[PATCH] Document DCERPC binding string in rpcclient
Andreas Schneider
asn at samba.org
Sat Feb 2 10:44:08 UTC 2019
On Friday, 1 February 2019 19:48:28 CET Andrew Bartlett wrote:
> On Fri, 2019-02-01 at 18:58 +0100, Andreas Schneider via samba-
>
> technical wrote:
> > Hi,
> >
> > please review and push if happy.
>
> This seems a reasonable idea. Can you update librpc/binding-
> strings.txt to point at this so we just have one document, and ensure
> everything has come over? (It looked like it, but it is still early on
> a Saturday morning...).
Hi Andrew,
thanks for the input. I've updated the manpage and improved it. in the
binding-strings.txt I just point to the rpcclient manpage.
I'm not aware of any other user tool which uses binding strings, I think it is
only rpcclient.
Thanks,
Andreas
-------------- next part --------------
>From 1a619c375f80c54a897adb91269df2e58002ee93 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 1 Feb 2019 18:51:53 +0100
Subject: [PATCH] docs: Document DCEPRC binding string for rpcclient
Signed-off-by: Andreas Schneider <asn at samba.org>
---
docs-xml/manpages/rpcclient.1.xml | 74 ++++++++++++++++++++++++++++---
librpc/binding-strings.txt | 53 +---------------------
2 files changed, 68 insertions(+), 59 deletions(-)
diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml
index 1e167f8437c..93983ad8388 100644
--- a/docs-xml/manpages/rpcclient.1.xml
+++ b/docs-xml/manpages/rpcclient.1.xml
@@ -29,7 +29,7 @@
<arg choice="opt">-U username[%password]</arg>
<arg choice="opt">-W workgroup</arg>
<arg choice="opt">-I destinationIP</arg>
- <arg choice="req">server</arg>
+ <arg choice="req">BINDING-STRING|HOST</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -52,12 +52,72 @@
<variablelist>
<varlistentry>
- <term>server</term>
- <listitem><para>NetBIOS name of Server to which to connect.
- The server can be any SMB/CIFS server. The name is
- resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
- <manvolnum>5</manvolnum></citerefentry>.</para></listitem>
- </varlistentry>
+ <term>BINDING-STRING|HOST</term>
+ <listitem>
+ <para>When connecting to a dcerpc service you need to
+ specify a binding string.</para>
+
+ <para>The format is:</para>
+
+ <para>TRANSPORT:host[options]</para>
+
+ <para>where TRANSPORT is either ncacn_np (named pipes) for SMB or
+ ncacn_ip_tcp for DCERPC over TCP/IP.</para>
+
+ <para>"host" is an IP or hostname or netbios name. If the binding
+ string identifies the server side of an endpoint, "host" may be
+ an empty string. See below for more details.</para>
+
+ <para>"options" can include a SMB pipe name if using the ncacn_np
+ transport or a TCP port number if using the ncacn_ip_tcp transport,
+ otherwise they will be auto-determined.</para>
+
+ <para>Examples:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[1024]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,seal,krb5]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,spnego]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr,sign,print]</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">ncalrpc:/path/to/unix/socket</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">//SAMBA</parameter></para></listitem>
+ </itemizedlist>
+
+ <para>The supported transports are:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">ncacn_np</parameter> - Connect using named pipes</para></listitem>
+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp</parameter> - Connect over TCP/IP</para></listitem>
+ <listitem><para><parameter moreinfo="none">ncalrpc</parameter> - Connect over local RPC (unix sockets)</para></listitem>
+ </itemizedlist>
+
+ <para>The supported options are:</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">sign</parameter> - Use RPC integrety autentication level</para></listitem>
+ <listitem><para><parameter moreinfo="none">seal</parameter> - Enable RPC privacy (encryption) autentication level</para></listitem>
+ <listitem><para><parameter moreinfo="none">connect</parameter> - Use RPC connect level authentication (auth, but no sign or seal)</para></listitem>
+ <listitem><para><parameter moreinfo="none">packet</parameter> - Use RPC packet authentication level</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">spnego</parameter> - Use SPNEGO instead of NTLMSSP authentication</para></listitem>
+ <listitem><para><parameter moreinfo="none">ntlm</parameter> - Use plain NTLM instead of SPNEGO or NTLMSSP</para></listitem>
+ <listitem><para><parameter moreinfo="none">krb5</parameter> - Use Kerberos instead of NTLMSSP authentication</para></listitem>
+ <listitem><para><parameter moreinfo="none">schannel</parameter> - Create a schannel connection</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">smb1</parameter> - Use SMB1 for named pipes</para></listitem>
+ <listitem><para><parameter moreinfo="none">smb2</parameter> - Use SMB2/3 for named pipes</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">validate</parameter> - Enable the NDR validator</para></listitem>
+ <listitem><para><parameter moreinfo="none">print</parameter> - Enable debug output of packets</para></listitem>
+ <listitem><para><parameter moreinfo="none">padcheck</parameter> - Check reply data for non-zero pad bytes</para></listitem>
+ <listitem><para><parameter moreinfo="none">bigendian</parameter> - Use big endian for RPC</para></listitem>
+ <listitem><para><parameter moreinfo="none">ndr64</parameter> - Use NDR64 for RPC</para></listitem>
+ </itemizedlist>
+
+ </listitem>
+ </varlistentry>
<varlistentry>
diff --git a/librpc/binding-strings.txt b/librpc/binding-strings.txt
index 5503da107b4..ca3d1b65972 100644
--- a/librpc/binding-strings.txt
+++ b/librpc/binding-strings.txt
@@ -1,55 +1,4 @@
DCERPC binding strings
----------------------
-When connecting to a dcerpc service you need to specify a binding
-string.
-
-The format is:
-
- TRANSPORT:host[flags]
-
-where TRANSPORT is either ncacn_np for SMB or ncacn_ip_tcp for RPC/TCP
-
-"host" is an IP or hostname or netbios name. If the binding string
-identifies the server side of an endpoint, "host" may be an empty
-string.
-
-"flags" can include a SMB pipe name if using the ncacn_np transport or
-a TCP port number if using the ncacn_ip_tcp transport, otherwise they
-will be auto-determined.
-
-other recognised flags are:
-
- sign : enable ntlmssp signing
- seal : enable ntlmssp sealing
- spnego : use SPNEGO instead of NTLMSSP authentication
- krb5 : use KRB5 instead of NTLMSSP authentication
- connect : enable rpc connect level auth (auth, but no sign or seal)
- validate : enable the NDR validator
- print : enable debugging of the packets
- bigendian : use bigendian RPC
- padcheck : check reply data for non-zero pad bytes
-
-
-Here are some examples:
-
- ncacn_np:myserver
- ncacn_np:myserver[samr]
- ncacn_np:myserver[\pipe\samr]
- ncacn_np:myserver[/pipe/samr]
- ncacn_np:myserver[samr,sign,print]
- ncacn_np:myserver[sign,spnego]
- ncacn_np:myserver[\pipe\samr,sign,seal,bigendian]
- ncacn_np:myserver[/pipe/samr,seal,validate]
- ncacn_np:
- ncacn_np:[/pipe/samr]
- ncacn_ip_tcp:myserver
- ncacn_ip_tcp:myserver[1024]
- ncacn_ip_tcp:myserver[sign,seal]
- ncacn_ip_tcp:myserver[spnego,seal]
-
-
-IDEA: Maybe extend UNC names like this?
-
- smbclient //server/share
- smbclient //server/share[sign,seal,spnego]
+Please consult the rpcclient(1) manpage for binding string details.
--
2.20.1
More information about the samba-technical
mailing list