2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "popt_common.h"
24 #include "rpcclient.h"
25 #include "../libcli/auth/libcli_auth.h"
26 #include "../librpc/gen_ndr/ndr_lsa_c.h"
27 #include "rpc_client/cli_lsarpc.h"
28 #include "../librpc/gen_ndr/ndr_netlogon.h"
29 #include "rpc_client/cli_netlogon.h"
30 #include "../libcli/smbreadline/smbreadline.h"
31 #include "../libcli/security/security.h"
33 #include "libsmb/libsmb.h"
34 #include "auth/gensec/gensec.h"
35 #include "../libcli/smb/smbXcli_base.h"
37 enum pipe_auth_type_spnego {
38 PIPE_AUTH_TYPE_SPNEGO_NONE = 0,
39 PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
40 PIPE_AUTH_TYPE_SPNEGO_KRB5
43 struct dom_sid domain_sid;
45 static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;
46 static enum pipe_auth_type_spnego pipe_default_auth_spnego_type = 0;
47 static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
48 static unsigned int timeout = 0;
49 static enum dcerpc_transport_t default_transport = NCACN_NP;
51 struct user_auth_info *rpcclient_auth_info;
53 /* List to hold groups of commands.
55 * Commands are defined in a list of arrays: arrays are easy to
56 * statically declare, and lists are easier to dynamically extend.
59 static struct cmd_list {
60 struct cmd_list *prev, *next;
61 struct cmd_set *cmd_set;
64 /****************************************************************************
65 handle completion of commands for readline
66 ****************************************************************************/
67 static char **completion_fn(const char *text, int start, int end)
69 #define MAX_COMPLETIONS 1000
72 struct cmd_list *commands = cmd_list;
75 /* FIXME!!! -- what to do when completing argument? */
76 /* for words not at the start of the line fallback
77 to filename completion */
82 /* make sure we have a list of valid commands */
87 matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
92 matches[count++] = SMB_STRDUP(text);
98 while (commands && count < MAX_COMPLETIONS-1) {
99 if (!commands->cmd_set) {
103 for (i=0; commands->cmd_set[i].name; i++) {
104 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
105 (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
106 commands->cmd_set[i].ntfn ) ||
107 ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
108 commands->cmd_set[i].wfn))) {
109 matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
110 if (!matches[count]) {
111 for (i = 0; i < count; i++) {
112 SAFE_FREE(matches[count]);
120 commands = commands->next;
124 SAFE_FREE(matches[0]);
125 matches[0] = SMB_STRDUP(matches[1]);
127 matches[count] = NULL;
131 static char *next_command (char **cmdstr)
136 if (!cmdstr || !(*cmdstr))
139 p = strchr_m(*cmdstr, ';');
142 command = SMB_STRDUP(*cmdstr);
151 /* Fetch the SID for this computer */
153 static void fetch_machine_sid(struct cli_state *cli)
155 struct policy_handle pol;
156 NTSTATUS result = NT_STATUS_OK, status;
157 static bool got_domain_sid;
159 struct rpc_pipe_client *lsapipe = NULL;
160 union lsa_PolicyInformation *info = NULL;
161 struct dcerpc_binding_handle *b;
163 if (got_domain_sid) return;
165 if (!(mem_ctx=talloc_init("fetch_machine_sid"))) {
166 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
170 result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
172 if (!NT_STATUS_IS_OK(result)) {
173 fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
177 b = lsapipe->binding_handle;
179 result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True,
180 SEC_FLAG_MAXIMUM_ALLOWED,
182 if (!NT_STATUS_IS_OK(result)) {
186 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
188 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
191 if (!NT_STATUS_IS_OK(status)) {
195 if (!NT_STATUS_IS_OK(result)) {
199 got_domain_sid = True;
200 sid_copy(&domain_sid, info->account_domain.sid);
202 dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
203 TALLOC_FREE(lsapipe);
204 talloc_destroy(mem_ctx);
211 TALLOC_FREE(lsapipe);
214 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
216 if (!NT_STATUS_IS_OK(result)) {
217 fprintf(stderr, "error: %s\n", nt_errstr(result));
223 /* List the available commands on a given pipe */
225 static NTSTATUS cmd_listcommands(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
226 int argc, const char **argv)
228 struct cmd_list *tmp;
229 struct cmd_set *tmp_set;
235 printf("Usage: %s <pipe>\n", argv[0]);
239 /* Help on one command */
241 for (tmp = cmd_list; tmp; tmp = tmp->next)
243 tmp_set = tmp->cmd_set;
245 if (!strcasecmp_m(argv[1], tmp_set->name))
247 printf("Available commands on the %s pipe:\n\n", tmp_set->name);
251 while(tmp_set->name) {
252 printf("%30s", tmp_set->name);
259 /* drop out of the loop */
268 /* Display help on commands */
270 static NTSTATUS cmd_help(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
271 int argc, const char **argv)
273 struct cmd_list *tmp;
274 struct cmd_set *tmp_set;
279 printf("Usage: %s [command]\n", argv[0]);
283 /* Help on one command */
286 for (tmp = cmd_list; tmp; tmp = tmp->next) {
288 tmp_set = tmp->cmd_set;
290 while(tmp_set->name) {
291 if (strequal(argv[1], tmp_set->name)) {
292 if (tmp_set->usage &&
294 printf("%s\n", tmp_set->usage);
296 printf("No help for %s\n", tmp_set->name);
305 printf("No such command: %s\n", argv[1]);
309 /* List all commands */
311 for (tmp = cmd_list; tmp; tmp = tmp->next) {
313 tmp_set = tmp->cmd_set;
315 while(tmp_set->name) {
317 printf("%15s\t\t%s\n", tmp_set->name,
318 tmp_set->description ? tmp_set->description:
328 /* Change the debug level */
330 static NTSTATUS cmd_debuglevel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
331 int argc, const char **argv)
334 printf("Usage: %s [debuglevel]\n", argv[0]);
339 lp_set_cmdline("log level", argv[1]);
342 printf("debuglevel is %d\n", DEBUGLEVEL);
347 static NTSTATUS cmd_quit(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
348 int argc, const char **argv)
351 return NT_STATUS_OK; /* NOTREACHED */
354 static NTSTATUS cmd_set_ss_level(void)
356 struct cmd_list *tmp;
358 /* Close any existing connections not at this level. */
360 for (tmp = cmd_list; tmp; tmp = tmp->next) {
361 struct cmd_set *tmp_set;
363 for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
364 if (tmp_set->rpc_pipe == NULL) {
368 if ((tmp_set->rpc_pipe->auth->auth_type
369 != pipe_default_auth_type)
370 || (tmp_set->rpc_pipe->auth->auth_level
371 != pipe_default_auth_level)) {
372 TALLOC_FREE(tmp_set->rpc_pipe);
373 tmp_set->rpc_pipe = NULL;
380 static NTSTATUS cmd_set_transport(void)
382 struct cmd_list *tmp;
384 /* Close any existing connections not at this level. */
386 for (tmp = cmd_list; tmp; tmp = tmp->next) {
387 struct cmd_set *tmp_set;
389 for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
390 if (tmp_set->rpc_pipe == NULL) {
394 if (tmp_set->rpc_pipe->transport->transport != default_transport) {
395 TALLOC_FREE(tmp_set->rpc_pipe);
396 tmp_set->rpc_pipe = NULL;
403 static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
404 int argc, const char **argv)
406 const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
407 const char *type = "NTLMSSP";
409 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
410 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
413 printf("Usage: %s %s\n", argv[0], p);
419 if (strequal(type, "KRB5")) {
420 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
421 } else if (strequal(type, "KRB5_SPNEGO")) {
422 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
423 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
424 } else if (strequal(type, "NTLMSSP")) {
425 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
426 } else if (strequal(type, "NTLMSSP_SPNEGO")) {
427 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
428 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
429 } else if (strequal(type, "SCHANNEL")) {
430 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
432 printf("unknown type %s\n", type);
433 printf("Usage: %s %s\n", argv[0], p);
434 return NT_STATUS_INVALID_LEVEL;
438 d_printf("Setting %s - sign\n", type);
440 return cmd_set_ss_level();
443 static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
444 int argc, const char **argv)
446 const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
447 const char *type = "NTLMSSP";
449 pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
450 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
453 printf("Usage: %s %s\n", argv[0], p);
459 if (strequal(type, "KRB5")) {
460 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
461 } else if (strequal(type, "KRB5_SPNEGO")) {
462 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
463 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
464 } else if (strequal(type, "NTLMSSP")) {
465 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
466 } else if (strequal(type, "NTLMSSP_SPNEGO")) {
467 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
468 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
469 } else if (strequal(type, "SCHANNEL")) {
470 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
472 printf("unknown type %s\n", type);
473 printf("Usage: %s %s\n", argv[0], p);
474 return NT_STATUS_INVALID_LEVEL;
478 d_printf("Setting %s - sign and seal\n", type);
480 return cmd_set_ss_level();
483 static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
484 int argc, const char **argv)
486 struct cmd_list *tmp;
489 printf("Usage: %s timeout\n", argv[0]);
494 timeout = atoi(argv[1]);
496 for (tmp = cmd_list; tmp; tmp = tmp->next) {
498 struct cmd_set *tmp_set;
500 for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
501 if (tmp_set->rpc_pipe == NULL) {
505 rpccli_set_timeout(tmp_set->rpc_pipe, timeout);
510 printf("timeout is %d\n", timeout);
516 static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
517 int argc, const char **argv)
519 pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE;
520 pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE;
521 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE;
523 return cmd_set_ss_level();
526 static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
527 int argc, const char **argv)
529 d_printf("Setting schannel - sign and seal\n");
530 pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
531 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
533 return cmd_set_ss_level();
536 static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
537 int argc, const char **argv)
539 d_printf("Setting schannel - sign only\n");
540 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
541 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
543 return cmd_set_ss_level();
546 static NTSTATUS cmd_choose_transport(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
547 int argc, const char **argv)
552 printf("Usage: %s [NCACN_NP|NCACN_IP_TCP]\n", argv[0]);
556 if (strequal(argv[1], "NCACN_NP")) {
557 default_transport = NCACN_NP;
558 } else if (strequal(argv[1], "NCACN_IP_TCP")) {
559 default_transport = NCACN_IP_TCP;
561 printf("transport type: %s unknown or not supported\n", argv[1]);
562 return NT_STATUS_NOT_SUPPORTED;
565 status = cmd_set_transport();
566 if (!NT_STATUS_IS_OK(status)) {
570 printf("default transport is now: %s\n", argv[1]);
575 /* Built in rpcclient commands */
577 static struct cmd_set rpcclient_commands[] = {
579 { "GENERAL OPTIONS" },
581 { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, NULL, NULL, "Get help on commands", "[command]" },
582 { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, NULL, NULL, "Get help on commands", "[command]" },
583 { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, NULL, NULL, "Set debug level", "level" },
584 { "debug", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, NULL, NULL, "Set debug level", "level" },
585 { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, NULL, NULL, "List available commands on <pipe>", "pipe" },
586 { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" },
587 { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, NULL, NULL, "Exit program", "" },
588 { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed", "" },
589 { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, NULL, NULL, "Force RPC pipe connections to be sealed", "" },
590 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" },
591 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" },
592 { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseconds) for RPC operations", "" },
593 { "transport", RPC_RTYPE_NTSTATUS, cmd_choose_transport, NULL, NULL, NULL, "Choose ncacn transport for RPC operations", "" },
594 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, NULL, NULL, "Force RPC pipe connections to have no special properties", "" },
599 static struct cmd_set separator_command[] = {
600 { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, NULL, NULL, "----------------------" },
605 /* Various pipe commands */
607 extern struct cmd_set lsarpc_commands[];
608 extern struct cmd_set samr_commands[];
609 extern struct cmd_set spoolss_commands[];
610 extern struct cmd_set netlogon_commands[];
611 extern struct cmd_set srvsvc_commands[];
612 extern struct cmd_set dfs_commands[];
613 extern struct cmd_set ds_commands[];
614 extern struct cmd_set echo_commands[];
615 extern struct cmd_set epmapper_commands[];
616 extern struct cmd_set shutdown_commands[];
617 extern struct cmd_set test_commands[];
618 extern struct cmd_set wkssvc_commands[];
619 extern struct cmd_set ntsvcs_commands[];
620 extern struct cmd_set drsuapi_commands[];
621 extern struct cmd_set eventlog_commands[];
622 extern struct cmd_set winreg_commands[];
623 extern struct cmd_set fss_commands[];
625 static struct cmd_set *rpcclient_command_list[] = {
647 static void add_command_set(struct cmd_set *cmd_set)
649 struct cmd_list *entry;
651 if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
652 DEBUG(0, ("out of memory\n"));
658 entry->cmd_set = cmd_set;
659 DLIST_ADD(cmd_list, entry);
664 * Call an rpcclient function, passing an argv array.
666 * @param cmd Command to run, as a single string.
668 static NTSTATUS do_cmd(struct cli_state *cli,
669 struct user_auth_info *auth_info,
670 struct cmd_set *cmd_entry,
671 struct dcerpc_binding *binding,
672 int argc, const char **argv)
681 if (!(mem_ctx = talloc_stackframe())) {
682 DEBUG(0, ("talloc_init() failed\n"));
683 return NT_STATUS_NO_MEMORY;
688 if ((cmd_entry->table != NULL) && (cmd_entry->rpc_pipe == NULL)) {
689 switch (pipe_default_auth_type) {
690 case DCERPC_AUTH_TYPE_NONE:
691 ntresult = cli_rpc_pipe_open_noauth_transport(
692 cli, default_transport,
694 &cmd_entry->rpc_pipe);
696 case DCERPC_AUTH_TYPE_SPNEGO:
698 /* won't happen, but if it does it will fail in cli_rpc_pipe_open_spnego() eventually */
699 const char *oid = "INVALID";
700 switch (pipe_default_auth_spnego_type) {
701 case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
702 oid = GENSEC_OID_NTLMSSP;
704 case PIPE_AUTH_TYPE_SPNEGO_KRB5:
705 oid = GENSEC_OID_KERBEROS5;
707 case PIPE_AUTH_TYPE_SPNEGO_NONE:
710 ntresult = cli_rpc_pipe_open_spnego(
711 cli, cmd_entry->table,
714 pipe_default_auth_level,
715 smbXcli_conn_remote_name(cli->conn),
716 get_cmdline_auth_info_domain(auth_info),
717 get_cmdline_auth_info_username(auth_info),
718 get_cmdline_auth_info_password(auth_info),
719 &cmd_entry->rpc_pipe);
722 case DCERPC_AUTH_TYPE_NTLMSSP:
723 case DCERPC_AUTH_TYPE_KRB5:
724 ntresult = cli_rpc_pipe_open_generic_auth(
725 cli, cmd_entry->table,
727 pipe_default_auth_type,
728 pipe_default_auth_level,
729 smbXcli_conn_remote_name(cli->conn),
730 get_cmdline_auth_info_domain(auth_info),
731 get_cmdline_auth_info_username(auth_info),
732 get_cmdline_auth_info_password(auth_info),
733 &cmd_entry->rpc_pipe);
735 case DCERPC_AUTH_TYPE_SCHANNEL:
736 ntresult = cli_rpc_pipe_open_schannel(
737 cli, cmd_entry->table,
739 pipe_default_auth_level,
740 get_cmdline_auth_info_domain(auth_info),
741 &cmd_entry->rpc_pipe);
744 DEBUG(0, ("Could not initialise %s. Invalid "
746 cmd_entry->table->name,
747 pipe_default_auth_type ));
748 talloc_free(mem_ctx);
749 return NT_STATUS_UNSUCCESSFUL;
751 if (!NT_STATUS_IS_OK(ntresult)) {
752 DEBUG(0, ("Could not initialise %s. Error was %s\n",
753 cmd_entry->table->name,
754 nt_errstr(ntresult) ));
755 talloc_free(mem_ctx);
759 if (ndr_syntax_id_equal(&cmd_entry->table->syntax_id,
760 &ndr_table_netlogon.syntax_id)) {
761 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS |
762 NETLOGON_NEG_SUPPORTS_AES;
763 enum netr_SchannelType sec_channel_type;
764 uchar trust_password[16];
765 const char *machine_account;
767 if (!get_trust_pw_hash(get_cmdline_auth_info_domain(auth_info),
768 trust_password, &machine_account,
771 talloc_free(mem_ctx);
772 return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
775 ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
776 cmd_entry->rpc_pipe->desthost, /* server name */
777 get_cmdline_auth_info_domain(auth_info), /* domain */
778 lp_netbios_name(), /* client name */
779 machine_account, /* machine account name */
784 if (!NT_STATUS_IS_OK(ntresult)) {
785 DEBUG(0, ("Could not initialise credentials for %s.\n",
786 cmd_entry->table->name));
787 talloc_free(mem_ctx);
795 if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
796 ntresult = cmd_entry->ntfn(cmd_entry->rpc_pipe, mem_ctx, argc, argv);
797 if (!NT_STATUS_IS_OK(ntresult)) {
798 printf("result was %s\n", nt_errstr(ntresult));
801 wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, argv);
802 /* print out the DOS error */
803 if (!W_ERROR_IS_OK(wresult)) {
804 printf( "result was %s\n", win_errstr(wresult));
806 ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
811 talloc_free(mem_ctx);
818 * Process a command entered at the prompt or as part of -c
820 * @returns The NTSTATUS from running the command.
822 static NTSTATUS process_cmd(struct user_auth_info *auth_info,
823 struct cli_state *cli,
824 struct dcerpc_binding *binding,
827 struct cmd_list *temp_list;
828 NTSTATUS result = NT_STATUS_OK;
831 const char **argv = NULL;
833 if ((ret = poptParseArgvString(cmd, &argc, &argv)) != 0) {
834 fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
835 return NT_STATUS_UNSUCCESSFUL;
839 /* Walk through a dlist of arrays of commands. */
840 for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
841 struct cmd_set *temp_set = temp_list->cmd_set;
843 while (temp_set->name) {
844 if (strequal(argv[0], temp_set->name)) {
845 if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
846 !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
847 fprintf (stderr, "Invalid command\n");
851 result = do_cmd(cli, auth_info, temp_set,
852 binding, argc, argv);
861 printf("command not found: %s\n", argv[0]);
866 if (!NT_STATUS_IS_OK(result)) {
867 printf("result was %s\n", nt_errstr(result));
871 /* NOTE: popt allocates the whole argv, including the
872 * strings, as a single block. So a single free is
873 * enough to release it -- we don't free the
874 * individual strings. rtfm. */
883 int main(int argc, char *argv[])
885 const char **const_argv = discard_const_p(const char *, argv);
887 static char *cmdstr = NULL;
889 struct cli_state *cli = NULL;
890 static char *opt_ipaddr=NULL;
891 struct cmd_set **cmd_set;
892 struct sockaddr_storage server_ss;
894 static int opt_port = 0;
896 TALLOC_CTX *frame = talloc_stackframe();
898 struct dcerpc_binding *binding = NULL;
899 const char *binding_string = NULL;
900 char *user, *domain, *q;
902 /* make sure the vars that get altered (4th field) are in
903 a fixed location or certain compilers complain */
905 struct poptOption long_options[] = {
907 {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
908 {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
909 {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"},
911 POPT_COMMON_CONNECTION
912 POPT_COMMON_CREDENTIALS
918 zero_sockaddr(&server_ss);
922 /* the following functions are part of the Samba debugging
923 facilities. See lib/debug.c */
924 setup_logging("rpcclient", DEBUG_STDOUT);
926 rpcclient_auth_info = user_auth_info_init(frame);
927 if (rpcclient_auth_info == NULL) {
930 popt_common_set_auth_info(rpcclient_auth_info);
934 pc = poptGetContext("rpcclient", argc, const_argv,
938 poptPrintHelp(pc, stderr, 0);
942 while((opt = poptGetNextOpt(pc)) != -1) {
946 if (!interpret_string_addr(&server_ss,
949 fprintf(stderr, "%s not a valid IP address\n",
957 /* Get server as remaining unparsed argument. Print usage if more
958 than one unparsed argument is present. */
960 server = poptGetArg(pc);
962 if (!server || poptGetArg(pc)) {
963 poptPrintHelp(pc, stderr, 0);
969 popt_burn_cmdline_password(argc, argv);
976 /* Load smb.conf file */
978 if (!lp_load_global(get_dyn_CONFIGFILE()))
979 fprintf(stderr, "Can't load %s\n", get_dyn_CONFIGFILE());
981 /* We must load interfaces after we load the smb.conf */
986 * from stdin if necessary
989 if (get_cmdline_auth_info_use_machine_account(rpcclient_auth_info) &&
990 !set_cmdline_auth_info_machine_account_creds(rpcclient_auth_info)) {
995 set_cmdline_auth_info_getpass(rpcclient_auth_info);
997 if ((server[0] == '/' && server[1] == '/') ||
998 (server[0] == '\\' && server[1] == '\\')) {
1002 nt_status = dcerpc_parse_binding(frame, server, &binding);
1004 if (!NT_STATUS_IS_OK(nt_status)) {
1006 binding_string = talloc_asprintf(frame, "ncacn_np:%s",
1007 strip_hostname(server));
1008 if (!binding_string) {
1013 nt_status = dcerpc_parse_binding(frame, binding_string, &binding);
1014 if (!NT_STATUS_IS_OK(nt_status)) {
1020 if (binding->transport == NCA_UNKNOWN) {
1021 binding->transport = NCACN_NP;
1024 if (binding->flags & DCERPC_SIGN) {
1025 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
1026 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
1028 if (binding->flags & DCERPC_SEAL) {
1029 pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
1030 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
1032 if (binding->flags & DCERPC_AUTH_SPNEGO) {
1033 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
1034 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
1036 if (binding->flags & DCERPC_AUTH_NTLM) {
1037 /* If neither Integrity or Privacy are requested then
1038 * Use just Connect level */
1039 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
1040 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
1043 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
1044 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
1046 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
1049 if (binding->flags & DCERPC_AUTH_KRB5) {
1050 /* If neither Integrity or Privacy are requested then
1051 * Use just Connect level */
1052 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
1053 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
1056 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
1057 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
1059 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
1063 if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
1064 flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
1065 CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS;
1067 if (get_cmdline_auth_info_use_ccache(rpcclient_auth_info)) {
1068 flags |= CLI_FULL_CONNECTION_USE_CCACHE;
1071 user = talloc_strdup(frame, get_cmdline_auth_info_username(rpcclient_auth_info));
1072 SMB_ASSERT(user != NULL);
1073 domain = talloc_strdup(frame, lp_workgroup());
1074 SMB_ASSERT(domain != NULL);
1075 set_cmdline_auth_info_domain(rpcclient_auth_info, domain);
1077 if ((q = strchr_m(user,'\\'))) {
1079 set_cmdline_auth_info_domain(rpcclient_auth_info, user);
1080 set_cmdline_auth_info_username(rpcclient_auth_info, q+1);
1084 nt_status = cli_full_connection(&cli, lp_netbios_name(), binding->host,
1085 opt_ipaddr ? &server_ss : NULL, opt_port,
1087 get_cmdline_auth_info_username(rpcclient_auth_info),
1088 get_cmdline_auth_info_domain(rpcclient_auth_info),
1089 get_cmdline_auth_info_password(rpcclient_auth_info),
1091 get_cmdline_auth_info_signing_state(rpcclient_auth_info));
1093 if (!NT_STATUS_IS_OK(nt_status)) {
1094 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
1099 if (get_cmdline_auth_info_smb_encrypt(rpcclient_auth_info)) {
1100 nt_status = cli_cm_force_encryption(cli,
1101 get_cmdline_auth_info_username(rpcclient_auth_info),
1102 get_cmdline_auth_info_password(rpcclient_auth_info),
1103 get_cmdline_auth_info_domain(rpcclient_auth_info),
1105 if (!NT_STATUS_IS_OK(nt_status)) {
1111 #if 0 /* COMMENT OUT FOR TESTING */
1112 memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
1115 /* Load command lists */
1117 timeout = cli_set_timeout(cli, 10000);
1119 cmd_set = rpcclient_command_list;
1122 add_command_set(*cmd_set);
1123 add_command_set(separator_command);
1127 default_transport = binding->transport;
1129 fetch_machine_sid(cli);
1131 /* Do anything specified with -c */
1132 if (cmdstr && cmdstr[0]) {
1138 while((cmd=next_command(&p)) != NULL) {
1139 NTSTATUS cmd_result = process_cmd(rpcclient_auth_info, cli,
1142 result = NT_STATUS_IS_ERR(cmd_result);
1148 /* Loop around accepting commands */
1153 line = smb_readline("rpcclient $> ", NULL, completion_fn);
1158 if (line[0] != '\n')
1159 process_cmd(rpcclient_auth_info, cli, binding, line);