search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
if we are adding a new sambaAccount, make sure that we add a
[Samba.git] / source / rpcclient / samsync.c
blobc1be521c553a94a2163dce009634151293f57bf7
1 /*
2 Unix SMB/Netbios implementation.
3 Version 2.2
4 RPC pipe client
5
6 Copyright (C) Tim Potter 2001
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24
25 /* Synchronise sam database */
26
27 static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
28 BOOL do_smbpasswd_output)
29 {
30 TALLOC_CTX *mem_ctx;
31 SAM_DELTA_HDR *hdr_deltas;
32 SAM_DELTA_CTR *deltas;
33 uint32 database_id = 0, num_deltas;
34 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
35
36 /* Initialise */
37
38 if (!(mem_ctx = talloc_init())) {
39 DEBUG(0,("talloc_init failed\n"));
40 return result;
41 }
42
43 if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
44 DEBUG(0, ("Could not initialize netlogon pipe!\n"));
45 goto done;
46 }
47
48 /* Request a challenge */
49
50 if (!NT_STATUS_IS_OK(new_cli_nt_setup_creds(cli, trust_passwd))) {
51 DEBUG(0, ("Error initialising session creds\n"));
52 goto done;
53 }
54
55 /* Do sam synchronisation */
56
57 result = cli_netlogon_sam_sync(cli, mem_ctx, database_id,
58 &num_deltas, &hdr_deltas, &deltas);
59
60 if (!NT_STATUS_IS_OK(result)) {
61 goto done;
62 }
63
64 /* Produce smbpasswd output - good for migrating from NT! */
65
66 if (do_smbpasswd_output) {
67 int i;
68
69 for (i = 0; i < num_deltas; i++) {
70 SAM_ACCOUNT_INFO *a;
71 fstring acct_name, hex_nt_passwd, hex_lm_passwd;
72 uchar lm_passwd[16], nt_passwd[16];
73
74 /* Skip non-user accounts */
75
76 if (hdr_deltas[i].type != SAM_DELTA_ACCOUNT_INFO)
77 continue;
78
79 a = &deltas[i].account_info;
80
81 unistr2_to_unix(acct_name, &a->uni_acct_name,
82 sizeof(acct_name) - 1);
83
84 /* Decode hashes from password hash */
85
86 sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd,
87 lm_passwd, 0);
88 sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd,
89 nt_passwd, 0);
90
91 /* Encode as strings */
92
93 smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd,
94 a->acb_info);
95 smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd,
96 a->acb_info);
97
98 /* Display user info */
99
100 printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name,
101 a->user_rid, hex_lm_passwd, hex_nt_passwd,
102 smbpasswd_encode_acb_info(
103 deltas[i].account_info.acb_info));
104 }
105
106 goto done;
107 }
108
109 /* Update sam tdb */
110
111 done:
112 cli_nt_session_close(cli);
113 talloc_destroy(mem_ctx);
114
115 return result;
116 }
117
118 /* Replicate sam deltas */
119
120 static NTSTATUS sam_repl(struct cli_state *cli, unsigned char trust_passwde[16],
121 uint32 low_serial)
122 {
123 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
124
125 return result;
126 }
127
128 /* Print usage information */
129
130 static void usage(void)
131 {
132 printf("Usage: samsync [options]\n");
133
134 printf("\t-d debuglevel set the debuglevel\n");
135 printf("\t-h Print this help message.\n");
136 printf("\t-s configfile specify an alternative config file\n");
137 printf("\t-S synchronise sam database\n");
138 printf("\t-R replicate sam deltas\n");
139 printf("\t-U username username and password\n");
140 printf("\t-p produce smbpasswd output\n");
141 printf("\n");
142 }
143
144 /* Initialise client credentials for authenticated pipe access */
145
146 void init_rpcclient_creds(struct ntuser_creds *creds, char* username,
147 char* domain, char* password)
148 {
149 ZERO_STRUCTP(creds);
150
151 if (lp_encrypted_passwords()) {
152 pwd_make_lm_nt_16(&creds->pwd, password);
153 } else {
154 pwd_set_cleartext(&creds->pwd, password);
155 }
156
157 fstrcpy(creds->user_name, username);
158 fstrcpy(creds->domain, domain);
159
160 if (! *username) {
161 creds->pwd.null_pwd = True;
162 }
163 }
164
165 /* Connect to primary domain controller */
166
167 static struct cli_state *init_connection(struct cli_state *cli,
168 char *username, char *domain,
169 char *password)
170 {
171 struct ntuser_creds creds;
172 extern pstring global_myname;
173 struct in_addr *dest_ip;
174 struct nmb_name calling, called;
175 int count;
176 fstring dest_host;
177
178 /* Initialise cli_state information */
179
180 ZERO_STRUCTP(cli);
181
182 if (!cli_initialise(cli)) {
183 return NULL;
184 }
185
186 init_rpcclient_creds(&creds, username, domain, password);
187 cli_init_creds(cli, &creds);
188
189 /* Look up name of PDC controller */
190
191 if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) {
192 DEBUG(0, ("Cannot find domain controller for domain %s\n",
193 lp_workgroup()));
194 return NULL;
195 }
196
197 if (!lookup_pdc_name(global_myname, lp_workgroup(), dest_ip,
198 dest_host)) {
199 DEBUG(0, ("Could not lookup up PDC name for domain %s\n",
200 lp_workgroup()));
201 return NULL;
202 }
203
204 get_myname((*global_myname)?NULL:global_myname);
205 strupper(global_myname);
206
207 make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
208 make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
209
210 /* Establish a SMB connection */
211
212 if (!cli_establish_connection(cli, dest_host, dest_ip, &calling,
213 &called, "IPC$", "IPC", False, True)) {
214 return NULL;
215 }
216
217 return cli;
218 }
219
220 /* Main function */
221
222 int main(int argc, char **argv)
223 {
224 BOOL do_sam_sync = False, do_sam_repl = False;
225 pstring servicesf = CONFIGFILE;
226 struct cli_state cli;
227 NTSTATUS result;
228 int opt;
229 pstring logfile;
230 BOOL interactive = False, do_smbpasswd_output = False;
231 uint32 low_serial = 0;
232 unsigned char trust_passwd[16];
233 fstring username, domain, password;
234
235 if (argc == 1) {
236 usage();
237 return 1;
238 }
239
240 ZERO_STRUCT(username);
241 ZERO_STRUCT(domain);
242 ZERO_STRUCT(password);
243
244 /* Parse command line options */
245
246 while((opt = getopt(argc, argv, "s:d:SR:hiU:W:p")) != EOF) {
247 switch (opt) {
248 case 's':
249 pstrcpy(servicesf, optarg);
250 break;
251 case 'd':
252 DEBUGLEVEL = atoi(optarg);
253 break;
254 case 'S':
255 do_sam_sync = 1;
256 break;
257 case 'R':
258 do_sam_repl = 1;
259 low_serial = atoi(optarg);
260 break;
261 case 'i':
262 interactive = True;
263 break;
264 case 'U': {
265 char *lp;
266
267 fstrcpy(username,optarg);
268 if ((lp=strchr(username,'%'))) {
269 *lp = 0;
270 fstrcpy(password,lp+1);
271 memset(strchr(optarg, '%') + 1, 'X',
272 strlen(password));
273 }
274 break;
275 }
276 case 'W':
277 pstrcpy(domain, optarg);
278 break;
279 case 'p':
280 do_smbpasswd_output = True;
281 break;
282 case 'h':
283 default:
284 usage();
285 exit(1);
286 }
287 }
288
289 argc -= optind;
290
291 if (argc > 0) {
292 usage();
293 return 1;
294 }
295
296 /* Initialise samba */
297
298 slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", LOGFILEBASE,
299 "samsync");
300 lp_set_logfile(logfile);
301
302 setup_logging("samsync", interactive);
303
304 if (!interactive)
305 reopen_logs();
306
307 if (!lp_load(servicesf, True, False, False)) {
308 fprintf(stderr, "Can't load %s\n", servicesf);
309 }
310
311 load_interfaces();
312
313 TimeInit();
314
315 /* Check arguments make sense */
316
317 if (do_sam_sync && do_sam_repl) {
318 fprintf(stderr, "cannot specify both -S and -R\n");
319 return 1;
320
321 }
322
323 if (!do_sam_sync && !do_sam_repl) {
324 fprintf(stderr, "must specify either -S or -R\n");
325 return 1;
326 }
327
328 if (do_sam_repl && low_serial == 0) {
329 fprintf(stderr, "serial number must be positive\n");
330 return 1;
331 }
332
333 /* BDC operations require the machine account password */
334
335 if (!secrets_init()) {
336 DEBUG(0, ("Unable to initialise secrets database\n"));
337 return 1;
338 }
339
340 if (!secrets_fetch_trust_account_password(lp_workgroup(),
341 trust_passwd, NULL)) {
342 DEBUG(0, ("could not fetch trust account password\n"));
343 return 1;
344 }
345
346 /* Perform sync or replication */
347
348 if (!init_connection(&cli, username, domain, password))
349 return 1;
350
351 if (do_sam_sync)
352 result = sam_sync(&cli, trust_passwd, do_smbpasswd_output);
353
354 if (do_sam_repl)
355 result = sam_repl(&cli, trust_passwd, low_serial);
356
357 if (!NT_STATUS_IS_OK(result)) {
358 DEBUG(0, ("%s\n", get_nt_error_msg(result)));
359 return 1;
360 }
361
362 return 0;
363 }
Samba GIT mirror