1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

r11513: Add the ability to use the local machine account instead of a static

password or delegation.

Add the ability to delegate for RPC pipes on the RPC proxy backend
(the backend itself seems be having problems however).

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2005-11-05 06:36:42 +00:00 committed by Gerald (Jerry) Carter
parent 4143c22e30
commit a7e946bc37
2 changed files with 71 additions and 15 deletions

View File

@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
struct fd_event *fde;
struct cli_credentials *credentials;
BOOL machine_account;
/* Here we need to determine which server to connect to.
* For now we use parametric options, type cifs.
@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
remote_share = sharename;
}
machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
private = talloc(req->tcon, struct cvfs_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
if (user && pass && domain) {
if (user && pass) {
DEBUG(5, ("CIFS backend: Using specified password\n"));
credentials = cli_credentials_init(private);
if (!credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(credentials);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
} else if (machine_account) {
DEBUG(5, ("CIFS backend: Using machine account\n"));
credentials = cli_credentials_init(private);
cli_credentials_set_conf(credentials);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
status = cli_credentials_set_machine_account(credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
} else if (req->session->session_info->credentials) {
DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
credentials = req->session->session_info->credentials;
} else {
DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}

View File

@ -21,6 +21,8 @@
#include "includes.h"
#include "rpc_server/dcerpc_server.h"
#include "auth/auth.h"
struct dcesrv_remote_private {
struct dcerpc_pipe *c_pipe;
@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
NTSTATUS status;
struct dcesrv_remote_private *private;
const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
const char *user, *pass, *domain;
struct cli_credentials *credentials;
BOOL machine_account;
if (!binding) {
DEBUG(0,("You must specify a ncacn binding string\n"));
return NT_STATUS_INVALID_PARAMETER;
}
machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
private = talloc(dce_call->conn, struct dcesrv_remote_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
}
credentials = cli_credentials_init(private);
private->c_pipe = NULL;
dce_call->context->private = private;
cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
if (!binding) {
DEBUG(0,("You must specify a ncacn binding string\n"));
return NT_STATUS_INVALID_PARAMETER;
}
user = lp_parm_string(-1, "dcerpc_remote", "user");
pass = lp_parm_string(-1, "dcerpc_remote", "password");
domain = lp_parm_string(-1, "dceprc_remote", "domain");
if (user && pass) {
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
credentials = cli_credentials_init(private);
if (!credentials) {
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(credentials);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
} else if (machine_account) {
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
credentials = cli_credentials_init(private);
cli_credentials_set_conf(credentials);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
status = cli_credentials_set_machine_account(credentials);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
} else if (dce_call->conn->auth_state.session_info->credentials) {
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
credentials = dce_call->conn->auth_state.session_info->credentials;
} else {
DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}
status = dcerpc_pipe_connect(private,
&(private->c_pipe), binding,
@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
return status;
}
dce_call->context->private = private;
return NT_STATUS_OK;
}