it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "popt_common.h"
#include "rpcclient.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "rpc_client/cli_netlogon.h"
+#include "../libcli/smbreadline/smbreadline.h"
+#include "../libcli/security/security.h"
+#include "passdb.h"
+#include "libsmb/libsmb.h"
+#include "auth/gensec/gensec.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "messages.h"
+
+enum pipe_auth_type_spnego {
+ PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
+ PIPE_AUTH_TYPE_SPNEGO_KRB5
+};
-DOM_SID domain_sid;
+struct dom_sid domain_sid;
-static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
+static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;
+static enum pipe_auth_type_spnego pipe_default_auth_spnego_type = 0;
static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
static unsigned int timeout = 0;
static enum dcerpc_transport_t default_transport = NCACN_NP;
-struct user_auth_info *rpcclient_auth_info;
+struct messaging_context *rpcclient_msg_ctx;
+struct cli_state *rpcclient_cli_state;
+struct netlogon_creds_cli_context *rpcclient_netlogon_creds;
+static const char *rpcclient_netlogon_domain;
/* List to hold groups of commands.
*
****************************************************************************/
static char **completion_fn(const char *text, int start, int end)
{
-#define MAX_COMPLETIONS 100
+#define MAX_COMPLETIONS 1000
char **matches;
int i, count=0;
struct cmd_list *commands = cmd_list;
if (!commands->cmd_set) {
break;
}
-
+
for (i=0; commands->cmd_set[i].name; i++) {
if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
(( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
}
}
commands = commands->next;
-
}
if (count == 2) {
{
char *command;
char *p;
-
+
if (!cmdstr || !(*cmdstr))
return NULL;
-
+
p = strchr_m(*cmdstr, ';');
if (p)
*p = '\0';
*cmdstr = p + 1;
else
*cmdstr = NULL;
-
+
return command;
}
static void fetch_machine_sid(struct cli_state *cli)
{
struct policy_handle pol;
- NTSTATUS result = NT_STATUS_OK;
+ NTSTATUS result = NT_STATUS_OK, status;
static bool got_domain_sid;
TALLOC_CTX *mem_ctx;
struct rpc_pipe_client *lsapipe = NULL;
union lsa_PolicyInformation *info = NULL;
+ struct dcerpc_binding_handle *b;
if (got_domain_sid) return;
goto error;
}
- result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
+ result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
&lsapipe);
if (!NT_STATUS_IS_OK(result)) {
fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
goto error;
}
-
+
+ b = lsapipe->binding_handle;
+
result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
goto error;
}
- result = rpccli_lsa_QueryInfoPolicy(lsapipe, mem_ctx,
+ status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
&pol,
LSA_POLICY_INFO_ACCOUNT_DOMAIN,
- &info);
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ result = status;
+ goto error;
+ }
if (!NT_STATUS_IS_OK(result)) {
goto error;
}
got_domain_sid = True;
sid_copy(&domain_sid, info->account_domain.sid);
- rpccli_lsa_Close(lsapipe, mem_ctx, &pol);
+ dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
TALLOC_FREE(lsapipe);
talloc_destroy(mem_ctx);
TALLOC_FREE(lsapipe);
}
- fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
+ fprintf(stderr, "could not obtain sid from server\n");
if (!NT_STATUS_IS_OK(result)) {
fprintf(stderr, "error: %s\n", nt_errstr(result));
for (tmp = cmd_list; tmp; tmp = tmp->next)
{
tmp_set = tmp->cmd_set;
-
- if (!StrCaseCmp(argv[1], tmp_set->name))
+
+ if (!strcasecmp_m(argv[1], tmp_set->name))
{
printf("Available commands on the %s pipe:\n\n", tmp_set->name);
if (i%3 == 0)
printf("\n");
}
-
+
/* drop out of the loop */
break;
}
if (argc == 2) {
for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
+
tmp_set = tmp->cmd_set;
while(tmp_set->name) {
}
if (argc == 2) {
- DEBUGLEVEL = atoi(argv[1]);
+ lp_set_cmdline("log level", argv[1]);
}
printf("debuglevel is %d\n", DEBUGLEVEL);
static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
+ const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
const char *type = "NTLMSSP";
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
- printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_OK;
}
if (argc == 2) {
type = argv[1];
- if (strequal(type, "NTLMSSP")) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ if (strequal(type, "KRB5")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (strequal(type, "KRB5_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else if (strequal(type, "NTLMSSP")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
} else if (strequal(type, "NTLMSSP_SPNEGO")) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
} else if (strequal(type, "SCHANNEL")) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
} else {
printf("unknown type %s\n", type);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_INVALID_LEVEL;
}
}
static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
+ const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
const char *type = "NTLMSSP";
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
- printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_OK;
}
if (argc == 2) {
type = argv[1];
- if (strequal(type, "NTLMSSP")) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ if (strequal(type, "KRB5")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (strequal(type, "KRB5_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else if (strequal(type, "NTLMSSP")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
} else if (strequal(type, "NTLMSSP_SPNEGO")) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
} else if (strequal(type, "SCHANNEL")) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
} else {
printf("unknown type %s\n", type);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_INVALID_LEVEL;
}
}
return cmd_set_ss_level();
}
-static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
+static NTSTATUS cmd_packet(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
{
- struct cmd_list *tmp;
+ const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
+ const char *type = "NTLMSSP";
+
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PACKET;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
- printf("Usage: %s timeout\n", argv[0]);
+ printf("Usage: %s %s\n", argv[0], p);
return NT_STATUS_OK;
}
if (argc == 2) {
- timeout = atoi(argv[1]);
+ type = argv[1];
+ if (strequal(type, "KRB5")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ } else if (strequal(type, "KRB5_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else if (strequal(type, "NTLMSSP")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ } else if (strequal(type, "NTLMSSP_SPNEGO")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ } else if (strequal(type, "SCHANNEL")) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
+ } else {
+ printf("unknown type %s\n", type);
+ printf("Usage: %s %s\n", argv[0], p);
+ return NT_STATUS_INVALID_LEVEL;
+ }
+ }
- for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
- struct cmd_set *tmp_set;
+ d_printf("Setting %s - packet\n", type);
- for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
- if (tmp_set->rpc_pipe == NULL) {
- continue;
- }
+ return cmd_set_ss_level();
+}
- rpccli_set_timeout(tmp_set->rpc_pipe, timeout);
- }
- }
+
+static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ if (argc > 2) {
+ printf("Usage: %s timeout\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ timeout = atoi(argv[1]);
}
printf("timeout is %d\n", timeout);
int argc, const char **argv)
{
pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
- pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
return cmd_set_ss_level();
}
{
d_printf("Setting schannel - sign and seal\n");
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
}
{
d_printf("Setting schannel - sign only\n");
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
}
{ "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" },
{ "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed", "" },
{ "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, NULL, NULL, "Force RPC pipe connections to be sealed", "" },
+ { "packet", RPC_RTYPE_NTSTATUS, cmd_packet, NULL, NULL, NULL, "Force RPC pipe connections with packet authentication level", "" },
{ "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
{ "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
- { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseonds) for RPC operations", "" },
+ { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseconds) for RPC operations", "" },
{ "transport", RPC_RTYPE_NTSTATUS, cmd_choose_transport, NULL, NULL, NULL, "Choose ncacn transport for RPC operations", "" },
{ "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, NULL, NULL, "Force RPC pipe connections to have no special properties", "" },
extern struct cmd_set lsarpc_commands[];
extern struct cmd_set samr_commands[];
extern struct cmd_set spoolss_commands[];
+extern struct cmd_set iremotewinspool_commands[];
extern struct cmd_set netlogon_commands[];
extern struct cmd_set srvsvc_commands[];
extern struct cmd_set dfs_commands[];
extern struct cmd_set ntsvcs_commands[];
extern struct cmd_set drsuapi_commands[];
extern struct cmd_set eventlog_commands[];
+extern struct cmd_set winreg_commands[];
+extern struct cmd_set fss_commands[];
+extern struct cmd_set witness_commands[];
+extern struct cmd_set clusapi_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
ds_commands,
samr_commands,
spoolss_commands,
+ iremotewinspool_commands,
netlogon_commands,
srvsvc_commands,
dfs_commands,
ntsvcs_commands,
drsuapi_commands,
eventlog_commands,
+ winreg_commands,
+ fss_commands,
+ witness_commands,
+ clusapi_commands,
NULL
};
struct user_auth_info *auth_info,
struct cmd_set *cmd_entry,
struct dcerpc_binding *binding,
- int argc, char **argv)
+ int argc, const char **argv)
{
NTSTATUS ntresult;
WERROR wresult;
-
+
TALLOC_CTX *mem_ctx;
/* Create mem_ctx */
- if (!(mem_ctx = talloc_init("do_cmd"))) {
+ if (!(mem_ctx = talloc_stackframe())) {
DEBUG(0, ("talloc_init() failed\n"));
return NT_STATUS_NO_MEMORY;
}
/* Open pipe */
- if ((cmd_entry->interface != NULL) && (cmd_entry->rpc_pipe == NULL)) {
+ if ((cmd_entry->table != NULL) && (cmd_entry->rpc_pipe == NULL)) {
+ enum credentials_use_kerberos use_kerberos = CRED_AUTO_USE_KERBEROS;
switch (pipe_default_auth_type) {
- case PIPE_AUTH_TYPE_NONE:
- ntresult = cli_rpc_pipe_open_noauth_transport(
- cli, default_transport,
- cmd_entry->interface,
- &cmd_entry->rpc_pipe);
- break;
+ case DCERPC_AUTH_TYPE_NONE:
+ ntresult = cli_rpc_pipe_open_noauth_transport(
+ cli, default_transport,
+ cmd_entry->table,
+ &cmd_entry->rpc_pipe);
+ break;
+ case DCERPC_AUTH_TYPE_SPNEGO:
+ switch (pipe_default_auth_spnego_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- ntresult = cli_rpc_pipe_open_spnego_ntlmssp(
- cli, cmd_entry->interface,
- default_transport,
- pipe_default_auth_level,
- get_cmdline_auth_info_domain(auth_info),
- get_cmdline_auth_info_username(auth_info),
- get_cmdline_auth_info_password(auth_info),
- &cmd_entry->rpc_pipe);
+ use_kerberos = CRED_DONT_USE_KERBEROS;
break;
- case PIPE_AUTH_TYPE_NTLMSSP:
- ntresult = cli_rpc_pipe_open_ntlmssp(
- cli, cmd_entry->interface,
- default_transport,
- pipe_default_auth_level,
- get_cmdline_auth_info_domain(auth_info),
- get_cmdline_auth_info_username(auth_info),
- get_cmdline_auth_info_password(auth_info),
- &cmd_entry->rpc_pipe);
+ case PIPE_AUTH_TYPE_SPNEGO_KRB5:
+ use_kerberos = CRED_MUST_USE_KERBEROS;
break;
- case PIPE_AUTH_TYPE_SCHANNEL:
- ntresult = cli_rpc_pipe_open_schannel(
- cli, cmd_entry->interface,
- default_transport,
- pipe_default_auth_level,
- get_cmdline_auth_info_domain(auth_info),
- &cmd_entry->rpc_pipe);
+ case PIPE_AUTH_TYPE_SPNEGO_NONE:
+ use_kerberos = CRED_AUTO_USE_KERBEROS;
break;
- default:
- DEBUG(0, ("Could not initialise %s. Invalid "
- "auth type %u\n",
- get_pipe_name_from_syntax(
- talloc_tos(),
- cmd_entry->interface),
- pipe_default_auth_type ));
- return NT_STATUS_UNSUCCESSFUL;
+ }
+ /* Fall through */
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ case DCERPC_AUTH_TYPE_KRB5:
+ ntresult = cli_rpc_pipe_open_generic_auth(
+ cli, cmd_entry->table,
+ default_transport,
+ use_kerberos,
+ pipe_default_auth_type,
+ pipe_default_auth_level,
+ smbXcli_conn_remote_name(cli->conn),
+ get_cmdline_auth_info_domain(auth_info),
+ get_cmdline_auth_info_username(auth_info),
+ get_cmdline_auth_info_password(auth_info),
+ &cmd_entry->rpc_pipe);
+ break;
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+ TALLOC_FREE(rpcclient_netlogon_creds);
+ ntresult = cli_rpc_pipe_open_schannel(
+ cli, rpcclient_msg_ctx,
+ cmd_entry->table,
+ default_transport,
+ rpcclient_netlogon_domain,
+ &cmd_entry->rpc_pipe,
+ talloc_autofree_context(),
+ &rpcclient_netlogon_creds);
+ break;
+ default:
+ DEBUG(0, ("Could not initialise %s. Invalid "
+ "auth type %u\n",
+ cmd_entry->table->name,
+ pipe_default_auth_type ));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
}
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise %s. Error was %s\n",
- get_pipe_name_from_syntax(
- talloc_tos(), cmd_entry->interface),
+ cmd_entry->table->name,
nt_errstr(ntresult) ));
+ talloc_free(mem_ctx);
return ntresult;
}
- if (ndr_syntax_id_equal(cmd_entry->interface,
- &ndr_table_netlogon.syntax_id)) {
- uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
- enum netr_SchannelType sec_channel_type;
- uchar trust_password[16];
- const char *machine_account;
-
- if (!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info),
- trust_password, &machine_account,
- &sec_channel_type))
- {
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ if (rpcclient_netlogon_creds == NULL && cmd_entry->use_netlogon_creds) {
+ const char *dc_name = cmd_entry->rpc_pipe->desthost;
+ const char *domain = rpcclient_netlogon_domain;
+ struct cli_credentials *creds = NULL;
+
+ ntresult = pdb_get_trust_credentials(domain, NULL,
+ mem_ctx, &creds);
+ if (!NT_STATUS_IS_OK(ntresult)) {
+ DEBUG(0, ("Failed to fetch trust credentials for "
+ "%s to connect to %s: %s\n",
+ domain, cmd_entry->table->name,
+ nt_errstr(ntresult)));
+ TALLOC_FREE(cmd_entry->rpc_pipe);
+ talloc_free(mem_ctx);
+ return ntresult;
}
- ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
- cli->desthost, /* server name */
- get_cmdline_auth_info_domain(auth_info), /* domain */
- global_myname(), /* client name */
- machine_account, /* machine account name */
- trust_password,
- sec_channel_type,
- &neg_flags);
+ ntresult = rpccli_create_netlogon_creds_with_creds(creds,
+ dc_name,
+ rpcclient_msg_ctx,
+ talloc_autofree_context(),
+ &rpcclient_netlogon_creds);
+ if (!NT_STATUS_IS_OK(ntresult)) {
+ DEBUG(0, ("Could not initialise credentials for %s.\n",
+ cmd_entry->table->name));
+ TALLOC_FREE(cmd_entry->rpc_pipe);
+ TALLOC_FREE(mem_ctx);
+ return ntresult;
+ }
+ ntresult = rpccli_setup_netlogon_creds_with_creds(cli,
+ NCACN_NP,
+ rpcclient_netlogon_creds,
+ false, /* force_reauth */
+ creds);
+ TALLOC_FREE(creds);
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise credentials for %s.\n",
- get_pipe_name_from_syntax(
- talloc_tos(),
- cmd_entry->interface)));
+ cmd_entry->table->name));
+ TALLOC_FREE(cmd_entry->rpc_pipe);
+ TALLOC_FREE(rpcclient_netlogon_creds);
+ TALLOC_FREE(mem_ctx);
return ntresult;
}
}
}
+ /* Set timeout for new connections */
+ if (cmd_entry->rpc_pipe) {
+ rpccli_set_timeout(cmd_entry->rpc_pipe, timeout);
+ }
+
/* Run command */
if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
- ntresult = cmd_entry->ntfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
+ ntresult = cmd_entry->ntfn(cmd_entry->rpc_pipe, mem_ctx, argc, argv);
if (!NT_STATUS_IS_OK(ntresult)) {
printf("result was %s\n", nt_errstr(ntresult));
}
} else {
- wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
+ wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, argv);
/* print out the DOS error */
if (!W_ERROR_IS_OK(wresult)) {
printf( "result was %s\n", win_errstr(wresult));
/* Cleanup */
- talloc_destroy(mem_ctx);
+ talloc_free(mem_ctx);
return ntresult;
}
NTSTATUS result = NT_STATUS_OK;
int ret;
int argc;
- char **argv = NULL;
+ const char **argv = NULL;
- if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
+ if ((ret = poptParseArgvString(cmd, &argc, &argv)) != 0) {
fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
return NT_STATUS_UNSUCCESSFUL;
}
int main(int argc, char *argv[])
{
+ const char **const_argv = discard_const_p(const char *, argv);
int opt;
static char *cmdstr = NULL;
const char *server;
struct sockaddr_storage server_ss;
NTSTATUS nt_status;
static int opt_port = 0;
- fstring new_workgroup;
int result = 0;
TALLOC_CTX *frame = talloc_stackframe();
uint32_t flags = 0;
struct dcerpc_binding *binding = NULL;
+ enum dcerpc_transport_t transport;
+ uint32_t bflags = 0;
const char *binding_string = NULL;
- char *user, *domain, *q;
+ const char *host;
+ int signing_state = SMB_SIGNING_IPC_DEFAULT;
/* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */
POPT_TABLEEND
};
- load_case_tables();
+ smb_init_locale();
zero_sockaddr(&server_ss);
/* the following functions are part of the Samba debugging
facilities. See lib/debug.c */
- setup_logging("rpcclient", True);
-
- rpcclient_auth_info = user_auth_info_init(frame);
- if (rpcclient_auth_info == NULL) {
- exit(1);
- }
- popt_common_set_auth_info(rpcclient_auth_info);
+ setup_logging("rpcclient", DEBUG_STDOUT);
+ lp_set_cmdline("log level", "0");
/* Parse options */
- pc = poptGetContext("rpcclient", argc, (const char **) argv,
+ pc = poptGetContext("rpcclient", argc, const_argv,
long_options, 0);
if (argc == 1) {
}
poptFreeContext(pc);
-
- load_interfaces();
+ popt_burn_cmdline_password(argc, argv);
+
+ nt_status = messaging_init_client(talloc_autofree_context(),
+ samba_tevent_context_init(talloc_autofree_context()),
+ &rpcclient_msg_ctx);
+ if (geteuid() != 0 &&
+ NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
+ /*
+ * Normal to fail to initialize messaging context
+ * if we're not root as we don't have ability to
+ * read lock directory.
+ */
+ DBG_NOTICE("Unable to initialize messaging context. "
+ "Must be root to do that.\n");
+ } else if (!NT_STATUS_IS_OK(nt_status)) {
+ fprintf(stderr, "Could not init messaging context\n");
+ result = 1;
+ goto done;
+ }
if (!init_names()) {
result = 1;
goto done;
}
- /* save the workgroup...
-
- FIXME!! do we need to do this for other options as well
- (or maybe a generic way to keep lp_load() from overwriting
- everything)? */
-
- fstrcpy( new_workgroup, lp_workgroup() );
-
- /* Load smb.conf file */
-
- if (!lp_load(get_dyn_CONFIGFILE(),True,False,False,True))
- fprintf(stderr, "Can't load %s\n", get_dyn_CONFIGFILE());
-
- if ( strlen(new_workgroup) != 0 )
- set_global_myworkgroup( new_workgroup );
-
/*
* Get password
* from stdin if necessary
*/
- if (get_cmdline_auth_info_use_machine_account(rpcclient_auth_info) &&
- !set_cmdline_auth_info_machine_account_creds(rpcclient_auth_info)) {
- result = 1;
- goto done;
- }
-
- set_cmdline_auth_info_getpass(rpcclient_auth_info);
-
if ((server[0] == '/' && server[1] == '/') ||
(server[0] == '\\' && server[1] == '\\')) {
server += 2;
}
}
- if (binding->transport == NCA_UNKNOWN) {
- binding->transport = NCACN_NP;
+ transport = dcerpc_binding_get_transport(binding);
+
+ if (transport == NCA_UNKNOWN) {
+ nt_status = dcerpc_binding_set_transport(binding, NCACN_NP);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ result = -1;
+ goto done;
+ }
}
- if (binding->flags & DCERPC_SIGN) {
+ host = dcerpc_binding_get_string_option(binding, "host");
+
+ bflags = dcerpc_binding_get_flags(binding);
+ if (bflags & DCERPC_CONNECT) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ }
+ if (bflags & DCERPC_PACKET) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PACKET;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ }
+ if (bflags & DCERPC_SIGN) {
pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}
- if (binding->flags & DCERPC_SEAL) {
+ if (bflags & DCERPC_SEAL) {
pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
}
- if (binding->flags & DCERPC_AUTH_SPNEGO) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ if (bflags & DCERPC_AUTH_SPNEGO) {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
}
- if (binding->flags & DCERPC_AUTH_NTLM) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ if (bflags & DCERPC_AUTH_NTLM) {
+ if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ } else {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+ }
}
- if (binding->flags & DCERPC_AUTH_KRB5) {
- pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ if (bflags & DCERPC_AUTH_KRB5) {
+ if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
+ pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ } else {
+ pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+ }
+ }
+ if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
+ /* If nothing is requested then default to integrity */
+ if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+ }
+ }
+
+ signing_state = get_cmdline_auth_info_signing_state(
+ popt_get_cmdline_auth_info());
+ switch (signing_state) {
+ case SMB_SIGNING_OFF:
+ lp_set_cmdline("client ipc signing", "no");
+ break;
+ case SMB_SIGNING_REQUIRED:
+ lp_set_cmdline("client ipc signing", "required");
+ break;
}
- if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
+ if (get_cmdline_auth_info_use_kerberos(popt_get_cmdline_auth_info())) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
}
-
- user = talloc_strdup(frame, get_cmdline_auth_info_username(rpcclient_auth_info));
- SMB_ASSERT(user != NULL);
- domain = talloc_strdup(frame, lp_workgroup());
- SMB_ASSERT(domain != NULL);
- set_cmdline_auth_info_domain(rpcclient_auth_info, domain);
-
- if ((q = strchr_m(user,'\\'))) {
- *q = 0;
- set_cmdline_auth_info_domain(rpcclient_auth_info, user);
- set_cmdline_auth_info_username(rpcclient_auth_info, q+1);
+ if (get_cmdline_auth_info_use_ccache(popt_get_cmdline_auth_info())) {
+ flags |= CLI_FULL_CONNECTION_USE_CCACHE;
+ }
+ if (get_cmdline_auth_info_use_pw_nt_hash(
+ popt_get_cmdline_auth_info())) {
+ flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
}
+ rpcclient_netlogon_domain = get_cmdline_auth_info_domain(
+ popt_get_cmdline_auth_info());
+ if (rpcclient_netlogon_domain == NULL ||
+ rpcclient_netlogon_domain[0] == '\0')
+ {
+ rpcclient_netlogon_domain = lp_workgroup();
+ }
- nt_status = cli_full_connection(&cli, global_myname(), binding->host,
+ nt_status = cli_full_connection(&cli, lp_netbios_name(), host,
opt_ipaddr ? &server_ss : NULL, opt_port,
"IPC$", "IPC",
- get_cmdline_auth_info_username(rpcclient_auth_info),
- get_cmdline_auth_info_domain(rpcclient_auth_info),
- get_cmdline_auth_info_password(rpcclient_auth_info),
+ get_cmdline_auth_info_username(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_domain(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_password(
+ popt_get_cmdline_auth_info()),
flags,
- get_cmdline_auth_info_signing_state(rpcclient_auth_info),
- NULL);
+ SMB_SIGNING_IPC_DEFAULT);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
goto done;
}
- if (get_cmdline_auth_info_smb_encrypt(rpcclient_auth_info)) {
+ if (get_cmdline_auth_info_smb_encrypt(popt_get_cmdline_auth_info())) {
nt_status = cli_cm_force_encryption(cli,
- get_cmdline_auth_info_username(rpcclient_auth_info),
- get_cmdline_auth_info_password(rpcclient_auth_info),
- get_cmdline_auth_info_domain(rpcclient_auth_info),
+ get_cmdline_auth_info_username(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_password(
+ popt_get_cmdline_auth_info()),
+ get_cmdline_auth_info_domain(
+ popt_get_cmdline_auth_info()),
"IPC$");
if (!NT_STATUS_IS_OK(nt_status)) {
result = 1;
#endif
/* Load command lists */
+ rpcclient_cli_state = cli;
- timeout = cli_set_timeout(cli, 10000);
+ timeout = 10000;
+ cli_set_timeout(cli, timeout);
cmd_set = rpcclient_command_list;
cmd_set++;
}
- default_transport = binding->transport;
+ default_transport = dcerpc_binding_get_transport(binding);
fetch_machine_sid(cli);
result = 0;
while((cmd=next_command(&p)) != NULL) {
- NTSTATUS cmd_result = process_cmd(rpcclient_auth_info, cli,
- binding, cmd);
+ NTSTATUS cmd_result = process_cmd(
+ popt_get_cmdline_auth_info(),
+ cli, binding, cmd);
SAFE_FREE(cmd);
result = NT_STATUS_IS_ERR(cmd_result);
}
line = smb_readline("rpcclient $> ", NULL, completion_fn);
- if (line == NULL)
+ if (line == NULL) {
+ printf("\n");
break;
+ }
if (line[0] != '\n')
- process_cmd(rpcclient_auth_info, cli, binding, line);
+ process_cmd(popt_get_cmdline_auth_info(), cli,
+ binding, line);
SAFE_FREE(line);
}
done:
+ rpcclient_cli_state = NULL;
if (cli != NULL) {
cli_shutdown(cli);
}
+ popt_free_cmdline_auth_info();
TALLOC_FREE(frame);
return result;
}