2 Unix SMB/CIFS implementation.
5 Copyright (C) Tim Potter 2000-2001
6 Copyright (C) Martin Pool 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpcclient.h"
30 /* List to hold groups of commands.
32 * Commands are defined in a list of arrays: arrays are easy to
33 * statically declare, and lists are easier to dynamically extend.
36 static struct cmd_list
{
37 struct cmd_list
*prev
, *next
;
38 struct cmd_set
*cmd_set
;
41 /****************************************************************************
42 handle completion of commands for readline
43 ****************************************************************************/
44 static char **completion_fn(const char *text
, int start
, int end
)
46 #define MAX_COMPLETIONS 100
49 struct cmd_list
*commands
= cmd_list
;
52 /* FIXME!!! -- what to do when completing argument? */
53 /* for words not at the start of the line fallback
54 to filename completion */
59 /* make sure we have a list of valid commands */
63 matches
= SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS
);
64 if (!matches
) return NULL
;
66 matches
[count
++] = SMB_STRDUP(text
);
67 if (!matches
[0]) return NULL
;
69 while (commands
&& count
< MAX_COMPLETIONS
-1)
71 if (!commands
->cmd_set
)
74 for (i
=0; commands
->cmd_set
[i
].name
; i
++)
76 if ((strncmp(text
, commands
->cmd_set
[i
].name
, strlen(text
)) == 0) &&
77 (( commands
->cmd_set
[i
].returntype
== RPC_RTYPE_NTSTATUS
&&
78 commands
->cmd_set
[i
].ntfn
) ||
79 ( commands
->cmd_set
[i
].returntype
== RPC_RTYPE_WERROR
&&
80 commands
->cmd_set
[i
].wfn
)))
82 matches
[count
] = SMB_STRDUP(commands
->cmd_set
[i
].name
);
89 commands
= commands
->next
;
94 SAFE_FREE(matches
[0]);
95 matches
[0] = SMB_STRDUP(matches
[1]);
97 matches
[count
] = NULL
;
101 static char* next_command (char** cmdstr
)
103 static pstring command
;
106 if (!cmdstr
|| !(*cmdstr
))
109 p
= strchr_m(*cmdstr
, ';');
112 pstrcpy(command
, *cmdstr
);
121 /* Fetch the SID for this computer */
123 static void fetch_machine_sid(struct cli_state
*cli
)
126 NTSTATUS result
= NT_STATUS_OK
;
127 uint32 info_class
= 5;
128 char *domain_name
= NULL
;
129 static BOOL got_domain_sid
;
131 DOM_SID
*dom_sid
= NULL
;
133 if (got_domain_sid
) return;
135 if (!(mem_ctx
=talloc_init("fetch_machine_sid")))
137 DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
142 if (!cli_nt_session_open (cli
, PI_LSARPC
)) {
143 fprintf(stderr
, "could not initialise lsa pipe\n");
147 result
= cli_lsa_open_policy(cli
, mem_ctx
, True
,
148 SEC_RIGHTS_MAXIMUM_ALLOWED
,
150 if (!NT_STATUS_IS_OK(result
)) {
154 result
= cli_lsa_query_info_policy(cli
, mem_ctx
, &pol
, info_class
,
155 &domain_name
, &dom_sid
);
156 if (!NT_STATUS_IS_OK(result
)) {
160 got_domain_sid
= True
;
161 sid_copy( &domain_sid
, dom_sid
);
163 cli_lsa_close(cli
, mem_ctx
, &pol
);
164 cli_nt_session_close(cli
);
165 talloc_destroy(mem_ctx
);
170 fprintf(stderr
, "could not obtain sid for domain %s\n", cli
->domain
);
172 if (!NT_STATUS_IS_OK(result
)) {
173 fprintf(stderr
, "error: %s\n", nt_errstr(result
));
179 /* List the available commands on a given pipe */
181 static NTSTATUS
cmd_listcommands(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
182 int argc
, const char **argv
)
184 struct cmd_list
*tmp
;
185 struct cmd_set
*tmp_set
;
191 printf("Usage: %s <pipe>\n", argv
[0]);
195 /* Help on one command */
197 for (tmp
= cmd_list
; tmp
; tmp
= tmp
->next
)
199 tmp_set
= tmp
->cmd_set
;
201 if (!StrCaseCmp(argv
[1], tmp_set
->name
))
203 printf("Available commands on the %s pipe:\n\n", tmp_set
->name
);
207 while(tmp_set
->name
) {
208 printf("%20s", tmp_set
->name
);
215 /* drop out of the loop */
224 /* Display help on commands */
226 static NTSTATUS
cmd_help(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
227 int argc
, const char **argv
)
229 struct cmd_list
*tmp
;
230 struct cmd_set
*tmp_set
;
235 printf("Usage: %s [command]\n", argv
[0]);
239 /* Help on one command */
242 for (tmp
= cmd_list
; tmp
; tmp
= tmp
->next
) {
244 tmp_set
= tmp
->cmd_set
;
246 while(tmp_set
->name
) {
247 if (strequal(argv
[1], tmp_set
->name
)) {
248 if (tmp_set
->usage
&&
250 printf("%s\n", tmp_set
->usage
);
252 printf("No help for %s\n", tmp_set
->name
);
261 printf("No such command: %s\n", argv
[1]);
265 /* List all commands */
267 for (tmp
= cmd_list
; tmp
; tmp
= tmp
->next
) {
269 tmp_set
= tmp
->cmd_set
;
271 while(tmp_set
->name
) {
273 printf("%15s\t\t%s\n", tmp_set
->name
,
274 tmp_set
->description
? tmp_set
->description
:
284 /* Change the debug level */
286 static NTSTATUS
cmd_debuglevel(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
287 int argc
, const char **argv
)
290 printf("Usage: %s [debuglevel]\n", argv
[0]);
295 DEBUGLEVEL
= atoi(argv
[1]);
298 printf("debuglevel is %d\n", DEBUGLEVEL
);
303 static NTSTATUS
cmd_quit(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
304 int argc
, const char **argv
)
307 return NT_STATUS_OK
; /* NOTREACHED */
310 static NTSTATUS
cmd_sign(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
311 int argc
, const char **argv
)
313 if (cli
->pipe_auth_flags
== (AUTH_PIPE_NTLMSSP
|AUTH_PIPE_SIGN
)) {
316 /* still have session, just need to use it again */
317 cli
->pipe_auth_flags
= AUTH_PIPE_NTLMSSP
;
318 cli
->pipe_auth_flags
|= AUTH_PIPE_SIGN
;
319 if (cli
->nt_pipe_fnum
[cli
->pipe_idx
] != 0)
320 cli_nt_session_close(cli
);
326 static NTSTATUS
cmd_seal(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
327 int argc
, const char **argv
)
329 if (cli
->pipe_auth_flags
== (AUTH_PIPE_NTLMSSP
|AUTH_PIPE_SIGN
|AUTH_PIPE_SEAL
)) {
332 /* still have session, just need to use it again */
333 cli
->pipe_auth_flags
= AUTH_PIPE_NTLMSSP
;
334 cli
->pipe_auth_flags
|= AUTH_PIPE_SIGN
;
335 cli
->pipe_auth_flags
|= AUTH_PIPE_SEAL
;
336 if (cli
->nt_pipe_fnum
[cli
->pipe_idx
] != 0)
337 cli_nt_session_close(cli
);
342 static NTSTATUS
cmd_none(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
343 int argc
, const char **argv
)
345 if (cli
->pipe_auth_flags
== 0) {
348 /* still have session, just need to use it again */
349 cli
->pipe_auth_flags
= 0;
350 if (cli
->nt_pipe_fnum
[cli
->pipe_idx
] != 0)
351 cli_nt_session_close(cli
);
353 cli
->pipe_auth_flags
= 0;
358 static NTSTATUS
setup_schannel(struct cli_state
*cli
, int pipe_auth_flags
,
359 int argc
, const char **argv
)
362 static uchar zeros
[16];
363 uchar trust_password
[16];
364 uint32 sec_channel_type
;
366 strhex_to_str((char *)cli
->auth_info
.sess_key
,
369 memcpy(cli
->sess_key
, cli
->auth_info
.sess_key
, sizeof(cli
->sess_key
));
371 cli
->pipe_auth_flags
= pipe_auth_flags
;
377 if ((memcmp(cli
->auth_info
.sess_key
, zeros
, sizeof(cli
->auth_info
.sess_key
)) != 0)) {
378 if (cli
->pipe_auth_flags
== pipe_auth_flags
) {
379 /* already in this mode nothing to do */
382 /* schannel is setup, just need to use it again with new flags */
383 cli
->pipe_auth_flags
= pipe_auth_flags
;
385 if (cli
->nt_pipe_fnum
[cli
->pipe_idx
] != 0)
386 cli_nt_session_close(cli
);
391 if (cli
->nt_pipe_fnum
[cli
->pipe_idx
] != 0)
392 cli_nt_session_close(cli
);
394 if (!secrets_fetch_trust_account_password(lp_workgroup(),
396 NULL
, &sec_channel_type
)) {
397 return NT_STATUS_UNSUCCESSFUL
;
400 ret
= cli_nt_setup_netsec(cli
, sec_channel_type
, pipe_auth_flags
, trust_password
);
401 if (NT_STATUS_IS_OK(ret
)) {
402 char *hex_session_key
;
403 hex_encode(cli
->auth_info
.sess_key
,
404 sizeof(cli
->auth_info
.sess_key
),
406 printf("Got Session key: %s\n", hex_session_key
);
407 SAFE_FREE(hex_session_key
);
413 static NTSTATUS
cmd_schannel(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
414 int argc
, const char **argv
)
416 d_printf("Setting schannel - sign and seal\n");
417 return setup_schannel(cli
, AUTH_PIPE_NETSEC
| AUTH_PIPE_SIGN
| AUTH_PIPE_SEAL
,
421 static NTSTATUS
cmd_schannel_sign(struct cli_state
*cli
, TALLOC_CTX
*mem_ctx
,
422 int argc
, const char **argv
)
424 d_printf("Setting schannel - sign only\n");
425 return setup_schannel(cli
, AUTH_PIPE_NETSEC
| AUTH_PIPE_SIGN
,
430 /* Built in rpcclient commands */
432 static struct cmd_set rpcclient_commands
[] = {
434 { "GENERAL OPTIONS" },
436 { "help", RPC_RTYPE_NTSTATUS
, cmd_help
, NULL
, -1, "Get help on commands", "[command]" },
437 { "?", RPC_RTYPE_NTSTATUS
, cmd_help
, NULL
, -1, "Get help on commands", "[command]" },
438 { "debuglevel", RPC_RTYPE_NTSTATUS
, cmd_debuglevel
, NULL
, -1, "Set debug level", "level" },
439 { "list", RPC_RTYPE_NTSTATUS
, cmd_listcommands
, NULL
, -1, "List available commands on <pipe>", "pipe" },
440 { "exit", RPC_RTYPE_NTSTATUS
, cmd_quit
, NULL
, -1, "Exit program", "" },
441 { "quit", RPC_RTYPE_NTSTATUS
, cmd_quit
, NULL
, -1, "Exit program", "" },
442 { "sign", RPC_RTYPE_NTSTATUS
, cmd_sign
, NULL
, -1, "Force RPC pipe connections to be signed", "" },
443 { "seal", RPC_RTYPE_NTSTATUS
, cmd_seal
, NULL
, -1, "Force RPC pipe connections to be sealed", "" },
444 { "schannel", RPC_RTYPE_NTSTATUS
, cmd_schannel
, NULL
, -1, "Force RPC pipe connections to be sealed with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
445 { "schannelsign", RPC_RTYPE_NTSTATUS
, cmd_schannel_sign
, NULL
, -1, "Force RPC pipe connections to be signed (not sealed) with 'schannel' (NETSEC). Assumes valid machine account to this domain controller.", "" },
446 { "none", RPC_RTYPE_NTSTATUS
, cmd_none
, NULL
, -1, "Force RPC pipe connections to have no special properties", "" },
451 static struct cmd_set separator_command
[] = {
452 { "---------------", MAX_RPC_RETURN_TYPE
, NULL
, NULL
, -1, "----------------------" },
457 /* Various pipe commands */
459 extern struct cmd_set lsarpc_commands
[];
460 extern struct cmd_set samr_commands
[];
461 extern struct cmd_set spoolss_commands
[];
462 extern struct cmd_set netlogon_commands
[];
463 extern struct cmd_set srvsvc_commands
[];
464 extern struct cmd_set dfs_commands
[];
465 extern struct cmd_set reg_commands
[];
466 extern struct cmd_set ds_commands
[];
467 extern struct cmd_set echo_commands
[];
468 extern struct cmd_set shutdown_commands
[];
470 static struct cmd_set
*rpcclient_command_list
[] = {
485 static void add_command_set(struct cmd_set
*cmd_set
)
487 struct cmd_list
*entry
;
489 if (!(entry
= SMB_MALLOC_P(struct cmd_list
))) {
490 DEBUG(0, ("out of memory\n"));
496 entry
->cmd_set
= cmd_set
;
497 DLIST_ADD(cmd_list
, entry
);
502 * Call an rpcclient function, passing an argv array.
504 * @param cmd Command to run, as a single string.
506 static NTSTATUS
do_cmd(struct cli_state
*cli
,
507 struct cmd_set
*cmd_entry
,
508 int argc
, char **argv
)
512 uchar trust_password
[16];
518 if (!(mem_ctx
= talloc_init("do_cmd"))) {
519 DEBUG(0, ("talloc_init() failed\n"));
520 return NT_STATUS_NO_MEMORY
;
525 if (cmd_entry
->pipe_idx
!= -1
526 && cmd_entry
->pipe_idx
!= cli
->pipe_idx
) {
527 if (cli
->nt_pipe_fnum
[cli
->pipe_idx
] != 0)
528 cli_nt_session_close(cli
);
530 if (!cli_nt_session_open(cli
, cmd_entry
->pipe_idx
)) {
531 DEBUG(0, ("Could not initialise %s\n",
532 get_pipe_name_from_index(cmd_entry
->pipe_idx
)));
533 return NT_STATUS_UNSUCCESSFUL
;
537 /* some of the DsXXX commands use the netlogon pipe */
539 if (lp_client_schannel() && (cmd_entry
->pipe_idx
== PI_NETLOGON
) && !(cli
->pipe_auth_flags
& AUTH_PIPE_NETSEC
)) {
540 uint32 neg_flags
= NETLOGON_NEG_AUTH2_FLAGS
;
541 uint32 sec_channel_type
;
543 if (!secrets_fetch_trust_account_password(lp_workgroup(),
545 NULL
, &sec_channel_type
)) {
546 return NT_STATUS_UNSUCCESSFUL
;
549 ntresult
= cli_nt_setup_creds(cli
, sec_channel_type
,
552 if (!NT_STATUS_IS_OK(ntresult
)) {
553 ZERO_STRUCT(cli
->auth_info
.sess_key
);
554 printf("nt_setup_creds failed with %s\n", nt_errstr(ntresult
));
562 pipe_idx
= cmd_entry
->pipe_idx
;
563 if ( cmd_entry
->returntype
== RPC_RTYPE_NTSTATUS
) {
564 ntresult
= cmd_entry
->ntfn(cli
, mem_ctx
, argc
, (const char **) argv
);
565 if (!NT_STATUS_IS_OK(ntresult
)) {
566 printf("result was %s\n", nt_errstr(ntresult
));
569 wresult
= cmd_entry
->wfn( cli
, mem_ctx
, argc
, (const char **) argv
);
570 /* print out the DOS error */
571 if (!W_ERROR_IS_OK(wresult
)) {
572 printf( "result was %s\n", dos_errstr(wresult
));
574 ntresult
= W_ERROR_IS_OK(wresult
)?NT_STATUS_OK
:NT_STATUS_UNSUCCESSFUL
;
580 talloc_destroy(mem_ctx
);
587 * Process a command entered at the prompt or as part of -c
589 * @returns The NTSTATUS from running the command.
591 static NTSTATUS
process_cmd(struct cli_state
*cli
, char *cmd
)
593 struct cmd_list
*temp_list
;
594 NTSTATUS result
= NT_STATUS_OK
;
599 if ((ret
= poptParseArgvString(cmd
, &argc
, (const char ***) &argv
)) != 0) {
600 fprintf(stderr
, "rpcclient: %s\n", poptStrerror(ret
));
601 return NT_STATUS_UNSUCCESSFUL
;
605 /* Walk through a dlist of arrays of commands. */
606 for (temp_list
= cmd_list
; temp_list
; temp_list
= temp_list
->next
) {
607 struct cmd_set
*temp_set
= temp_list
->cmd_set
;
609 while (temp_set
->name
) {
610 if (strequal(argv
[0], temp_set
->name
)) {
611 if (!(temp_set
->returntype
== RPC_RTYPE_NTSTATUS
&& temp_set
->ntfn
) &&
612 !(temp_set
->returntype
== RPC_RTYPE_WERROR
&& temp_set
->wfn
)) {
613 fprintf (stderr
, "Invalid command\n");
617 result
= do_cmd(cli
, temp_set
, argc
, argv
);
626 printf("command not found: %s\n", argv
[0]);
631 if (!NT_STATUS_IS_OK(result)) {
632 printf("result was %s\n", nt_errstr(result));
637 /* NOTE: popt allocates the whole argv, including the
638 * strings, as a single block. So a single free is
639 * enough to release it -- we don't free the
640 * individual strings. rtfm. */
650 int main(int argc
, char *argv
[])
652 BOOL interactive
= True
;
654 static char *cmdstr
= NULL
;
656 struct cli_state
*cli
;
657 static char *opt_ipaddr
=NULL
;
658 struct cmd_set
**cmd_set
;
659 struct in_addr server_ip
;
661 static int opt_port
= 0;
663 /* make sure the vars that get altered (4th field) are in
664 a fixed location or certain compilers complain */
666 struct poptOption long_options
[] = {
668 {"command", 'c', POPT_ARG_STRING
, &cmdstr
, 'c', "Execute semicolon separated cmds", "COMMANDS"},
669 {"dest-ip", 'I', POPT_ARG_STRING
, &opt_ipaddr
, 'I', "Specify destination IP address", "IP"},
670 {"port", 'p', POPT_ARG_INT
, &opt_port
, 'p', "Specify port number", "PORT"},
672 POPT_COMMON_CONNECTION
673 POPT_COMMON_CREDENTIALS
677 ZERO_STRUCT(server_ip
);
681 /* the following functions are part of the Samba debugging
682 facilities. See lib/debug.c */
683 setup_logging("rpcclient", interactive
);
687 /* Load smb.conf file */
689 if (!lp_load(dyn_CONFIGFILE
,True
,False
,False
))
690 fprintf(stderr
, "Can't load %s\n", dyn_CONFIGFILE
);
694 pc
= poptGetContext("rpcclient", argc
, (const char **) argv
,
698 poptPrintHelp(pc
, stderr
, 0);
702 while((opt
= poptGetNextOpt(pc
)) != -1) {
706 if ( (server_ip
.s_addr
=inet_addr(opt_ipaddr
)) == INADDR_NONE
) {
707 fprintf(stderr
, "%s not a valid IP address\n",
714 /* Get server as remaining unparsed argument. Print usage if more
715 than one unparsed argument is present. */
717 server
= poptGetArg(pc
);
719 if (!server
|| poptGetArg(pc
)) {
720 poptPrintHelp(pc
, stderr
, 0);
733 * from stdin if necessary
736 if (!cmdline_auth_info
.got_pass
) {
737 char *pass
= getpass("Password:");
739 pstrcpy(cmdline_auth_info
.password
, pass
);
743 nt_status
= cli_full_connection(&cli
, global_myname(), server
,
744 opt_ipaddr
? &server_ip
: NULL
, opt_port
,
746 cmdline_auth_info
.username
,
748 cmdline_auth_info
.password
,
749 cmdline_auth_info
.use_kerberos
? CLI_FULL_CONNECTION_USE_KERBEROS
: 0,
750 cmdline_auth_info
.signing_state
,NULL
);
752 if (!NT_STATUS_IS_OK(nt_status
)) {
753 DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status
)));
757 memset(cmdline_auth_info
.password
,'X',sizeof(cmdline_auth_info
.password
));
759 /* Load command lists */
761 cmd_set
= rpcclient_command_list
;
764 add_command_set(*cmd_set
);
765 add_command_set(separator_command
);
769 fetch_machine_sid(cli
);
771 /* Do anything specified with -c */
772 if (cmdstr
&& cmdstr
[0]) {
777 while((cmd
=next_command(&p
)) != NULL
) {
778 NTSTATUS cmd_result
= process_cmd(cli
, cmd
);
779 result
= NT_STATUS_IS_ERR(cmd_result
);
786 /* Loop around accepting commands */
792 slprintf(prompt
, sizeof(prompt
) - 1, "rpcclient $> ");
794 line
= smb_readline(prompt
, NULL
, completion_fn
);
800 process_cmd(cli
, line
);