diff options
| author | Andreas Schneider <asn@samba.org> | 2019-02-01 18:51:53 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-02-04 02:03:56 +0100 |
| commit | cca48c1a1029685672e1c25e39e8be2be947238f (patch) | |
| tree | 14955f1d3ffa3379562b61ae878ecc98c4781594 | |
| parent | 0e3eda5bab5ae9316a42725aea048fb350020ec7 (diff) | |
| download | samba-cca48c1a1029685672e1c25e39e8be2be947238f.tar.gz | |
docs: Document DCEPRC binding string for rpcclient
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 4 02:03:56 CET 2019 on sn-devel-144
| -rw-r--r-- | docs-xml/manpages/rpcclient.1.xml | 74 | ||||
| -rw-r--r-- | librpc/binding-strings.txt | 53 |
2 files changed, 68 insertions, 59 deletions
diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml index 1e167f8437c..93983ad8388 100644 --- a/docs-xml/manpages/rpcclient.1.xml +++ b/docs-xml/manpages/rpcclient.1.xml @@ -29,7 +29,7 @@ <arg choice="opt">-U username[%password]</arg> <arg choice="opt">-W workgroup</arg> <arg choice="opt">-I destinationIP</arg> - <arg choice="req">server</arg> + <arg choice="req">BINDING-STRING|HOST</arg> </cmdsynopsis> </refsynopsisdiv> @@ -52,12 +52,72 @@ <variablelist> <varlistentry> - <term>server</term> - <listitem><para>NetBIOS name of Server to which to connect. - The server can be any SMB/CIFS server. The name is - resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para></listitem> - </varlistentry> + <term>BINDING-STRING|HOST</term> + <listitem> + <para>When connecting to a dcerpc service you need to + specify a binding string.</para> + + <para>The format is:</para> + + <para>TRANSPORT:host[options]</para> + + <para>where TRANSPORT is either ncacn_np (named pipes) for SMB or + ncacn_ip_tcp for DCERPC over TCP/IP.</para> + + <para>"host" is an IP or hostname or netbios name. If the binding + string identifies the server side of an endpoint, "host" may be + an empty string. See below for more details.</para> + + <para>"options" can include a SMB pipe name if using the ncacn_np + transport or a TCP port number if using the ncacn_ip_tcp transport, + otherwise they will be auto-determined.</para> + + <para>Examples:</para> + + <itemizedlist> + <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[1024]</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,seal,krb5]</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,spnego]</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr]</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr,sign,print]</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">ncalrpc:/path/to/unix/socket</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">//SAMBA</parameter></para></listitem> + </itemizedlist> + + <para>The supported transports are:</para> + + <itemizedlist> + <listitem><para><parameter moreinfo="none">ncacn_np</parameter> - Connect using named pipes</para></listitem> + <listitem><para><parameter moreinfo="none">ncacn_ip_tcp</parameter> - Connect over TCP/IP</para></listitem> + <listitem><para><parameter moreinfo="none">ncalrpc</parameter> - Connect over local RPC (unix sockets)</para></listitem> + </itemizedlist> + + <para>The supported options are:</para> + + <itemizedlist> + <listitem><para><parameter moreinfo="none">sign</parameter> - Use RPC integrety autentication level</para></listitem> + <listitem><para><parameter moreinfo="none">seal</parameter> - Enable RPC privacy (encryption) autentication level</para></listitem> + <listitem><para><parameter moreinfo="none">connect</parameter> - Use RPC connect level authentication (auth, but no sign or seal)</para></listitem> + <listitem><para><parameter moreinfo="none">packet</parameter> - Use RPC packet authentication level</para></listitem> + + <listitem><para><parameter moreinfo="none">spnego</parameter> - Use SPNEGO instead of NTLMSSP authentication</para></listitem> + <listitem><para><parameter moreinfo="none">ntlm</parameter> - Use plain NTLM instead of SPNEGO or NTLMSSP</para></listitem> + <listitem><para><parameter moreinfo="none">krb5</parameter> - Use Kerberos instead of NTLMSSP authentication</para></listitem> + <listitem><para><parameter moreinfo="none">schannel</parameter> - Create a schannel connection</para></listitem> + + <listitem><para><parameter moreinfo="none">smb1</parameter> - Use SMB1 for named pipes</para></listitem> + <listitem><para><parameter moreinfo="none">smb2</parameter> - Use SMB2/3 for named pipes</para></listitem> + + <listitem><para><parameter moreinfo="none">validate</parameter> - Enable the NDR validator</para></listitem> + <listitem><para><parameter moreinfo="none">print</parameter> - Enable debug output of packets</para></listitem> + <listitem><para><parameter moreinfo="none">padcheck</parameter> - Check reply data for non-zero pad bytes</para></listitem> + <listitem><para><parameter moreinfo="none">bigendian</parameter> - Use big endian for RPC</para></listitem> + <listitem><para><parameter moreinfo="none">ndr64</parameter> - Use NDR64 for RPC</para></listitem> + </itemizedlist> + + </listitem> + </varlistentry> <varlistentry> diff --git a/librpc/binding-strings.txt b/librpc/binding-strings.txt index 5503da107b4..ca3d1b65972 100644 --- a/librpc/binding-strings.txt +++ b/librpc/binding-strings.txt @@ -1,55 +1,4 @@ DCERPC binding strings ---------------------- -When connecting to a dcerpc service you need to specify a binding -string. - -The format is: - - TRANSPORT:host[flags] - -where TRANSPORT is either ncacn_np for SMB or ncacn_ip_tcp for RPC/TCP - -"host" is an IP or hostname or netbios name. If the binding string -identifies the server side of an endpoint, "host" may be an empty -string. - -"flags" can include a SMB pipe name if using the ncacn_np transport or -a TCP port number if using the ncacn_ip_tcp transport, otherwise they -will be auto-determined. - -other recognised flags are: - - sign : enable ntlmssp signing - seal : enable ntlmssp sealing - spnego : use SPNEGO instead of NTLMSSP authentication - krb5 : use KRB5 instead of NTLMSSP authentication - connect : enable rpc connect level auth (auth, but no sign or seal) - validate : enable the NDR validator - print : enable debugging of the packets - bigendian : use bigendian RPC - padcheck : check reply data for non-zero pad bytes - - -Here are some examples: - - ncacn_np:myserver - ncacn_np:myserver[samr] - ncacn_np:myserver[\pipe\samr] - ncacn_np:myserver[/pipe/samr] - ncacn_np:myserver[samr,sign,print] - ncacn_np:myserver[sign,spnego] - ncacn_np:myserver[\pipe\samr,sign,seal,bigendian] - ncacn_np:myserver[/pipe/samr,seal,validate] - ncacn_np: - ncacn_np:[/pipe/samr] - ncacn_ip_tcp:myserver - ncacn_ip_tcp:myserver[1024] - ncacn_ip_tcp:myserver[sign,seal] - ncacn_ip_tcp:myserver[spnego,seal] - - -IDEA: Maybe extend UNC names like this? - - smbclient //server/share - smbclient //server/share[sign,seal,spnego] +Please consult the rpcclient(1) manpage for binding string details. |