2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
29 /* List to hold groups of commands.
31 * Commands are defined in a list of arrays: arrays are easy to
32 * statically declare, and lists are easier to dynamically extend.
35 static struct cmd_list {
36 struct cmd_list *prev, *next;
37 struct cmd_set *cmd_set;
40 /****************************************************************************
41 handle completion of commands for readline
42 ****************************************************************************/
43 static char **completion_fn(const char *text, int start, int end)
45 #define MAX_COMPLETIONS 100
48 struct cmd_list *commands = cmd_list;
51 /* FIXME!!! -- what to do when completing argument? */
52 /* for words not at the start of the line fallback
53 to filename completion */
58 /* make sure we have a list of valid commands */
62 matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
63 if (!matches) return NULL;
65 matches[count++] = SMB_STRDUP(text);
66 if (!matches[0]) return NULL;
68 while (commands && count < MAX_COMPLETIONS-1)
70 if (!commands->cmd_set)
73 for (i=0; commands->cmd_set[i].name; i++)
75 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
76 (( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
77 commands->cmd_set[i].ntfn ) ||
78 ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
79 commands->cmd_set[i].wfn)))
81 matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
88 commands = commands->next;
93 SAFE_FREE(matches[0]);
94 matches[0] = SMB_STRDUP(matches[1]);
96 matches[count] = NULL;
100 static char* next_command (char** cmdstr)
102 static pstring command;
105 if (!cmdstr || !(*cmdstr))
108 p = strchr_m(*cmdstr, ';');
111 pstrcpy(command, *cmdstr);
120 /* Fetch the SID for this computer */
122 static void fetch_machine_sid(struct cli_state *cli)
125 NTSTATUS result = NT_STATUS_OK;
126 uint32 info_class = 5;
127 char *domain_name = NULL;
128 static BOOL got_domain_sid;
130 DOM_SID *dom_sid = NULL;
132 if (got_domain_sid) return;
134 if (!(mem_ctx=talloc_init("fetch_machine_sid")))
136 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
141 if (!cli_nt_session_open (cli, PI_LSARPC)) {
142 fprintf(stderr, "could not initialise lsa pipe\n");
146 result = cli_lsa_open_policy(cli, mem_ctx, True,
147 SEC_RIGHTS_MAXIMUM_ALLOWED,
149 if (!NT_STATUS_IS_OK(result)) {
153 result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class,
154 &domain_name, &dom_sid);
155 if (!NT_STATUS_IS_OK(result)) {
159 got_domain_sid = True;
160 sid_copy( &domain_sid, dom_sid );
162 cli_lsa_close(cli, mem_ctx, &pol);
163 cli_nt_session_close(cli);
164 talloc_destroy(mem_ctx);
169 fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);
171 if (!NT_STATUS_IS_OK(result)) {
172 fprintf(stderr, "error: %s\n", nt_errstr(result));
178 /* List the available commands on a given pipe */
180 static NTSTATUS cmd_listcommands(struct cli_state *cli, TALLOC_CTX *mem_ctx,
181 int argc, const char **argv)
183 struct cmd_list *tmp;
184 struct cmd_set *tmp_set;
190 printf("Usage: %s <pipe>\n", argv[0]);
194 /* Help on one command */
196 for (tmp = cmd_list; tmp; tmp = tmp->next)
198 tmp_set = tmp->cmd_set;
200 if (!StrCaseCmp(argv[1], tmp_set->name))
202 printf("Available commands on the %s pipe:\n\n", tmp_set->name);
206 while(tmp_set->name) {
207 printf("%30s", tmp_set->name);
214 /* drop out of the loop */
223 /* Display help on commands */
225 static NTSTATUS cmd_help(struct cli_state *cli, TALLOC_CTX *mem_ctx,
226 int argc, const char **argv)
228 struct cmd_list *tmp;
229 struct cmd_set *tmp_set;
234 printf("Usage: %s [command]\n", argv[0]);
238 /* Help on one command */
241 for (tmp = cmd_list; tmp; tmp = tmp->next) {
243 tmp_set = tmp->cmd_set;
245 while(tmp_set->name) {
246 if (strequal(argv[1], tmp_set->name)) {
247 if (tmp_set->usage &&
249 printf("%s\n", tmp_set->usage);
251 printf("No help for %s\n", tmp_set->name);
260 printf("No such command: %s\n", argv[1]);
264 /* List all commands */
266 for (tmp = cmd_list; tmp; tmp = tmp->next) {
268 tmp_set = tmp->cmd_set;
270 while(tmp_set->name) {
272 printf("%15s\t\t%s\n", tmp_set->name,
273 tmp_set->description ? tmp_set->description:
283 /* Change the debug level */
285 static NTSTATUS cmd_debuglevel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
286 int argc, const char **argv)
289 printf("Usage: %s [debuglevel]\n", argv[0]);
294 DEBUGLEVEL = atoi(argv[1]);
297 printf("debuglevel is %d\n", DEBUGLEVEL);
302 static NTSTATUS cmd_quit(struct cli_state *cli, TALLOC_CTX *mem_ctx,
303 int argc, const char **argv)
306 return NT_STATUS_OK; /* NOTREACHED */
309 static NTSTATUS cmd_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
310 int argc, const char **argv)
312 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN)) {
315 /* still have session, just need to use it again */
316 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
317 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
318 if (cli->pipes[cli->pipe_idx].fnum != 0)
319 cli_nt_session_close(cli);
325 static NTSTATUS cmd_seal(struct cli_state *cli, TALLOC_CTX *mem_ctx,
326 int argc, const char **argv)
328 if (cli->pipe_auth_flags == (AUTH_PIPE_NTLMSSP|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL)) {
331 /* still have session, just need to use it again */
332 cli->pipe_auth_flags = AUTH_PIPE_NTLMSSP;
333 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
334 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
335 if (cli->pipes[cli->pipe_idx].fnum != 0)
336 cli_nt_session_close(cli);
341 static NTSTATUS cmd_none(struct cli_state *cli, TALLOC_CTX *mem_ctx,
342 int argc, const char **argv)
344 if (cli->pipe_auth_flags == 0) {
347 /* still have session, just need to use it again */
348 cli->pipe_auth_flags = 0;
349 if (cli->pipes[cli->pipe_idx].fnum != 0)
350 cli_nt_session_close(cli);
352 cli->pipe_auth_flags = 0;
357 static NTSTATUS setup_schannel(struct cli_state *cli, int pipe_auth_flags,
358 int argc, const char **argv)
361 static uchar zeros[16];
362 uchar trust_password[16];
363 uint32 sec_channel_type;
365 strhex_to_str(cli->sess_key, strlen(argv[1]), argv[1]);
366 cli->pipe_auth_flags = pipe_auth_flags;
372 if ((memcmp(cli->sess_key, zeros, sizeof(cli->sess_key)) != 0) &&
373 (cli->pipe_auth_flags == pipe_auth_flags)) {
374 /* already in this mode nothing to do */
378 if (!secrets_fetch_trust_account_password(lp_workgroup(),
380 NULL, &sec_channel_type)) {
381 return NT_STATUS_UNSUCCESSFUL;
384 ret = cli_nt_setup_netsec(cli, sec_channel_type, pipe_auth_flags, trust_password);
385 if (NT_STATUS_IS_OK(ret)) {
386 char *hex_session_key;
387 hex_encode(cli->pipes[cli->pipe_idx].auth_info.sess_key,
388 sizeof(cli->pipes[cli->pipe_idx].auth_info.sess_key),
390 printf("Got Session key: %s\n", hex_session_key);
391 SAFE_FREE(hex_session_key);
397 static NTSTATUS cmd_schannel(struct cli_state *cli, TALLOC_CTX *mem_ctx,
398 int argc, const char **argv)
400 d_printf("Setting schannel - sign and seal\n");
401 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL,
405 static NTSTATUS cmd_schannel_sign(struct cli_state *cli, TALLOC_CTX *mem_ctx,
406 int argc, const char **argv)
408 d_printf("Setting schannel - sign only\n");
409 return setup_schannel(cli, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN,
414 /* Built in rpcclient commands */
416 static struct cmd_set rpcclient_commands[] = {
418 { "GENERAL OPTIONS" },
420 { "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
421 { "?", RPC_RTYPE_NTSTATUS, cmd_help, NULL, -1, "Get help on commands", "[command]" },
422 { "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL, -1, "Set debug level", "level" },
423 { "list", RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1, "List available commands on <pipe>", "pipe" },
424 { "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
425 { "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL, -1, "Exit program", "" },
426 { "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL, -1, "Force RPC pipe connections to be signed", "" },
427 { "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL, -1, "Force RPC pipe connections to be sealed", "" },
428 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
429 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
430 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, -1, "Force RPC pipe connections to have no special properties", "" },
435 static struct cmd_set separator_command[] = {
436 { "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL, -1, "----------------------" },
441 /* Various pipe commands */
443 extern struct cmd_set lsarpc_commands[];
444 extern struct cmd_set samr_commands[];
445 extern struct cmd_set spoolss_commands[];
446 extern struct cmd_set netlogon_commands[];
447 extern struct cmd_set srvsvc_commands[];
448 extern struct cmd_set dfs_commands[];
449 extern struct cmd_set reg_commands[];
450 extern struct cmd_set ds_commands[];
451 extern struct cmd_set echo_commands[];
452 extern struct cmd_set shutdown_commands[];
454 static struct cmd_set *rpcclient_command_list[] = {
469 static void add_command_set(struct cmd_set *cmd_set)
471 struct cmd_list *entry;
473 if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
474 DEBUG(0, ("out of memory\n"));
480 entry->cmd_set = cmd_set;
481 DLIST_ADD(cmd_list, entry);
486 * Call an rpcclient function, passing an argv array.
488 * @param cmd Command to run, as a single string.
490 static NTSTATUS do_cmd(struct cli_state *cli,
491 struct cmd_set *cmd_entry,
492 int argc, char **argv)
496 uchar trust_password[16];
502 if (!(mem_ctx = talloc_init("do_cmd"))) {
503 DEBUG(0, ("talloc_init() failed\n"));
504 return NT_STATUS_NO_MEMORY;
509 if (cmd_entry->pipe_idx != -1
510 && cmd_entry->pipe_idx != cli->pipe_idx) {
511 if (cli->pipes[cli->pipe_idx].fnum != 0)
512 cli_nt_session_close(cli);
514 if (!cli_nt_session_open(cli, cmd_entry->pipe_idx)) {
515 DEBUG(0, ("Could not initialise %s\n",
516 get_pipe_name_from_index(cmd_entry->pipe_idx)));
517 return NT_STATUS_UNSUCCESSFUL;
521 /* some of the DsXXX commands use the netlogon pipe */
523 if (lp_client_schannel() && (cmd_entry->pipe_idx == PI_NETLOGON) && !(cli->pipe_auth_flags & AUTH_PIPE_NETSEC)) {
524 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
525 uint32 sec_channel_type;
527 if (!secrets_fetch_trust_account_password(lp_workgroup(),
529 NULL, &sec_channel_type)) {
530 return NT_STATUS_UNSUCCESSFUL;
533 ntresult = cli_nt_setup_creds(cli, sec_channel_type,
536 if (!NT_STATUS_IS_OK(ntresult)) {
537 ZERO_STRUCT(cli->pipes[cli->pipe_idx].auth_info.sess_key);
538 printf("nt_setup_creds failed with %s\n", nt_errstr(ntresult));
546 if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
547 ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
548 if (!NT_STATUS_IS_OK(ntresult)) {
549 printf("result was %s\n", nt_errstr(ntresult));
552 wresult = cmd_entry->wfn( cli, mem_ctx, argc, (const char **) argv);
553 /* print out the DOS error */
554 if (!W_ERROR_IS_OK(wresult)) {
555 printf( "result was %s\n", dos_errstr(wresult));
557 ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
563 talloc_destroy(mem_ctx);
570 * Process a command entered at the prompt or as part of -c
572 * @returns The NTSTATUS from running the command.
574 static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
576 struct cmd_list *temp_list;
577 NTSTATUS result = NT_STATUS_OK;
582 if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
583 fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
584 return NT_STATUS_UNSUCCESSFUL;
588 /* Walk through a dlist of arrays of commands. */
589 for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
590 struct cmd_set *temp_set = temp_list->cmd_set;
592 while (temp_set->name) {
593 if (strequal(argv[0], temp_set->name)) {
594 if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
595 !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
596 fprintf (stderr, "Invalid command\n");
600 result = do_cmd(cli, temp_set, argc, argv);
609 printf("command not found: %s\n", argv[0]);
614 if (!NT_STATUS_IS_OK(result)) {
615 printf("result was %s\n", nt_errstr(result));
620 /* NOTE: popt allocates the whole argv, including the
621 * strings, as a single block. So a single free is
622 * enough to release it -- we don't free the
623 * individual strings. rtfm. */
633 int main(int argc, char *argv[])
635 BOOL interactive = True;
637 static char *cmdstr = NULL;
639 struct cli_state *cli;
640 static char *opt_ipaddr=NULL;
641 struct cmd_set **cmd_set;
642 struct in_addr server_ip;
644 static int opt_port = 0;
646 /* make sure the vars that get altered (4th field) are in
647 a fixed location or certain compilers complain */
649 struct poptOption long_options[] = {
651 {"command", 'c', POPT_ARG_STRING, &cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
652 {"dest-ip", 'I', POPT_ARG_STRING, &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
653 {"port", 'p', POPT_ARG_INT, &opt_port, 'p', "Specify port number", "PORT"},
655 POPT_COMMON_CONNECTION
656 POPT_COMMON_CREDENTIALS
660 ZERO_STRUCT(server_ip);
664 /* the following functions are part of the Samba debugging
665 facilities. See lib/debug.c */
666 setup_logging("rpcclient", interactive);
670 /* Load smb.conf file */
672 if (!lp_load(dyn_CONFIGFILE,True,False,False))
673 fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
677 pc = poptGetContext("rpcclient", argc, (const char **) argv,
681 poptPrintHelp(pc, stderr, 0);
685 while((opt = poptGetNextOpt(pc)) != -1) {
689 if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
690 fprintf(stderr, "%s not a valid IP address\n",
697 /* Get server as remaining unparsed argument. Print usage if more
698 than one unparsed argument is present. */
700 server = poptGetArg(pc);
702 if (!server || poptGetArg(pc)) {
703 poptPrintHelp(pc, stderr, 0);
716 * from stdin if necessary
719 if (!cmdline_auth_info.got_pass) {
720 char *pass = getpass("Password:");
722 pstrcpy(cmdline_auth_info.password, pass);
726 nt_status = cli_full_connection(&cli, global_myname(), server,
727 opt_ipaddr ? &server_ip : NULL, opt_port,
729 cmdline_auth_info.username,
731 cmdline_auth_info.password,
732 cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
733 cmdline_auth_info.signing_state,NULL);
735 if (!NT_STATUS_IS_OK(nt_status)) {
736 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status)));
740 memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
742 /* Load command lists */
744 cmd_set = rpcclient_command_list;
747 add_command_set(*cmd_set);
748 add_command_set(separator_command);
752 fetch_machine_sid(cli);
754 /* Do anything specified with -c */
755 if (cmdstr && cmdstr[0]) {
760 while((cmd=next_command(&p)) != NULL) {
761 NTSTATUS cmd_result = process_cmd(cli, cmd);
762 result = NT_STATUS_IS_ERR(cmd_result);
769 /* Loop around accepting commands */
775 slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");
777 line = smb_readline(prompt, NULL, completion_fn);
783 process_cmd(cli, line);