Multiple Netlogon Pipes

John Ackart john.ackart at gmail.com
Mon Oct 2 17:17:18 GMT 2006


Attached is a hacked up rpcclinet.c that simulates this behavior.

Please feel free to ask questions. Please let me know if I made an error.

Thanks.

John.

Jeremy Allison wrote:
> On Fri, Sep 29, 2006 at 04:52:25PM -0700, John Ackart wrote:
>> I have an interesting problem.
>>
>> I put together some code that executes in the following sequence.
>>
>> 1. Create a netlogon pipe 1.
>> 2. Send a samlogon request on pipe 1. (SUCCESS)
>> 3. Create a netlogon pipe 2.
>> 4. Send a samlogon request on pipe 2. (SUCCESS)
>> 5. Send a samlogon request on pipe 1. (FAIL)
>> 6. Send a samlogon request on pipe 2. (FAIL)
>>
>> samlogon requests 2 and 4 succeed. But 5 and 6 fail with 
>> NT_STATUS_ACCESS_DENIED.
>>
>> The netlogon logs on the Windows Server 2003 show that it uses the 
>> session key generated for the pipe 2 for samlogon request 5 even though 
>> it was sent on pipe 1. And of course request 6 fails because the client 
>> messes up the credential chain because of the unexpected behavior in 
>> request 5.
>>
>> Is this a limitation of the protocol?
>>
>> If anyone is interested I can send the code and the logs.
> 
> What server are you running against ? Is this against a W2K3
> server ?
> 
> I'd be very interested in the code, we might add this to
> our torture tester if it's Samba code.
> 
> Thanks,
> 
> 	Jeremy.
> 

-------------- next part --------------
/* 
   Unix SMB/CIFS implementation.
   RPC pipe client

   Copyright (C) Tim Potter 2000-2001
   Copyright (C) Martin Pool 2003

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "includes.h"
#include "../rpcclient/rpcclient.h"

DOM_SID domain_sid;

static enum pipe_auth_type pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;
static enum pipe_auth_level pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;

/* List to hold groups of commands.
 *
 * Commands are defined in a list of arrays: arrays are easy to
 * statically declare, and lists are easier to dynamically extend.
 */

static struct cmd_list {
	struct cmd_list *prev, *next;
	struct cmd_set *cmd_set;
} *cmd_list;

/****************************************************************************
handle completion of commands for readline
****************************************************************************/
static char **completion_fn(const char *text, int start, int end)
{
#define MAX_COMPLETIONS 100
	char **matches;
	int i, count=0;
	struct cmd_list *commands = cmd_list;

#if 0	/* JERRY */
	/* FIXME!!!  -- what to do when completing argument? */
	/* for words not at the start of the line fallback 
	   to filename completion */
	if (start) 
		return NULL;
#endif

	/* make sure we have a list of valid commands */
	if (!commands) 
		return NULL;

	matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
	if (!matches) return NULL;

	matches[count++] = SMB_STRDUP(text);
	if (!matches[0]) return NULL;

	while (commands && count < MAX_COMPLETIONS-1) 
	{
		if (!commands->cmd_set)
			break;
		
		for (i=0; commands->cmd_set[i].name; i++)
		{
			if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
				(( commands->cmd_set[i].returntype == RPC_RTYPE_NTSTATUS &&
                        commands->cmd_set[i].ntfn ) || 
                      ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
                        commands->cmd_set[i].wfn)))
			{
				matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
				if (!matches[count]) 
					return NULL;
				count++;
			}
		}
		
		commands = commands->next;
		
	}

	if (count == 2) {
		SAFE_FREE(matches[0]);
		matches[0] = SMB_STRDUP(matches[1]);
	}
	matches[count] = NULL;
	return matches;
}

static char* next_command (char** cmdstr)
{
	static pstring 		command;
	char			*p;
	
	if (!cmdstr || !(*cmdstr))
		return NULL;
	
	p = strchr_m(*cmdstr, ';');
	if (p)
		*p = '\0';
	pstrcpy(command, *cmdstr);
	if (p)
		*cmdstr = p + 1;
	else
		*cmdstr = NULL;
	
	return command;
}

/* Fetch the SID for this computer */

static void fetch_machine_sid(struct cli_state *cli)
{
	POLICY_HND pol;
	NTSTATUS result = NT_STATUS_OK;
	uint32 info_class = 5;
	char *domain_name = NULL;
	static BOOL got_domain_sid;
	TALLOC_CTX *mem_ctx;
	DOM_SID *dom_sid = NULL;
	struct rpc_pipe_client *lsapipe = NULL;

	if (got_domain_sid) return;

	if (!(mem_ctx=talloc_init("fetch_machine_sid"))) {
		DEBUG(0,("fetch_machine_sid: talloc_init returned NULL!\n"));
		goto error;
	}

	if ((lsapipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result)) == NULL) {
		fprintf(stderr, "could not initialise lsa pipe. Error was %s\n", nt_errstr(result) );
		goto error;
	}
	
	result = rpccli_lsa_open_policy(lsapipe, mem_ctx, True, 
				     SEC_RIGHTS_MAXIMUM_ALLOWED,
				     &pol);
	if (!NT_STATUS_IS_OK(result)) {
		goto error;
	}

	result = rpccli_lsa_query_info_policy(lsapipe, mem_ctx, &pol, info_class, 
					   &domain_name, &dom_sid);
	if (!NT_STATUS_IS_OK(result)) {
		goto error;
	}

	got_domain_sid = True;
	sid_copy( &domain_sid, dom_sid );

	rpccli_lsa_close(lsapipe, mem_ctx, &pol);
	cli_rpc_pipe_close(lsapipe);
	talloc_destroy(mem_ctx);

	return;

 error:

	if (lsapipe) {
		cli_rpc_pipe_close(lsapipe);
	}

	fprintf(stderr, "could not obtain sid for domain %s\n", cli->domain);

	if (!NT_STATUS_IS_OK(result)) {
		fprintf(stderr, "error: %s\n", nt_errstr(result));
	}

	exit(1);
}

/* List the available commands on a given pipe */

static NTSTATUS cmd_listcommands(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
				 int argc, const char **argv)
{
	struct cmd_list *tmp;
        struct cmd_set *tmp_set;
	int i;

        /* Usage */

        if (argc != 2) {
                printf("Usage: %s <pipe>\n", argv[0]);
                return NT_STATUS_OK;
        }

        /* Help on one command */

	for (tmp = cmd_list; tmp; tmp = tmp->next) 
	{
		tmp_set = tmp->cmd_set;
		
		if (!StrCaseCmp(argv[1], tmp_set->name))
		{
			printf("Available commands on the %s pipe:\n\n", tmp_set->name);

			i = 0;
			tmp_set++;
			while(tmp_set->name) {
				printf("%30s", tmp_set->name);
                                tmp_set++;
				i++;
				if (i%3 == 0)
					printf("\n");
			}
			
			/* drop out of the loop */
			break;
		}
        }
	printf("\n\n");

	return NT_STATUS_OK;
}

/* Display help on commands */

static NTSTATUS cmd_help(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                         int argc, const char **argv)
{
	struct cmd_list *tmp;
        struct cmd_set *tmp_set;

        /* Usage */

        if (argc > 2) {
                printf("Usage: %s [command]\n", argv[0]);
                return NT_STATUS_OK;
        }

        /* Help on one command */

        if (argc == 2) {
                for (tmp = cmd_list; tmp; tmp = tmp->next) {
                        
                        tmp_set = tmp->cmd_set;

                        while(tmp_set->name) {
                                if (strequal(argv[1], tmp_set->name)) {
                                        if (tmp_set->usage &&
                                            tmp_set->usage[0])
                                                printf("%s\n", tmp_set->usage);
                                        else
                                                printf("No help for %s\n", tmp_set->name);

                                        return NT_STATUS_OK;
                                }

                                tmp_set++;
                        }
                }

                printf("No such command: %s\n", argv[1]);
                return NT_STATUS_OK;
        }

        /* List all commands */

	for (tmp = cmd_list; tmp; tmp = tmp->next) {

		tmp_set = tmp->cmd_set;

		while(tmp_set->name) {

			printf("%15s\t\t%s\n", tmp_set->name,
			       tmp_set->description ? tmp_set->description:
			       "");

			tmp_set++;
		}
	}

	return NT_STATUS_OK;
}

/* Change the debug level */

static NTSTATUS cmd_debuglevel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                               int argc, const char **argv)
{
	if (argc > 2) {
		printf("Usage: %s [debuglevel]\n", argv[0]);
		return NT_STATUS_OK;
	}

	if (argc == 2) {
		DEBUGLEVEL = atoi(argv[1]);
	}

	printf("debuglevel is %d\n", DEBUGLEVEL);

	return NT_STATUS_OK;
}

static NTSTATUS cmd_quit(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                         int argc, const char **argv)
{
	exit(0);
	return NT_STATUS_OK; /* NOTREACHED */
}

static NTSTATUS cmd_set_ss_level(void)
{
	struct cmd_list *tmp;

	/* Close any existing connections not at this level. */

	for (tmp = cmd_list; tmp; tmp = tmp->next) {
        	struct cmd_set *tmp_set;

		for (tmp_set = tmp->cmd_set; tmp_set->name; tmp_set++) {
			if (tmp_set->rpc_pipe == NULL) {
				continue;
			}

			if (tmp_set->rpc_pipe->auth.auth_type != pipe_default_auth_type ||
					tmp_set->rpc_pipe->auth.auth_level != pipe_default_auth_level) {
				cli_rpc_pipe_close(tmp_set->rpc_pipe);
				tmp_set->rpc_pipe = NULL;
			}
		}
	}
	return NT_STATUS_OK;
}

static NTSTATUS cmd_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                         int argc, const char **argv)
{
	pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
	pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;

	if (argc > 2) {
		printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
		return NT_STATUS_OK;
	}

	if (argc == 2) {
		if (strequal(argv[1], "NTLMSSP")) {
			pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
		} else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
			pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
		} else if (strequal(argv[1], "SCHANNEL")) {
			pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
		} else {
			printf("unknown type %s\n", argv[1]);
			return NT_STATUS_INVALID_LEVEL;
		}
	}

	printf("debuglevel is %d\n", DEBUGLEVEL);
	return cmd_set_ss_level();
}

static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                         int argc, const char **argv)
{
	pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
	pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;

	if (argc > 2) {
		printf("Usage: %s [NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]\n", argv[0]);
		return NT_STATUS_OK;
	}

	if (argc == 2) {
		if (strequal(argv[1], "NTLMSSP")) {
			pipe_default_auth_type = PIPE_AUTH_TYPE_NTLMSSP;
		} else if (strequal(argv[1], "NTLMSSP_SPNEGO")) {
			pipe_default_auth_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
		} else if (strequal(argv[1], "SCHANNEL")) {
			pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;
		} else {
			printf("unknown type %s\n", argv[1]);
			return NT_STATUS_INVALID_LEVEL;
		}
	}
	return cmd_set_ss_level();
}

static NTSTATUS cmd_none(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                         int argc, const char **argv)
{
	pipe_default_auth_level = PIPE_AUTH_LEVEL_NONE;
	pipe_default_auth_type = PIPE_AUTH_TYPE_NONE;

	return cmd_set_ss_level();
}

static NTSTATUS cmd_schannel(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
			     int argc, const char **argv)
{
	d_printf("Setting schannel - sign and seal\n");
	pipe_default_auth_level = PIPE_AUTH_LEVEL_PRIVACY;
	pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;

	return cmd_set_ss_level();
}

static NTSTATUS cmd_schannel_sign(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
			     int argc, const char **argv)
{
	d_printf("Setting schannel - sign only\n");
	pipe_default_auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
	pipe_default_auth_type = PIPE_AUTH_TYPE_SCHANNEL;

	return cmd_set_ss_level();
}


/* Built in rpcclient commands */

static struct cmd_set rpcclient_commands[] = {

	{ "GENERAL OPTIONS" },

	{ "help", RPC_RTYPE_NTSTATUS, cmd_help, NULL, 	  -1, NULL,	"Get help on commands", "[command]" },
	{ "?", 	RPC_RTYPE_NTSTATUS, cmd_help, NULL,	  -1, NULL,	"Get help on commands", "[command]" },
	{ "debuglevel", RPC_RTYPE_NTSTATUS, cmd_debuglevel, NULL,   -1,	NULL, "Set debug level", "level" },
	{ "list",	RPC_RTYPE_NTSTATUS, cmd_listcommands, NULL, -1,	NULL, "List available commands on <pipe>", "pipe" },
	{ "exit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL,   -1,	NULL,	"Exit program", "" },
	{ "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL,	  -1,	NULL, "Exit program", "" },
	{ "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL,	  -1,	NULL, "Force RPC pipe connections to be signed", "" },
	{ "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL,	  -1,	NULL, "Force RPC pipe connections to be sealed", "" },
	{ "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL,	  -1, NULL,	"Force RPC pipe connections to be sealed with 'schannel'.  Assumes valid machine account to this domain controller.", "" },
	{ "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL,	  -1, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'.  Assumes valid machine account to this domain controller.", "" },
	{ "none", RPC_RTYPE_NTSTATUS, cmd_none, NULL,	  -1, NULL, "Force RPC pipe connections to have no special properties", "" },

	{ NULL }
};

static struct cmd_set separator_command[] = {
	{ "---------------", MAX_RPC_RETURN_TYPE, NULL, NULL,	-1, NULL, "----------------------" },
	{ NULL }
};


/* Various pipe commands */

extern struct cmd_set netlogon_commands[];

static struct cmd_set *rpcclient_command_list[] = {
	netlogon_commands,
	NULL
};

static void add_command_set(struct cmd_set *cmd_set)
{
	struct cmd_list *entry;

	if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
		DEBUG(0, ("out of memory\n"));
		return;
	}

	ZERO_STRUCTP(entry);

	entry->cmd_set = cmd_set;
	DLIST_ADD(cmd_list, entry);
}

struct rpc_pipe_client* get_rpc_netlogon_pipe(struct cli_state *cli) {
    uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
    uint32 sec_channel_type;
    uchar trust_password[16];

    NTSTATUS ntresult;
    struct rpc_pipe_client* result = cli_rpc_pipe_open_noauth(cli,
                                                              3,
                                                              &ntresult);
    if (result == NULL) {
        return NULL;
    }

    if (!secrets_fetch_trust_account_password(lp_workgroup(),
                                              trust_password,
                                              NULL, &sec_channel_type)) {
        return NULL;
    }

    ntresult = rpccli_netlogon_setup_creds(result,
                                           cli->desthost,   /* server name */
                                           lp_workgroup(),  /* domain */
                                           global_myname(), /* client name */
                                           global_myname(), /* machine account name */
                                           trust_password,
                                           sec_channel_type,
                                           &neg_flags);

    if (!NT_STATUS_IS_OK(ntresult)) {
        DEBUG(0, ("Could not initialise credentials for %s.\n",
                  cli_get_pipe_name(3)));
        return NULL;
    }

    return result;
}

static NTSTATUS run_cmd(struct rpc_pipe_client* cli, struct cmd_set *cmd_entry, 
                        char* cmd) {
    NTSTATUS ntresult;
    int ret;
    TALLOC_CTX *mem_ctx;
    int argc;
    char **argv = NULL;

    if (!(mem_ctx = talloc_init("do_cmd"))) {
        DEBUG(0, ("talloc_init() failed\n"));
        return NT_STATUS_NO_MEMORY;
    }


    if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
        fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
        return NT_STATUS_UNSUCCESSFUL;
    }

    ntresult = cmd_entry->ntfn(cli, mem_ctx, argc, (const char **) argv);
    if (!NT_STATUS_IS_OK(ntresult)) {
        printf("result was %s\n", nt_errstr(ntresult));
    }

    talloc_destroy(mem_ctx);

    return ntresult;
}

/**
 * Call an rpcclient function, passing an argv array.
 *
 * @param cmd Command to run, as a single string.
 **/
static NTSTATUS do_cmd(struct cli_state *cli,
		       struct cmd_set *cmd_entry,
		       int argc, char **argv)
{
	NTSTATUS ntresult;
	WERROR wresult;
	
	TALLOC_CTX *mem_ctx;

	/* Create mem_ctx */

	if (!(mem_ctx = talloc_init("do_cmd"))) {
		DEBUG(0, ("talloc_init() failed\n"));
		return NT_STATUS_NO_MEMORY;
	}

	/* Open pipe */

	if (cmd_entry->pipe_idx != -1 && cmd_entry->rpc_pipe == NULL) {
		switch (pipe_default_auth_type) {
			case PIPE_AUTH_TYPE_NONE:
				cmd_entry->rpc_pipe = cli_rpc_pipe_open_noauth(cli,
								cmd_entry->pipe_idx,
								&ntresult);
				break;
			case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
				cmd_entry->rpc_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli,
								cmd_entry->pipe_idx,
								pipe_default_auth_level,
								lp_workgroup(),
								cmdline_auth_info.username,
								cmdline_auth_info.password,
								&ntresult);
				break;
			case PIPE_AUTH_TYPE_NTLMSSP:
				cmd_entry->rpc_pipe = cli_rpc_pipe_open_ntlmssp(cli,
								cmd_entry->pipe_idx,
								pipe_default_auth_level,
								lp_workgroup(),
								cmdline_auth_info.username,
								cmdline_auth_info.password,
								&ntresult);
				break;
			case PIPE_AUTH_TYPE_SCHANNEL:
				cmd_entry->rpc_pipe = cli_rpc_pipe_open_schannel(cli,
								cmd_entry->pipe_idx,
								pipe_default_auth_level,
								lp_workgroup(),
								&ntresult);
				break;
			default:
				DEBUG(0, ("Could not initialise %s. Invalid auth type %u\n",
					cli_get_pipe_name(cmd_entry->pipe_idx),
					pipe_default_auth_type ));
				return NT_STATUS_UNSUCCESSFUL;
		}
		if (!cmd_entry->rpc_pipe) {
			DEBUG(0, ("Could not initialise %s. Error was %s\n",
				cli_get_pipe_name(cmd_entry->pipe_idx),
				nt_errstr(ntresult) ));
			return ntresult;
		}

		if (cmd_entry->pipe_idx == PI_NETLOGON) {
			uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
			uint32 sec_channel_type;
			uchar trust_password[16];
	
			if (!secrets_fetch_trust_account_password(lp_workgroup(),
							trust_password,
							NULL, &sec_channel_type)) {
				return NT_STATUS_UNSUCCESSFUL;
			}
		
			ntresult = rpccli_netlogon_setup_creds(cmd_entry->rpc_pipe,
						cli->desthost,   /* server name */
						lp_workgroup(),  /* domain */
						global_myname(), /* client name */
						global_myname(), /* machine account name */
						trust_password,
						sec_channel_type,
						&neg_flags);

			if (!NT_STATUS_IS_OK(ntresult)) {
				DEBUG(0, ("Could not initialise credentials for %s.\n",
					cli_get_pipe_name(cmd_entry->pipe_idx)));
				return ntresult;
			}
		}
	}

	/* Run command */

	if ( cmd_entry->returntype == RPC_RTYPE_NTSTATUS ) {
		ntresult = cmd_entry->ntfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
		if (!NT_STATUS_IS_OK(ntresult)) {
			printf("result was %s\n", nt_errstr(ntresult));
		}
	} else {
		wresult = cmd_entry->wfn(cmd_entry->rpc_pipe, mem_ctx, argc, (const char **) argv);
		/* print out the DOS error */
		if (!W_ERROR_IS_OK(wresult)) {
			printf( "result was %s\n", dos_errstr(wresult));
		}
		ntresult = W_ERROR_IS_OK(wresult)?NT_STATUS_OK:NT_STATUS_UNSUCCESSFUL;
	}

	/* Cleanup */

	talloc_destroy(mem_ctx);

	return ntresult;
}


/**
 * Process a command entered at the prompt or as part of -c
 *
 * @returns The NTSTATUS from running the command.
 **/
static NTSTATUS process_cmd(struct cli_state *cli, char *cmd)
{
	struct cmd_list *temp_list;
	NTSTATUS result = NT_STATUS_OK;
	int ret;
	int argc;
	char **argv = NULL;

	if ((ret = poptParseArgvString(cmd, &argc, (const char ***) &argv)) != 0) {
		fprintf(stderr, "rpcclient: %s\n", poptStrerror(ret));
		return NT_STATUS_UNSUCCESSFUL;
	}


	/* Walk through a dlist of arrays of commands. */
	for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
		struct cmd_set *temp_set = temp_list->cmd_set;

		while (temp_set->name) {
			if (strequal(argv[0], temp_set->name)) {
				if (!(temp_set->returntype == RPC_RTYPE_NTSTATUS && temp_set->ntfn ) &&
                         !(temp_set->returntype == RPC_RTYPE_WERROR && temp_set->wfn )) {
					fprintf (stderr, "Invalid command\n");
					goto out_free;
				}

				result = do_cmd(cli, temp_set, argc, argv);

				goto out_free;
			}
			temp_set++;
		}
	}

	if (argv[0]) {
		printf("command not found: %s\n", argv[0]);
	}

out_free:
/* moved to do_cmd()
	if (!NT_STATUS_IS_OK(result)) {
		printf("result was %s\n", nt_errstr(result));
	}
*/

	if (argv) {
		/* NOTE: popt allocates the whole argv, including the
		 * strings, as a single block.  So a single free is
		 * enough to release it -- we don't free the
		 * individual strings.  rtfm. */
		free(argv);
	}
	
	return result;
}


/* Main function */

 int main(int argc, char *argv[])
{
	BOOL 			interactive = True;
	int 			opt;
	static char		*cmdstr = NULL;
	const char *server;
	struct cli_state	*cli;
        struct cli_state        *cli2;
        struct rpc_pipe_client  *pipec;
        struct rpc_pipe_client  *pipec2;
	static char 		*opt_ipaddr=NULL;
	struct cmd_set 		**cmd_set;
	struct in_addr 		server_ip;
	NTSTATUS 		nt_status;
	static int		opt_port = 0;
	fstring new_workgroup;

	/* make sure the vars that get altered (4th field) are in
	   a fixed location or certain compilers complain */
	poptContext pc;
	struct poptOption long_options[] = {
		POPT_AUTOHELP
		{"command",	'c', POPT_ARG_STRING,	&cmdstr, 'c', "Execute semicolon separated cmds", "COMMANDS"},
		{"dest-ip", 'I', POPT_ARG_STRING,   &opt_ipaddr, 'I', "Specify destination IP address", "IP"},
		{"port", 'p', POPT_ARG_INT,   &opt_port, 'p', "Specify port number", "PORT"},
		POPT_COMMON_SAMBA
		POPT_COMMON_CONNECTION
		POPT_COMMON_CREDENTIALS
		POPT_TABLEEND
	};

	load_case_tables();

	ZERO_STRUCT(server_ip);

	setlinebuf(stdout);

	/* the following functions are part of the Samba debugging
	   facilities.  See lib/debug.c */
	setup_logging("rpcclient", interactive);
	if (!interactive) 
		reopen_logs();
	
	/* Parse options */

	pc = poptGetContext("rpcclient", argc, (const char **) argv,
			    long_options, 0);

	if (argc == 1) {
		poptPrintHelp(pc, stderr, 0);
		return 0;
	}
	
	while((opt = poptGetNextOpt(pc)) != -1) {
		switch (opt) {

		case 'I':
		        if ( (server_ip.s_addr=inet_addr(opt_ipaddr)) == INADDR_NONE ) {
				fprintf(stderr, "%s not a valid IP address\n",
					opt_ipaddr);
				return 1;
			}
		}
	}

	/* Get server as remaining unparsed argument.  Print usage if more
	   than one unparsed argument is present. */

	server = poptGetArg(pc);
	
	if (!server || poptGetArg(pc)) {
		poptPrintHelp(pc, stderr, 0);
		return 1;
	}

	poptFreeContext(pc);

	load_interfaces();

	if (!init_names())
		return 1;

	/* save the workgroup...
	
	   FIXME!! do we need to do this for other options as well 
	   (or maybe a generic way to keep lp_load() from overwriting 
	   everything)?  */
	
	fstrcpy( new_workgroup, lp_workgroup() );

	/* Load smb.conf file */

	if (!lp_load(dyn_CONFIGFILE,True,False,False))
		fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);

	if ( strlen(new_workgroup) != 0 )
		set_global_myworkgroup( new_workgroup );

	/*
	 * Get password
	 * from stdin if necessary
	 */

	if (!cmdline_auth_info.got_pass) {
		char *pass = getpass("Password:");
		if (pass) {
			pstrcpy(cmdline_auth_info.password, pass);
		}
	}
	
#if 0	/* COMMENT OUT FOR TESTING */
	memset(cmdline_auth_info.password,'X',sizeof(cmdline_auth_info.password));
#endif

	/* Load command lists */

	cmd_set = rpcclient_command_list;

	while(*cmd_set) {
		add_command_set(*cmd_set);
		add_command_set(separator_command);
		cmd_set++;
	}

	//fetch_machine_sid(cli);
        {
            int result = 0;
            NTSTATUS cmd_result;
            nt_status = cli_full_connection(&cli, global_myname(), server, 
                                            opt_ipaddr ? &server_ip : NULL, opt_port,
                                            "IPC$", "IPC",  
                                            cmdline_auth_info.username, 
                                            lp_workgroup(),
                                            cmdline_auth_info.password, 
                                            cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
                                            cmdline_auth_info.signing_state,NULL);
	
            if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(0,("Cannot connect to server in cli.  Error was %s\n", nt_errstr(nt_status)));
                return 1;
            }
            pipec = get_rpc_netlogon_pipe(cli);
            if (pipec == NULL) {
                printf("Failed to get rpc pipe\n");
            }
            cmd_result = run_cmd(pipec, &rpcclient_command_list[0][8], (char*)"samlogon Administrator secret00");
            result = NT_STATUS_IS_ERR(cmd_result);
            printf("result was %d\n", result);

            nt_status = cli_full_connection(&cli2, global_myname(), server, 
                                            opt_ipaddr ? &server_ip : NULL, opt_port,
                                            "IPC$", "IPC",  
                                            cmdline_auth_info.username, 
                                            lp_workgroup(),
                                            cmdline_auth_info.password, 
                                            cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0,
                                            cmdline_auth_info.signing_state,NULL);
	
            if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(0,("Cannot connect to server in cli2.  Error was %s\n", nt_errstr(nt_status)));
                return 1;
            }
            pipec2 = get_rpc_netlogon_pipe(cli2);
            if (pipec2 == NULL) {
                printf("Failed to get rpc pipe2\n");
            }
            cmd_result = run_cmd(pipec2, &rpcclient_command_list[0][8], (char*)"samlogon Administrator secret00");
            result = NT_STATUS_IS_ERR(cmd_result);
            printf("result was %d\n", result);
 
            cmd_result = run_cmd(pipec, &rpcclient_command_list[0][8], (char*)"samlogon Administrator secret00");
            result = NT_STATUS_IS_ERR(cmd_result);
            printf("result was %d\n", result);
 
            cmd_result = run_cmd(pipec2, &rpcclient_command_list[0][8], (char*)"samlogon Administrator secret00");
            result = NT_STATUS_IS_ERR(cmd_result);
            printf("result was %d\n", result);
           
            cli_shutdown(cli);
            cli_shutdown(cli2);
            return result;
        }

       /* Do anything specified with -c */
        /*
        if (cmdstr && cmdstr[0]) {
                char    *cmd;
                char    *p = cmdstr;
		int result = 0;
 
                while((cmd=next_command(&p)) != NULL) {
                        NTSTATUS cmd_result = process_cmd(cli, cmd);
			result = NT_STATUS_IS_ERR(cmd_result);
                }
		
		cli_shutdown(cli);
                return result;
        }
        */
	/* Loop around accepting commands */
        /*
	while(1) {
		pstring prompt;
		char *line;

		slprintf(prompt, sizeof(prompt) - 1, "rpcclient $> ");

		line = smb_readline(prompt, NULL, completion_fn);

		if (line == NULL)
			break;

		if (line[0] != '\n')
			process_cmd(cli, line);
	}
	cli_shutdown(cli);
	return 0;
        */
}


More information about the samba-technical mailing list