2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
28 static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
29 static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
31 /* List to hold groups of commands.
33 * Commands are defined in a list of arrays: arrays are easy to
34 * statically declare, and lists are easier to dynamically extend.
37 static struct cmd_list {
38 struct cmd_list *prev, *next;
39 struct cmd_set *cmd_set;
42 /****************************************************************************
43 handle completion of commands for readline
44 ****************************************************************************/
45 static char **completion_fn(const char *text, int start, int end)
47 #define MAX_COMPLETIONS 100
50 struct cmd_list *commands = cmd_list;
53 /* FIXME!!! -- what to do when completing argument? */
54 /* for words not at the start of the line fallback
55 to filename completion */
60 /* make sure we have a list of valid commands */
65 matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
70 matches[count++] = SMB_STRDUP(text);
76 while (commands && count < MAX_COMPLETIONS-1) {
77 if (!commands->cmd_set) {
81 for (i=0; commands->cmd_set[i].name; i++) {
82 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
83 (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
84 commands->cmd_set[i].ntfn ) ||
85 ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
86 commands->cmd_set[i].wfn))) {
87 matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
88 if (!matches[count]) {
89 for (i = 0; i < count; i++) {
90 SAFE_FREE(matches[count]);
98 commands = commands->next;
103 SAFE_FREE(matches[0]);
104 matches[0] = SMB_STRDUP(matches[1]);
106 matches[count] = NULL;
110 static char* next_command (char** cmdstr)
112 static pstring command;
115 if (!cmdstr || !(*cmdstr))
118 p = strchr_m(*cmdstr, ';');
121 pstrcpy(command, *cmdstr);
130 /* Fetch the SID for this computer */
132 static void fetch_machine_sid(struct cli_state *cli)
135 NTSTATUS result = NT_STATUS_OK;
136 uint32 info_class = 5;
137 char *domain_name = NULL;
138 static BOOL got_domain_sid;
140 DOM_SID *dom_sid = NULL;
141 struct rpc_pipe_client *lsapipe = NULL;
143 if (got_domain_sid) return;
145 if (!(mem_ctx=talloc_init("fetch_machine_sid"))) {
146 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
150 if ((lsapipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result)) == NULL) {
151 fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
155 result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
156 SEC_RIGHTS_MAXIMUM_ALLOWED,
158 if (!NT_STATUS_IS_OK(result)) {
162 result = rpccli_lsa_query_info_policy(lsapipe, mem_ctx, &pol, info_class,
163 &domain_name, &dom_sid);
164 if (!NT_STATUS_IS_OK(result)) {
168 got_domain_sid = True;
169 sid_copy( &domain_sid, dom_sid );
171 rpccli_lsa_close(lsapipe, mem_ctx, &pol);
172 cli_rpc_pipe_close(lsapipe);
173 talloc_destroy(mem_ctx);
180 cli_rpc_pipe_close(lsapipe);
183 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
185 if (!NT_STATUS_IS_OK(result)) {
186 fprintf(stderr, "error: %s\n", nt_errstr(result));
192 /* List the available commands on a given pipe */
194 static NTSTATUS cmd_listcommands(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
195 int argc, const char **argv)
197 struct cmd_list *tmp;
198 struct cmd_set *tmp_set;
204 printf("Usage: %s <pipe>\n", argv[0]);
208 /* Help on one command */
210 for (tmp = cmd_list; tmp; tmp = tmp->next)
212 tmp_set = tmp->cmd_set;
214 if (!StrCaseCmp(argv[1], tmp_set->name))
216 printf("Available commands on the %s pipe:\n\n", tmp_set->name);
220 while(tmp_set->name) {
221 printf("%30s", tmp_set->name);
228 /* drop out of the loop */
237 /* Display help on commands */
239 static NTSTATUS cmd_help(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
240 int argc, const char **argv)
242 struct cmd_list *tmp;
243 struct cmd_set *tmp_set;
248 printf("Usage: %s [command]\n", argv[0]);
252 /* Help on one command */
255 for (tmp = cmd_list; tmp; tmp = tmp->next) {
257 tmp_set = tmp->cmd_set;
259 while(tmp_set->name) {
260 if (strequal(argv[1], tmp_set->name)) {
261 if (tmp_set->usage &&
263 printf("%s\n", tmp_set->usage);
265 printf("No help for %s\n", tmp_set->name);
274 printf("No such command: %s\n", argv[1]);
278 /* List all commands */
280 for (tmp = cmd_list; tmp; tmp = tmp->next) {
282 tmp_set = tmp->cmd_set;
284 while(tmp_set->name) {
286 printf("%15s\t\t%s\n", tmp_set->name,
287 tmp_set->description ? tmp_set->description:
297 /* Change the debug level */
299 static NTSTATUS cmd_debuglevel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
300 int argc, const char **argv)
303 printf("Usage: %s [debuglevel]\n", argv[0]);
308 DEBUGLEVEL = atoi(argv[1]);
311 printf("debuglevel is %d\n", DEBUGLEVEL);
316 static NTSTATUS cmd_quit(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
317 int argc, const char **argv)
320 return NT_STATUS_OK; /* NOTREACHED */
323 static NTSTATUS cmd_set_ss_level(void)
325 struct cmd_list *tmp;
327 /* Close any existing connections not at this level. */
329 for (tmp = cmd_list; tmp; tmp = tmp->next) {
330 struct cmd_set *tmp_set;
332 for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
333 if (tmp_set->rpc_pipe == NULL) {
337 if (tmp_set->rpc_pipe->auth.auth_type != pipe_default_auth_type ||
338 tmp_set->rpc_pipe->auth.auth_level != pipe_default_auth_level) {
339 cli_rpc_pipe_close(tmp_set->rpc_pipe);
340 tmp_set->rpc_pipe = NULL;
347 static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
348 int argc, const char **argv)
350 pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
351 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
354 printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
359 if (strequal(argv[1], "NTLMSSP")) {
360 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
361 } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
362 pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
363 } else if (strequal(argv[1], "SCHANNEL")) {
364 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
366 printf("unknown type %s\n", argv[1]);
367 return NT_STATUS_INVALID_LEVEL;
371 printf("debuglevel is %d\n", DEBUGLEVEL);
372 return cmd_set_ss_level();
375 static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
376 int argc, const char **argv)
378 pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
379 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
382 printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
387 if (strequal(argv[1], "NTLMSSP")) {
388 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
389 } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
390 pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
391 } else if (strequal(argv[1], "SCHANNEL")) {
392 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
394 printf("unknown type %s\n", argv[1]);
395 return NT_STATUS_INVALID_LEVEL;
398 return cmd_set_ss_level();
401 static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
402 int argc, const char **argv)
404 pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
405 pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
407 return cmd_set_ss_level();
410 static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
411 int argc, const char **argv)
413 d_printf("Setting schannel - sign and seal\n");
414 pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
415 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
417 return cmd_set_ss_level();
420 static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
421 int argc, const char **argv)
423 d_printf("Setting schannel - sign only\n");
424 pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
425 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
427 return cmd_set_ss_level();
431 /* Built in rpcclient commands */
433 static struct cmd_set rpcclient_commands[] = {
435 { "GENERAL OPTIONS" },
437 { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" },
438 { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" },
439 { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" },
440 { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, NULL, "List available commands on <pipe>", "pipe" },
441 { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" },
442 { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" },
443 { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed", "" },
444 { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, NULL, "Force RPC pipe connections to be sealed", "" },
445 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
446 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
447 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, NULL, "Force RPC pipe connections to have no special properties", "" },
452 static struct cmd_set separator_command[] = {
453 { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, NULL, "----------------------" },
458 /* Various pipe commands */
460 extern struct cmd_set lsarpc_commands[];
461 extern struct cmd_set samr_commands[];
462 extern struct cmd_set spoolss_commands[];
463 extern struct cmd_set netlogon_commands[];
464 extern struct cmd_set srvsvc_commands[];
465 extern struct cmd_set dfs_commands[];
466 extern struct cmd_set reg_commands[];
467 extern struct cmd_set ds_commands[];
468 extern struct cmd_set echo_commands[];
469 extern struct cmd_set shutdown_commands[];
470 extern struct cmd_set test_commands[];
472 static struct cmd_set *rpcclient_command_list[] = {
488 static void add_command_set(struct cmd_set *cmd_set)
490 struct cmd_list *entry;
492 if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
493 DEBUG(0, ("out of memory\n"));
499 entry->cmd_set = cmd_set;
500 DLIST_ADD(cmd_list, entry);
505 * Call an rpcclient function, passing an argv array.
507 * @param cmd Command to run, as a single string.
509 static NTSTATUS do_cmd(struct cli_state *cli,
510 struct cmd_set *cmd_entry,
511 int argc, char **argv)
520 if (!(mem_ctx = talloc_init("do_cmd"))) {
521 DEBUG(0, ("talloc_init() failed\n"));
522 return NT_STATUS_NO_MEMORY;
527 if (cmd_entry->pipe_idx != -1 && cmd_entry->rpc_pipe == NULL) {
528 switch (pipe_default_auth_type) {
529 case PIPE_AUTH_TYPE_NONE:
530 cmd_entry->rpc_pipe = cli_rpc_pipe_open_noauth(cli,
534 case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
535 cmd_entry->rpc_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli,
537 pipe_default_auth_level,
539 cmdline_auth_info.username,
540 cmdline_auth_info.password,
543 case PIPE_AUTH_TYPE_NTLMSSP:
544 cmd_entry->rpc_pipe = cli_rpc_pipe_open_ntlmssp(cli,
546 pipe_default_auth_level,
548 cmdline_auth_info.username,
549 cmdline_auth_info.password,
552 case PIPE_AUTH_TYPE_SCHANNEL:
553 cmd_entry->rpc_pipe = cli_rpc_pipe_open_schannel(cli,
555 pipe_default_auth_level,
560 DEBUG(0, ("Could not initialise %s. Invalid auth type %u\n",
561 cli_get_pipe_name(cmd_entry->pipe_idx),
562 pipe_default_auth_type ));
563 return NT_STATUS_UNSUCCESSFUL;
565 if (!cmd_entry->rpc_pipe) {
566 DEBUG(0, ("Could not initialise %s. Error was %s\n",
567 cli_get_pipe_name(cmd_entry->pipe_idx),
568 nt_errstr(ntresult) ));
572 if (cmd_entry->pipe_idx == PI_NETLOGON) {
573 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
574 uint32 sec_channel_type;
575 uchar trust_password[16];
577 if (!secrets_fetch_trust_account_password(lp_workgroup(),
579 NULL, &sec_channel_type)) {
580 return NT_STATUS_UNSUCCESSFUL;
583 ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
584 cli->desthost, /* server name */
585 lp_workgroup(), /* domain */
586 global_myname(), /* client name */
587 global_myname(), /* machine account name */
592 if (!NT_STATUS_IS_OK(ntresult)) {
593 DEBUG(0, ("Could not initialise credentials for %s.\n",
594 cli_get_pipe_name(cmd_entry->pipe_idx)));
602 if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
603 ntresult = cmd_entry->ntfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
604 if (!NT_STATUS_IS_OK(ntresult)) {
605 printf("result was %s\n", nt_errstr(ntresult));
608 wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
609 /* print out the DOS error */
610 if (!W_ERROR_IS_OK(wresult)) {
611 printf( "result was %s\n", dos_errstr(wresult));
613 ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
618 talloc_destroy(mem_ctx);
625 * Process a command entered at the prompt or as part of -c
627 * @returns The NTSTATUS from running the command.
629 static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
631 struct cmd_list *temp_list;
632 NTSTATUS result = NT_STATUS_OK;
637 if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
638 fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
639 return NT_STATUS_UNSUCCESSFUL;
643 /* Walk through a dlist of arrays of commands. */
644 for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
645 struct cmd_set *temp_set = temp_list->cmd_set;
647 while (temp_set->name) {
648 if (strequal(argv[0], temp_set->name)) {
649 if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
650 !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
651 fprintf (stderr, "Invalid command\n");
655 result = do_cmd(cli, temp_set, argc, argv);
664 printf("command not found: %s\n", argv[0]);
669 if (!NT_STATUS_IS_OK(result)) {
670 printf("result was %s\n", nt_errstr(result));
674 /* NOTE: popt allocates the whole argv, including the
675 * strings, as a single block. So a single free is
676 * enough to release it -- we don't free the
677 * individual strings. rtfm. */
686 int main(int argc, char *argv[])
689 static char *cmdstr = NULL;
691 struct cli_state *cli;
692 static char *opt_ipaddr=NULL;
693 struct cmd_set **cmd_set;
694 struct in_addr server_ip;
696 static int opt_port = 0;
697 fstring new_workgroup;
699 /* make sure the vars that get altered (4th field) are in
700 a fixed location or certain compilers complain */
702 struct poptOption long_options[] = {
704 {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
705 {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
706 {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"},
708 POPT_COMMON_CONNECTION
709 POPT_COMMON_CREDENTIALS
715 ZERO_STRUCT(server_ip);
719 /* the following functions are part of the Samba debugging
720 facilities. See lib/debug.c */
721 setup_logging("rpcclient", True);
725 pc = poptGetContext("rpcclient", argc, (const char **) argv,
729 poptPrintHelp(pc, stderr, 0);
733 while((opt = poptGetNextOpt(pc)) != -1) {
737 if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
738 fprintf(stderr, "%s not a valid IP address\n",
745 /* Get server as remaining unparsed argument. Print usage if more
746 than one unparsed argument is present. */
748 server = poptGetArg(pc);
750 if (!server || poptGetArg(pc)) {
751 poptPrintHelp(pc, stderr, 0);
762 /* save the workgroup...
764 FIXME!! do we need to do this for other options as well
765 (or maybe a generic way to keep lp_load() from overwriting
768 fstrcpy( new_workgroup, lp_workgroup() );
770 /* Load smb.conf file */
772 if (!lp_load(dyn_CONFIGFILE,True,False,False,True))
773 fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
775 if ( strlen(new_workgroup) != 0 )
776 set_global_myworkgroup( new_workgroup );
780 * from stdin if necessary
783 if (!cmdline_auth_info.got_pass) {
784 char *pass = getpass("Password:");
786 pstrcpy(cmdline_auth_info.password, pass);
790 nt_status = cli_full_connection(&cli, global_myname(), server,
791 opt_ipaddr ? &server_ip : NULL, opt_port,
793 cmdline_auth_info.username,
795 cmdline_auth_info.password,
796 cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
797 cmdline_auth_info.signing_state,NULL);
799 if (!NT_STATUS_IS_OK(nt_status)) {
800 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
804 #if 0 /* COMMENT OUT FOR TESTING */
805 memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
808 /* Load command lists */
810 cmd_set = rpcclient_command_list;
813 add_command_set(*cmd_set);
814 add_command_set(separator_command);
818 fetch_machine_sid(cli);
820 /* Do anything specified with -c */
821 if (cmdstr && cmdstr[0]) {
826 while((cmd=next_command(&p)) != NULL) {
827 NTSTATUS cmd_result = process_cmd(cli, cmd);
828 result = NT_STATUS_IS_ERR(cmd_result);
835 /* Loop around accepting commands */
841 slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
843 line = smb_readline(prompt, NULL, completion_fn);
849 process_cmd(cli, line);