This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
DOM_SID domain_sid;
+static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
+static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
+static unsigned int timeout = 0;
/* List to hold groups of commands.
*
struct cmd_set *cmd_set;
} *cmd_list;
-/*****************************************************************************
- stubb functions
-****************************************************************************/
-
-void become_root( void )
-{
- return;
-}
-
-void unbecome_root( void )
-{
- return;
-}
-
-
/****************************************************************************
handle completion of commands for readline
****************************************************************************/
-static char **completion_fn(char *text, int start, int end)
+static char **completion_fn(const char *text, int start, int end)
{
#define MAX_COMPLETIONS 100
char **matches;
#endif
/* make sure we have a list of valid commands */
- if (!commands)
+ if (!commands) {
return NULL;
+ }
- matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
- if (!matches) return NULL;
+ matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
+ if (!matches) {
+ return NULL;
+ }
- matches[count++] = strdup(text);
- if (!matches[0]) return NULL;
+ matches[count++] = SMB_STRDUP(text);
+ if (!matches[0]) {
+ SAFE_FREE(matches);
+ return NULL;
+ }
- while (commands && count < MAX_COMPLETIONS-1)
- {
- if (!commands->cmd_set)
+ while (commands && count < MAX_COMPLETIONS-1) {
+ if (!commands->cmd_set) {
break;
+ }
- for (i=0; commands->cmd_set[i].name; i++)
- {
+ for (i=0; commands->cmd_set[i].name; i++) {
if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
(( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
commands->cmd_set[i].ntfn ) ||
( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
- commands->cmd_set[i].wfn)))
- {
- matches[count] = strdup(commands->cmd_set[i].name);
- if (!matches[count])
+ commands->cmd_set[i].wfn))) {
+ matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
+ if (!matches[count]) {
+ for (i = 0; i < count; i++) {
+ SAFE_FREE(matches[count]);
+ }
+ SAFE_FREE(matches);
return NULL;
+ }
count++;
}
}
-
commands = commands->next;
}
if (count == 2) {
SAFE_FREE(matches[0]);
- matches[0] = strdup(matches[1]);
+ matches[0] = SMB_STRDUP(matches[1]);
}
matches[count] = NULL;
return matches;
}
-static char* next_command (char** cmdstr)
+static char *next_command (char **cmdstr)
{
- static pstring command;
+ char *command;
char *p;
if (!cmdstr || !(*cmdstr))
p = strchr_m(*cmdstr, ';');
if (p)
*p = '\0';
- pstrcpy(command, *cmdstr);
+ command = SMB_STRDUP(*cmdstr);
if (p)
*cmdstr = p + 1;
else
{
POLICY_HND pol;
NTSTATUS result = NT_STATUS_OK;
- uint32 info_class = 5;
- fstring domain_name;
- static BOOL got_domain_sid;
+ static bool got_domain_sid;
TALLOC_CTX *mem_ctx;
+ struct rpc_pipe_client *lsapipe = NULL;
+ union lsa_PolicyInformation *info = NULL;
if (got_domain_sid) return;
- if (!(mem_ctx=talloc_init("fetch_machine_sid")))
- {
+ if (!(mem_ctx=talloc_init("fetch_machine_sid"))) {
DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
goto error;
}
-
- if (!cli_nt_session_open (cli, PI_LSARPC)) {
- fprintf(stderr, "could not initialise lsa pipe\n");
+ if ((lsapipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result)) == NULL) {
+ fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
goto error;
}
- result = cli_lsa_open_policy(cli, mem_ctx, True,
+ result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
goto error;
}
- result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
- domain_name, &domain_sid);
+ result = rpccli_lsa_QueryInfoPolicy(lsapipe, mem_ctx,
+ &pol,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto error;
}
got_domain_sid = True;
+ sid_copy(&domain_sid, info->account_domain.sid);
- cli_lsa_close(cli, mem_ctx, &pol);
- cli_nt_session_close(cli);
+ rpccli_lsa_Close(lsapipe, mem_ctx, &pol);
+ TALLOC_FREE(lsapipe);
talloc_destroy(mem_ctx);
return;
error:
+
+ if (lsapipe) {
+ TALLOC_FREE(lsapipe);
+ }
+
fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
if (!NT_STATUS_IS_OK(result)) {
/* List the available commands on a given pipe */
-static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static NTSTATUS cmd_listcommands(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
struct cmd_list *tmp;
i = 0;
tmp_set++;
while(tmp_set->name) {
- printf("%20s", tmp_set->name);
+ printf("%30s", tmp_set->name);
tmp_set++;
i++;
- if (i%4 == 0)
+ if (i%3 == 0)
printf("\n");
}
/* Display help on commands */
-static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static NTSTATUS cmd_help(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
struct cmd_list *tmp;
/* Change the debug level */
-static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static NTSTATUS cmd_debuglevel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
if (argc > 2) {
return NT_STATUS_OK;
}
-static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static NTSTATUS cmd_quit(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
exit(0);
return NT_STATUS_OK; /* NOTREACHED */
}
-static NTSTATUS cmd_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
+static NTSTATUS cmd_set_ss_level(void)
{
- if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN)) {
- return NT_STATUS_OK;
- } else {
- /* still have session, just need to use it again */
- cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
- cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
- if (cli->nt_pipe_fnum != 0)
- cli_nt_session_close(cli);
- }
+ struct cmd_list *tmp;
+
+ /* Close any existing connections not at this level. */
- return NT_STATUS_OK;
+ for (tmp = cmd_list; tmp; tmp = tmp->next) {
+ struct cmd_set *tmp_set;
+
+ for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
+ if (tmp_set->rpc_pipe == NULL) {
+ continue;
+ }
+
+ if (tmp_set->rpc_pipe->auth.auth_type != pipe_default_auth_type ||
+ tmp_set->rpc_pipe->auth.auth_level != pipe_default_auth_level) {
+ TALLOC_FREE(tmp_set->rpc_pipe);
+ tmp_set->rpc_pipe = NULL;
+ }
+ }
+ }
+ return NT_STATUS_OK;
}
-static NTSTATUS cmd_seal(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
- if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
+ pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+
+ if (argc > 2) {
+ printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
return NT_STATUS_OK;
- } else {
- /* still have session, just need to use it again */
- cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
- cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
- cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
- if (cli->nt_pipe_fnum != 0)
- cli_nt_session_close(cli);
- }
- return NT_STATUS_OK;
+ }
+
+ if (argc == 2) {
+ if (strequal(argv[1], "NTLMSSP")) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ } else if (strequal(argv[1], "SCHANNEL")) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ } else {
+ printf("unknown type %s\n", argv[1]);
+ return NT_STATUS_INVALID_LEVEL;
+ }
+ }
+
+ printf("debuglevel is %d\n", DEBUGLEVEL);
+ return cmd_set_ss_level();
}
-static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
- if (cli->pipe_auth_flags == 0) {
+ pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+
+ if (argc > 2) {
+ printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
return NT_STATUS_OK;
- } else {
- /* still have session, just need to use it again */
- cli->pipe_auth_flags = 0;
- if (cli->nt_pipe_fnum != 0)
- cli_nt_session_close(cli);
}
- cli->pipe_auth_flags = 0;
- return NT_STATUS_OK;
+ if (argc == 2) {
+ if (strequal(argv[1], "NTLMSSP")) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
+ } else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+ } else if (strequal(argv[1], "SCHANNEL")) {
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ } else {
+ printf("unknown type %s\n", argv[1]);
+ return NT_STATUS_INVALID_LEVEL;
+ }
+ }
+ return cmd_set_ss_level();
}
-static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
+static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
{
- uchar trust_password[16];
- uint32 sec_channel_type;
- uint32 neg_flags = 0x000001ff;
- NTSTATUS result;
- static uchar zeros[16];
+ struct cmd_list *tmp;
- /* Cleanup */
+ if (argc > 2) {
+ printf("Usage: %s timeout\n", argv[0]);
+ return NT_STATUS_OK;
+ }
- if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0)
- && (cli->saved_netlogon_pipe_fnum != 0)) {
- if (cli->pipe_auth_flags == (AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
- return NT_STATUS_OK;
- } else {
- /* still have session, just need to use it again */
- cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
- cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
- cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
- if (cli->nt_pipe_fnum != 0)
- cli_nt_session_close(cli);
+ if (argc == 2) {
+ timeout = atoi(argv[1]);
+
+ for (tmp = cmd_list; tmp; tmp = tmp->next) {
+
+ struct cmd_set *tmp_set;
+
+ for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
+ if (tmp_set->rpc_pipe == NULL) {
+ continue;
+ }
+
+ rpccli_set_timeout(tmp_set->rpc_pipe, timeout);
+ }
}
}
-
- if (cli->nt_pipe_fnum != 0)
- cli_nt_session_close(cli);
- cli->pipe_auth_flags = 0;
-
- if (!secrets_fetch_trust_account_password(lp_workgroup(),
- trust_password,
- NULL, &sec_channel_type)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!cli_nt_session_open(cli, PI_NETLOGON)) {
- DEBUG(0, ("Could not initialise %s\n",
- get_pipe_name_from_index(PI_NETLOGON)));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ printf("timeout is %d\n", timeout);
- neg_flags |= NETLOGON_NEG_SCHANNEL;
+ return NT_STATUS_OK;
+}
- result = cli_nt_setup_creds(cli, sec_channel_type, trust_password,
- &neg_flags, 2);
- if (!NT_STATUS_IS_OK(result)) {
- ZERO_STRUCT(cli->auth_info.sess_key);
- cli->pipe_auth_flags = 0;
- return result;
- }
+static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
- memcpy(cli->auth_info.sess_key, cli->sess_key,
- sizeof(cli->auth_info.sess_key));
+ return cmd_set_ss_level();
+}
- cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
+static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ d_printf("Setting schannel - sign and seal\n");
+ pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
- cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
- cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
- cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
+ return cmd_set_ss_level();
+}
- return NT_STATUS_OK;
+static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+ int argc, const char **argv)
+{
+ d_printf("Setting schannel - sign only\n");
+ pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+ pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+
+ return cmd_set_ss_level();
}
+
/* Built in rpcclient commands */
static struct cmd_set rpcclient_commands[] = {
{ "GENERAL OPTIONS" },
- { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
- { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
- { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, "Set debug level", "level" },
- { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, "List available commands on <pipe>", "pipe" },
- { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
- { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
- { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" },
- { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" },
- { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
- { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" },
+ { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" },
+ { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, NULL, "Get help on commands", "[command]" },
+ { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" },
+ { "debug", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, NULL, "Set debug level", "level" },
+ { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, NULL, "List available commands on <pipe>", "pipe" },
+ { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" },
+ { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, NULL, "Exit program", "" },
+ { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed", "" },
+ { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, NULL, "Force RPC pipe connections to be sealed", "" },
+ { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
+ { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
+ { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, -1, NULL, "Set timeout (in milliseonds) for RPC operations", "" },
+ { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, NULL, "Force RPC pipe connections to have no special properties", "" },
{ NULL }
};
static struct cmd_set separator_command[] = {
- { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, "----------------------" },
+ { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, NULL, "----------------------" },
{ NULL }
};
extern struct cmd_set netlogon_commands[];
extern struct cmd_set srvsvc_commands[];
extern struct cmd_set dfs_commands[];
-extern struct cmd_set reg_commands[];
extern struct cmd_set ds_commands[];
extern struct cmd_set echo_commands[];
+extern struct cmd_set shutdown_commands[];
+extern struct cmd_set test_commands[];
+extern struct cmd_set wkssvc_commands[];
+extern struct cmd_set ntsvcs_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
netlogon_commands,
srvsvc_commands,
dfs_commands,
- reg_commands,
echo_commands,
+ shutdown_commands,
+ test_commands,
+ wkssvc_commands,
+ ntsvcs_commands,
NULL
};
{
struct cmd_list *entry;
- if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) {
+ if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
DEBUG(0, ("out of memory\n"));
return;
}
{
NTSTATUS ntresult;
WERROR wresult;
- uchar trust_password[16];
TALLOC_CTX *mem_ctx;
/* Open pipe */
- if (cmd_entry->pipe_idx != -1
- && cmd_entry->pipe_idx != cli->pipe_idx) {
- if (cli->nt_pipe_fnum != 0)
- cli_nt_session_close(cli);
-
- if (!cli_nt_session_open(cli, cmd_entry->pipe_idx)) {
- DEBUG(0, ("Could not initialise %s\n",
- get_pipe_name_from_index(cmd_entry->pipe_idx)));
- return NT_STATUS_UNSUCCESSFUL;
+ if (cmd_entry->pipe_idx != -1 && cmd_entry->rpc_pipe == NULL) {
+ switch (pipe_default_auth_type) {
+ case PIPE_AUTH_TYPE_NONE:
+ cmd_entry->rpc_pipe = cli_rpc_pipe_open_noauth(cli,
+ cmd_entry->pipe_idx,
+ &ntresult);
+ break;
+ case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+ cmd_entry->rpc_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli,
+ cmd_entry->pipe_idx,
+ pipe_default_auth_level,
+ lp_workgroup(),
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ &ntresult);
+ break;
+ case PIPE_AUTH_TYPE_NTLMSSP:
+ cmd_entry->rpc_pipe = cli_rpc_pipe_open_ntlmssp(cli,
+ cmd_entry->pipe_idx,
+ pipe_default_auth_level,
+ lp_workgroup(),
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ &ntresult);
+ break;
+ case PIPE_AUTH_TYPE_SCHANNEL:
+ cmd_entry->rpc_pipe = cli_rpc_pipe_open_schannel(cli,
+ cmd_entry->pipe_idx,
+ pipe_default_auth_level,
+ lp_workgroup(),
+ &ntresult);
+ break;
+ default:
+ DEBUG(0, ("Could not initialise %s. Invalid auth type %u\n",
+ cli_get_pipe_name(cmd_entry->pipe_idx),
+ pipe_default_auth_type ));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!cmd_entry->rpc_pipe) {
+ DEBUG(0, ("Could not initialise %s. Error was %s\n",
+ cli_get_pipe_name(cmd_entry->pipe_idx),
+ nt_errstr(ntresult) ));
+ return ntresult;
}
- }
- if ((cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
- uint32 neg_flags = 0x000001ff;
- uint32 sec_channel_type;
+ if (cmd_entry->pipe_idx == PI_NETLOGON) {
+ uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+ uint32 sec_channel_type;
+ uchar trust_password[16];
- if (!secrets_fetch_trust_account_password(lp_workgroup(),
- trust_password,
- NULL, &sec_channel_type)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
+ if (!secrets_fetch_trust_account_password(lp_workgroup(),
+ trust_password,
+ NULL, &sec_channel_type)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
- ntresult = cli_nt_setup_creds(cli, sec_channel_type,
- trust_password,
- &neg_flags, 2);
- if (!NT_STATUS_IS_OK(ntresult)) {
- ZERO_STRUCT(cli->auth_info.sess_key);
- printf("nt_setup_creds failed with %s\n", nt_errstr(ntresult));
- return ntresult;
+ ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
+ cli->desthost, /* server name */
+ lp_workgroup(), /* domain */
+ global_myname(), /* client name */
+ global_myname(), /* machine account name */
+ trust_password,
+ sec_channel_type,
+ &neg_flags);
+
+ if (!NT_STATUS_IS_OK(ntresult)) {
+ DEBUG(0, ("Could not initialise credentials for %s.\n",
+ cli_get_pipe_name(cmd_entry->pipe_idx)));
+ return ntresult;
+ }
}
-
}
- /* Run command */
+ /* Run command */
- if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
- ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
- if (!NT_STATUS_IS_OK(ntresult)) {
- printf("result was %s\n", nt_errstr(ntresult));
- }
- } else {
- wresult = cmd_entry->wfn( cli, mem_ctx, argc, (const char **) argv);
- /* print out the DOS error */
- if (!W_ERROR_IS_OK(wresult)) {
- printf( "result was %s\n", dos_errstr(wresult));
- }
- ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
- }
-
+ if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
+ ntresult = cmd_entry->ntfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
+ if (!NT_STATUS_IS_OK(ntresult)) {
+ printf("result was %s\n", nt_errstr(ntresult));
+ }
+ } else {
+ wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
+ /* print out the DOS error */
+ if (!W_ERROR_IS_OK(wresult)) {
+ printf( "result was %s\n", dos_errstr(wresult));
+ }
+ ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
+ }
/* Cleanup */
}
*/
- if (argv) {
- /* NOTE: popt allocates the whole argv, including the
- * strings, as a single block. So a single free is
- * enough to release it -- we don't free the
- * individual strings. rtfm. */
- free(argv);
- }
-
+ /* NOTE: popt allocates the whole argv, including the
+ * strings, as a single block. So a single free is
+ * enough to release it -- we don't free the
+ * individual strings. rtfm. */
+ free(argv);
+
return result;
}
int main(int argc, char *argv[])
{
- BOOL interactive = True;
int opt;
static char *cmdstr = NULL;
const char *server;
- struct cli_state *cli;
+ struct cli_state *cli = NULL;
static char *opt_ipaddr=NULL;
struct cmd_set **cmd_set;
- struct in_addr server_ip;
+ struct sockaddr_storage server_ss;
NTSTATUS nt_status;
+ static int opt_port = 0;
+ fstring new_workgroup;
+ int result = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
/* make sure the vars that get altered (4th field) are in
a fixed location or certain compilers complain */
POPT_AUTOHELP
{"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
{"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
+ {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"},
POPT_COMMON_SAMBA
POPT_COMMON_CONNECTION
POPT_COMMON_CREDENTIALS
POPT_TABLEEND
};
- ZERO_STRUCT(server_ip);
+ load_case_tables();
+
+ zero_addr(&server_ss);
setlinebuf(stdout);
/* the following functions are part of the Samba debugging
facilities. See lib/debug.c */
- setup_logging("rpcclient", interactive);
- if (!interactive)
- reopen_logs();
-
- /* Load smb.conf file */
-
- if (!lp_load(dyn_CONFIGFILE,True,False,False))
- fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
+ setup_logging("rpcclient", True);
/* Parse options */
if (argc == 1) {
poptPrintHelp(pc, stderr, 0);
- return 0;
+ goto done;
}
-
+
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
case 'I':
- if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
+ if (!interpret_string_addr(&server_ss,
+ opt_ipaddr,
+ AI_NUMERICHOST)) {
fprintf(stderr, "%s not a valid IP address\n",
opt_ipaddr);
- return 1;
+ result = 1;
+ goto done;
}
}
}
than one unparsed argument is present. */
server = poptGetArg(pc);
-
+
if (!server || poptGetArg(pc)) {
poptPrintHelp(pc, stderr, 0);
- return 1;
+ result = 1;
+ goto done;
}
poptFreeContext(pc);
load_interfaces();
- if (!init_names())
- return 1;
+ if (!init_names()) {
+ result = 1;
+ goto done;
+ }
+
+ /* save the workgroup...
+
+ FIXME!! do we need to do this for other options as well
+ (or maybe a generic way to keep lp_load() from overwriting
+ everything)? */
+
+ fstrcpy( new_workgroup, lp_workgroup() );
+
+ /* Load smb.conf file */
+
+ if (!lp_load(get_dyn_CONFIGFILE(),True,False,False,True))
+ fprintf(stderr, "Can't load %s\n", get_dyn_CONFIGFILE());
+
+ if ( strlen(new_workgroup) != 0 )
+ set_global_myworkgroup( new_workgroup );
/*
* Get password
* from stdin if necessary
*/
- if (!cmdline_auth_info.got_pass) {
+ if (!get_cmdline_auth_info_got_pass()) {
char *pass = getpass("Password:");
if (pass) {
- pstrcpy(cmdline_auth_info.password, pass);
+ set_cmdline_auth_info_password(pass);
}
}
-
- nt_status = cli_full_connection(&cli, global_myname(), server,
- opt_ipaddr ? &server_ip : NULL, 0,
- "IPC$", "IPC",
- cmdline_auth_info.username, lp_workgroup(),
- cmdline_auth_info.password, 0, NULL);
-
+
+ if ((server[0] == '/' && server[1] == '/') ||
+ (server[0] == '\\' && server[1] == '\\')) {
+ server += 2;
+ }
+
+ nt_status = cli_full_connection(&cli, global_myname(), server,
+ opt_ipaddr ? &server_ss : NULL, opt_port,
+ "IPC$", "IPC",
+ get_cmdline_auth_info_username(),
+ lp_workgroup(),
+ get_cmdline_auth_info_password(),
+ get_cmdline_auth_info_use_kerberos() ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
+ get_cmdline_auth_info_signing_state(),NULL);
+
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
- return 1;
+ result = 1;
+ goto done;
+ }
+
+ if (get_cmdline_auth_info_smb_encrypt()) {
+ nt_status = cli_cm_force_encryption(cli,
+ get_cmdline_auth_info_username(),
+ get_cmdline_auth_info_password(),
+ lp_workgroup(),
+ "IPC$");
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ result = 1;
+ goto done;
+ }
}
+#if 0 /* COMMENT OUT FOR TESTING */
memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
+#endif
/* Load command lists */
+ timeout = cli_set_timeout(cli, 10000);
+
cmd_set = rpcclient_command_list;
while(*cmd_set) {
}
fetch_machine_sid(cli);
-
+
/* Do anything specified with -c */
if (cmdstr && cmdstr[0]) {
char *cmd;
char *p = cmdstr;
- int result = 0;
-
+
+ result = 0;
+
while((cmd=next_command(&p)) != NULL) {
NTSTATUS cmd_result = process_cmd(cli, cmd);
+ SAFE_FREE(cmd);
result = NT_STATUS_IS_ERR(cmd_result);
}
-
- cli_shutdown(cli);
- return result;
+
+ goto done;
}
/* Loop around accepting commands */
while(1) {
- pstring prompt;
- char *line;
+ char *line = NULL;
- slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
-
- line = smb_readline(prompt, NULL, completion_fn);
+ line = smb_readline("rpcclient $> ", NULL, completion_fn);
if (line == NULL)
break;
if (line[0] != '\n')
process_cmd(cli, line);
+ SAFE_FREE(line);
}
-
- cli_shutdown(cli);
- return 0;
+
+done:
+ if (cli != NULL) {
+ cli_shutdown(cli);
+ }
+ TALLOC_FREE(frame);
+ return result;
}
git.samba.org / kai / samba.git / blobdiff