X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source3%2Frpcclient%2Frpcclient.c;h=f5f1f01df65b436fdf5bc51b81f34d6d3fd3d1d1;hb=72088096af8dbf57cbc85c71cd0eef4447e7560d;hp=10a17412070c70901755077498c610865913b88f;hpb=9e9d40d0977add05ac65d35251c1a5986c721e48;p=kai%2Fsamba.git diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 10a17412070..f5f1f01df65 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -21,12 +21,21 @@ #include "includes.h" #include "rpcclient.h" +#include "../libcli/auth/libcli_auth.h" +#include "../librpc/gen_ndr/cli_lsa.h" +#include "rpc_client/cli_lsarpc.h" +#include "../librpc/gen_ndr/ndr_netlogon.h" +#include "rpc_client/cli_netlogon.h" -DOM_SID domain_sid; +struct dom_sid domain_sid; -static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; -static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; +static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE; +static enum pipe_auth_type_spnego pipe_default_auth_spnego_type = 0; +static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; static unsigned int timeout = 0; +static enum dcerpc_transport_t default_transport = NCACN_NP; + +struct user_auth_info *rpcclient_auth_info; /* List to hold groups of commands. * @@ -131,7 +140,7 @@ static char *next_command (char **cmdstr) static void fetch_machine_sid(struct cli_state *cli) { - POLICY_HND pol; + struct policy_handle pol; NTSTATUS result = NT_STATUS_OK; static bool got_domain_sid; TALLOC_CTX *mem_ctx; @@ -145,13 +154,15 @@ static void fetch_machine_sid(struct cli_state *cli) goto error; } - if ((lsapipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result)) == NULL) { + result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, + &lsapipe); + if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) ); goto error; } result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) { goto error; @@ -346,11 +357,36 @@ static NTSTATUS cmd_set_ss_level(void) return NT_STATUS_OK; } +static NTSTATUS cmd_set_transport(void) +{ + struct cmd_list *tmp; + + /* Close any existing connections not at this level. */ + + for (tmp = cmd_list; tmp; tmp = tmp->next) { + struct cmd_set *tmp_set; + + for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) { + if (tmp_set->rpc_pipe == NULL) { + continue; + } + + if (tmp_set->rpc_pipe->transport->transport != default_transport) { + TALLOC_FREE(tmp_set->rpc_pipe); + tmp_set->rpc_pipe = NULL; + } + } + } + return NT_STATUS_OK; +} + static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; - pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; + const char *type = "NTLMSSP"; + + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; if (argc > 2) { printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]); @@ -358,27 +394,33 @@ static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, } if (argc == 2) { - if (strequal(argv[1], "NTLMSSP")) { - pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; - } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) { - pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; - } else if (strequal(argv[1], "SCHANNEL")) { - pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; + type = argv[1]; + if (strequal(type, "NTLMSSP")) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + } else if (strequal(type, "NTLMSSP_SPNEGO")) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; + } else if (strequal(type, "SCHANNEL")) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; } else { - printf("unknown type %s\n", argv[1]); + printf("unknown type %s\n", type); + printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]); return NT_STATUS_INVALID_LEVEL; } } - printf("debuglevel is %d\n", DEBUGLEVEL); + d_printf("Setting %s - sign\n", type); + return cmd_set_ss_level(); } static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; - pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; + const char *type = "NTLMSSP"; + + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; if (argc > 2) { printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]); @@ -386,17 +428,23 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, } if (argc == 2) { - if (strequal(argv[1], "NTLMSSP")) { - pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; - } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) { - pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; - } else if (strequal(argv[1], "SCHANNEL")) { - pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; + type = argv[1]; + if (strequal(type, "NTLMSSP")) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + } else if (strequal(type, "NTLMSSP_SPNEGO")) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; + } else if (strequal(type, "SCHANNEL")) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; } else { - printf("unknown type %s\n", argv[1]); + printf("unknown type %s\n", type); + printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]); return NT_STATUS_INVALID_LEVEL; } } + + d_printf("Setting %s - sign and seal\n", type); + return cmd_set_ss_level(); } @@ -436,8 +484,9 @@ static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { - pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE; - pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; + pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE; + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE; return cmd_set_ss_level(); } @@ -446,8 +495,8 @@ static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { d_printf("Setting schannel - sign and seal\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY; - pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); } @@ -456,12 +505,40 @@ static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c int argc, const char **argv) { d_printf("Setting schannel - sign only\n"); - pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY; - pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL; + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; return cmd_set_ss_level(); } +static NTSTATUS cmd_choose_transport(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + NTSTATUS status; + + if (argc != 2) { + printf("Usage: %s [NCACN_NP|NCACN_IP_TCP]\n", argv[0]); + return NT_STATUS_OK; + } + + if (strequal(argv[1], "NCACN_NP")) { + default_transport = NCACN_NP; + } else if (strequal(argv[1], "NCACN_IP_TCP")) { + default_transport = NCACN_IP_TCP; + } else { + printf("transport type: %s unknown or not supported\n", argv[1]); + return NT_STATUS_NOT_SUPPORTED; + } + + status = cmd_set_transport(); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + printf("default transport is now: %s\n", argv[1]); + + return NT_STATUS_OK; +} /* Built in rpcclient commands */ @@ -469,25 +546,26 @@ static struct cmd_set rpcclient_commands[] = { { "GENERAL OPTIONS" }, - { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" }, - { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" }, - { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" }, - { "debug", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" }, - { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, NULL, "List available commands on ", "pipe" }, - { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" }, - { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" }, - { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed", "" }, - { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, NULL, "Force RPC pipe connections to be sealed", "" }, - { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" }, - { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" }, - { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, -1, NULL, "Set timeout (in milliseonds) for RPC operations", "" }, - { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, NULL, "Force RPC pipe connections to have no special properties", "" }, + { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, NULL, NULL, "Get help on commands", "[command]" }, + { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, NULL, NULL, "Get help on commands", "[command]" }, + { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, NULL, NULL, "Set debug level", "level" }, + { "debug", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, NULL, NULL, "Set debug level", "level" }, + { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, NULL, NULL, "List available commands on ", "pipe" }, + { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" }, + { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" }, + { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed", "" }, + { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, NULL, NULL, "Force RPC pipe connections to be sealed", "" }, + { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" }, + { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" }, + { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseonds) for RPC operations", "" }, + { "transport", RPC_RTYPE_NTSTATUS, cmd_choose_transport, NULL, NULL, NULL, "Choose ncacn transport for RPC operations", "" }, + { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, NULL, NULL, "Force RPC pipe connections to have no special properties", "" }, { NULL } }; static struct cmd_set separator_command[] = { - { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, NULL, "----------------------" }, + { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, NULL, NULL, "----------------------" }, { NULL } }; @@ -502,10 +580,13 @@ extern struct cmd_set srvsvc_commands[]; extern struct cmd_set dfs_commands[]; extern struct cmd_set ds_commands[]; extern struct cmd_set echo_commands[]; +extern struct cmd_set epmapper_commands[]; extern struct cmd_set shutdown_commands[]; extern struct cmd_set test_commands[]; extern struct cmd_set wkssvc_commands[]; extern struct cmd_set ntsvcs_commands[]; +extern struct cmd_set drsuapi_commands[]; +extern struct cmd_set eventlog_commands[]; static struct cmd_set *rpcclient_command_list[] = { rpcclient_commands, @@ -517,10 +598,13 @@ static struct cmd_set *rpcclient_command_list[] = { srvsvc_commands, dfs_commands, echo_commands, + epmapper_commands, shutdown_commands, test_commands, wkssvc_commands, ntsvcs_commands, + drsuapi_commands, + eventlog_commands, NULL }; @@ -546,7 +630,9 @@ static void add_command_set(struct cmd_set *cmd_set) * @param cmd Command to run, as a single string. **/ static NTSTATUS do_cmd(struct cli_state *cli, + struct user_auth_info *auth_info, struct cmd_set *cmd_entry, + struct dcerpc_binding *binding, int argc, char **argv) { NTSTATUS ntresult; @@ -563,74 +649,106 @@ static NTSTATUS do_cmd(struct cli_state *cli, /* Open pipe */ - if (cmd_entry->pipe_idx != -1 && cmd_entry->rpc_pipe == NULL) { + if ((cmd_entry->interface != NULL) && (cmd_entry->rpc_pipe == NULL)) { switch (pipe_default_auth_type) { - case PIPE_AUTH_TYPE_NONE: - cmd_entry->rpc_pipe = cli_rpc_pipe_open_noauth(cli, - cmd_entry->pipe_idx, - &ntresult); - break; - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: - cmd_entry->rpc_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli, - cmd_entry->pipe_idx, - pipe_default_auth_level, - lp_workgroup(), - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), - &ntresult); - break; - case PIPE_AUTH_TYPE_NTLMSSP: - cmd_entry->rpc_pipe = cli_rpc_pipe_open_ntlmssp(cli, - cmd_entry->pipe_idx, - pipe_default_auth_level, - lp_workgroup(), - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), - &ntresult); - break; - case PIPE_AUTH_TYPE_SCHANNEL: - cmd_entry->rpc_pipe = cli_rpc_pipe_open_schannel(cli, - cmd_entry->pipe_idx, - pipe_default_auth_level, - lp_workgroup(), - &ntresult); - break; - default: - DEBUG(0, ("Could not initialise %s. Invalid auth type %u\n", - cli_get_pipe_name(cmd_entry->pipe_idx), - pipe_default_auth_type )); + case DCERPC_AUTH_TYPE_NONE: + ntresult = cli_rpc_pipe_open_noauth_transport( + cli, default_transport, + cmd_entry->interface, + &cmd_entry->rpc_pipe); + break; + case DCERPC_AUTH_TYPE_SPNEGO: + if (pipe_default_auth_spnego_type != + PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { + DEBUG(0, ("Could not initialise %s. " + "Currently only NTLMSSP is " + "supported for SPNEGO\n", + get_pipe_name_from_syntax( + talloc_tos(), + cmd_entry->interface))); return NT_STATUS_UNSUCCESSFUL; + } + ntresult = cli_rpc_pipe_open_spnego_ntlmssp( + cli, cmd_entry->interface, + default_transport, + pipe_default_auth_level, + get_cmdline_auth_info_domain(auth_info), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), + &cmd_entry->rpc_pipe); + break; + case DCERPC_AUTH_TYPE_NTLMSSP: + ntresult = cli_rpc_pipe_open_ntlmssp( + cli, cmd_entry->interface, + default_transport, + pipe_default_auth_level, + get_cmdline_auth_info_domain(auth_info), + get_cmdline_auth_info_username(auth_info), + get_cmdline_auth_info_password(auth_info), + &cmd_entry->rpc_pipe); + break; + case DCERPC_AUTH_TYPE_SCHANNEL: + ntresult = cli_rpc_pipe_open_schannel( + cli, cmd_entry->interface, + default_transport, + pipe_default_auth_level, + get_cmdline_auth_info_domain(auth_info), + &cmd_entry->rpc_pipe); + break; + case DCERPC_AUTH_TYPE_KRB5: + ntresult = cli_rpc_pipe_open_krb5( + cli, cmd_entry->interface, + default_transport, + pipe_default_auth_level, + cli->desthost, + NULL, NULL, + &cmd_entry->rpc_pipe); + break; + default: + DEBUG(0, ("Could not initialise %s. Invalid " + "auth type %u\n", + get_pipe_name_from_syntax( + talloc_tos(), + cmd_entry->interface), + pipe_default_auth_type )); + return NT_STATUS_UNSUCCESSFUL; } - if (!cmd_entry->rpc_pipe) { + if (!NT_STATUS_IS_OK(ntresult)) { DEBUG(0, ("Could not initialise %s. Error was %s\n", - cli_get_pipe_name(cmd_entry->pipe_idx), - nt_errstr(ntresult) )); + get_pipe_name_from_syntax( + talloc_tos(), cmd_entry->interface), + nt_errstr(ntresult) )); return ntresult; } - if (cmd_entry->pipe_idx == PI_NETLOGON) { + if (ndr_syntax_id_equal(cmd_entry->interface, + &ndr_table_netlogon.syntax_id)) { uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - uint32 sec_channel_type; + enum netr_SchannelType sec_channel_type; uchar trust_password[16]; - - if (!secrets_fetch_trust_account_password(lp_workgroup(), - trust_password, - NULL, &sec_channel_type)) { - return NT_STATUS_UNSUCCESSFUL; + const char *machine_account; + + if (!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info), + trust_password, &machine_account, + &sec_channel_type)) + { + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - + ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe, cli->desthost, /* server name */ - lp_workgroup(), /* domain */ + get_cmdline_auth_info_domain(auth_info), /* domain */ global_myname(), /* client name */ - global_myname(), /* machine account name */ + machine_account, /* machine account name */ trust_password, sec_channel_type, &neg_flags); if (!NT_STATUS_IS_OK(ntresult)) { DEBUG(0, ("Could not initialise credentials for %s.\n", - cli_get_pipe_name(cmd_entry->pipe_idx))); + get_pipe_name_from_syntax( + talloc_tos(), + cmd_entry->interface))); return ntresult; } } @@ -647,7 +765,7 @@ static NTSTATUS do_cmd(struct cli_state *cli, wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv); /* print out the DOS error */ if (!W_ERROR_IS_OK(wresult)) { - printf( "result was %s\n", dos_errstr(wresult)); + printf( "result was %s\n", win_errstr(wresult)); } ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL; } @@ -665,7 +783,10 @@ static NTSTATUS do_cmd(struct cli_state *cli, * * @returns The NTSTATUS from running the command. **/ -static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) +static NTSTATUS process_cmd(struct user_auth_info *auth_info, + struct cli_state *cli, + struct dcerpc_binding *binding, + char *cmd) { struct cmd_list *temp_list; NTSTATUS result = NT_STATUS_OK; @@ -691,7 +812,8 @@ static NTSTATUS process_cmd(struct cli_state *cli, char *cmd) goto out_free; } - result = do_cmd(cli, temp_set, argc, argv); + result = do_cmd(cli, auth_info, temp_set, + binding, argc, argv); goto out_free; } @@ -736,6 +858,10 @@ out_free: fstring new_workgroup; int result = 0; TALLOC_CTX *frame = talloc_stackframe(); + uint32_t flags = 0; + struct dcerpc_binding *binding = NULL; + const char *binding_string = NULL; + char *user, *domain, *q; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -753,7 +879,7 @@ out_free: load_case_tables(); - zero_addr(&server_ss); + zero_sockaddr(&server_ss); setlinebuf(stdout); @@ -761,6 +887,12 @@ out_free: facilities. See lib/debug.c */ setup_logging("rpcclient", True); + rpcclient_auth_info = user_auth_info_init(frame); + if (rpcclient_auth_info == NULL) { + exit(1); + } + popt_common_set_auth_info(rpcclient_auth_info); + /* Parse options */ pc = poptGetContext("rpcclient", argc, (const char **) argv, @@ -827,26 +959,104 @@ out_free: * from stdin if necessary */ - if (!get_cmdline_auth_info_got_pass()) { - char *pass = getpass("Password:"); - if (pass) { - set_cmdline_auth_info_password(pass); - } + if (get_cmdline_auth_info_use_machine_account(rpcclient_auth_info) && + !set_cmdline_auth_info_machine_account_creds(rpcclient_auth_info)) { + result = 1; + goto done; } + set_cmdline_auth_info_getpass(rpcclient_auth_info); + if ((server[0] == '/' && server[1] == '/') || (server[0] == '\\' && server[1] == '\\')) { server += 2; } - nt_status = cli_full_connection(&cli, global_myname(), server, + nt_status = dcerpc_parse_binding(frame, server, &binding); + + if (!NT_STATUS_IS_OK(nt_status)) { + + binding_string = talloc_asprintf(frame, "ncacn_np:%s", + strip_hostname(server)); + if (!binding_string) { + result = 1; + goto done; + } + + nt_status = dcerpc_parse_binding(frame, binding_string, &binding); + if (!NT_STATUS_IS_OK(nt_status)) { + result = -1; + goto done; + } + } + + if (binding->transport == NCA_UNKNOWN) { + binding->transport = NCACN_NP; + } + + if (binding->flags & DCERPC_SIGN) { + pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + } + if (binding->flags & DCERPC_SEAL) { + pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + } + if (binding->flags & DCERPC_AUTH_SPNEGO) { + pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; + } + if (binding->flags & DCERPC_AUTH_NTLM) { + if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; + } else { + pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; + } + } + if (binding->flags & DCERPC_AUTH_KRB5) { + /* If neither Integrity or Privacy are requested then + * Use just Connect level */ + if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { + pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; + } + + if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { + pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; + } else { + pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; + } + } + + if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS | + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + } + if (get_cmdline_auth_info_use_ccache(rpcclient_auth_info)) { + flags |= CLI_FULL_CONNECTION_USE_CCACHE; + } + + user = talloc_strdup(frame, get_cmdline_auth_info_username(rpcclient_auth_info)); + SMB_ASSERT(user != NULL); + domain = talloc_strdup(frame, lp_workgroup()); + SMB_ASSERT(domain != NULL); + set_cmdline_auth_info_domain(rpcclient_auth_info, domain); + + if ((q = strchr_m(user,'\\'))) { + *q = 0; + set_cmdline_auth_info_domain(rpcclient_auth_info, user); + set_cmdline_auth_info_username(rpcclient_auth_info, q+1); + } + + + nt_status = cli_full_connection(&cli, global_myname(), binding->host, opt_ipaddr ? &server_ss : NULL, opt_port, "IPC$", "IPC", - get_cmdline_auth_info_username(), - lp_workgroup(), - get_cmdline_auth_info_password(), - get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, - get_cmdline_auth_info_signing_state(),NULL); + get_cmdline_auth_info_username(rpcclient_auth_info), + get_cmdline_auth_info_domain(rpcclient_auth_info), + get_cmdline_auth_info_password(rpcclient_auth_info), + flags, + get_cmdline_auth_info_signing_state(rpcclient_auth_info), + NULL); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); @@ -854,11 +1064,11 @@ out_free: goto done; } - if (get_cmdline_auth_info_smb_encrypt()) { + if (get_cmdline_auth_info_smb_encrypt(rpcclient_auth_info)) { nt_status = cli_cm_force_encryption(cli, - get_cmdline_auth_info_username(), - get_cmdline_auth_info_password(), - lp_workgroup(), + get_cmdline_auth_info_username(rpcclient_auth_info), + get_cmdline_auth_info_password(rpcclient_auth_info), + get_cmdline_auth_info_domain(rpcclient_auth_info), "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { result = 1; @@ -882,6 +1092,8 @@ out_free: cmd_set++; } + default_transport = binding->transport; + fetch_machine_sid(cli); /* Do anything specified with -c */ @@ -892,7 +1104,8 @@ out_free: result = 0; while((cmd=next_command(&p)) != NULL) { - NTSTATUS cmd_result = process_cmd(cli, cmd); + NTSTATUS cmd_result = process_cmd(rpcclient_auth_info, cli, + binding, cmd); SAFE_FREE(cmd); result = NT_STATUS_IS_ERR(cmd_result); } @@ -911,7 +1124,7 @@ out_free: break; if (line[0] != '\n') - process_cmd(cli, line); + process_cmd(rpcclient_auth_info, cli, binding, line); SAFE_FREE(line); }