2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
29 /* List to hold groups of commands.
31 * Commands are defined in a list of arrays: arrays are easy to
32 * statically declare, and lists are easier to dynamically extend.
35 static struct cmd_list {
36 struct cmd_list *prev, *next;
37 struct cmd_set *cmd_set;
40 /****************************************************************************
41 handle completion of commands for readline
42 ****************************************************************************/
43 static char **completion_fn(const char *text, int start, int end)
45 #define MAX_COMPLETIONS 100
48 struct cmd_list *commands = cmd_list;
51 /* FIXME!!! -- what to do when completing argument? */
52 /* for words not at the start of the line fallback
53 to filename completion */
58 /* make sure we have a list of valid commands */
62 matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
63 if (!matches) return NULL;
65 matches[count++] = strdup(text);
66 if (!matches[0]) return NULL;
68 while (commands && count < MAX_COMPLETIONS-1)
70 if (!commands->cmd_set)
73 for (i=0; commands->cmd_set[i].name; i++)
75 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
76 (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
77 commands->cmd_set[i].ntfn ) ||
78 ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
79 commands->cmd_set[i].wfn)))
81 matches[count] = strdup(commands->cmd_set[i].name);
88 commands = commands->next;
93 SAFE_FREE(matches[0]);
94 matches[0] = strdup(matches[1]);
96 matches[count] = NULL;
100 static char* next_command (char** cmdstr)
102 static pstring command;
105 if (!cmdstr || !(*cmdstr))
108 p = strchr_m(*cmdstr, ';');
111 pstrcpy(command, *cmdstr);
120 /* Fetch the SID for this computer */
122 static void fetch_machine_sid(struct cli_state *cli)
125 NTSTATUS result = NT_STATUS_OK;
126 uint32 info_class = 5;
128 static BOOL got_domain_sid;
131 if (got_domain_sid) return;
133 if (!(mem_ctx=talloc_init("fetch_machine_sid")))
135 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
140 if (!cli_nt_session_open (cli, PI_LSARPC)) {
141 fprintf(stderr, "could not initialise lsa pipe\n");
145 result = cli_lsa_open_policy(cli, mem_ctx, True,
146 SEC_RIGHTS_MAXIMUM_ALLOWED,
148 if (!NT_STATUS_IS_OK(result)) {
152 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
153 domain_name, &domain_sid);
154 if (!NT_STATUS_IS_OK(result)) {
158 got_domain_sid = True;
160 cli_lsa_close(cli, mem_ctx, &pol);
161 cli_nt_session_close(cli);
162 talloc_destroy(mem_ctx);
167 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
169 if (!NT_STATUS_IS_OK(result)) {
170 fprintf(stderr, "error: %s\n", nt_errstr(result));
176 /* List the available commands on a given pipe */
178 static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
179 int argc, const char **argv)
181 struct cmd_list *tmp;
182 struct cmd_set *tmp_set;
188 printf("Usage: %s <pipe>\n", argv[0]);
192 /* Help on one command */
194 for (tmp = cmd_list; tmp; tmp = tmp->next)
196 tmp_set = tmp->cmd_set;
198 if (!StrCaseCmp(argv[1], tmp_set->name))
200 printf("Available commands on the %s pipe:\n\n", tmp_set->name);
204 while(tmp_set->name) {
205 printf("%20s", tmp_set->name);
212 /* drop out of the loop */
221 /* Display help on commands */
223 static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
224 int argc, const char **argv)
226 struct cmd_list *tmp;
227 struct cmd_set *tmp_set;
232 printf("Usage: %s [command]\n", argv[0]);
236 /* Help on one command */
239 for (tmp = cmd_list; tmp; tmp = tmp->next) {
241 tmp_set = tmp->cmd_set;
243 while(tmp_set->name) {
244 if (strequal(argv[1], tmp_set->name)) {
245 if (tmp_set->usage &&
247 printf("%s\n", tmp_set->usage);
249 printf("No help for %s\n", tmp_set->name);
258 printf("No such command: %s\n", argv[1]);
262 /* List all commands */
264 for (tmp = cmd_list; tmp; tmp = tmp->next) {
266 tmp_set = tmp->cmd_set;
268 while(tmp_set->name) {
270 printf("%15s\t\t%s\n", tmp_set->name,
271 tmp_set->description ? tmp_set->description:
281 /* Change the debug level */
283 static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
284 int argc, const char **argv)
287 printf("Usage: %s [debuglevel]\n", argv[0]);
292 DEBUGLEVEL = atoi(argv[1]);
295 printf("debuglevel is %d\n", DEBUGLEVEL);
300 static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
301 int argc, const char **argv)
304 return NT_STATUS_OK; /* NOTREACHED */
307 static NTSTATUS cmd_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
308 int argc, const char **argv)
310 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN)) {
313 /* still have session, just need to use it again */
314 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
315 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
316 if (cli->nt_pipe_fnum != 0)
317 cli_nt_session_close(cli);
323 static NTSTATUS cmd_seal(struct cli_state *cli, TALLOC_CTX *mem_ctx,
324 int argc, const char **argv)
326 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
329 /* still have session, just need to use it again */
330 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
331 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
332 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
333 if (cli->nt_pipe_fnum != 0)
334 cli_nt_session_close(cli);
339 static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
340 int argc, const char **argv)
342 if (cli->pipe_auth_flags == 0) {
345 /* still have session, just need to use it again */
346 cli->pipe_auth_flags = 0;
347 if (cli->nt_pipe_fnum != 0)
348 cli_nt_session_close(cli);
350 cli->pipe_auth_flags = 0;
355 static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
356 int argc, const char **argv)
359 static uchar zeros[16];
360 uchar trust_password[16];
361 uint32 sec_channel_type;
363 strhex_to_str((char *)cli->auth_info.sess_key,
366 memcpy(cli->sess_key, cli->auth_info.sess_key, sizeof(cli->sess_key));
368 cli->pipe_auth_flags = pipe_auth_flags;
374 if ((memcmp(cli->auth_info.sess_key, zeros, sizeof(cli->auth_info.sess_key)) != 0)) {
375 if (cli->pipe_auth_flags == pipe_auth_flags) {
376 /* already in this mode nothing to do */
379 /* schannel is setup, just need to use it again with new flags */
380 cli->pipe_auth_flags = pipe_auth_flags;
382 if (cli->nt_pipe_fnum != 0)
383 cli_nt_session_close(cli);
388 if (cli->nt_pipe_fnum != 0)
389 cli_nt_session_close(cli);
391 if (!secrets_fetch_trust_account_password(lp_workgroup(),
393 NULL, &sec_channel_type)) {
394 return NT_STATUS_UNSUCCESSFUL;
397 ret = cli_nt_setup_netsec(cli, sec_channel_type, pipe_auth_flags, trust_password);
398 if (NT_STATUS_IS_OK(ret)) {
399 char *hex_session_key;
400 hex_encode(cli->auth_info.sess_key,
401 sizeof(cli->auth_info.sess_key),
403 printf("Got Session key: %s\n", hex_session_key);
404 SAFE_FREE(hex_session_key);
410 static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
411 int argc, const char **argv)
413 d_printf("Setting schannel - sign and seal\n");
414 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL,
418 static NTSTATUS cmd_schannel_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
419 int argc, const char **argv)
421 d_printf("Setting schannel - sign only\n");
422 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN,
427 /* Built in rpcclient commands */
429 static struct cmd_set rpcclient_commands[] = {
431 { "GENERAL OPTIONS" },
433 { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
434 { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
435 { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, "Set debug level", "level" },
436 { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, "List available commands on <pipe>", "pipe" },
437 { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
438 { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
439 { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" },
440 { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" },
441 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
442 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
443 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" },
448 static struct cmd_set separator_command[] = {
449 { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, "----------------------" },
454 /* Various pipe commands */
456 extern struct cmd_set lsarpc_commands[];
457 extern struct cmd_set samr_commands[];
458 extern struct cmd_set spoolss_commands[];
459 extern struct cmd_set netlogon_commands[];
460 extern struct cmd_set srvsvc_commands[];
461 extern struct cmd_set dfs_commands[];
462 extern struct cmd_set reg_commands[];
463 extern struct cmd_set ds_commands[];
464 extern struct cmd_set echo_commands[];
465 extern struct cmd_set shutdown_commands[];
466 extern struct cmd_set epm_commands[];
468 static struct cmd_set *rpcclient_command_list[] = {
484 static void add_command_set(struct cmd_set *cmd_set)
486 struct cmd_list *entry;
488 if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) {
489 DEBUG(0, ("out of memory\n"));
495 entry->cmd_set = cmd_set;
496 DLIST_ADD(cmd_list, entry);
501 * Call an rpcclient function, passing an argv array.
503 * @param cmd Command to run, as a single string.
505 static NTSTATUS do_cmd(struct cli_state *cli,
506 struct cmd_set *cmd_entry,
507 int argc, char **argv)
511 uchar trust_password[16];
517 if (!(mem_ctx = talloc_init("do_cmd"))) {
518 DEBUG(0, ("talloc_init() failed\n"));
519 return NT_STATUS_NO_MEMORY;
524 if (cmd_entry->pipe_idx != -1
525 && cmd_entry->pipe_idx != cli->pipe_idx) {
526 if (cli->nt_pipe_fnum != 0)
527 cli_nt_session_close(cli);
529 if (!cli_nt_session_open(cli, cmd_entry->pipe_idx)) {
530 DEBUG(0, ("Could not initialise %s\n",
531 get_pipe_name_from_index(cmd_entry->pipe_idx)));
532 return NT_STATUS_UNSUCCESSFUL;
536 /* some of the DsXXX commands use the netlogon pipe */
538 if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
539 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
540 uint32 sec_channel_type;
542 if (!secrets_fetch_trust_account_password(lp_workgroup(),
544 NULL, &sec_channel_type)) {
545 return NT_STATUS_UNSUCCESSFUL;
548 ntresult = cli_nt_setup_creds(cli, sec_channel_type,
551 if (!NT_STATUS_IS_OK(ntresult)) {
552 ZERO_STRUCT(cli->auth_info.sess_key);
553 printf("nt_setup_creds failed with %s\n", nt_errstr(ntresult));
561 if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
562 ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
563 if (!NT_STATUS_IS_OK(ntresult)) {
564 printf("result was %s\n", nt_errstr(ntresult));
567 wresult = cmd_entry->wfn( cli, mem_ctx, argc, (const char **) argv);
568 /* print out the DOS error */
569 if (!W_ERROR_IS_OK(wresult)) {
570 printf( "result was %s\n", dos_errstr(wresult));
572 ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
578 talloc_destroy(mem_ctx);
585 * Process a command entered at the prompt or as part of -c
587 * @returns The NTSTATUS from running the command.
589 static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
591 struct cmd_list *temp_list;
592 NTSTATUS result = NT_STATUS_OK;
597 if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
598 fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
599 return NT_STATUS_UNSUCCESSFUL;
603 /* Walk through a dlist of arrays of commands. */
604 for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
605 struct cmd_set *temp_set = temp_list->cmd_set;
607 while (temp_set->name) {
608 if (strequal(argv[0], temp_set->name)) {
609 if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
610 !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
611 fprintf (stderr, "Invalid command\n");
615 result = do_cmd(cli, temp_set, argc, argv);
624 printf("command not found: %s\n", argv[0]);
629 if (!NT_STATUS_IS_OK(result)) {
630 printf("result was %s\n", nt_errstr(result));
635 /* NOTE: popt allocates the whole argv, including the
636 * strings, as a single block. So a single free is
637 * enough to release it -- we don't free the
638 * individual strings. rtfm. */
648 int main(int argc, char *argv[])
650 BOOL interactive = True;
652 static char *cmdstr = NULL;
654 struct cli_state *cli;
655 static char *opt_ipaddr=NULL;
656 struct cmd_set **cmd_set;
657 struct in_addr server_ip;
660 /* make sure the vars that get altered (4th field) are in
661 a fixed location or certain compilers complain */
663 struct poptOption long_options[] = {
665 {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
666 {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
668 POPT_COMMON_CONNECTION
669 POPT_COMMON_CREDENTIALS
673 ZERO_STRUCT(server_ip);
677 /* the following functions are part of the Samba debugging
678 facilities. See lib/debug.c */
679 setup_logging("rpcclient", interactive);
683 /* Load smb.conf file */
685 if (!lp_load(dyn_CONFIGFILE,True,False,False))
686 fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
690 pc = poptGetContext("rpcclient", argc, (const char **) argv,
694 poptPrintHelp(pc, stderr, 0);
698 while((opt = poptGetNextOpt(pc)) != -1) {
702 if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
703 fprintf(stderr, "%s not a valid IP address\n",
710 /* Get server as remaining unparsed argument. Print usage if more
711 than one unparsed argument is present. */
713 server = poptGetArg(pc);
715 if (!server || poptGetArg(pc)) {
716 poptPrintHelp(pc, stderr, 0);
729 * from stdin if necessary
732 if (!cmdline_auth_info.got_pass) {
733 char *pass = getpass("Password:");
735 pstrcpy(cmdline_auth_info.password, pass);
739 nt_status = cli_full_connection(&cli, global_myname(), server,
740 opt_ipaddr ? &server_ip : NULL, 0,
742 cmdline_auth_info.username,
744 cmdline_auth_info.password,
745 cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
746 cmdline_auth_info.signing_state,NULL);
748 if (!NT_STATUS_IS_OK(nt_status)) {
749 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
753 memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
755 /* Load command lists */
757 cmd_set = rpcclient_command_list;
760 add_command_set(*cmd_set);
761 add_command_set(separator_command);
765 fetch_machine_sid(cli);
767 /* Do anything specified with -c */
768 if (cmdstr && cmdstr[0]) {
773 while((cmd=next_command(&p)) != NULL) {
774 NTSTATUS cmd_result = process_cmd(cli, cmd);
775 result = NT_STATUS_IS_ERR(cmd_result);
782 /* Loop around accepting commands */
788 slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
790 line = smb_readline(prompt, NULL, completion_fn);
796 process_cmd(cli, line);