dssync: allow replications of a single obj with net rpc vampire keytab.
[Samba.git] / source / utils / net_rpc_samsync.c
blob11ada717dac14ab9a89e1fef7f1421c975517d58
1 /*
2 Unix SMB/CIFS implementation.
3 dump the remote SAM using rpc samsync operations
5 Copyright (C) Andrew Tridgell 2002
6 Copyright (C) Tim Potter 2001,2002
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
8 Modified by Volker Lendecke 2002
9 Copyright (C) Jeremy Allison 2005.
10 Copyright (C) Guenther Deschner 2008.
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "includes.h"
27 #include "utils/net.h"
29 /* dump sam database via samsync rpc calls */
30 NTSTATUS rpc_samdump_internals(struct net_context *c,
31 const DOM_SID *domain_sid,
32 const char *domain_name,
33 struct cli_state *cli,
34 struct rpc_pipe_client *pipe_hnd,
35 TALLOC_CTX *mem_ctx,
36 int argc,
37 const char **argv)
39 struct samsync_context *ctx = NULL;
40 NTSTATUS status;
42 status = libnet_samsync_init_context(mem_ctx,
43 domain_sid,
44 &ctx);
45 if (!NT_STATUS_IS_OK(status)) {
46 return status;
49 ctx->mode = NET_SAMSYNC_MODE_DUMP;
50 ctx->cli = pipe_hnd;
51 ctx->delta_fn = display_sam_entries;
52 ctx->domain_name = domain_name;
54 libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
56 libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
58 libnet_samsync(SAM_DATABASE_PRIVS, ctx);
60 TALLOC_FREE(ctx);
62 return NT_STATUS_OK;
65 /**
66 * Basic usage function for 'net rpc vampire'
68 * @param c A net_context structure
69 * @param argc Standard main() style argc
70 * @param argc Standard main() style argv. Initial components are already
71 * stripped
72 **/
74 int rpc_vampire_usage(struct net_context *c, int argc, const char **argv)
76 d_printf("net rpc vampire ([ldif [<ldif-filename>] | [keytab] [<keytab-filename]) [options]\n"
77 "\t to pull accounts from a remote PDC where we are a BDC\n"
78 "\t\t no args puts accounts in local passdb from smb.conf\n"
79 "\t\t ldif - put accounts in ldif format (file defaults to "
80 "/tmp/tmp.ldif)\n"
81 "\t\t keytab - put account passwords in krb5 keytab (defaults "
82 "to system keytab)\n");
84 net_common_flags_usage(c, argc, argv);
85 return -1;
89 /* dump sam database via samsync rpc calls */
90 NTSTATUS rpc_vampire_internals(struct net_context *c,
91 const DOM_SID *domain_sid,
92 const char *domain_name,
93 struct cli_state *cli,
94 struct rpc_pipe_client *pipe_hnd,
95 TALLOC_CTX *mem_ctx,
96 int argc,
97 const char **argv)
99 NTSTATUS result;
100 struct samsync_context *ctx = NULL;
102 if (!sid_equal(domain_sid, get_global_sam_sid())) {
103 d_printf("Cannot import users from %s at this time, "
104 "as the current domain:\n\t%s: %s\nconflicts "
105 "with the remote domain\n\t%s: %s\n"
106 "Perhaps you need to set: \n\n\tsecurity=user\n\t"
107 "workgroup=%s\n\n in your smb.conf?\n",
108 domain_name,
109 get_global_sam_name(),
110 sid_string_dbg(get_global_sam_sid()),
111 domain_name,
112 sid_string_dbg(domain_sid),
113 domain_name);
114 return NT_STATUS_UNSUCCESSFUL;
117 result = libnet_samsync_init_context(mem_ctx,
118 domain_sid,
119 &ctx);
120 if (!NT_STATUS_IS_OK(result)) {
121 return result;
124 ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB;
125 ctx->cli = pipe_hnd;
126 ctx->delta_fn = fetch_sam_entries;
127 ctx->domain_name = domain_name;
129 /* fetch domain */
130 result = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
132 if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
133 d_fprintf(stderr, "%s\n", ctx->error_message);
134 goto fail;
137 if (ctx->result_message) {
138 d_fprintf(stdout, "%s\n", ctx->result_message);
141 /* fetch builtin */
142 ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin);
143 ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
144 result = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
146 if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
147 d_fprintf(stderr, "%s\n", ctx->error_message);
148 goto fail;
151 if (ctx->result_message) {
152 d_fprintf(stdout, "%s\n", ctx->result_message);
155 fail:
156 TALLOC_FREE(ctx);
157 return result;
160 NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
161 const DOM_SID *domain_sid,
162 const char *domain_name,
163 struct cli_state *cli,
164 struct rpc_pipe_client *pipe_hnd,
165 TALLOC_CTX *mem_ctx,
166 int argc,
167 const char **argv)
169 NTSTATUS status;
170 struct samsync_context *ctx = NULL;
172 status = libnet_samsync_init_context(mem_ctx,
173 domain_sid,
174 &ctx);
175 if (!NT_STATUS_IS_OK(status)) {
176 return status;
179 if (argc >= 1) {
180 ctx->output_filename = argv[0];
183 ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF;
184 ctx->cli = pipe_hnd;
185 ctx->delta_fn = fetch_sam_entries_ldif;
186 ctx->domain_name = domain_name;
188 /* fetch domain */
189 status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
191 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
192 d_fprintf(stderr, "%s\n", ctx->error_message);
193 goto fail;
196 if (ctx->result_message) {
197 d_fprintf(stdout, "%s\n", ctx->result_message);
200 /* fetch builtin */
201 ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin);
202 ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
203 status = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
205 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
206 d_fprintf(stderr, "%s\n", ctx->error_message);
207 goto fail;
210 if (ctx->result_message) {
211 d_fprintf(stdout, "%s\n", ctx->result_message);
214 fail:
215 TALLOC_FREE(ctx);
216 return status;
219 int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
221 if (c->display_usage) {
222 d_printf("Usage\n"
223 "net rpc vampire ldif\n"
224 " Dump remote SAM database to LDIF file or stdout\n");
225 return 0;
228 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
229 rpc_vampire_ldif_internals, argc, argv);
233 NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
234 const DOM_SID *domain_sid,
235 const char *domain_name,
236 struct cli_state *cli,
237 struct rpc_pipe_client *pipe_hnd,
238 TALLOC_CTX *mem_ctx,
239 int argc,
240 const char **argv)
242 NTSTATUS status;
243 struct samsync_context *ctx = NULL;
245 status = libnet_samsync_init_context(mem_ctx,
246 domain_sid,
247 &ctx);
248 if (!NT_STATUS_IS_OK(status)) {
249 return status;
252 if (argc >= 1) {
253 ctx->output_filename = argv[0];
256 ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB;
257 ctx->cli = pipe_hnd;
258 ctx->delta_fn = fetch_sam_entries_keytab;
259 ctx->domain_name = domain_name;
260 ctx->username = c->opt_user_name;
261 ctx->password = c->opt_password;
263 /* fetch domain */
264 status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
266 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
267 d_fprintf(stderr, "%s\n", ctx->error_message);
268 goto out;
271 if (ctx->result_message) {
272 d_fprintf(stdout, "%s\n", ctx->result_message);
275 out:
276 TALLOC_FREE(ctx);
278 return status;
281 static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
282 const DOM_SID *domain_sid,
283 const char *domain_name,
284 struct cli_state *cli,
285 struct rpc_pipe_client *pipe_hnd,
286 TALLOC_CTX *mem_ctx,
287 int argc,
288 const char **argv)
290 NTSTATUS status;
291 struct dssync_context *ctx = NULL;
293 status = libnet_dssync_init_context(mem_ctx,
294 &ctx);
295 if (!NT_STATUS_IS_OK(status)) {
296 return status;
299 if (argc >= 1) {
300 ctx->output_filename = argv[0];
302 if (argc >= 2) {
303 ctx->object_dn = argv[1];
304 ctx->single = true;
307 ctx->cli = pipe_hnd;
308 ctx->domain_name = domain_name;
309 ctx->ops = &libnet_dssync_keytab_ops;
311 status = libnet_dssync(mem_ctx, ctx);
312 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
313 d_fprintf(stderr, "%s\n", ctx->error_message);
314 goto out;
317 if (ctx->result_message) {
318 d_fprintf(stdout, "%s\n", ctx->result_message);
321 out:
322 TALLOC_FREE(ctx);
324 return status;
328 * Basic function for 'net rpc vampire keytab'
330 * @param c A net_context structure
331 * @param argc Standard main() style argc
332 * @param argc Standard main() style argv. Initial components are already
333 * stripped
336 int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
338 int ret = 0;
340 if (c->display_usage) {
341 d_printf("Usage\n"
342 "net rpc vampire keytab\n"
343 " Dump remote SAM database to Kerberos keytab file\n");
344 return 0;
347 ret = run_rpc_command(c, NULL, &ndr_table_drsuapi.syntax_id,
348 NET_FLAGS_SEAL,
349 rpc_vampire_keytab_ds_internals, argc, argv);
350 if (ret == 0) {
351 return 0;
354 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
355 rpc_vampire_keytab_internals,
356 argc, argv);