r11513: Add the ability to use the local machine account instead of a static

author Andrew Bartlett <abartlet@samba.org>

Sat, 5 Nov 2005 06:36:42 +0000 (06:36 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:45:46 +0000 (13:45 -0500)
author Andrew Bartlett <abartlet@samba.org>
Sat, 5 Nov 2005 06:36:42 +0000 (06:36 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:45:46 +0000 (13:45 -0500)
diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c

index 5d0576e8f9aff9f510335e2ef4e79e507fd6984b..44c31d91adbbeab6a1ec35a85002b3d8e9cbd222 100644 (file)
--- a/source4/ntvfs/cifs/vfs_cifs.c
+++ b/source4/ntvfs/cifs/vfs_cifs.c
@@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
         struct fd_event *fde;
  
         struct cli_credentials *credentials;
+       BOOL machine_account;
  
         /* Here we need to determine which server to connect to.
          * For now we use parametric options, type cifs.
@@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
                 remote_share = sharename;
         }
  
+       machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
+
         private = talloc(req->tcon, struct cvfs_private);
         if (!private) {
                 return NT_STATUS_NO_MEMORY;
@@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
                 return NT_STATUS_INVALID_PARAMETER;
         } 
         
-       if (user && pass && domain) {
+       if (user && pass) {
+               DEBUG(5, ("CIFS backend: Using specified password\n"));
                 credentials = cli_credentials_init(private);
+               if (!credentials) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               cli_credentials_set_conf(credentials);
                 cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
-               cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
                 cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
-               cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
+       } else if (machine_account) {
+               DEBUG(5, ("CIFS backend: Using machine account\n"));
+               credentials = cli_credentials_init(private);
+               cli_credentials_set_conf(credentials);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
+               status = cli_credentials_set_machine_account(credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
         } else if (req->session->session_info->credentials) {
+               DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
                 credentials = req->session->session_info->credentials;
         } else {
-               DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
+               DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c

index 9e77347fa72d788d99f7a978a945ac7ad8f5cb8f..9ba2419859b4dc6a46f133678cf84db098075730 100644 (file)
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -21,6 +21,8 @@
  
  #include "includes.h"
  #include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
+
  
  struct dcesrv_remote_private {
         struct dcerpc_pipe *c_pipe;
@@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
          NTSTATUS status;
          struct dcesrv_remote_private *private;
         const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
+       const char *user, *pass, *domain;
         struct cli_credentials *credentials;
+       BOOL machine_account;
  
-       if (!binding) {
-               DEBUG(0,("You must specify a ncacn binding string\n"));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
+       machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
  
         private = talloc(dce_call->conn, struct dcesrv_remote_private);
         if (!private) {
                 return NT_STATUS_NO_MEMORY;     
         }
         
-       credentials = cli_credentials_init(private);
+       private->c_pipe = NULL;
+       dce_call->context->private = private;
+
+       if (!binding) {
+               DEBUG(0,("You must specify a ncacn binding string\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       user = lp_parm_string(-1, "dcerpc_remote", "user");
+       pass = lp_parm_string(-1, "dcerpc_remote", "password");
+       domain = lp_parm_string(-1, "dceprc_remote", "domain");
  
-       cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
-       cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
-       cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
-       cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
+       if (user && pass) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+               credentials = cli_credentials_init(private);
+               if (!credentials) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               cli_credentials_set_conf(credentials);
+               cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
+               cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+       } else if (machine_account) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+               credentials = cli_credentials_init(private);
+               cli_credentials_set_conf(credentials);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
+               status = cli_credentials_set_machine_account(credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+       } else if (dce_call->conn->auth_state.session_info->credentials) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+               credentials = dce_call->conn->auth_state.session_info->credentials;
+       } else {
+               DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
  
         status = dcerpc_pipe_connect(private, 
                                      &(private->c_pipe), binding, 
@@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
                 return status;
         }
  
-       dce_call->context->private = private;
-
         return NT_STATUS_OK;    
  }
author	Andrew Bartlett <abartlet@samba.org>
	Sat, 5 Nov 2005 06:36:42 +0000 (06:36 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:45:46 +0000 (13:45 -0500)
source4/ntvfs/cifs/vfs_cifs.c		patch \| blob \| history
source4/rpc_server/remote/dcesrv_remote.c		patch \| blob \| history