{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_OK;
- uint32 info_class = 5;
- char *domain_name = NULL;
static bool got_domain_sid;
TALLOC_CTX *mem_ctx;
- DOM_SID *dom_sid = NULL;
struct rpc_pipe_client *lsapipe = NULL;
+ union lsa_PolicyInformation *info = NULL;
if (got_domain_sid) return;
goto error;
}
- if ((lsapipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result)) == NULL) {
+ result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
+ &lsapipe);
+ if (!NT_STATUS_IS_OK(result)) {
fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
goto error;
}
goto error;
}
- result = rpccli_lsa_query_info_policy(lsapipe, mem_ctx, &pol, info_class,
- &domain_name, &dom_sid);
+ result = rpccli_lsa_QueryInfoPolicy(lsapipe, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto error;
}
got_domain_sid = True;
- sid_copy( &domain_sid, dom_sid );
+ sid_copy(&domain_sid, info->account_domain.sid);
rpccli_lsa_Close(lsapipe, mem_ctx, &pol);
- cli_rpc_pipe_close(lsapipe);
+ TALLOC_FREE(lsapipe);
talloc_destroy(mem_ctx);
return;
error:
if (lsapipe) {
- cli_rpc_pipe_close(lsapipe);
+ TALLOC_FREE(lsapipe);
}
fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
continue;
}
- if (tmp_set->rpc_pipe->auth.auth_type != pipe_default_auth_type ||
- tmp_set->rpc_pipe->auth.auth_level != pipe_default_auth_level) {
- cli_rpc_pipe_close(tmp_set->rpc_pipe);
+ if ((tmp_set->rpc_pipe->auth->auth_type
+ != pipe_default_auth_type)
+ || (tmp_set->rpc_pipe->auth->auth_level
+ != pipe_default_auth_level)) {
+ TALLOC_FREE(tmp_set->rpc_pipe);
tmp_set->rpc_pipe = NULL;
}
}
static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
+ const char *type = "NTLMSSP";
+
pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
}
if (argc == 2) {
- if (strequal(argv[1], "NTLMSSP")) {
+ type = argv[1];
+ if (strequal(type, "NTLMSSP")) {
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
- } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
+ } else if (strequal(type, "NTLMSSP_SPNEGO")) {
pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
- } else if (strequal(argv[1], "SCHANNEL")) {
+ } else if (strequal(type, "SCHANNEL")) {
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
} else {
- printf("unknown type %s\n", argv[1]);
+ printf("unknown type %s\n", type);
return NT_STATUS_INVALID_LEVEL;
}
}
- printf("debuglevel is %d\n", DEBUGLEVEL);
+ d_printf("Setting %s - sign\n", type);
+
return cmd_set_ss_level();
}
static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
+ const char *type = "NTLMSSP";
+
pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
}
if (argc == 2) {
- if (strequal(argv[1], "NTLMSSP")) {
+ type = argv[1];
+ if (strequal(type, "NTLMSSP")) {
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
- } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
+ } else if (strequal(type, "NTLMSSP_SPNEGO")) {
pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
- } else if (strequal(argv[1], "SCHANNEL")) {
+ } else if (strequal(type, "SCHANNEL")) {
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
} else {
- printf("unknown type %s\n", argv[1]);
+ printf("unknown type %s\n", type);
return NT_STATUS_INVALID_LEVEL;
}
}
+
+ d_printf("Setting %s - sign and seal\n", type);
+
return cmd_set_ss_level();
}
continue;
}
- cli_set_timeout(tmp_set->rpc_pipe->cli, timeout);
+ rpccli_set_timeout(tmp_set->rpc_pipe, timeout);
}
}
}
{ "GENERAL OPTIONS" },
- { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" },
- { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" },
- { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" },
- { "debug", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" },
- { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, NULL, "List available commands on <pipe>", "pipe" },
- { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" },
- { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" },
- { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed", "" },
- { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, NULL, "Force RPC pipe connections to be sealed", "" },
- { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
- { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
- { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, -1, NULL, "Set timeout (in milliseonds) for RPC operations", "" },
- { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, NULL, "Force RPC pipe connections to have no special properties", "" },
+ { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, NULL, NULL, "Get help on commands", "[command]" },
+ { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, NULL, NULL, "Get help on commands", "[command]" },
+ { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, NULL, NULL, "Set debug level", "level" },
+ { "debug", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, NULL, NULL, "Set debug level", "level" },
+ { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, NULL, NULL, "List available commands on <pipe>", "pipe" },
+ { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" },
+ { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" },
+ { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed", "" },
+ { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, NULL, NULL, "Force RPC pipe connections to be sealed", "" },
+ { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
+ { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
+ { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseonds) for RPC operations", "" },
+ { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, NULL, NULL, "Force RPC pipe connections to have no special properties", "" },
{ NULL }
};
static struct cmd_set separator_command[] = {
- { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, NULL, "----------------------" },
+ { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, NULL, NULL, "----------------------" },
{ NULL }
};
extern struct cmd_set shutdown_commands[];
extern struct cmd_set test_commands[];
extern struct cmd_set wkssvc_commands[];
+extern struct cmd_set ntsvcs_commands[];
+extern struct cmd_set drsuapi_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
shutdown_commands,
test_commands,
wkssvc_commands,
+ ntsvcs_commands,
+ drsuapi_commands,
NULL
};
/* Open pipe */
- if (cmd_entry->pipe_idx != -1 && cmd_entry->rpc_pipe == NULL) {
+ if ((cmd_entry->interface != NULL) && (cmd_entry->rpc_pipe == NULL)) {
switch (pipe_default_auth_type) {
case PIPE_AUTH_TYPE_NONE:
- cmd_entry->rpc_pipe = cli_rpc_pipe_open_noauth(cli,
- cmd_entry->pipe_idx,
- &ntresult);
+ ntresult = cli_rpc_pipe_open_noauth(
+ cli, cmd_entry->interface,
+ &cmd_entry->rpc_pipe);
break;
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- cmd_entry->rpc_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli,
- cmd_entry->pipe_idx,
- pipe_default_auth_level,
- lp_workgroup(),
- get_cmdline_auth_info_username(),
- get_cmdline_auth_info_password(),
- &ntresult);
+ ntresult = cli_rpc_pipe_open_spnego_ntlmssp(
+ cli, cmd_entry->interface,
+ pipe_default_auth_level,
+ lp_workgroup(),
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ &cmd_entry->rpc_pipe);
break;
case PIPE_AUTH_TYPE_NTLMSSP:
- cmd_entry->rpc_pipe = cli_rpc_pipe_open_ntlmssp(cli,
- cmd_entry->pipe_idx,
- pipe_default_auth_level,
- lp_workgroup(),
- get_cmdline_auth_info_username(),
- get_cmdline_auth_info_password(),
- &ntresult);
+ ntresult = cli_rpc_pipe_open_ntlmssp(
+ cli, cmd_entry->interface,
+ pipe_default_auth_level,
+ lp_workgroup(),
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ &cmd_entry->rpc_pipe);
break;
case PIPE_AUTH_TYPE_SCHANNEL:
- cmd_entry->rpc_pipe = cli_rpc_pipe_open_schannel(cli,
- cmd_entry->pipe_idx,
- pipe_default_auth_level,
- lp_workgroup(),
- &ntresult);
+ ntresult = cli_rpc_pipe_open_schannel(
+ cli, cmd_entry->interface,
+ pipe_default_auth_level,
+ lp_workgroup(),
+ &cmd_entry->rpc_pipe);
break;
default:
- DEBUG(0, ("Could not initialise %s. Invalid auth type %u\n",
- cli_get_pipe_name(cmd_entry->pipe_idx),
- pipe_default_auth_type ));
+ DEBUG(0, ("Could not initialise %s. Invalid "
+ "auth type %u\n",
+ cli_get_pipe_name_from_iface(
+ debug_ctx(), cli,
+ cmd_entry->interface),
+ pipe_default_auth_type ));
return NT_STATUS_UNSUCCESSFUL;
}
- if (!cmd_entry->rpc_pipe) {
+ if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise %s. Error was %s\n",
- cli_get_pipe_name(cmd_entry->pipe_idx),
- nt_errstr(ntresult) ));
+ cli_get_pipe_name_from_iface(
+ debug_ctx(), cli,
+ cmd_entry->interface),
+ nt_errstr(ntresult) ));
return ntresult;
}
- if (cmd_entry->pipe_idx == PI_NETLOGON) {
- uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+ if (ndr_syntax_id_equal(cmd_entry->interface,
+ &ndr_table_netlogon.syntax_id)) {
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
uint32 sec_channel_type;
uchar trust_password[16];
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise credentials for %s.\n",
- cli_get_pipe_name(cmd_entry->pipe_idx)));
+ cli_get_pipe_name_from_iface(
+ debug_ctx(), cli,
+ cmd_entry->interface)));
return ntresult;
}
}
wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
/* print out the DOS error */
if (!W_ERROR_IS_OK(wresult)) {
- printf( "result was %s\n", dos_errstr(wresult));
+ printf( "result was %s\n", win_errstr(wresult));
}
ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
}
fstring new_workgroup;
int result = 0;
TALLOC_CTX *frame = talloc_stackframe();
+ uint32_t flags = 0;
/* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */
load_case_tables();
- zero_addr(&server_ss);
+ zero_sockaddr(&server_ss);
setlinebuf(stdout);
* from stdin if necessary
*/
+ if (get_cmdline_auth_info_use_machine_account() &&
+ !set_cmdline_auth_info_machine_account_creds()) {
+ result = 1;
+ goto done;
+ }
+
if (!get_cmdline_auth_info_got_pass()) {
char *pass = getpass("Password:");
if (pass) {
server += 2;
}
+ if (get_cmdline_auth_info_use_kerberos()) {
+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
+ CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
+ }
+
+
nt_status = cli_full_connection(&cli, global_myname(), server,
opt_ipaddr ? &server_ss : NULL, opt_port,
"IPC$", "IPC",
get_cmdline_auth_info_username(),
lp_workgroup(),
get_cmdline_auth_info_password(),
- get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
+ flags,
get_cmdline_auth_info_signing_state(),NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
goto done;
}
+ if (get_cmdline_auth_info_smb_encrypt()) {
+ nt_status = cli_cm_force_encryption(cli,
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ lp_workgroup(),
+ "IPC$");
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ result = 1;
+ goto done;
+ }
+ }
+
#if 0 /* COMMENT OUT FOR TESTING */
memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
#endif