it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "popt_common.h"
#include "rpcclient.h"
#include "../libcli/auth/libcli_auth.h"
-#include "../librpc/gen_ndr/cli_lsa.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
#include "rpc_client/cli_lsarpc.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "rpc_client/cli_netlogon.h"
+#include "../libcli/smbreadline/smbreadline.h"
+#include "../libcli/security/security.h"
+#include "passdb.h"
+#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
+
+enum pipe_auth_type_spnego {
+ PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+ PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
struct dom_sid domain_sid;
****************************************************************************/
static char **completion_fn(const char *text, int start, int end)
{
-#define MAX_COMPLETIONS 100
+#define MAX_COMPLETIONS 1000
char **matches;
int i, count=0;
struct cmd_list *commands = cmd_list;
if (!commands->cmd_set) {
break;
}
-
+
for (i=0; commands->cmd_set[i].name; i++) {
if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
(( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
}
}
commands = commands->next;
-
}
if (count == 2) {
{
char *command;
char *p;
-
+
if (!cmdstr || !(*cmdstr))
return NULL;
-
+
p = strchr_m(*cmdstr, ';');
if (p)
*p = '\0';
*cmdstr = p + 1;
else
*cmdstr = NULL;
-
+
return command;
}
static void fetch_machine_sid(struct cli_state *cli)
{
struct policy_handle pol;
- NTSTATUS result = NT_STATUS_OK;
+ NTSTATUS result = NT_STATUS_OK, status;
static bool got_domain_sid;
TALLOC_CTX *mem_ctx;
struct rpc_pipe_client *lsapipe = NULL;
union lsa_PolicyInformation *info = NULL;
+ struct dcerpc_binding_handle *b;
if (got_domain_sid) return;
fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
goto error;
}
-
+
+ b = lsapipe->binding_handle;
+
result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
goto error;
}
- result = rpccli_lsa_QueryInfoPolicy(lsapipe, mem_ctx,
+ status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
&pol,
LSA_POLICY_INFO_ACCOUNT_DOMAIN,
- &info);
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ result = status;
+ goto error;
+ }
if (!NT_STATUS_IS_OK(result)) {
goto error;
}
got_domain_sid = True;
sid_copy(&domain_sid, info->account_domain.sid);
- rpccli_lsa_Close(lsapipe, mem_ctx, &pol);
+ dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
TALLOC_FREE(lsapipe);
talloc_destroy(mem_ctx);
for (tmp = cmd_list; tmp; tmp = tmp->next)
{
tmp_set = tmp->cmd_set;
-
- if (!StrCaseCmp(argv[1], tmp_set->name))
+
+ if (!strcasecmp_m(argv[1], tmp_set->name))
{
printf("Available commands on the %s pipe:\n\n", tmp_set->name);
if (i%3 == 0)
printf("\n");
}
-
+
/* drop out of the loop */
break;
}
if (argc == 2) {
for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
+
tmp_set = tmp->cmd_set;
while(tmp_set->name) {
}
if (argc == 2) {
- DEBUGLEVEL = atoi(argv[1]);
+ lp_set_cmdline("log level", argv[1]);
}
printf("debuglevel is %d\n", DEBUGLEVEL);
static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
+ const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
const char *type = "NTLMSSP";
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
- printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_OK;
}
if (argc == 2) {
type = argv[1];
- if (strequal(type, "NTLMSSP")) {
+ if (strequal(type, "KRB5")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (strequal(type, "KRB5_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else if (strequal(type, "NTLMSSP")) {
pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
} else if (strequal(type, "NTLMSSP_SPNEGO")) {
pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
} else {
printf("unknown type %s\n", type);
- printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_INVALID_LEVEL;
}
}
static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
+ const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
const char *type = "NTLMSSP";
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
- printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_OK;
}
if (argc == 2) {
type = argv[1];
- if (strequal(type, "NTLMSSP")) {
+ if (strequal(type, "KRB5")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (strequal(type, "KRB5_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else if (strequal(type, "NTLMSSP")) {
pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
} else if (strequal(type, "NTLMSSP_SPNEGO")) {
pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
} else {
printf("unknown type %s\n", type);
- printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_INVALID_LEVEL;
}
}
timeout = atoi(argv[1]);
for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
+
struct cmd_set *tmp_set;
for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
{ "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, NULL, NULL, "Force RPC pipe connections to be sealed", "" },
{ "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
{ "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
- { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseonds) for RPC operations", "" },
+ { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseconds) for RPC operations", "" },
{ "transport", RPC_RTYPE_NTSTATUS, cmd_choose_transport, NULL, NULL, NULL, "Choose ncacn transport for RPC operations", "" },
{ "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, NULL, NULL, "Force RPC pipe connections to have no special properties", "" },
extern struct cmd_set ntsvcs_commands[];
extern struct cmd_set drsuapi_commands[];
extern struct cmd_set eventlog_commands[];
+extern struct cmd_set winreg_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
ntsvcs_commands,
drsuapi_commands,
eventlog_commands,
+ winreg_commands,
NULL
};
{
NTSTATUS ntresult;
WERROR wresult;
-
+
TALLOC_CTX *mem_ctx;
/* Create mem_ctx */
&cmd_entry->rpc_pipe);
break;
case DCERPC_AUTH_TYPE_SPNEGO:
- if (pipe_default_auth_spnego_type !=
- PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- DEBUG(0, ("Could not initialise %s. "
- "Currently only NTLMSSP is "
- "supported for SPNEGO\n",
- get_pipe_name_from_syntax(
- talloc_tos(),
- cmd_entry->interface)));
- return NT_STATUS_UNSUCCESSFUL;
+ {
+ /* won't happen, but if it does it will fail in cli_rpc_pipe_open_spnego() eventually */
+ const char *oid = "INVALID";
+ switch (pipe_default_auth_spnego_type) {
+ case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+ oid = GENSEC_OID_NTLMSSP;
+ break;
+ case PIPE_AUTH_TYPE_SPNEGO_KRB5:
+ oid = GENSEC_OID_KERBEROS5;
+ break;
}
- ntresult = cli_rpc_pipe_open_spnego_ntlmssp(
+ ntresult = cli_rpc_pipe_open_spnego(
cli, cmd_entry->interface,
default_transport,
+ oid,
pipe_default_auth_level,
+ cli_state_remote_name(cli),
get_cmdline_auth_info_domain(auth_info),
get_cmdline_auth_info_username(auth_info),
get_cmdline_auth_info_password(auth_info),
&cmd_entry->rpc_pipe);
break;
+ }
case DCERPC_AUTH_TYPE_NTLMSSP:
- ntresult = cli_rpc_pipe_open_ntlmssp(
+ case DCERPC_AUTH_TYPE_KRB5:
+ ntresult = cli_rpc_pipe_open_generic_auth(
cli, cmd_entry->interface,
default_transport,
+ pipe_default_auth_type,
pipe_default_auth_level,
+ cli_state_remote_name(cli),
get_cmdline_auth_info_domain(auth_info),
get_cmdline_auth_info_username(auth_info),
get_cmdline_auth_info_password(auth_info),
get_cmdline_auth_info_domain(auth_info),
&cmd_entry->rpc_pipe);
break;
- case DCERPC_AUTH_TYPE_KRB5:
- ntresult = cli_rpc_pipe_open_krb5(
- cli, cmd_entry->interface,
- default_transport,
- pipe_default_auth_level,
- cli->desthost,
- NULL, NULL,
- &cmd_entry->rpc_pipe);
- break;
default:
DEBUG(0, ("Could not initialise %s. Invalid "
"auth type %u\n",
}
ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
- cli->desthost, /* server name */
+ cmd_entry->rpc_pipe->desthost, /* server name */
get_cmdline_auth_info_domain(auth_info), /* domain */
- global_myname(), /* client name */
+ lp_netbios_name(), /* client name */
machine_account, /* machine account name */
trust_password,
sec_channel_type,
struct sockaddr_storage server_ss;
NTSTATUS nt_status;
static int opt_port = 0;
- fstring new_workgroup;
int result = 0;
TALLOC_CTX *frame = talloc_stackframe();
uint32_t flags = 0;
/* the following functions are part of the Samba debugging
facilities. See lib/debug.c */
- setup_logging("rpcclient", True);
+ setup_logging("rpcclient", DEBUG_STDOUT);
rpcclient_auth_info = user_auth_info_init(frame);
if (rpcclient_auth_info == NULL) {
goto done;
}
- /* save the workgroup...
-
- FIXME!! do we need to do this for other options as well
- (or maybe a generic way to keep lp_load() from overwriting
- everything)? */
-
- fstrcpy( new_workgroup, lp_workgroup() );
-
/* Load smb.conf file */
- if (!lp_load(get_dyn_CONFIGFILE(),True,False,False,True))
+ if (!lp_load_global(get_dyn_CONFIGFILE()))
fprintf(stderr, "Can't load %s\n", get_dyn_CONFIGFILE());
- if ( strlen(new_workgroup) != 0 )
- set_global_myworkgroup( new_workgroup );
-
/*
* Get password
* from stdin if necessary
pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
}
if (binding->flags & DCERPC_AUTH_NTLM) {
+ /* If neither Integrity or Privacy are requested then
+ * Use just Connect level */
+ if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+ }
+
if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
} else {
}
- nt_status = cli_full_connection(&cli, global_myname(), binding->host,
+ nt_status = cli_full_connection(&cli, lp_netbios_name(), binding->host,
opt_ipaddr ? &server_ss : NULL, opt_port,
"IPC$", "IPC",
get_cmdline_auth_info_username(rpcclient_auth_info),
get_cmdline_auth_info_domain(rpcclient_auth_info),
get_cmdline_auth_info_password(rpcclient_auth_info),
flags,
- get_cmdline_auth_info_signing_state(rpcclient_auth_info),
- NULL);
+ get_cmdline_auth_info_signing_state(rpcclient_auth_info));
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));