71 insertions(+), 15 deletions(-) diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 5d0576e8f9..44c31d91ad 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, struct fd_event *fde; struct cli_credentials *credentials; + BOOL machine_account; /* Here we need to determine which server to connect to. * For now we use parametric options, type cifs. @@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, remote_share = sharename; } + machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False); + private = talloc(req->tcon, struct cvfs_private); if (!private) { return NT_STATUS_NO_MEMORY; @@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - if (user && pass && domain) { + if (user && pass) { + DEBUG(5, ("CIFS backend: Using specified password\n")); credentials = cli_credentials_init(private); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials); cli_credentials_set_username(credentials, user, CRED_SPECIFIED); - cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } cli_credentials_set_password(credentials, pass, CRED_SPECIFIED); - cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED); + } else if (machine_account) { + DEBUG(5, ("CIFS backend: Using machine account\n")); + credentials = cli_credentials_init(private); + cli_credentials_set_conf(credentials); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + status = cli_credentials_set_machine_account(credentials); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } else if (req->session->session_info->credentials) { + DEBUG(5, ("CIFS backend: Using delegated credentials\n")); credentials = req->session->session_info->credentials; } else { - DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n")); + DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n")); return NT_STATUS_INVALID_PARAMETER; } diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index 9e77347fa7..9ba2419859 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -21,6 +21,8 @@ #include "includes.h" #include "rpc_server/dcerpc_server.h" +#include "auth/auth.h" + struct dcesrv_remote_private { struct dcerpc_pipe *c_pipe; @@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct NTSTATUS status; struct dcesrv_remote_private *private; const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding"); + const char *user, *pass, *domain; struct cli_credentials *credentials; + BOOL machine_account; - if (!binding) { - DEBUG(0,("You must specify a ncacn binding string\n")); - return NT_STATUS_INVALID_PARAMETER; - } + machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False); private = talloc(dce_call->conn, struct dcesrv_remote_private); if (!private) { return NT_STATUS_NO_MEMORY; } - credentials = cli_credentials_init(private); + private->c_pipe = NULL; + dce_call->context->private = private; + + if (!binding) { + DEBUG(0,("You must specify a ncacn binding string\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + user = lp_parm_string(-1, "dcerpc_remote", "user"); + pass = lp_parm_string(-1, "dcerpc_remote", "password"); + domain = lp_parm_string(-1, "dceprc_remote", "domain"); - cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED); - cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED); - cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED); + if (user && pass) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n")); + credentials = cli_credentials_init(private); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials); + cli_credentials_set_username(credentials, user, CRED_SPECIFIED); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + cli_credentials_set_password(credentials, pass, CRED_SPECIFIED); + } else if (machine_account) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n")); + credentials = cli_credentials_init(private); + cli_credentials_set_conf(credentials); + if (domain) { + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + } + status = cli_credentials_set_machine_account(credentials); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else if (dce_call->conn->auth_state.session_info->credentials) { + DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n")); + credentials = dce_call->conn->auth_state.session_info->credentials; + } else { + DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n")); + return NT_STATUS_INVALID_PARAMETER; + } status = dcerpc_pipe_connect(private, &(private->c_pipe), binding, @@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct return status; } - dce_call->context->private = private; - return NT_STATUS_OK; } -- cgit