Changeset 740 for vendor/current/source3/rpcclient/rpcclient.c
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/rpcclient/rpcclient.c (modified) (30 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/rpcclient/rpcclient.c
r587 r740 10 10 the Free Software Foundation; either version 3 of the License, or 11 11 (at your option) any later version. 12 12 13 13 This program is distributed in the hope that it will be useful, 14 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 16 GNU General Public License for more details. 17 17 18 18 You should have received a copy of the GNU General Public License 19 19 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 21 21 22 22 #include "includes.h" 23 #include "popt_common.h" 23 24 #include "rpcclient.h" 24 25 #include "../libcli/auth/libcli_auth.h" 25 #include "../librpc/gen_ndr/cli_lsa.h" 26 27 DOM_SID domain_sid; 28 29 static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; 26 #include "../librpc/gen_ndr/ndr_lsa_c.h" 27 #include "rpc_client/cli_lsarpc.h" 28 #include "../librpc/gen_ndr/ndr_netlogon.h" 29 #include "rpc_client/cli_netlogon.h" 30 #include "../libcli/smbreadline/smbreadline.h" 31 #include "../libcli/security/security.h" 32 #include "passdb.h" 33 #include "libsmb/libsmb.h" 34 35 enum pipe_auth_type_spnego { 36 PIPE_AUTH_TYPE_SPNEGO_NONE = 0, 37 PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, 38 PIPE_AUTH_TYPE_SPNEGO_KRB5 39 }; 40 41 struct dom_sid domain_sid; 42 43 static enum dcerpc_AuthType pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE; 44 static enum pipe_auth_type_spnego pipe_default_auth_spnego_type = 0; 30 45 static enum dcerpc_AuthLevel pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; 31 46 static unsigned int timeout = 0; … … 83 98 break; 84 99 } 85 100 86 101 for (i=0; commands->cmd_set[i].name; i++) { 87 102 if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) && … … 102 117 } 103 118 commands = commands->next; 104 105 119 } 106 120 … … 117 131 char *command; 118 132 char *p; 119 133 120 134 if (!cmdstr || !(*cmdstr)) 121 135 return NULL; 122 136 123 137 p = strchr_m(*cmdstr, ';'); 124 138 if (p) … … 129 143 else 130 144 *cmdstr = NULL; 131 145 132 146 return command; 133 147 } … … 138 152 { 139 153 struct policy_handle pol; 140 NTSTATUS result = NT_STATUS_OK ;154 NTSTATUS result = NT_STATUS_OK, status; 141 155 static bool got_domain_sid; 142 156 TALLOC_CTX *mem_ctx; 143 157 struct rpc_pipe_client *lsapipe = NULL; 144 158 union lsa_PolicyInformation *info = NULL; 159 struct dcerpc_binding_handle *b; 145 160 146 161 if (got_domain_sid) return; … … 157 172 goto error; 158 173 } 159 174 175 b = lsapipe->binding_handle; 176 160 177 result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True, 161 178 SEC_FLAG_MAXIMUM_ALLOWED, … … 165 182 } 166 183 167 result = rpccli_lsa_QueryInfoPolicy(lsapipe, mem_ctx,184 status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx, 168 185 &pol, 169 186 LSA_POLICY_INFO_ACCOUNT_DOMAIN, 170 &info); 187 &info, 188 &result); 189 if (!NT_STATUS_IS_OK(status)) { 190 result = status; 191 goto error; 192 } 171 193 if (!NT_STATUS_IS_OK(result)) { 172 194 goto error; … … 176 198 sid_copy(&domain_sid, info->account_domain.sid); 177 199 178 rpccli_lsa_Close(lsapipe, mem_ctx, &pol);200 dcerpc_lsa_Close(b, mem_ctx, &pol, &result); 179 201 TALLOC_FREE(lsapipe); 180 202 talloc_destroy(mem_ctx); … … 218 240 { 219 241 tmp_set = tmp->cmd_set; 220 242 221 243 if (!StrCaseCmp(argv[1], tmp_set->name)) 222 244 { … … 232 254 printf("\n"); 233 255 } 234 256 235 257 /* drop out of the loop */ 236 258 break; … … 261 283 if (argc == 2) { 262 284 for (tmp = cmd_list; tmp; tmp = tmp->next) { 263 285 264 286 tmp_set = tmp->cmd_set; 265 287 … … 313 335 314 336 if (argc == 2) { 315 DEBUGLEVEL = atoi(argv[1]);337 lp_set_cmdline("log level", argv[1]); 316 338 } 317 339 … … 380 402 int argc, const char **argv) 381 403 { 404 const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]"; 382 405 const char *type = "NTLMSSP"; 383 406 384 407 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; 385 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;408 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 386 409 387 410 if (argc > 2) { 388 printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);411 printf("Usage: %s %s\n", argv[0], p); 389 412 return NT_STATUS_OK; 390 413 } … … 392 415 if (argc == 2) { 393 416 type = argv[1]; 394 if (strequal(type, "NTLMSSP")) { 395 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; 417 if (strequal(type, "KRB5")) { 418 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; 419 } else if (strequal(type, "KRB5_SPNEGO")) { 420 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; 421 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; 422 } else if (strequal(type, "NTLMSSP")) { 423 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 396 424 } else if (strequal(type, "NTLMSSP_SPNEGO")) { 397 pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 425 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; 426 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 398 427 } else if (strequal(type, "SCHANNEL")) { 399 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;428 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; 400 429 } else { 401 430 printf("unknown type %s\n", type); 431 printf("Usage: %s %s\n", argv[0], p); 402 432 return NT_STATUS_INVALID_LEVEL; 403 433 } … … 412 442 int argc, const char **argv) 413 443 { 444 const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]"; 414 445 const char *type = "NTLMSSP"; 415 446 416 447 pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; 417 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;448 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 418 449 419 450 if (argc > 2) { 420 printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);451 printf("Usage: %s %s\n", argv[0], p); 421 452 return NT_STATUS_OK; 422 453 } … … 424 455 if (argc == 2) { 425 456 type = argv[1]; 426 if (strequal(type, "NTLMSSP")) { 427 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; 457 if (strequal(type, "KRB5")) { 458 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; 459 } else if (strequal(type, "KRB5_SPNEGO")) { 460 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; 461 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; 462 } else if (strequal(type, "NTLMSSP")) { 463 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 428 464 } else if (strequal(type, "NTLMSSP_SPNEGO")) { 429 pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 465 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; 466 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 430 467 } else if (strequal(type, "SCHANNEL")) { 431 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;468 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; 432 469 } else { 433 470 printf("unknown type %s\n", type); 471 printf("Usage: %s %s\n", argv[0], p); 434 472 return NT_STATUS_INVALID_LEVEL; 435 473 } … … 455 493 456 494 for (tmp = cmd_list; tmp; tmp = tmp->next) { 457 495 458 496 struct cmd_set *tmp_set; 459 497 … … 478 516 { 479 517 pipe_default_auth_level = DCERPC_AUTH_LEVEL_NONE; 480 pipe_default_auth_type = PIPE_AUTH_TYPE_NONE; 518 pipe_default_auth_type = DCERPC_AUTH_TYPE_NONE; 519 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NONE; 481 520 482 521 return cmd_set_ss_level(); … … 488 527 d_printf("Setting schannel - sign and seal\n"); 489 528 pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; 490 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;529 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; 491 530 492 531 return cmd_set_ss_level(); … … 498 537 d_printf("Setting schannel - sign only\n"); 499 538 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; 500 pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;539 pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL; 501 540 502 541 return cmd_set_ss_level(); … … 549 588 { "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL, NULL, NULL, "Force RPC pipe connections to be sealed with 'schannel'. Assumes valid machine account to this domain controller.", "" }, 550 589 { "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL, NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'. Assumes valid machine account to this domain controller.", "" }, 551 { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in millise onds) for RPC operations", "" },590 { "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL, NULL, NULL, "Set timeout (in milliseconds) for RPC operations", "" }, 552 591 { "transport", RPC_RTYPE_NTSTATUS, cmd_choose_transport, NULL, NULL, NULL, "Choose ncacn transport for RPC operations", "" }, 553 592 { "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL, NULL, NULL, "Force RPC pipe connections to have no special properties", "" }, … … 579 618 extern struct cmd_set drsuapi_commands[]; 580 619 extern struct cmd_set eventlog_commands[]; 620 extern struct cmd_set winreg_commands[]; 581 621 582 622 static struct cmd_set *rpcclient_command_list[] = { … … 597 637 drsuapi_commands, 598 638 eventlog_commands, 639 winreg_commands, 599 640 NULL 600 641 }; … … 629 670 NTSTATUS ntresult; 630 671 WERROR wresult; 631 672 632 673 TALLOC_CTX *mem_ctx; 633 674 … … 643 684 if ((cmd_entry->interface != NULL) && (cmd_entry->rpc_pipe == NULL)) { 644 685 switch (pipe_default_auth_type) { 645 case PIPE_AUTH_TYPE_NONE: 646 ntresult = cli_rpc_pipe_open_noauth_transport( 647 cli, default_transport, 648 cmd_entry->interface, 649 &cmd_entry->rpc_pipe); 650 break; 686 case DCERPC_AUTH_TYPE_NONE: 687 ntresult = cli_rpc_pipe_open_noauth_transport( 688 cli, default_transport, 689 cmd_entry->interface, 690 &cmd_entry->rpc_pipe); 691 break; 692 case DCERPC_AUTH_TYPE_SPNEGO: 693 switch (pipe_default_auth_spnego_type) { 651 694 case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: 652 695 ntresult = cli_rpc_pipe_open_spnego_ntlmssp( 653 cli, cmd_entry->interface,654 default_transport,655 pipe_default_auth_level,656 get_cmdline_auth_info_domain(auth_info),657 get_cmdline_auth_info_username(auth_info),658 get_cmdline_auth_info_password(auth_info),659 &cmd_entry->rpc_pipe);696 cli, cmd_entry->interface, 697 default_transport, 698 pipe_default_auth_level, 699 get_cmdline_auth_info_domain(auth_info), 700 get_cmdline_auth_info_username(auth_info), 701 get_cmdline_auth_info_password(auth_info), 702 &cmd_entry->rpc_pipe); 660 703 break; 661 case PIPE_AUTH_TYPE_NTLMSSP: 662 ntresult = cli_rpc_pipe_open_ntlmssp( 663 cli, cmd_entry->interface, 664 default_transport, 665 pipe_default_auth_level, 666 get_cmdline_auth_info_domain(auth_info), 667 get_cmdline_auth_info_username(auth_info), 668 get_cmdline_auth_info_password(auth_info), 669 &cmd_entry->rpc_pipe); 670 break; 671 case PIPE_AUTH_TYPE_SCHANNEL: 672 ntresult = cli_rpc_pipe_open_schannel( 673 cli, cmd_entry->interface, 674 default_transport, 675 pipe_default_auth_level, 676 get_cmdline_auth_info_domain(auth_info), 677 &cmd_entry->rpc_pipe); 704 case PIPE_AUTH_TYPE_SPNEGO_KRB5: 705 ntresult = cli_rpc_pipe_open_spnego_krb5( 706 cli, cmd_entry->interface, 707 default_transport, 708 pipe_default_auth_level, 709 cli->desthost, 710 NULL, NULL, 711 &cmd_entry->rpc_pipe); 678 712 break; 679 713 default: 680 DEBUG(0, ("Could not initialise %s. Invalid " 681 "auth type %u\n", 682 get_pipe_name_from_syntax( 683 talloc_tos(), 684 cmd_entry->interface), 685 pipe_default_auth_type )); 686 return NT_STATUS_UNSUCCESSFUL; 714 ntresult = NT_STATUS_INTERNAL_ERROR; 715 } 716 break; 717 case DCERPC_AUTH_TYPE_NTLMSSP: 718 ntresult = cli_rpc_pipe_open_ntlmssp( 719 cli, cmd_entry->interface, 720 default_transport, 721 pipe_default_auth_level, 722 get_cmdline_auth_info_domain(auth_info), 723 get_cmdline_auth_info_username(auth_info), 724 get_cmdline_auth_info_password(auth_info), 725 &cmd_entry->rpc_pipe); 726 break; 727 case DCERPC_AUTH_TYPE_SCHANNEL: 728 ntresult = cli_rpc_pipe_open_schannel( 729 cli, cmd_entry->interface, 730 default_transport, 731 pipe_default_auth_level, 732 get_cmdline_auth_info_domain(auth_info), 733 &cmd_entry->rpc_pipe); 734 break; 735 case DCERPC_AUTH_TYPE_KRB5: 736 ntresult = cli_rpc_pipe_open_krb5( 737 cli, cmd_entry->interface, 738 default_transport, 739 pipe_default_auth_level, 740 cli->desthost, 741 NULL, NULL, 742 &cmd_entry->rpc_pipe); 743 break; 744 default: 745 DEBUG(0, ("Could not initialise %s. Invalid " 746 "auth type %u\n", 747 get_pipe_name_from_syntax( 748 talloc_tos(), 749 cmd_entry->interface), 750 pipe_default_auth_type )); 751 return NT_STATUS_UNSUCCESSFUL; 687 752 } 688 753 if (!NT_STATUS_IS_OK(ntresult)) { … … 858 923 /* the following functions are part of the Samba debugging 859 924 facilities. See lib/debug.c */ 860 setup_logging("rpcclient", True);925 setup_logging("rpcclient", DEBUG_STDOUT); 861 926 862 927 rpcclient_auth_info = user_auth_info_init(frame); … … 969 1034 if (binding->flags & DCERPC_SIGN) { 970 1035 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; 971 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;1036 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 972 1037 } 973 1038 if (binding->flags & DCERPC_SEAL) { 974 1039 pipe_default_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; 975 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;1040 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 976 1041 } 977 1042 if (binding->flags & DCERPC_AUTH_SPNEGO) { 978 pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 1043 pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO; 1044 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 979 1045 } 980 1046 if (binding->flags & DCERPC_AUTH_NTLM) { 981 pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP; 1047 /* If neither Integrity or Privacy are requested then 1048 * Use just Connect level */ 1049 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { 1050 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; 1051 } 1052 1053 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { 1054 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP; 1055 } else { 1056 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 1057 } 982 1058 } 983 1059 if (binding->flags & DCERPC_AUTH_KRB5) { 984 pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; 1060 /* If neither Integrity or Privacy are requested then 1061 * Use just Connect level */ 1062 if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) { 1063 pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT; 1064 } 1065 1066 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) { 1067 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5; 1068 } else { 1069 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5; 1070 } 985 1071 } 986 1072 … … 1013 1099 get_cmdline_auth_info_password(rpcclient_auth_info), 1014 1100 flags, 1015 get_cmdline_auth_info_signing_state(rpcclient_auth_info), 1016 NULL); 1101 get_cmdline_auth_info_signing_state(rpcclient_auth_info)); 1017 1102 1018 1103 if (!NT_STATUS_IS_OK(nt_status)) {
Note:
See TracChangeset
for help on using the changeset viewer.
