2 Unix SMB/CIFS implementation.
4 Extract the user/system database from a remote SamSync server
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "libnet/libnet.h"
26 #include "dlinklist.h"
27 #include "samba3/samba3.h"
28 #include "librpc/gen_ndr/ndr_security.h"
31 struct samdump_secret
{
32 struct samdump_secret
*prev
, *next
;
38 struct samdump_trusted_domain
{
39 struct samdump_trusted_domain
*prev
, *next
;
44 struct samdump_state
{
45 struct samdump_secret
*secrets
;
46 struct samdump_trusted_domain
*trusted_domains
;
49 static NTSTATUS
vampire_samdump_handle_user(TALLOC_CTX
*mem_ctx
,
50 struct netr_DELTA_ENUM
*delta
)
52 uint32_t rid
= delta
->delta_id_union
.rid
;
53 struct netr_DELTA_USER
*user
= delta
->delta_union
.user
;
54 const char *username
= user
->account_name
.string
;
55 char *hex_lm_password
;
56 char *hex_nt_password
;
58 hex_lm_password
= smbpasswd_sethexpwd(mem_ctx
,
59 user
->lm_password_present
? &user
->lmpassword
: NULL
,
61 hex_nt_password
= smbpasswd_sethexpwd(mem_ctx
,
62 user
->nt_password_present
? &user
->ntpassword
: NULL
,
65 printf("%s:%d:%s:%s:%s:LCT-%08X\n", username
,
66 rid
, hex_lm_password
, hex_nt_password
,
67 smbpasswd_encode_acb_info(mem_ctx
, user
->acct_flags
),
68 (unsigned int)nt_time_to_unix(user
->last_password_change
));
73 static NTSTATUS
vampire_samdump_handle_secret(TALLOC_CTX
*mem_ctx
,
74 struct samdump_state
*samdump_state
,
75 struct netr_DELTA_ENUM
*delta
)
77 struct netr_DELTA_SECRET
*secret
= delta
->delta_union
.secret
;
78 const char *name
= delta
->delta_id_union
.name
;
79 struct samdump_secret
*new = talloc(samdump_state
, struct samdump_secret
);
81 new->name
= talloc_steal(new, name
);
82 new->secret
= data_blob_talloc(new, secret
->current_cipher
.cipher_data
, secret
->current_cipher
.maxlen
);
83 new->mtime
= secret
->current_cipher_set_time
;
85 DLIST_ADD(samdump_state
->secrets
, new);
90 static NTSTATUS
vampire_samdump_handle_trusted_domain(TALLOC_CTX
*mem_ctx
,
91 struct samdump_state
*samdump_state
,
92 struct netr_DELTA_ENUM
*delta
)
94 struct netr_DELTA_TRUSTED_DOMAIN
*trusted_domain
= delta
->delta_union
.trusted_domain
;
95 struct dom_sid
*dom_sid
= delta
->delta_id_union
.sid
;
97 struct samdump_trusted_domain
*new = talloc(samdump_state
, struct samdump_trusted_domain
);
99 new->name
= talloc_steal(new, trusted_domain
->domain_name
.string
);
100 new->sid
= talloc_steal(new, dom_sid
);
102 DLIST_ADD(samdump_state
->trusted_domains
, new);
107 static NTSTATUS
libnet_samdump_fn(TALLOC_CTX
*mem_ctx
,
109 enum netr_SamDatabaseID database
,
110 struct netr_DELTA_ENUM
*delta
,
113 NTSTATUS nt_status
= NT_STATUS_OK
;
114 struct samdump_state
*samdump_state
= private;
116 *error_string
= NULL
;
117 switch (delta
->delta_type
) {
118 case NETR_DELTA_USER
:
120 /* not interested in builtin users */
121 if (database
== SAM_DATABASE_DOMAIN
) {
122 nt_status
= vampire_samdump_handle_user(mem_ctx
,
127 case NETR_DELTA_SECRET
:
129 nt_status
= vampire_samdump_handle_secret(mem_ctx
,
134 case NETR_DELTA_TRUSTED_DOMAIN
:
136 nt_status
= vampire_samdump_handle_trusted_domain(mem_ctx
,
142 /* Can't dump them all right now */
148 NTSTATUS
libnet_SamDump(struct libnet_context
*ctx
, TALLOC_CTX
*mem_ctx
, struct libnet_SamDump
*r
)
151 struct libnet_SamSync r2
;
152 struct samdump_state
*samdump_state
= talloc(mem_ctx
, struct samdump_state
);
154 struct samdump_trusted_domain
*t
;
155 struct samdump_secret
*s
;
157 if (!samdump_state
) {
158 return NT_STATUS_NO_MEMORY
;
161 samdump_state
->secrets
= NULL
;
162 samdump_state
->trusted_domains
= NULL
;
164 r2
.out
.error_string
= NULL
;
165 r2
.in
.binding_string
= r
->in
.binding_string
;
166 r2
.in
.init_fn
= NULL
;
167 r2
.in
.delta_fn
= libnet_samdump_fn
;
168 r2
.in
.fn_ctx
= samdump_state
;
169 r2
.in
.machine_account
= r
->in
.machine_account
;
170 nt_status
= libnet_SamSync_netlogon(ctx
, samdump_state
, &r2
);
171 r
->out
.error_string
= r2
.out
.error_string
;
172 talloc_steal(mem_ctx
, r
->out
.error_string
);
174 if (!NT_STATUS_IS_OK(nt_status
)) {
175 talloc_free(samdump_state
);
179 printf("Trusted domains, sids and secrets:\n");
180 for (t
=samdump_state
->trusted_domains
; t
; t
=t
->next
) {
181 char *secret_name
= talloc_asprintf(mem_ctx
, "G$$%s", t
->name
);
182 for (s
=samdump_state
->secrets
; s
; s
=s
->next
) {
184 if (strcasecmp_m(s
->name
, secret_name
) != 0) {
187 if (convert_string_talloc(mem_ctx
, CH_UTF16
, CH_UNIX
,
188 s
->secret
.data
, s
->secret
.length
,
189 (void **)&secret_string
) == -1) {
190 r
->out
.error_string
= talloc_asprintf(mem_ctx
,
191 "Could not convert secret for domain %s to a string\n",
193 talloc_free(samdump_state
);
194 return NT_STATUS_INVALID_PARAMETER
;
196 printf("%s\t%s\t%s\n",
197 t
->name
, dom_sid_string(mem_ctx
, t
->sid
),
201 talloc_free(samdump_state
);