2 Unix SMB/CIFS implementation.
4 Extract the user/system database from a remote SamSync server
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "libnet/libnet.h"
25 #include "../lib/util/dlinklist.h"
26 #include "samba3/samba3.h"
27 #include "libcli/security/security.h"
28 #include "param/param.h"
31 struct samdump_secret
{
32 struct samdump_secret
*prev
, *next
;
38 struct samdump_trusted_domain
{
39 struct samdump_trusted_domain
*prev
, *next
;
44 struct samdump_state
{
45 struct samdump_secret
*secrets
;
46 struct samdump_trusted_domain
*trusted_domains
;
49 static NTSTATUS
vampire_samdump_handle_user(TALLOC_CTX
*mem_ctx
,
50 struct netr_DELTA_ENUM
*delta
)
52 uint32_t rid
= delta
->delta_id_union
.rid
;
53 struct netr_DELTA_USER
*user
= delta
->delta_union
.user
;
54 const char *username
= user
->account_name
.string
;
55 char *hex_lm_password
;
56 char *hex_nt_password
;
58 hex_lm_password
= smbpasswd_sethexpwd(mem_ctx
,
59 user
->lm_password_present
? &user
->lmpassword
: NULL
,
61 hex_nt_password
= smbpasswd_sethexpwd(mem_ctx
,
62 user
->nt_password_present
? &user
->ntpassword
: NULL
,
65 printf("%s:%d:%s:%s:%s:LCT-%08X\n", username
,
66 rid
, hex_lm_password
, hex_nt_password
,
67 smbpasswd_encode_acb_info(mem_ctx
, user
->acct_flags
),
68 (unsigned int)nt_time_to_unix(user
->last_password_change
));
73 static NTSTATUS
vampire_samdump_handle_secret(TALLOC_CTX
*mem_ctx
,
74 struct samdump_state
*samdump_state
,
75 struct netr_DELTA_ENUM
*delta
)
77 struct netr_DELTA_SECRET
*secret
= delta
->delta_union
.secret
;
78 const char *name
= delta
->delta_id_union
.name
;
79 struct samdump_secret
*n
= talloc(samdump_state
, struct samdump_secret
);
81 n
->name
= talloc_strdup(n
, name
);
82 n
->secret
= data_blob_talloc(n
, secret
->current_cipher
.cipher_data
, secret
->current_cipher
.maxlen
);
83 n
->mtime
= secret
->current_cipher_set_time
;
85 DLIST_ADD(samdump_state
->secrets
, n
);
90 static NTSTATUS
vampire_samdump_handle_trusted_domain(TALLOC_CTX
*mem_ctx
,
91 struct samdump_state
*samdump_state
,
92 struct netr_DELTA_ENUM
*delta
)
94 struct netr_DELTA_TRUSTED_DOMAIN
*trusted_domain
= delta
->delta_union
.trusted_domain
;
95 struct dom_sid
*dom_sid
= delta
->delta_id_union
.sid
;
97 struct samdump_trusted_domain
*n
= talloc(samdump_state
, struct samdump_trusted_domain
);
99 n
->name
= talloc_strdup(n
, trusted_domain
->domain_name
.string
);
100 n
->sid
= talloc_steal(n
, dom_sid
);
102 DLIST_ADD(samdump_state
->trusted_domains
, n
);
107 static NTSTATUS
libnet_samdump_fn(TALLOC_CTX
*mem_ctx
,
109 enum netr_SamDatabaseID database
,
110 struct netr_DELTA_ENUM
*delta
,
113 NTSTATUS nt_status
= NT_STATUS_OK
;
114 struct samdump_state
*samdump_state
= (struct samdump_state
*)private_data
;
116 *error_string
= NULL
;
117 switch (delta
->delta_type
) {
118 case NETR_DELTA_USER
:
120 /* not interested in builtin users */
121 if (database
== SAM_DATABASE_DOMAIN
) {
122 nt_status
= vampire_samdump_handle_user(mem_ctx
,
127 case NETR_DELTA_SECRET
:
129 nt_status
= vampire_samdump_handle_secret(mem_ctx
,
134 case NETR_DELTA_TRUSTED_DOMAIN
:
136 nt_status
= vampire_samdump_handle_trusted_domain(mem_ctx
,
142 /* Can't dump them all right now */
148 NTSTATUS
libnet_SamDump(struct libnet_context
*ctx
, TALLOC_CTX
*mem_ctx
,
149 struct libnet_SamDump
*r
)
152 struct libnet_SamSync r2
;
153 struct samdump_state
*samdump_state
= talloc(mem_ctx
, struct samdump_state
);
155 struct samdump_trusted_domain
*t
;
156 struct samdump_secret
*s
;
158 if (!samdump_state
) {
159 return NT_STATUS_NO_MEMORY
;
162 samdump_state
->secrets
= NULL
;
163 samdump_state
->trusted_domains
= NULL
;
165 r2
.out
.error_string
= NULL
;
166 r2
.in
.binding_string
= r
->in
.binding_string
;
167 r2
.in
.init_fn
= NULL
;
168 r2
.in
.delta_fn
= libnet_samdump_fn
;
169 r2
.in
.fn_ctx
= samdump_state
;
170 r2
.in
.machine_account
= r
->in
.machine_account
;
171 nt_status
= libnet_SamSync_netlogon(ctx
, samdump_state
, &r2
);
172 r
->out
.error_string
= r2
.out
.error_string
;
173 talloc_steal(mem_ctx
, r
->out
.error_string
);
175 if (!NT_STATUS_IS_OK(nt_status
)) {
176 talloc_free(samdump_state
);
180 printf("Trusted domains, sids and secrets:\n");
181 for (t
=samdump_state
->trusted_domains
; t
; t
=t
->next
) {
182 char *secret_name
= talloc_asprintf(mem_ctx
, "G$$%s", t
->name
);
183 for (s
=samdump_state
->secrets
; s
; s
=s
->next
) {
185 if (strcasecmp_m(s
->name
, secret_name
) != 0) {
188 if (!convert_string_talloc_convenience(mem_ctx
, lpcfg_iconv_convenience(ctx
->lp_ctx
), CH_UTF16
, CH_UNIX
,
189 s
->secret
.data
, s
->secret
.length
,
190 (void **)&secret_string
, NULL
, false)) {
191 r
->out
.error_string
= talloc_asprintf(mem_ctx
,
192 "Could not convert secret for domain %s to a string",
194 talloc_free(samdump_state
);
195 return NT_STATUS_INVALID_PARAMETER
;
197 printf("%s\t%s\t%s\n",
198 t
->name
, dom_sid_string(mem_ctx
, t
->sid
),
202 talloc_free(samdump_state
);