[PATCH v2 3/6] s3-rpcclient: add mgmt command support

David Disseldorp ddiss at suse.de
Tue Mar 31 04:31:51 MDT 2015 

Hi Metze,

Reviving an old thread, as I'd still like to get these changes in to
allow for DiskShadow.exe usage...

On Fri, 17 Jan 2014 08:45:06 +0100, Stefan (metze) Metzmacher wrote:

> The mgmt interface is a special one, it's available on every
> endpoint and the results are only valid for the specific endpoint.
> 
> E.g. different services may provide different interfaces and
> also support different auth types and may use different server credentials.

Indeed. Here's the list of mgmt_inq_server_princ_name responses I get
against a Windows Server 2012 host (computer.domain.example.com):

Testing pipe 'wkssvc'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\wkssvc]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

Testing pipe 'FileServerVssAgent'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\FssagentRpc]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

Testing pipe 'atsvc'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\atsvc]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''

Testing pipe 'samr'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\samr]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 68 (schannel) is ''

Testing pipe 'IOXIDResolver'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\epmapper]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 14 is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 22 is ''
        principle name for proto 30 is ''
        principle name for proto 31 is ''

Testing pipe 'svcctl'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\svcctl]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

Testing pipe 'srvsvc'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\srvsvc]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''

Testing pipe 'drsuapi'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\lsass]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 68 (schannel) is ''

Testing pipe 'spoolss'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\spoolss]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

Testing pipe 'epmapper'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\epmapper]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 14 is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 22 is ''
        principle name for proto 30 is ''
        principle name for proto 31 is ''

Testing pipe 'lsarpc'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\lsarpc]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 68 (schannel) is ''

Testing pipe 'dssetup'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\lsarpc]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 68 (schannel) is ''

Testing pipe 'backupkey'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\protected_storage]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 68 (schannel) is ''

Testing pipe 'eventlog'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\eventlog]
        principle name for proto 9 (spnego) is 'host/computer.domain.example.com'
        principle name for proto 10 (ntlmssp) is 'host/computer.domain.example.com'
        principle name for proto 16 (gssapi_krb5) is 'host/computer.domain.example.com'

Testing pipe 'netlogon'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\netlogon]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''
        principle name for proto 68 (schannel) is ''

Testing pipe 'initshutdown'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\InitShutdown]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

Testing pipe 'ntsvcs'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\ntsvcs]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

Testing pipe 'w32time'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\srvsvc]
        principle name for proto 9 (spnego) is ''
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is ''

Testing pipe 'scerpc'
mgmt inq_princ_name on endpoint: ncacn_np:[\pipe\scerpc]
        principle name for proto 9 (spnego) is 'computer$@DOMAIN.EXAMPLE.COM'
        principle name for proto 10 (ntlmssp) is ''
        principle name for proto 16 (gssapi_krb5) is 'computer$@DOMAIN.EXAMPLE.COM'

> So the used endpoint should be specified by the caller.

Within rpcclient itself (as a command argument), or as part of the
binding string parameter?

Also, how would you suggest we handle this variation on the server side?
I'd like to keep it as simple as possible initially (e.g. only support
mgmt_inq_server_princ_name requests on \pipe\FssagentRpc).

> The same comments apply to the torture patch (there's also an unrelated hunk
> to source4/torture/rpc/fsrvp.c).
> 
> Adding the torture test to make test should be a separate commit.
> There we should call smbtorture for every endpoint we provide.

We currently have torture_rpc_mgmt(), which enumerates each entry in
the ndr_table_list(). An extra loop could be added to bind to each
endpoint for each ndr interface, if that's what you have in mind here?

Cheers, David

More information about the samba-technical mailing list