2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
30 /* List to hold groups of commands.
32 * Commands are defined in a list of arrays: arrays are easy to
33 * statically declare, and lists are easier to dynamically extend.
36 static struct cmd_list {
37 struct cmd_list *prev, *next;
38 struct cmd_set *cmd_set;
41 /****************************************************************************
42 handle completion of commands for readline
43 ****************************************************************************/
44 static char **completion_fn(const char *text, int start, int end)
46 #define MAX_COMPLETIONS 100
49 struct cmd_list *commands = cmd_list;
52 /* FIXME!!! -- what to do when completing argument? */
53 /* for words not at the start of the line fallback
54 to filename completion */
59 /* make sure we have a list of valid commands */
63 matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
64 if (!matches) return NULL;
66 matches[count++] = SMB_STRDUP(text);
67 if (!matches[0]) return NULL;
69 while (commands && count < MAX_COMPLETIONS-1)
71 if (!commands->cmd_set)
74 for (i=0; commands->cmd_set[i].name; i++)
76 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
77 (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
78 commands->cmd_set[i].ntfn ) ||
79 ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
80 commands->cmd_set[i].wfn)))
82 matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
89 commands = commands->next;
94 SAFE_FREE(matches[0]);
95 matches[0] = SMB_STRDUP(matches[1]);
97 matches[count] = NULL;
101 static char* next_command (char** cmdstr)
103 static pstring command;
106 if (!cmdstr || !(*cmdstr))
109 p = strchr_m(*cmdstr, ';');
112 pstrcpy(command, *cmdstr);
121 /* Fetch the SID for this computer */
123 static void fetch_machine_sid(struct cli_state *cli)
126 NTSTATUS result = NT_STATUS_OK;
127 uint32 info_class = 5;
128 char *domain_name = NULL;
129 static BOOL got_domain_sid;
131 DOM_SID *dom_sid = NULL;
133 if (got_domain_sid) return;
135 if (!(mem_ctx=talloc_init("fetch_machine_sid")))
137 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
142 if (!cli_nt_session_open (cli, PI_LSARPC)) {
143 fprintf(stderr, "could not initialise lsa pipe\n");
147 result = cli_lsa_open_policy(cli, mem_ctx, True,
148 SEC_RIGHTS_MAXIMUM_ALLOWED,
150 if (!NT_STATUS_IS_OK(result)) {
154 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
155 &domain_name, &dom_sid);
156 if (!NT_STATUS_IS_OK(result)) {
160 got_domain_sid = True;
161 sid_copy( &domain_sid, dom_sid );
163 cli_lsa_close(cli, mem_ctx, &pol);
164 cli_nt_session_close(cli);
165 talloc_destroy(mem_ctx);
170 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
172 if (!NT_STATUS_IS_OK(result)) {
173 fprintf(stderr, "error: %s\n", nt_errstr(result));
179 /* List the available commands on a given pipe */
181 static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
182 int argc, const char **argv)
184 struct cmd_list *tmp;
185 struct cmd_set *tmp_set;
191 printf("Usage: %s <pipe>\n", argv[0]);
195 /* Help on one command */
197 for (tmp = cmd_list; tmp; tmp = tmp->next)
199 tmp_set = tmp->cmd_set;
201 if (!StrCaseCmp(argv[1], tmp_set->name))
203 printf("Available commands on the %s pipe:\n\n", tmp_set->name);
207 while(tmp_set->name) {
208 printf("%20s", tmp_set->name);
215 /* drop out of the loop */
224 /* Display help on commands */
226 static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
227 int argc, const char **argv)
229 struct cmd_list *tmp;
230 struct cmd_set *tmp_set;
235 printf("Usage: %s [command]\n", argv[0]);
239 /* Help on one command */
242 for (tmp = cmd_list; tmp; tmp = tmp->next) {
244 tmp_set = tmp->cmd_set;
246 while(tmp_set->name) {
247 if (strequal(argv[1], tmp_set->name)) {
248 if (tmp_set->usage &&
250 printf("%s\n", tmp_set->usage);
252 printf("No help for %s\n", tmp_set->name);
261 printf("No such command: %s\n", argv[1]);
265 /* List all commands */
267 for (tmp = cmd_list; tmp; tmp = tmp->next) {
269 tmp_set = tmp->cmd_set;
271 while(tmp_set->name) {
273 printf("%15s\t\t%s\n", tmp_set->name,
274 tmp_set->description ? tmp_set->description:
284 /* Change the debug level */
286 static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
287 int argc, const char **argv)
290 printf("Usage: %s [debuglevel]\n", argv[0]);
295 DEBUGLEVEL = atoi(argv[1]);
298 printf("debuglevel is %d\n", DEBUGLEVEL);
303 static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
304 int argc, const char **argv)
307 return NT_STATUS_OK; /* NOTREACHED */
310 static NTSTATUS cmd_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
311 int argc, const char **argv)
313 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN)) {
316 /* still have session, just need to use it again */
317 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
318 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
319 if (cli->nt_pipe_fnum[cli->pipe_idx] != 0)
320 cli_nt_session_close(cli);
326 static NTSTATUS cmd_seal(struct cli_state *cli, TALLOC_CTX *mem_ctx,
327 int argc, const char **argv)
329 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
332 /* still have session, just need to use it again */
333 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
334 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
335 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
336 if (cli->nt_pipe_fnum[cli->pipe_idx] != 0)
337 cli_nt_session_close(cli);
342 static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
343 int argc, const char **argv)
345 if (cli->pipe_auth_flags == 0) {
348 /* still have session, just need to use it again */
349 cli->pipe_auth_flags = 0;
350 if (cli->nt_pipe_fnum[cli->pipe_idx] != 0)
351 cli_nt_session_close(cli);
353 cli->pipe_auth_flags = 0;
358 static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
359 int argc, const char **argv)
362 static uchar zeros[16];
363 uchar trust_password[16];
364 uint32 sec_channel_type;
366 strhex_to_str((char *)cli->auth_info.sess_key,
369 memcpy(cli->sess_key, cli->auth_info.sess_key, sizeof(cli->sess_key));
371 cli->pipe_auth_flags = pipe_auth_flags;
377 if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0)) {
378 if (cli->pipe_auth_flags == pipe_auth_flags) {
379 /* already in this mode nothing to do */
382 /* schannel is setup, just need to use it again with new flags */
383 cli->pipe_auth_flags = pipe_auth_flags;
385 if (cli->nt_pipe_fnum[cli->pipe_idx] != 0)
386 cli_nt_session_close(cli);
391 if (cli->nt_pipe_fnum[cli->pipe_idx] != 0)
392 cli_nt_session_close(cli);
394 if (!secrets_fetch_trust_account_password(lp_workgroup(),
396 NULL, &sec_channel_type)) {
397 return NT_STATUS_UNSUCCESSFUL;
400 ret = cli_nt_setup_netsec(cli, sec_channel_type, pipe_auth_flags, trust_password);
401 if (NT_STATUS_IS_OK(ret)) {
402 char *hex_session_key;
403 hex_encode(cli->auth_info.sess_key,
404 sizeof(cli->auth_info.sess_key),
406 printf("Got Session key: %s\n", hex_session_key);
407 SAFE_FREE(hex_session_key);
413 static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
414 int argc, const char **argv)
416 d_printf("Setting schannel - sign and seal\n");
417 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL,
421 static NTSTATUS cmd_schannel_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
422 int argc, const char **argv)
424 d_printf("Setting schannel - sign only\n");
425 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN,
430 /* Built in rpcclient commands */
432 static struct cmd_set rpcclient_commands[] = {
434 { "GENERAL OPTIONS" },
436 { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
437 { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
438 { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, "Set debug level", "level" },
439 { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, "List available commands on <pipe>", "pipe" },
440 { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
441 { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
442 { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" },
443 { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" },
444 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
445 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
446 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" },
451 static struct cmd_set separator_command[] = {
452 { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, "----------------------" },
457 /* Various pipe commands */
459 extern struct cmd_set lsarpc_commands[];
460 extern struct cmd_set samr_commands[];
461 extern struct cmd_set spoolss_commands[];
462 extern struct cmd_set netlogon_commands[];
463 extern struct cmd_set srvsvc_commands[];
464 extern struct cmd_set dfs_commands[];
465 extern struct cmd_set reg_commands[];
466 extern struct cmd_set ds_commands[];
467 extern struct cmd_set echo_commands[];
468 extern struct cmd_set shutdown_commands[];
470 static struct cmd_set *rpcclient_command_list[] = {
485 static void add_command_set(struct cmd_set *cmd_set)
487 struct cmd_list *entry;
489 if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
490 DEBUG(0, ("out of memory\n"));
496 entry->cmd_set = cmd_set;
497 DLIST_ADD(cmd_list, entry);
502 * Call an rpcclient function, passing an argv array.
504 * @param cmd Command to run, as a single string.
506 static NTSTATUS do_cmd(struct cli_state *cli,
507 struct cmd_set *cmd_entry,
508 int argc, char **argv)
512 uchar trust_password[16];
518 if (!(mem_ctx = talloc_init("do_cmd"))) {
519 DEBUG(0, ("talloc_init() failed\n"));
520 return NT_STATUS_NO_MEMORY;
525 if (cmd_entry->pipe_idx != -1
526 && cmd_entry->pipe_idx != cli->pipe_idx) {
527 if (cli->nt_pipe_fnum[cli->pipe_idx] != 0)
528 cli_nt_session_close(cli);
530 if (!cli_nt_session_open(cli, cmd_entry->pipe_idx)) {
531 DEBUG(0, ("Could not initialise %s\n",
532 get_pipe_name_from_index(cmd_entry->pipe_idx)));
533 return NT_STATUS_UNSUCCESSFUL;
537 /* some of the DsXXX commands use the netlogon pipe */
539 if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
540 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
541 uint32 sec_channel_type;
543 if (!secrets_fetch_trust_account_password(lp_workgroup(),
545 NULL, &sec_channel_type)) {
546 return NT_STATUS_UNSUCCESSFUL;
549 ntresult = cli_nt_setup_creds(cli, sec_channel_type,
552 if (!NT_STATUS_IS_OK(ntresult)) {
553 ZERO_STRUCT(cli->auth_info.sess_key);
554 printf("nt_setup_creds failed with %s\n", nt_errstr(ntresult));
562 pipe_idx = cmd_entry->pipe_idx;
563 if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
564 ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
565 if (!NT_STATUS_IS_OK(ntresult)) {
566 printf("result was %s\n", nt_errstr(ntresult));
569 wresult = cmd_entry->wfn( cli, mem_ctx, argc, (const char **) argv);
570 /* print out the DOS error */
571 if (!W_ERROR_IS_OK(wresult)) {
572 printf( "result was %s\n", dos_errstr(wresult));
574 ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
580 talloc_destroy(mem_ctx);
587 * Process a command entered at the prompt or as part of -c
589 * @returns The NTSTATUS from running the command.
591 static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
593 struct cmd_list *temp_list;
594 NTSTATUS result = NT_STATUS_OK;
599 if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
600 fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
601 return NT_STATUS_UNSUCCESSFUL;
605 /* Walk through a dlist of arrays of commands. */
606 for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
607 struct cmd_set *temp_set = temp_list->cmd_set;
609 while (temp_set->name) {
610 if (strequal(argv[0], temp_set->name)) {
611 if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
612 !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
613 fprintf (stderr, "Invalid command\n");
617 result = do_cmd(cli, temp_set, argc, argv);
626 printf("command not found: %s\n", argv[0]);
631 if (!NT_STATUS_IS_OK(result)) {
632 printf("result was %s\n", nt_errstr(result));
637 /* NOTE: popt allocates the whole argv, including the
638 * strings, as a single block. So a single free is
639 * enough to release it -- we don't free the
640 * individual strings. rtfm. */
650 int main(int argc, char *argv[])
652 BOOL interactive = True;
654 static char *cmdstr = NULL;
656 struct cli_state *cli;
657 static char *opt_ipaddr=NULL;
658 struct cmd_set **cmd_set;
659 struct in_addr server_ip;
661 static int opt_port = 0;
663 /* make sure the vars that get altered (4th field) are in
664 a fixed location or certain compilers complain */
666 struct poptOption long_options[] = {
668 {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
669 {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
670 {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"},
672 POPT_COMMON_CONNECTION
673 POPT_COMMON_CREDENTIALS
677 ZERO_STRUCT(server_ip);
681 /* the following functions are part of the Samba debugging
682 facilities. See lib/debug.c */
683 setup_logging("rpcclient", interactive);
687 /* Load smb.conf file */
689 if (!lp_load(dyn_CONFIGFILE,True,False,False))
690 fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
694 pc = poptGetContext("rpcclient", argc, (const char **) argv,
698 poptPrintHelp(pc, stderr, 0);
702 while((opt = poptGetNextOpt(pc)) != -1) {
706 if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
707 fprintf(stderr, "%s not a valid IP address\n",
714 /* Get server as remaining unparsed argument. Print usage if more
715 than one unparsed argument is present. */
717 server = poptGetArg(pc);
719 if (!server || poptGetArg(pc)) {
720 poptPrintHelp(pc, stderr, 0);
733 * from stdin if necessary
736 if (!cmdline_auth_info.got_pass) {
737 char *pass = getpass("Password:");
739 pstrcpy(cmdline_auth_info.password, pass);
743 nt_status = cli_full_connection(&cli, global_myname(), server,
744 opt_ipaddr ? &server_ip : NULL, opt_port,
746 cmdline_auth_info.username,
748 cmdline_auth_info.password,
749 cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
750 cmdline_auth_info.signing_state,NULL);
752 if (!NT_STATUS_IS_OK(nt_status)) {
753 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
757 memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
759 /* Load command lists */
761 cmd_set = rpcclient_command_list;
764 add_command_set(*cmd_set);
765 add_command_set(separator_command);
769 fetch_machine_sid(cli);
771 /* Do anything specified with -c */
772 if (cmdstr && cmdstr[0]) {
777 while((cmd=next_command(&p)) != NULL) {
778 NTSTATUS cmd_result = process_cmd(cli, cmd);
779 result = NT_STATUS_IS_ERR(cmd_result);
786 /* Loop around accepting commands */
792 slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
794 line = smb_readline(prompt, NULL, completion_fn);
800 process_cmd(cli, line);