2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
29 /* List to hold groups of commands.
31 * Commands are defined in a list of arrays: arrays are easy to
32 * statically declare, and lists are easier to dynamically extend.
35 static struct cmd_list {
36 struct cmd_list *prev, *next;
37 struct cmd_set *cmd_set;
40 /****************************************************************************
41 handle completion of commands for readline
42 ****************************************************************************/
43 static char **completion_fn(const char *text, int start, int end)
45 #define MAX_COMPLETIONS 100
48 struct cmd_list *commands = cmd_list;
51 /* FIXME!!! -- what to do when completing argument? */
52 /* for words not at the start of the line fallback
53 to filename completion */
58 /* make sure we have a list of valid commands */
62 matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
63 if (!matches) return NULL;
65 matches[count++] = SMB_STRDUP(text);
66 if (!matches[0]) return NULL;
68 while (commands && count < MAX_COMPLETIONS-1)
70 if (!commands->cmd_set)
73 for (i=0; commands->cmd_set[i].name; i++)
75 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
76 (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
77 commands->cmd_set[i].ntfn ) ||
78 ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
79 commands->cmd_set[i].wfn)))
81 matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
88 commands = commands->next;
93 SAFE_FREE(matches[0]);
94 matches[0] = SMB_STRDUP(matches[1]);
96 matches[count] = NULL;
100 static char* next_command (char** cmdstr)
102 static pstring command;
105 if (!cmdstr || !(*cmdstr))
108 p = strchr_m(*cmdstr, ';');
111 pstrcpy(command, *cmdstr);
120 /* Fetch the SID for this computer */
122 static void fetch_machine_sid(struct cli_state *cli)
125 NTSTATUS result = NT_STATUS_OK;
126 uint32 info_class = 5;
127 char *domain_name = NULL;
128 static BOOL got_domain_sid;
130 DOM_SID *dom_sid = NULL;
132 if (got_domain_sid) return;
134 if (!(mem_ctx=talloc_init("fetch_machine_sid")))
136 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
141 if (!cli_nt_session_open (cli, PI_LSARPC)) {
142 fprintf(stderr, "could not initialise lsa pipe\n");
146 result = cli_lsa_open_policy(cli, mem_ctx, True,
147 SEC_RIGHTS_MAXIMUM_ALLOWED,
149 if (!NT_STATUS_IS_OK(result)) {
153 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
154 &domain_name, &dom_sid);
155 if (!NT_STATUS_IS_OK(result)) {
159 got_domain_sid = True;
160 sid_copy( &domain_sid, dom_sid );
162 cli_lsa_close(cli, mem_ctx, &pol);
163 cli_nt_session_close(cli);
164 talloc_destroy(mem_ctx);
169 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
171 if (!NT_STATUS_IS_OK(result)) {
172 fprintf(stderr, "error: %s\n", nt_errstr(result));
178 /* List the available commands on a given pipe */
180 static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
181 int argc, const char **argv)
183 struct cmd_list *tmp;
184 struct cmd_set *tmp_set;
190 printf("Usage: %s <pipe>\n", argv[0]);
194 /* Help on one command */
196 for (tmp = cmd_list; tmp; tmp = tmp->next)
198 tmp_set = tmp->cmd_set;
200 if (!StrCaseCmp(argv[1], tmp_set->name))
202 printf("Available commands on the %s pipe:\n\n", tmp_set->name);
206 while(tmp_set->name) {
207 printf("%30s", tmp_set->name);
214 /* drop out of the loop */
223 /* Display help on commands */
225 static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
226 int argc, const char **argv)
228 struct cmd_list *tmp;
229 struct cmd_set *tmp_set;
234 printf("Usage: %s [command]\n", argv[0]);
238 /* Help on one command */
241 for (tmp = cmd_list; tmp; tmp = tmp->next) {
243 tmp_set = tmp->cmd_set;
245 while(tmp_set->name) {
246 if (strequal(argv[1], tmp_set->name)) {
247 if (tmp_set->usage &&
249 printf("%s\n", tmp_set->usage);
251 printf("No help for %s\n", tmp_set->name);
260 printf("No such command: %s\n", argv[1]);
264 /* List all commands */
266 for (tmp = cmd_list; tmp; tmp = tmp->next) {
268 tmp_set = tmp->cmd_set;
270 while(tmp_set->name) {
272 printf("%15s\t\t%s\n", tmp_set->name,
273 tmp_set->description ? tmp_set->description:
283 /* Change the debug level */
285 static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
286 int argc, const char **argv)
289 printf("Usage: %s [debuglevel]\n", argv[0]);
294 DEBUGLEVEL = atoi(argv[1]);
297 printf("debuglevel is %d\n", DEBUGLEVEL);
302 static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
303 int argc, const char **argv)
306 return NT_STATUS_OK; /* NOTREACHED */
309 static NTSTATUS cmd_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
310 int argc, const char **argv)
312 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN)) {
315 /* still have session, just need to use it again */
316 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
317 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
318 if (cli->pipes[cli->pipe_idx].fnum != 0)
319 cli_nt_session_close(cli);
325 static NTSTATUS cmd_seal(struct cli_state *cli, TALLOC_CTX *mem_ctx,
326 int argc, const char **argv)
328 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
331 /* still have session, just need to use it again */
332 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
333 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
334 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
335 if (cli->pipes[cli->pipe_idx].fnum != 0)
336 cli_nt_session_close(cli);
341 static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
342 int argc, const char **argv)
344 if (cli->pipe_auth_flags == 0) {
347 /* still have session, just need to use it again */
348 cli->pipe_auth_flags = 0;
349 if (cli->pipes[cli->pipe_idx].fnum != 0)
350 cli_nt_session_close(cli);
352 cli->pipe_auth_flags = 0;
357 static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
358 int argc, const char **argv)
361 static uchar zeros[16];
362 uchar trust_password[16];
363 uint32 sec_channel_type;
365 strhex_to_str(cli->sess_key, strlen(argv[1]), argv[1]);
366 cli->pipe_auth_flags = pipe_auth_flags;
372 if ((memcmp(cli->sess_key, zeros, sizeof(cli->sess_key)) != 0) &&
373 (cli->pipe_auth_flags == pipe_auth_flags)) {
374 /* already in this mode nothing to do */
378 if (!secrets_fetch_trust_account_password(lp_workgroup(),
380 NULL, &sec_channel_type)) {
381 return NT_STATUS_UNSUCCESSFUL;
384 ret = cli_nt_setup_netsec(cli, sec_channel_type, pipe_auth_flags, trust_password);
385 if (NT_STATUS_IS_OK(ret)) {
386 char *hex_session_key;
387 hex_session_key = hex_encode(NULL, cli->pipes[cli->pipe_idx].auth_info.sess_key,
388 sizeof(cli->pipes[cli->pipe_idx].auth_info.sess_key));
389 printf("Got Session key: %s\n", hex_session_key);
390 talloc_free(hex_session_key);
396 static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
397 int argc, const char **argv)
399 d_printf("Setting schannel - sign and seal\n");
400 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL,
404 static NTSTATUS cmd_schannel_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
405 int argc, const char **argv)
407 d_printf("Setting schannel - sign only\n");
408 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN,
413 /* Built in rpcclient commands */
415 static struct cmd_set rpcclient_commands[] = {
417 { "GENERAL OPTIONS" },
419 { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
420 { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
421 { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, "Set debug level", "level" },
422 { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, "List available commands on <pipe>", "pipe" },
423 { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
424 { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
425 { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" },
426 { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" },
427 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
428 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
429 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" },
434 static struct cmd_set separator_command[] = {
435 { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, "----------------------" },
440 /* Various pipe commands */
442 extern struct cmd_set lsarpc_commands[];
443 extern struct cmd_set samr_commands[];
444 extern struct cmd_set spoolss_commands[];
445 extern struct cmd_set netlogon_commands[];
446 extern struct cmd_set srvsvc_commands[];
447 extern struct cmd_set dfs_commands[];
448 extern struct cmd_set reg_commands[];
449 extern struct cmd_set ds_commands[];
450 extern struct cmd_set echo_commands[];
451 extern struct cmd_set shutdown_commands[];
453 static struct cmd_set *rpcclient_command_list[] = {
468 static void add_command_set(struct cmd_set *cmd_set)
470 struct cmd_list *entry;
472 if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
473 DEBUG(0, ("out of memory\n"));
479 entry->cmd_set = cmd_set;
480 DLIST_ADD(cmd_list, entry);
485 * Call an rpcclient function, passing an argv array.
487 * @param cmd Command to run, as a single string.
489 static NTSTATUS do_cmd(struct cli_state *cli,
490 struct cmd_set *cmd_entry,
491 int argc, char **argv)
495 uchar trust_password[16];
501 if (!(mem_ctx = talloc_init("do_cmd"))) {
502 DEBUG(0, ("talloc_init() failed\n"));
503 return NT_STATUS_NO_MEMORY;
508 if (cmd_entry->pipe_idx != -1
509 && cmd_entry->pipe_idx != cli->pipe_idx) {
510 if (cli->pipes[cli->pipe_idx].fnum != 0)
511 cli_nt_session_close(cli);
513 if (!cli_nt_session_open(cli, cmd_entry->pipe_idx)) {
514 DEBUG(0, ("Could not initialise %s\n",
515 get_pipe_name_from_index(cmd_entry->pipe_idx)));
516 return NT_STATUS_UNSUCCESSFUL;
520 /* some of the DsXXX commands use the netlogon pipe */
522 if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
523 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
524 uint32 sec_channel_type;
526 if (!secrets_fetch_trust_account_password(lp_workgroup(),
528 NULL, &sec_channel_type)) {
529 return NT_STATUS_UNSUCCESSFUL;
532 ntresult = cli_nt_setup_creds(cli, sec_channel_type,
535 if (!NT_STATUS_IS_OK(ntresult)) {
536 ZERO_STRUCT(cli->pipes[cli->pipe_idx].auth_info.sess_key);
537 printf("nt_setup_creds failed with %s\n", nt_errstr(ntresult));
545 if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
546 ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
547 if (!NT_STATUS_IS_OK(ntresult)) {
548 printf("result was %s\n", nt_errstr(ntresult));
551 wresult = cmd_entry->wfn( cli, mem_ctx, argc, (const char **) argv);
552 /* print out the DOS error */
553 if (!W_ERROR_IS_OK(wresult)) {
554 printf( "result was %s\n", dos_errstr(wresult));
556 ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
562 talloc_destroy(mem_ctx);
569 * Process a command entered at the prompt or as part of -c
571 * @returns The NTSTATUS from running the command.
573 static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
575 struct cmd_list *temp_list;
576 NTSTATUS result = NT_STATUS_OK;
581 if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
582 fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
583 return NT_STATUS_UNSUCCESSFUL;
587 /* Walk through a dlist of arrays of commands. */
588 for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
589 struct cmd_set *temp_set = temp_list->cmd_set;
591 while (temp_set->name) {
592 if (strequal(argv[0], temp_set->name)) {
593 if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
594 !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
595 fprintf (stderr, "Invalid command\n");
599 result = do_cmd(cli, temp_set, argc, argv);
608 printf("command not found: %s\n", argv[0]);
613 if (!NT_STATUS_IS_OK(result)) {
614 printf("result was %s\n", nt_errstr(result));
619 /* NOTE: popt allocates the whole argv, including the
620 * strings, as a single block. So a single free is
621 * enough to release it -- we don't free the
622 * individual strings. rtfm. */
632 int main(int argc, char *argv[])
634 BOOL interactive = True;
636 static char *cmdstr = NULL;
638 struct cli_state *cli;
639 static char *opt_ipaddr=NULL;
640 struct cmd_set **cmd_set;
641 struct in_addr server_ip;
643 static int opt_port = 0;
645 /* make sure the vars that get altered (4th field) are in
646 a fixed location or certain compilers complain */
648 struct poptOption long_options[] = {
650 {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
651 {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
652 {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"},
654 POPT_COMMON_CONNECTION
655 POPT_COMMON_CREDENTIALS
659 ZERO_STRUCT(server_ip);
663 /* the following functions are part of the Samba debugging
664 facilities. See lib/debug.c */
665 setup_logging("rpcclient", interactive);
671 pc = poptGetContext("rpcclient", argc, (const char **) argv,
675 poptPrintHelp(pc, stderr, 0);
679 while((opt = poptGetNextOpt(pc)) != -1) {
683 if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
684 fprintf(stderr, "%s not a valid IP address\n",
691 /* Get server as remaining unparsed argument. Print usage if more
692 than one unparsed argument is present. */
694 server = poptGetArg(pc);
696 if (!server || poptGetArg(pc)) {
697 poptPrintHelp(pc, stderr, 0);
708 /* Load smb.conf file */
710 if (!lp_load(dyn_CONFIGFILE,True,False,False))
711 fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
715 * from stdin if necessary
718 if (!cmdline_auth_info.got_pass) {
719 char *pass = getpass("Password:");
721 pstrcpy(cmdline_auth_info.password, pass);
725 nt_status = cli_full_connection(&cli, global_myname(), server,
726 opt_ipaddr ? &server_ip : NULL, opt_port,
728 cmdline_auth_info.username,
730 cmdline_auth_info.password,
731 cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
732 cmdline_auth_info.signing_state,NULL);
734 if (!NT_STATUS_IS_OK(nt_status)) {
735 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
739 memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
741 /* Load command lists */
743 cmd_set = rpcclient_command_list;
746 add_command_set(*cmd_set);
747 add_command_set(separator_command);
751 fetch_machine_sid(cli);
753 /* Do anything specified with -c */
754 if (cmdstr && cmdstr[0]) {
759 while((cmd=next_command(&p)) != NULL) {
760 NTSTATUS cmd_result = process_cmd(cli, cmd);
761 result = NT_STATUS_IS_ERR(cmd_result);
768 /* Loop around accepting commands */
774 slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
776 line = smb_readline(prompt, NULL, completion_fn);
782 process_cmd(cli, line);