*/
#include "includes.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
#include "popt_common.h"
#include "rpcclient.h"
#include "../libcli/auth/libcli_auth.h"
static enum dcerpc_transport_t default_transport = NCACN_NP;
struct messaging_context *rpcclient_msg_ctx;
-struct user_auth_info *rpcclient_auth_info;
struct cli_state *rpcclient_cli_state;
struct netlogon_creds_cli_context *rpcclient_netlogon_creds;
+static const char *rpcclient_netlogon_domain;
/* List to hold groups of commands.
*
TALLOC_FREE(lsapipe);
}
- fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
+ fprintf(stderr, "could not obtain sid from server\n");
if (!NT_STATUS_IS_OK(result)) {
fprintf(stderr, "error: %s\n", nt_errstr(result));
return cmd_set_ss_level();
}
-static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
+static NTSTATUS cmd_packet(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
{
- struct cmd_list *tmp;
+ const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
+ const char *type = "NTLMSSP";
+
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PACKET;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
- printf("Usage: %s timeout\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_OK;
}
if (argc == 2) {
- timeout = atoi(argv[1]);
+ type = argv[1];
+ if (strequal(type, "KRB5")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (strequal(type, "KRB5_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else if (strequal(type, "NTLMSSP")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ } else if (strequal(type, "NTLMSSP_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ } else if (strequal(type, "SCHANNEL")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
+ } else {
+ printf("unknown type %s\n", type);
+ printf("Usage: %s %s\n", argv[0], p);
+ return NT_STATUS_INVALID_LEVEL;
+ }
+ }
- for (tmp = cmd_list; tmp; tmp = tmp->next) {
+ d_printf("Setting %s - packet\n", type);
- struct cmd_set *tmp_set;
+ return cmd_set_ss_level();
+}
- for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
- if (tmp_set->rpc_pipe == NULL) {
- continue;
- }
- rpccli_set_timeout(tmp_set->rpc_pipe, timeout);
- }
- }
+static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ if (argc > 2) {
+ printf("Usage: %s timeout\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ timeout = atoi(argv[1]);
}
printf("timeout is %d\n", timeout);
{ "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" },
{ "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed", "" },
{ "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, NULL, NULL, "Force RPC pipe connections to be sealed", "" },
+ { "packet", RPC_RTYPE_NTSTATUS, cmd_packet, NULL, NULL, NULL, "Force RPC pipe connections with packet authentication level", "" },
{ "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
{ "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
{ "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseconds) for RPC operations", "" },
extern struct cmd_set lsarpc_commands[];
extern struct cmd_set samr_commands[];
extern struct cmd_set spoolss_commands[];
+extern struct cmd_set iremotewinspool_commands[];
extern struct cmd_set netlogon_commands[];
extern struct cmd_set srvsvc_commands[];
extern struct cmd_set dfs_commands[];
extern struct cmd_set winreg_commands[];
extern struct cmd_set fss_commands[];
extern struct cmd_set witness_commands[];
+extern struct cmd_set clusapi_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
ds_commands,
samr_commands,
spoolss_commands,
+ iremotewinspool_commands,
netlogon_commands,
srvsvc_commands,
dfs_commands,
winreg_commands,
fss_commands,
witness_commands,
+ clusapi_commands,
NULL
};
{
NTSTATUS ntresult;
WERROR wresult;
- bool ok;
TALLOC_CTX *mem_ctx;
cli, rpcclient_msg_ctx,
cmd_entry->table,
default_transport,
- pipe_default_auth_level,
- get_cmdline_auth_info_domain(auth_info),
+ rpcclient_netlogon_domain,
&cmd_entry->rpc_pipe,
- talloc_autofree_context(),
+ rpcclient_msg_ctx,
&rpcclient_netlogon_creds);
break;
default:
return ntresult;
}
- ok = ndr_syntax_id_equal(&cmd_entry->table->syntax_id,
- &ndr_table_netlogon.syntax_id);
- if (rpcclient_netlogon_creds == NULL && ok) {
+ if (rpcclient_netlogon_creds == NULL && cmd_entry->use_netlogon_creds) {
const char *dc_name = cmd_entry->rpc_pipe->desthost;
- const char *domain = get_cmdline_auth_info_domain(auth_info);
- enum netr_SchannelType sec_chan_type = 0;
- const char *_account_name = NULL;
- const char *account_name = NULL;
- struct samr_Password current_nt_hash;
- struct samr_Password *previous_nt_hash = NULL;
-
- if (!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info),
- current_nt_hash.hash, &_account_name,
- &sec_chan_type))
- {
- DEBUG(0, ("Failed to fetch trust password for %s to connect to %s.\n",
- get_cmdline_auth_info_domain(auth_info),
- cmd_entry->table->name));
- TALLOC_FREE(cmd_entry->rpc_pipe);
- talloc_free(mem_ctx);
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
+ const char *domain = rpcclient_netlogon_domain;
+ struct cli_credentials *creds = NULL;
- account_name = talloc_asprintf(mem_ctx, "%s$", _account_name);
- if (account_name == NULL) {
- DEBUG(0, ("Out of memory creating account name to connect to %s.\n",
- cmd_entry->table->name));
+ ntresult = pdb_get_trust_credentials(domain, NULL,
+ mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(ntresult)) {
+ DEBUG(0, ("Failed to fetch trust credentials for "
+ "%s to connect to %s: %s\n",
+ domain, cmd_entry->table->name,
+ nt_errstr(ntresult)));
TALLOC_FREE(cmd_entry->rpc_pipe);
- SAFE_FREE(previous_nt_hash);
- TALLOC_FREE(mem_ctx);
- return NT_STATUS_NO_MEMORY;
+ talloc_free(mem_ctx);
+ return ntresult;
}
- ntresult = rpccli_create_netlogon_creds(dc_name,
- domain,
- account_name,
- sec_chan_type,
- rpcclient_msg_ctx,
- talloc_autofree_context(),
- &rpcclient_netlogon_creds);
+ ntresult = rpccli_create_netlogon_creds_ctx(creds,
+ dc_name,
+ rpcclient_msg_ctx,
+ rpcclient_msg_ctx,
+ &rpcclient_netlogon_creds);
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise credentials for %s.\n",
cmd_entry->table->name));
TALLOC_FREE(cmd_entry->rpc_pipe);
- SAFE_FREE(previous_nt_hash);
TALLOC_FREE(mem_ctx);
return ntresult;
}
- ntresult = rpccli_setup_netlogon_creds(cli, NCACN_NP,
- rpcclient_netlogon_creds,
- false, /* force_reauth */
- current_nt_hash,
- previous_nt_hash);
- SAFE_FREE(previous_nt_hash);
+ ntresult = rpccli_setup_netlogon_creds(
+ cli,
+ NCACN_NP,
+ rpcclient_netlogon_creds,
+ false, /* force_reauth */
+ creds);
+ TALLOC_FREE(creds);
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise credentials for %s.\n",
cmd_entry->table->name));
}
}
+ /* Set timeout for new connections */
+ if (cmd_entry->rpc_pipe) {
+ rpccli_set_timeout(cmd_entry->rpc_pipe, timeout);
+ }
+
/* Run command */
if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
enum dcerpc_transport_t transport;
uint32_t bflags = 0;
const char *binding_string = NULL;
- char *user, *domain, *q;
const char *host;
+ int signing_state = SMB_SIGNING_IPC_DEFAULT;
+ struct tevent_context *ev_ctx = NULL;
/* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */
POPT_TABLEEND
};
- load_case_tables();
+ smb_init_locale();
zero_sockaddr(&server_ss);
/* the following functions are part of the Samba debugging
facilities. See lib/debug.c */
setup_logging("rpcclient", DEBUG_STDOUT);
-
- rpcclient_auth_info = user_auth_info_init(frame);
- if (rpcclient_auth_info == NULL) {
- exit(1);
- }
- popt_common_set_auth_info(rpcclient_auth_info);
+ lp_set_cmdline("log level", "0");
/* Parse options */
poptFreeContext(pc);
popt_burn_cmdline_password(argc, argv);
- if (!init_names()) {
+ ev_ctx = samba_tevent_context_init(frame);
+ if (ev_ctx == NULL) {
+ fprintf(stderr, "Could not init event context\n");
result = 1;
goto done;
}
- /* Load smb.conf file */
-
- if (!lp_load_global(get_dyn_CONFIGFILE()))
- fprintf(stderr, "Can't load %s\n", get_dyn_CONFIGFILE());
-
- /* We must load interfaces after we load the smb.conf */
- load_interfaces();
+ nt_status = messaging_init_client(ev_ctx,
+ ev_ctx,
+ &rpcclient_msg_ctx);
+ if (geteuid() != 0 &&
+ NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
+ /*
+ * Normal to fail to initialize messaging context
+ * if we're not root as we don't have ability to
+ * read lock directory.
+ */
+ DBG_NOTICE("Unable to initialize messaging context. "
+ "Must be root to do that.\n");
+ } else if (!NT_STATUS_IS_OK(nt_status)) {
+ fprintf(stderr, "Could not init messaging context\n");
+ result = 1;
+ goto done;
+ }
- rpcclient_msg_ctx = messaging_init(talloc_autofree_context(),
- samba_tevent_context_init(talloc_autofree_context()));
+ if (!init_names()) {
+ result = 1;
+ goto done;
+ }
/*
* Get password
* from stdin if necessary
*/
- if (get_cmdline_auth_info_use_machine_account(rpcclient_auth_info) &&
- !set_cmdline_auth_info_machine_account_creds(rpcclient_auth_info)) {
- result = 1;
- goto done;
- }
-
- set_cmdline_auth_info_getpass(rpcclient_auth_info);
-
if ((server[0] == '/' && server[1] == '/') ||
(server[0] == '\\' && server[1] == '\\')) {
server += 2;
pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}
+ if (bflags & DCERPC_PACKET) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PACKET;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ }
if (bflags & DCERPC_SIGN) {
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}
}
if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
- /* If neither Integrity or Privacy are requested then
- * Use just Connect level */
+ /* If nothing is requested then default to integrity */
if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
}
}
- if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
+ signing_state = get_cmdline_auth_info_signing_state(
+ popt_get_cmdline_auth_info());
+ switch (signing_state) {
+ case SMB_SIGNING_OFF:
+ lp_set_cmdline("client ipc signing", "no");
+ break;
+ case SMB_SIGNING_REQUIRED:
+ lp_set_cmdline("client ipc signing", "required");
+ break;
+ }
+
+ if (get_cmdline_auth_info_use_kerberos(popt_get_cmdline_auth_info())) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
- if (get_cmdline_auth_info_use_ccache(rpcclient_auth_info)) {
+ if (get_cmdline_auth_info_use_ccache(popt_get_cmdline_auth_info())) {
flags |= CLI_FULL_CONNECTION_USE_CCACHE;
}
+ if (get_cmdline_auth_info_use_pw_nt_hash(
+ popt_get_cmdline_auth_info())) {
+ flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
+ }
- user = talloc_strdup(frame, get_cmdline_auth_info_username(rpcclient_auth_info));
- SMB_ASSERT(user != NULL);
- domain = talloc_strdup(frame, lp_workgroup());
- SMB_ASSERT(domain != NULL);
- set_cmdline_auth_info_domain(rpcclient_auth_info, domain);
-
- if ((q = strchr_m(user,'\\'))) {
- *q = 0;
- set_cmdline_auth_info_domain(rpcclient_auth_info, user);
- set_cmdline_auth_info_username(rpcclient_auth_info, q+1);
+ rpcclient_netlogon_domain = get_cmdline_auth_info_domain(
+ popt_get_cmdline_auth_info());
+ if (rpcclient_netlogon_domain == NULL ||
+ rpcclient_netlogon_domain[0] == '\0')
+ {
+ rpcclient_netlogon_domain = lp_workgroup();
}
nt_status = cli_full_connection(&cli, lp_netbios_name(), host,
opt_ipaddr ? &server_ss : NULL, opt_port,
"IPC$", "IPC",
- get_cmdline_auth_info_username(rpcclient_auth_info),
- get_cmdline_auth_info_domain(rpcclient_auth_info),
- get_cmdline_auth_info_password(rpcclient_auth_info),
+ get_cmdline_auth_info_username(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_domain(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_password(
+ popt_get_cmdline_auth_info()),
flags,
- get_cmdline_auth_info_signing_state(rpcclient_auth_info));
+ SMB_SIGNING_IPC_DEFAULT);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
goto done;
}
- if (get_cmdline_auth_info_smb_encrypt(rpcclient_auth_info)) {
+ if (get_cmdline_auth_info_smb_encrypt(popt_get_cmdline_auth_info())) {
nt_status = cli_cm_force_encryption(cli,
- get_cmdline_auth_info_username(rpcclient_auth_info),
- get_cmdline_auth_info_password(rpcclient_auth_info),
- get_cmdline_auth_info_domain(rpcclient_auth_info),
+ get_cmdline_auth_info_username(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_password(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_domain(
+ popt_get_cmdline_auth_info()),
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
result = 1;
/* Load command lists */
rpcclient_cli_state = cli;
- timeout = cli_set_timeout(cli, 10000);
+
+ timeout = 10000;
+ cli_set_timeout(cli, timeout);
cmd_set = rpcclient_command_list;
result = 0;
while((cmd=next_command(&p)) != NULL) {
- NTSTATUS cmd_result = process_cmd(rpcclient_auth_info, cli,
- binding, cmd);
+ NTSTATUS cmd_result = process_cmd(
+ popt_get_cmdline_auth_info(),
+ cli, binding, cmd);
SAFE_FREE(cmd);
result = NT_STATUS_IS_ERR(cmd_result);
}
line = smb_readline("rpcclient $> ", NULL, completion_fn);
- if (line == NULL)
+ if (line == NULL) {
+ printf("\n");
break;
+ }
if (line[0] != '\n')
- process_cmd(rpcclient_auth_info, cli, binding, line);
+ process_cmd(popt_get_cmdline_auth_info(), cli,
+ binding, line);
SAFE_FREE(line);
}
if (cli != NULL) {
cli_shutdown(cli);
}
+ popt_free_cmdline_auth_info();
+ netlogon_creds_cli_close_global_db();
+ TALLOC_FREE(rpcclient_msg_ctx);
+ TALLOC_FREE(ev_ctx);
TALLOC_FREE(frame);
return result;
}