#include "includes.h"
#include "rpcclient.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/cli_lsa.h"
DOM_SID domain_sid;
static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
-static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
+static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
static unsigned int timeout = 0;
static enum dcerpc_transport_t default_transport = NCACN_NP;
{
const char *type = "NTLMSSP";
- pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
{
const char *type = "NTLMSSP";
- pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
if (argc > 2) {
static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
- pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
return cmd_set_ss_level();
int argc, const char **argv)
{
d_printf("Setting schannel - sign and seal\n");
- pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
int argc, const char **argv)
{
d_printf("Setting schannel - sign only\n");
- pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
return cmd_set_ss_level();
cli, cmd_entry->interface,
default_transport,
pipe_default_auth_level,
- lp_workgroup(),
+ get_cmdline_auth_info_domain(auth_info),
&cmd_entry->rpc_pipe);
break;
default:
DEBUG(0, ("Could not initialise %s. Invalid "
"auth type %u\n",
- get_pipe_name_from_iface(
+ get_pipe_name_from_syntax(
+ talloc_tos(),
cmd_entry->interface),
pipe_default_auth_type ));
return NT_STATUS_UNSUCCESSFUL;
}
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise %s. Error was %s\n",
- get_pipe_name_from_iface(
- cmd_entry->interface),
+ get_pipe_name_from_syntax(
+ talloc_tos(), cmd_entry->interface),
nt_errstr(ntresult) ));
return ntresult;
}
if (ndr_syntax_id_equal(cmd_entry->interface,
&ndr_table_netlogon.syntax_id)) {
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
- uint32 sec_channel_type;
+ enum netr_SchannelType sec_channel_type;
uchar trust_password[16];
-
- if (!secrets_fetch_trust_account_password(lp_workgroup(),
- trust_password,
- NULL, &sec_channel_type)) {
- return NT_STATUS_UNSUCCESSFUL;
+ const char *machine_account;
+
+ if (!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info),
+ trust_password, &machine_account,
+ &sec_channel_type))
+ {
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
-
+
ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
cli->desthost, /* server name */
- lp_workgroup(), /* domain */
+ get_cmdline_auth_info_domain(auth_info), /* domain */
global_myname(), /* client name */
- global_myname(), /* machine account name */
+ machine_account, /* machine account name */
trust_password,
sec_channel_type,
&neg_flags);
if (!NT_STATUS_IS_OK(ntresult)) {
DEBUG(0, ("Could not initialise credentials for %s.\n",
- get_pipe_name_from_iface(
+ get_pipe_name_from_syntax(
+ talloc_tos(),
cmd_entry->interface)));
return ntresult;
}
binding->transport = NCACN_NP;
}
+ if (binding->flags & DCERPC_SIGN) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ }
+ if (binding->flags & DCERPC_SEAL) {
+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ }
+ if (binding->flags & DCERPC_AUTH_SPNEGO) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ }
+ if (binding->flags & DCERPC_AUTH_NTLM) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ }
+ if (binding->flags & DCERPC_AUTH_KRB5) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+ }
+
if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;