The Samba-Bugzilla – Attachment 14841 Details for
Bug 11428
dcerpc binding string options are nowhere documented
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from master for v4.8, v4.9 and v4.10
patch (text/plain), 7.45 KB, created by
Guenther Deschner
on 2019-02-13 15:29:00 UTC
(
hide
)
Description:
patch from master for v4.8, v4.9 and v4.10
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2019-02-13 15:29:00 UTC
Size:
7.45 KB
patch
obsolete
>From 7f600ef479b8475362170b50504afd1312f07650 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 1 Feb 2019 18:51:53 +0100 >Subject: [PATCH] docs: Document DCEPRC binding string for rpcclient > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Feb 4 02:03:56 CET 2019 on sn-devel-144 > >(cherry picked from commit cca48c1a1029685672e1c25e39e8be2be947238f) >--- > docs-xml/manpages/rpcclient.1.xml | 74 ++++++++++++++++++++++++++++--- > librpc/binding-strings.txt | 53 +--------------------- > 2 files changed, 68 insertions(+), 59 deletions(-) > >diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml >index 1e167f8437c..93983ad8388 100644 >--- a/docs-xml/manpages/rpcclient.1.xml >+++ b/docs-xml/manpages/rpcclient.1.xml >@@ -29,7 +29,7 @@ > <arg choice="opt">-U username[%password]</arg> > <arg choice="opt">-W workgroup</arg> > <arg choice="opt">-I destinationIP</arg> >- <arg choice="req">server</arg> >+ <arg choice="req">BINDING-STRING|HOST</arg> > </cmdsynopsis> > </refsynopsisdiv> > >@@ -52,12 +52,72 @@ > > <variablelist> > <varlistentry> >- <term>server</term> >- <listitem><para>NetBIOS name of Server to which to connect. >- The server can be any SMB/CIFS server. The name is >- resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle> >- <manvolnum>5</manvolnum></citerefentry>.</para></listitem> >- </varlistentry> >+ <term>BINDING-STRING|HOST</term> >+ <listitem> >+ <para>When connecting to a dcerpc service you need to >+ specify a binding string.</para> >+ >+ <para>The format is:</para> >+ >+ <para>TRANSPORT:host[options]</para> >+ >+ <para>where TRANSPORT is either ncacn_np (named pipes) for SMB or >+ ncacn_ip_tcp for DCERPC over TCP/IP.</para> >+ >+ <para>"host" is an IP or hostname or netbios name. If the binding >+ string identifies the server side of an endpoint, "host" may be >+ an empty string. See below for more details.</para> >+ >+ <para>"options" can include a SMB pipe name if using the ncacn_np >+ transport or a TCP port number if using the ncacn_ip_tcp transport, >+ otherwise they will be auto-determined.</para> >+ >+ <para>Examples:</para> >+ >+ <itemizedlist> >+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[1024]</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,seal,krb5]</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp:samba.example.com[sign,spnego]</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr]</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">ncacn_np:samba.example.com[samr,sign,print]</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">ncalrpc:/path/to/unix/socket</parameter></para></listitem> >+ <listitem><para><parameter moreinfo="none">//SAMBA</parameter></para></listitem> >+ </itemizedlist> >+ >+ <para>The supported transports are:</para> >+ >+ <itemizedlist> >+ <listitem><para><parameter moreinfo="none">ncacn_np</parameter> - Connect using named pipes</para></listitem> >+ <listitem><para><parameter moreinfo="none">ncacn_ip_tcp</parameter> - Connect over TCP/IP</para></listitem> >+ <listitem><para><parameter moreinfo="none">ncalrpc</parameter> - Connect over local RPC (unix sockets)</para></listitem> >+ </itemizedlist> >+ >+ <para>The supported options are:</para> >+ >+ <itemizedlist> >+ <listitem><para><parameter moreinfo="none">sign</parameter> - Use RPC integrety autentication level</para></listitem> >+ <listitem><para><parameter moreinfo="none">seal</parameter> - Enable RPC privacy (encryption) autentication level</para></listitem> >+ <listitem><para><parameter moreinfo="none">connect</parameter> - Use RPC connect level authentication (auth, but no sign or seal)</para></listitem> >+ <listitem><para><parameter moreinfo="none">packet</parameter> - Use RPC packet authentication level</para></listitem> >+ >+ <listitem><para><parameter moreinfo="none">spnego</parameter> - Use SPNEGO instead of NTLMSSP authentication</para></listitem> >+ <listitem><para><parameter moreinfo="none">ntlm</parameter> - Use plain NTLM instead of SPNEGO or NTLMSSP</para></listitem> >+ <listitem><para><parameter moreinfo="none">krb5</parameter> - Use Kerberos instead of NTLMSSP authentication</para></listitem> >+ <listitem><para><parameter moreinfo="none">schannel</parameter> - Create a schannel connection</para></listitem> >+ >+ <listitem><para><parameter moreinfo="none">smb1</parameter> - Use SMB1 for named pipes</para></listitem> >+ <listitem><para><parameter moreinfo="none">smb2</parameter> - Use SMB2/3 for named pipes</para></listitem> >+ >+ <listitem><para><parameter moreinfo="none">validate</parameter> - Enable the NDR validator</para></listitem> >+ <listitem><para><parameter moreinfo="none">print</parameter> - Enable debug output of packets</para></listitem> >+ <listitem><para><parameter moreinfo="none">padcheck</parameter> - Check reply data for non-zero pad bytes</para></listitem> >+ <listitem><para><parameter moreinfo="none">bigendian</parameter> - Use big endian for RPC</para></listitem> >+ <listitem><para><parameter moreinfo="none">ndr64</parameter> - Use NDR64 for RPC</para></listitem> >+ </itemizedlist> >+ >+ </listitem> >+ </varlistentry> > > > <varlistentry> >diff --git a/librpc/binding-strings.txt b/librpc/binding-strings.txt >index 5503da107b4..ca3d1b65972 100644 >--- a/librpc/binding-strings.txt >+++ b/librpc/binding-strings.txt >@@ -1,55 +1,4 @@ > DCERPC binding strings > ---------------------- > >-When connecting to a dcerpc service you need to specify a binding >-string. >- >-The format is: >- >- TRANSPORT:host[flags] >- >-where TRANSPORT is either ncacn_np for SMB or ncacn_ip_tcp for RPC/TCP >- >-"host" is an IP or hostname or netbios name. If the binding string >-identifies the server side of an endpoint, "host" may be an empty >-string. >- >-"flags" can include a SMB pipe name if using the ncacn_np transport or >-a TCP port number if using the ncacn_ip_tcp transport, otherwise they >-will be auto-determined. >- >-other recognised flags are: >- >- sign : enable ntlmssp signing >- seal : enable ntlmssp sealing >- spnego : use SPNEGO instead of NTLMSSP authentication >- krb5 : use KRB5 instead of NTLMSSP authentication >- connect : enable rpc connect level auth (auth, but no sign or seal) >- validate : enable the NDR validator >- print : enable debugging of the packets >- bigendian : use bigendian RPC >- padcheck : check reply data for non-zero pad bytes >- >- >-Here are some examples: >- >- ncacn_np:myserver >- ncacn_np:myserver[samr] >- ncacn_np:myserver[\pipe\samr] >- ncacn_np:myserver[/pipe/samr] >- ncacn_np:myserver[samr,sign,print] >- ncacn_np:myserver[sign,spnego] >- ncacn_np:myserver[\pipe\samr,sign,seal,bigendian] >- ncacn_np:myserver[/pipe/samr,seal,validate] >- ncacn_np: >- ncacn_np:[/pipe/samr] >- ncacn_ip_tcp:myserver >- ncacn_ip_tcp:myserver[1024] >- ncacn_ip_tcp:myserver[sign,seal] >- ncacn_ip_tcp:myserver[spnego,seal] >- >- >-IDEA: Maybe extend UNC names like this? >- >- smbclient //server/share >- smbclient //server/share[sign,seal,spnego] >+Please consult the rpcclient(1) manpage for binding string details. >-- >2.20.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14841">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 11428
: 14841