r11513: Add the ability to use the local machine account instead of a static

password or delegation.

Add the ability to delegate for RPC pipes on the RPC proxy backend
(the backend itself seems be having problems however).

Andrew Bartlett

diff --git a/source/ntvfs/cifs/vfs_cifs.c b/source/ntvfs/cifs/vfs_cifs.c
index 5d0576e8f9aff9f510335e2ef4e79e507fd6984b..44c31d91adbbeab6a1ec35a85002b3d8e9cbd222 100644 (file)
--- a/source/ntvfs/cifs/vfs_cifs.c
+++ b/source/ntvfs/cifs/vfs_cifs.c
@@ -93,6 +93,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
        struct fd_event *fde;
 
        struct cli_credentials *credentials;
+       BOOL machine_account;
 
        /* Here we need to determine which server to connect to.
         * For now we use parametric options, type cifs.
@@ -107,6 +108,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
                remote_share = sharename;
        }
 
+       machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
+
        private = talloc(req->tcon, struct cvfs_private);
        if (!private) {
                return NT_STATUS_NO_MEMORY;
@@ -120,16 +123,34 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs,
                return NT_STATUS_INVALID_PARAMETER;
        } 
        
-       if (user && pass && domain) {
+       if (user && pass) {
+               DEBUG(5, ("CIFS backend: Using specified password\n"));
                credentials = cli_credentials_init(private);
+               if (!credentials) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               cli_credentials_set_conf(credentials);
                cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
-               cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
                cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
-               cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
+       } else if (machine_account) {
+               DEBUG(5, ("CIFS backend: Using machine account\n"));
+               credentials = cli_credentials_init(private);
+               cli_credentials_set_conf(credentials);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
+               status = cli_credentials_set_machine_account(credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
        } else if (req->session->session_info->credentials) {
+               DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
                credentials = req->session->session_info->credentials;
        } else {
-               DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
+               DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
                return NT_STATUS_INVALID_PARAMETER;
        }
 

diff --git a/source/rpc_server/remote/dcesrv_remote.c b/source/rpc_server/remote/dcesrv_remote.c
index 9e77347fa72d788d99f7a978a945ac7ad8f5cb8f..9ba2419859b4dc6a46f133678cf84db098075730 100644 (file)
--- a/source/rpc_server/remote/dcesrv_remote.c
+++ b/source/rpc_server/remote/dcesrv_remote.c
@@ -21,6 +21,8 @@
 
 #include "includes.h"
 #include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
+
 
 struct dcesrv_remote_private {
        struct dcerpc_pipe *c_pipe;
@@ -31,24 +33,59 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
         NTSTATUS status;
         struct dcesrv_remote_private *private;
        const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
+       const char *user, *pass, *domain;
        struct cli_credentials *credentials;
+       BOOL machine_account;
 
-       if (!binding) {
-               DEBUG(0,("You must specify a ncacn binding string\n"));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
+       machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
 
        private = talloc(dce_call->conn, struct dcesrv_remote_private);
        if (!private) {
                return NT_STATUS_NO_MEMORY;     
        }
        
-       credentials = cli_credentials_init(private);
+       private->c_pipe = NULL;
+       dce_call->context->private = private;
+
+       if (!binding) {
+               DEBUG(0,("You must specify a ncacn binding string\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       user = lp_parm_string(-1, "dcerpc_remote", "user");
+       pass = lp_parm_string(-1, "dcerpc_remote", "password");
+       domain = lp_parm_string(-1, "dceprc_remote", "domain");
 
-       cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
-       cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
-       cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
-       cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
+       if (user && pass) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+               credentials = cli_credentials_init(private);
+               if (!credentials) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               cli_credentials_set_conf(credentials);
+               cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
+               cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+       } else if (machine_account) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+               credentials = cli_credentials_init(private);
+               cli_credentials_set_conf(credentials);
+               if (domain) {
+                       cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+               }
+               status = cli_credentials_set_machine_account(credentials);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+       } else if (dce_call->conn->auth_state.session_info->credentials) {
+               DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+               credentials = dce_call->conn->auth_state.session_info->credentials;
+       } else {
+               DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+               return NT_STATUS_INVALID_PARAMETER;
+       }
 
        status = dcerpc_pipe_connect(private, 
                                     &(private->c_pipe), binding, 
@@ -60,8 +97,6 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct
                return status;
        }
 
-       dce_call->context->private = private;
-
        return NT_STATUS_OK;    
 }