svn commit: samba r11513 - in branches/SAMBA_4_0/source: ntvfs/cifs
rpc_server/remote
abartlet at samba.org
abartlet at samba.org
Sat Nov 5 06:36:43 GMT 2005
Author: abartlet
Date: 2005-11-05 06:36:42 +0000 (Sat, 05 Nov 2005)
New Revision: 11513
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11513
Log:
Add the ability to use the local machine account instead of a static
password or delegation.
Add the ability to delegate for RPC pipes on the RPC proxy backend
(the backend itself seems be having problems however).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2005-11-05 05:44:26 UTC (rev 11512)
+++ branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c 2005-11-05 06:36:42 UTC (rev 11513)
@@ -93,6 +93,7 @@
struct fd_event *fde;
struct cli_credentials *credentials;
+ BOOL machine_account;
/* Here we need to determine which server to connect to.
* For now we use parametric options, type cifs.
@@ -107,6 +108,8 @@
remote_share = sharename;
}
+ machine_account = lp_parm_bool(req->tcon->service, "cifs", "use_machine_account", False);
+
private = talloc(req->tcon, struct cvfs_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
@@ -120,16 +123,34 @@
return NT_STATUS_INVALID_PARAMETER;
}
- if (user && pass && domain) {
+ if (user && pass) {
+ DEBUG(5, ("CIFS backend: Using specified password\n"));
credentials = cli_credentials_init(private);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
- cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, "vfs_cifs", CRED_SPECIFIED);
+ } else if (machine_account) {
+ DEBUG(5, ("CIFS backend: Using machine account\n"));
+ credentials = cli_credentials_init(private);
+ cli_credentials_set_conf(credentials);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ status = cli_credentials_set_machine_account(credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
} else if (req->session->session_info->credentials) {
+ DEBUG(5, ("CIFS backend: Using delegated credentials\n"));
credentials = req->session->session_info->credentials;
} else {
- DEBUG(1,("CIFS backend: You must supply server, user, password and domain or have delegated credentials\n"));
+ DEBUG(1,("CIFS backend: You must supply server, user and password and or have delegated credentials\n"));
return NT_STATUS_INVALID_PARAMETER;
}
Modified: branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c
===================================================================
--- branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c 2005-11-05 05:44:26 UTC (rev 11512)
+++ branches/SAMBA_4_0/source/rpc_server/remote/dcesrv_remote.c 2005-11-05 06:36:42 UTC (rev 11513)
@@ -21,7 +21,9 @@
#include "includes.h"
#include "rpc_server/dcerpc_server.h"
+#include "auth/auth.h"
+
struct dcesrv_remote_private {
struct dcerpc_pipe *c_pipe;
};
@@ -31,25 +33,60 @@
NTSTATUS status;
struct dcesrv_remote_private *private;
const char *binding = lp_parm_string(-1, "dcerpc_remote", "binding");
+ const char *user, *pass, *domain;
struct cli_credentials *credentials;
+ BOOL machine_account;
- if (!binding) {
- DEBUG(0,("You must specify a ncacn binding string\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
+ machine_account = lp_parm_bool(-1, "dcerpc_remote", "use_machine_account", False);
private = talloc(dce_call->conn, struct dcesrv_remote_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
}
- credentials = cli_credentials_init(private);
+ private->c_pipe = NULL;
+ dce_call->context->private = private;
- cli_credentials_set_username(credentials, lp_parm_string(-1, "dcerpc_remote", "username"), CRED_SPECIFIED);
- cli_credentials_set_workstation(credentials, lp_netbios_name(), CRED_SPECIFIED);
- cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
- cli_credentials_set_password(credentials, lp_parm_string(-1, "dcerpc_remote", "password"), CRED_SPECIFIED);
+ if (!binding) {
+ DEBUG(0,("You must specify a ncacn binding string\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ user = lp_parm_string(-1, "dcerpc_remote", "user");
+ pass = lp_parm_string(-1, "dcerpc_remote", "password");
+ domain = lp_parm_string(-1, "dceprc_remote", "domain");
+
+ if (user && pass) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
+ credentials = cli_credentials_init(private);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials);
+ cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
+ } else if (machine_account) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
+ credentials = cli_credentials_init(private);
+ cli_credentials_set_conf(credentials);
+ if (domain) {
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ }
+ status = cli_credentials_set_machine_account(credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else if (dce_call->conn->auth_state.session_info->credentials) {
+ DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
+ credentials = dce_call->conn->auth_state.session_info->credentials;
+ } else {
+ DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
status = dcerpc_pipe_connect(private,
&(private->c_pipe), binding,
iface->uuid, iface->if_version,
@@ -60,8 +97,6 @@
return status;
}
- dce_call->context->private = private;
-
return NT_STATUS_OK;
}
More information about the samba-cvs
mailing list