s4:rpc_server/remote: add dcerpc_remote:allow_anonymous_fallback option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c
index fed5bc6c9dc63513efc5e64b342be310172bcc3c..4a441f34b232e2bc294292b5e7db1278097fbaae 100644 (file)
--- a/source4/rpc_server/remote/dcesrv_remote.c
+++ b/source4/rpc_server/remote/dcesrv_remote.c
@@ -50,6 +50,7 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
        struct cli_credentials *credentials;
        bool must_free_credentials = false;
        bool machine_account;
+       bool allow_anonymous;
        struct dcerpc_binding           *b;
        struct composite_context        *pipe_conn_req;
        uint32_t flags = 0;
@@ -80,6 +81,11 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
                                          "dcerpc_remote",
                                          "use_machine_account",
                                          false);
+       allow_anonymous = lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx,
+                                         NULL,
+                                         "dcerpc_remote",
+                                         "allow_anonymous_fallback",
+                                         false);
 
        credentials = dcesrv_call_credentials(dce_call);
 
@@ -113,6 +119,13 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
                }
        } else if (credentials != NULL) {
                DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+       } else if (allow_anonymous) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using anonymous\n"));
+               credentials = cli_credentials_init_anon(priv);
+               if (!credentials) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               must_free_credentials = true;
        } else {
                DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
                return NT_STATUS_INVALID_PARAMETER;