From 2d1a798532c8a3774fec71ce3eeb3151c20d44e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 6 Sep 2016 17:11:29 +0200
Subject: s3-rpcclient: add packet auth level command

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/rpcclient/rpcclient.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

(limited to 'source3/rpcclient')

diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 398fe4a0f31..554620b0380 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -484,6 +484,47 @@ static NTSTATUS cmd_seal(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 	return cmd_set_ss_level();
 }
 
+static NTSTATUS cmd_packet(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+			   int argc, const char **argv)
+{
+	const char *p = "[KRB5|KRB5_SPNEGO|NTLMSSP|NTLMSSP_SPNEGO|SCHANNEL]";
+	const char *type = "NTLMSSP";
+
+	pipe_default_auth_level = DCERPC_AUTH_LEVEL_PACKET;
+	pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+
+	if (argc > 2) {
+		printf("Usage: %s %s\n", argv[0], p);
+		return NT_STATUS_OK;
+	}
+
+	if (argc == 2) {
+		type = argv[1];
+		if (strequal(type, "KRB5")) {
+			pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
+		} else if (strequal(type, "KRB5_SPNEGO")) {
+			pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+			pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
+		} else if (strequal(type, "NTLMSSP")) {
+			pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
+		} else if (strequal(type, "NTLMSSP_SPNEGO")) {
+			pipe_default_auth_type = DCERPC_AUTH_TYPE_SPNEGO;
+			pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
+		} else if (strequal(type, "SCHANNEL")) {
+			pipe_default_auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
+		} else {
+			printf("unknown type %s\n", type);
+			printf("Usage: %s %s\n", argv[0], p);
+			return NT_STATUS_INVALID_LEVEL;
+		}
+	}
+
+	d_printf("Setting %s - packet\n", type);
+
+	return cmd_set_ss_level();
+}
+
+
 static NTSTATUS cmd_timeout(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 			    int argc, const char **argv)
 {
@@ -576,6 +617,7 @@ static struct cmd_set rpcclient_commands[] = {
 	{ "quit", RPC_RTYPE_NTSTATUS, cmd_quit, NULL,	  NULL,	NULL, "Exit program", "" },
 	{ "sign", RPC_RTYPE_NTSTATUS, cmd_sign, NULL,	  NULL,	NULL, "Force RPC pipe connections to be signed", "" },
 	{ "seal", RPC_RTYPE_NTSTATUS, cmd_seal, NULL,	  NULL,	NULL, "Force RPC pipe connections to be sealed", "" },
+	{ "packet", RPC_RTYPE_NTSTATUS, cmd_packet, NULL,	  NULL,	NULL, "Force RPC pipe connections with packet authentication level", "" },
 	{ "schannel", RPC_RTYPE_NTSTATUS, cmd_schannel, NULL,	  NULL, NULL,	"Force RPC pipe connections to be sealed with 'schannel'.  Assumes valid machine account to this domain controller.", "" },
 	{ "schannelsign", RPC_RTYPE_NTSTATUS, cmd_schannel_sign, NULL,	  NULL, NULL, "Force RPC pipe connections to be signed (not sealed) with 'schannel'.  Assumes valid machine account to this domain controller.", "" },
 	{ "timeout", RPC_RTYPE_NTSTATUS, cmd_timeout, NULL,	  NULL, NULL, "Set timeout (in milliseconds) for RPC operations", "" },
-- 
cgit v1.2.1