svn commit: samba r11513 - in branches/SAMBA_4_0/source: ntvfs/cifs rpc_server/remote

abartlet at samba.org abartlet at samba.org
Sat Nov 5 06:36:43 GMT 2005 

Author: abartlet
Date: 2005-11-05 06:36:42 +0000 (Sat, 05 Nov 2005)
New Revision: 11513

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11513

Log:
Add the ability to use the local machine account instead of a static
password or delegation.

Add the ability to delegate for RPC pipes on the RPC proxy backend
(the backend itself seems be having problems however).

Andrew Bartlett 

Modified:
   branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
   branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c	2005-11-05 05:44:26 UTC (rev 11512)
+++ branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c	2005-11-05 06:36:42 UTC (rev 11513)
@@ -93,6 +93,7 @@
 	struct fd_event *fde;
 
 	struct cli_credentials *credentials;
+	BOOL machine_account;
 
 	/* Here we need to determine which server to connect to.
 	 * For now we use parametric options, type cifs.
@@ -107,6 +108,8 @@
 		remote_share = sharename;
 	}
 
+	machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
+
 	private = talloc(req->tcon, struct cvfs_private);
 	if (!private) {
 		return NT_STATUS_NO_MEMORY;
@@ -120,16 +123,34 @@
 		return NT_STATUS_INVALID_PARAMETER;
 	} 
 	
-	if (user && pass && domain) {
+	if (user && pass) {
+		DEBUG(5, ("CIFS backend: Using specified password\n"));
 		credentials = cli_credentials_init(private);
+		if (!credentials) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		cli_credentials_set_conf(credentials);
 		cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
-		cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		if (domain) {
+			cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		}
 		cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
-		cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
+	} else if (machine_account) {
+		DEBUG(5, ("CIFS backend: Using machine account\n"));
+		credentials = cli_credentials_init(private);
+		cli_credentials_set_conf(credentials);
+		if (domain) {
+			cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		}
+		status = cli_credentials_set_machine_account(credentials);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	} else if (req->session->session_info->credentials) {
+		DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
 		credentials = req->session->session_info->credentials;
 	} else {
-		DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
+		DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 

Modified: branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c	2005-11-05 05:44:26 UTC (rev 11512)
+++ branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c	2005-11-05 06:36:42 UTC (rev 11513)
@@ -21,7 +21,9 @@
 
 #include "includes.h"
 #include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
 
+
 struct dcesrv_remote_private {
 	struct dcerpc_pipe *c_pipe;
 };
@@ -31,25 +33,60 @@
         NTSTATUS status;
         struct dcesrv_remote_private *private;
 	const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
+	const char *user, *pass, *domain;
 	struct cli_credentials *credentials;
+	BOOL machine_account;
 
-	if (!binding) {
-		DEBUG(0,("You must specify a ncacn binding string\n"));
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
 
 	private = talloc(dce_call->conn, struct dcesrv_remote_private);
 	if (!private) {
 		return NT_STATUS_NO_MEMORY;	
 	}
 	
-	credentials = cli_credentials_init(private);
+	private->c_pipe = NULL;
+	dce_call->context->private = private;
 
-	cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
-	cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
-	cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
-	cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
+	if (!binding) {
+		DEBUG(0,("You must specify a ncacn binding string\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
+	user = lp_parm_string(-1, "dcerpc_remote", "user");
+	pass = lp_parm_string(-1, "dcerpc_remote", "password");
+	domain = lp_parm_string(-1, "dceprc_remote", "domain");
+
+	if (user && pass) {
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+		credentials = cli_credentials_init(private);
+		if (!credentials) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		cli_credentials_set_conf(credentials);
+		cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+		if (domain) {
+			cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		}
+		cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+	} else if (machine_account) {
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+		credentials = cli_credentials_init(private);
+		cli_credentials_set_conf(credentials);
+		if (domain) {
+			cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+		}
+		status = cli_credentials_set_machine_account(credentials);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	} else if (dce_call->conn->auth_state.session_info->credentials) {
+		DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+		credentials = dce_call->conn->auth_state.session_info->credentials;
+	} else {
+		DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	status = dcerpc_pipe_connect(private, 
 				     &(private->c_pipe), binding, 
 				     iface->uuid, iface->if_version, 
@@ -60,8 +97,6 @@
 		return status;
 	}
 
-	dce_call->context->private = private;
-
 	return NT_STATUS_OK;	
 }

More information about the samba-cvs mailing list