search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Removed version number from file header.
[Samba/ekacnet.git] / source / rpcclient / samsync.c
blob3a0bc2d6f69e8945db7aed5cbe2558e6af7b0554
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4
5 Copyright (C) Tim Potter 2001
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23
24 static void decode_domain_info(SAM_DOMAIN_INFO *a)
25 {
26 fstring temp;
27 printf("Domain Information\n");
28 printf("------------------\n");
29
30 unistr2_to_ascii(temp, &a->uni_dom_name, sizeof(temp)-1);
31 printf("\tDomain :%s\n", temp);
32 printf("\tMin password len :%d\n", a->min_pwd_len);
33 printf("\tpassword history len:%d\n", a->pwd_history_len);
34 printf("\tcreation time :%s\n", http_timestring(nt_time_to_unix(&a->creation_time)));
35 }
36
37 static void decode_sam_group_info(SAM_GROUP_INFO *a)
38 {
39 fstring temp;
40 printf("\nDomain Group Information\n");
41 printf("------------------------\n");
42
43 unistr2_to_ascii(temp, &a->uni_grp_name, sizeof(temp)-1);
44 printf("\tGroup name :%s\n", temp);
45 unistr2_to_ascii(temp, &a->uni_grp_desc, sizeof(temp)-1);
46 printf("\tGroup description :%s\n", temp);
47 printf("\trid :%d\n", a->gid.g_rid);
48 printf("\tattribute :%d\n", a->gid.attr);
49 }
50
51 static void decode_sam_account_info(SAM_ACCOUNT_INFO *a)
52 {
53 fstring temp;
54 printf("\nUser Information\n");
55 printf("----------------\n");
56
57 unistr2_to_ascii(temp, &a->uni_acct_name, sizeof(temp)-1);
58 printf("\tUser name :%s\n", temp);
59 printf("\tuser's rid :%d\n", a->user_rid);
60 printf("\tuser's primary gid :%d\n", a->group_rid);
61 unistr2_to_ascii(temp, &a->uni_full_name, sizeof(temp)-1);
62 printf("\tfull name :%s\n", temp);
63 unistr2_to_ascii(temp, &a->uni_home_dir, sizeof(temp)-1);
64 printf("\thome directory :%s\n", temp);
65 unistr2_to_ascii(temp, &a->uni_dir_drive, sizeof(temp)-1);
66 printf("\tdrive :%s\n", temp);
67 unistr2_to_ascii(temp, &a->uni_logon_script, sizeof(temp)-1);
68 printf("\tlogon script :%s\n", temp);
69 unistr2_to_ascii(temp, &a->uni_acct_desc, sizeof(temp)-1);
70 printf("\tdescription :%s\n", temp);
71 unistr2_to_ascii(temp, &a->uni_workstations, sizeof(temp)-1);
72 printf("\tworkstations :%s\n", temp);
73 }
74
75 static void decode_sam_grp_mem_info(SAM_GROUP_MEM_INFO *a)
76 {
77 int i;
78 printf("\nGroup members information\n");
79 printf("-------------------------\n");
80 printf("\tnum members :%d\n", a->num_members);
81
82 for (i=0; i<a->num_members; i++) {
83 printf("\trid, attr:%d, %d\n", a->rids[i], a->attribs[i]);
84 }
85 }
86
87 static void decode_sam_alias_info(SAM_ALIAS_INFO *a)
88 {
89 fstring temp;
90 printf("\nAlias Information\n");
91 printf("-----------------\n");
92
93 unistr2_to_ascii(temp, &a->uni_als_name, sizeof(temp)-1);
94 printf("\tname :%s\n", temp);
95 unistr2_to_ascii(temp, &a->uni_als_desc, sizeof(temp)-1);
96 printf("\tdescription :%s\n", temp);
97 printf("\trid :%d\n", a->als_rid);
98 }
99
100 static void decode_sam_als_mem_info(SAM_ALIAS_MEM_INFO *a)
101 {
102 int i;
103 fstring temp;
104 printf("\nAlias members Information\n");
105 printf("-------------------------\n");
106 printf("\tnum members :%d\n", a->num_members);
107 printf("\tnum sids :%d\n", a->num_sids);
108 for (i=0; i<a->num_sids; i++) {
109 printf("\tsid :%s\n", sid_to_string(temp, &a->sids[i].sid));
110 }
111
112
113 }
114
115 static void decode_sam_dom_info(SAM_DELTA_DOM *a)
116 {
117 fstring temp;
118 printf("\nDomain information\n");
119 printf("------------------\n");
120
121 unistr2_to_ascii(temp, &a->domain_name, sizeof(temp)-1);
122 printf("\tdomain name :%s\n", temp);
123 printf("\tsid :%s\n", sid_to_string(temp, &a->domain_sid.sid));
124 }
125
126 static void decode_sam_unk0e_info(SAM_DELTA_UNK0E *a)
127 {
128 fstring temp;
129 printf("\nTrust information\n");
130 printf("-----------------\n");
131
132 unistr2_to_ascii(temp, &a->domain, sizeof(temp)-1);
133 printf("\tdomain name :%s\n", temp);
134 printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid));
135 display_sec_desc(a->sec_desc);
136 }
137
138 static void decode_sam_privs_info(SAM_DELTA_PRIVS *a)
139 {
140 int i;
141 fstring temp;
142 printf("\nSID and privileges information\n");
143 printf("------------------------------\n");
144 printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid));
145 display_sec_desc(a->sec_desc);
146 printf("\tprivileges count :%d\n", a->privlist_count);
147 for (i=0; i<a->privlist_count; i++) {
148 unistr2_to_ascii(temp, &a->uni_privslist[i], sizeof(temp)-1);
149 printf("\tprivilege name :%s\n", temp);
150 printf("\tattribute :%d\n", a->attributes[i]);
151 }
152 }
153
154 static void decode_sam_unk12_info(SAM_DELTA_UNK12 *a)
155 {
156 fstring temp;
157 printf("\nTrusted information\n");
158 printf("-------------------\n");
159
160 unistr2_to_ascii(temp, &a->secret, sizeof(temp)-1);
161 printf("\tsecret name :%s\n", temp);
162 display_sec_desc(a->sec_desc);
163
164 printf("\ttime 1 :%s\n", http_timestring(nt_time_to_unix(&a->time1)));
165 printf("\ttime 2 :%s\n", http_timestring(nt_time_to_unix(&a->time2)));
166
167 display_sec_desc(a->sec_desc2);
168 }
169
170 static void decode_sam_stamp(SAM_DELTA_STAMP *a)
171 {
172 printf("\nStamp information\n");
173 printf("-----------------\n");
174 printf("\tsequence number :%d\n", a->seqnum);
175 }
176
177 static void decode_sam_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas)
178 {
179 int i;
180 for (i = 0; i < num_deltas; i++) {
181 switch (hdr_deltas[i].type) {
182 case SAM_DELTA_DOMAIN_INFO: {
183 SAM_DOMAIN_INFO *a;
184 a = &deltas[i].domain_info;
185 decode_domain_info(a);
186 break;
187 }
188 case SAM_DELTA_GROUP_INFO: {
189 SAM_GROUP_INFO *a;
190 a = &deltas[i].group_info;
191 decode_sam_group_info(a);
192 break;
193 }
194 case SAM_DELTA_ACCOUNT_INFO: {
195 SAM_ACCOUNT_INFO *a;
196 a = &deltas[i].account_info;
197 decode_sam_account_info(a);
198 break;
199 }
200 case SAM_DELTA_GROUP_MEM: {
201 SAM_GROUP_MEM_INFO *a;
202 a = &deltas[i].grp_mem_info;
203 decode_sam_grp_mem_info(a);
204 break;
205 }
206 case SAM_DELTA_ALIAS_INFO: {
207 SAM_ALIAS_INFO *a;
208 a = &deltas[i].alias_info;
209 decode_sam_alias_info(a);
210 break;
211 }
212 case SAM_DELTA_ALIAS_MEM: {
213 SAM_ALIAS_MEM_INFO *a;
214 a = &deltas[i].als_mem_info;
215 decode_sam_als_mem_info(a);
216 break;
217 }
218 case SAM_DELTA_DOM_INFO: {
219 SAM_DELTA_DOM *a;
220 a = &deltas[i].dom_info;
221 decode_sam_dom_info(a);
222 break;
223 }
224 case SAM_DELTA_UNK0E_INFO: {
225 SAM_DELTA_UNK0E *a;
226 a = &deltas[i].unk0e_info;
227 decode_sam_unk0e_info(a);
228 break;
229 }
230 case SAM_DELTA_PRIVS_INFO: {
231 SAM_DELTA_PRIVS *a;
232 a = &deltas[i].privs_info;
233 decode_sam_privs_info(a);
234 break;
235 }
236 case SAM_DELTA_UNK12_INFO: {
237 SAM_DELTA_UNK12 *a;
238 a = &deltas[i].unk12_info;
239 decode_sam_unk12_info(a);
240 break;
241 }
242 case SAM_DELTA_SAM_STAMP: {
243 SAM_DELTA_STAMP *a;
244 a = &deltas[i].stamp;
245 decode_sam_stamp(a);
246 break;
247 }
248 default:
249 DEBUG(0,("unknown delta type: %d\n", hdr_deltas[i].type));
250 break;
251 }
252 }
253 }
254
255 /* Synchronise sam database */
256
257 static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
258 BOOL do_smbpasswd_output, BOOL verbose)
259 {
260 TALLOC_CTX *mem_ctx;
261 SAM_DELTA_HDR *hdr_deltas_0, *hdr_deltas_1, *hdr_deltas_2;
262 SAM_DELTA_CTR *deltas_0, *deltas_1, *deltas_2;
263 uint32 num_deltas_0, num_deltas_1, num_deltas_2;
264 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
265
266 DOM_CRED ret_creds;
267 /* Initialise */
268
269 if (!(mem_ctx = talloc_init())) {
270 DEBUG(0,("talloc_init failed\n"));
271 return result;
272 }
273
274 if (!cli_nt_session_open (cli, PIPE_NETLOGON)) {
275 DEBUG(0, ("Could not initialize netlogon pipe!\n"));
276 goto done;
277 }
278
279 /* Request a challenge */
280
281 if (!NT_STATUS_IS_OK(new_cli_nt_setup_creds(cli, trust_passwd))) {
282 DEBUG(0, ("Error initialising session creds\n"));
283 goto done;
284 }
285
286 /* on first call the returnAuthenticator is empty */
287 memset(&ret_creds, 0, sizeof(ret_creds));
288
289 /* Do sam synchronisation on the SAM database*/
290
291 result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
292
293 if (!NT_STATUS_IS_OK(result))
294 goto done;
295
296 /* verbose mode */
297 if (verbose)
298 decode_sam_deltas(num_deltas_0, hdr_deltas_0, deltas_0);
299
300
301 /*
302 * we can't yet do several sam_sync in a raw, it's a credential problem
303 * we must chain the credentials
304 */
305
306 #if 1
307 /* Do sam synchronisation on the LSA database */
308
309 result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
310
311 if (!NT_STATUS_IS_OK(result))
312 goto done;
313
314 /* verbose mode */
315 if (verbose)
316 decode_sam_deltas(num_deltas_2, hdr_deltas_2, deltas_2);
317 #endif
318
319 /* Produce smbpasswd output - good for migrating from NT! */
320
321 if (do_smbpasswd_output) {
322 int i;
323
324 for (i = 0; i < num_deltas_0; i++) {
325 SAM_ACCOUNT_INFO *a;
326 fstring acct_name, hex_nt_passwd, hex_lm_passwd;
327 uchar lm_passwd[16], nt_passwd[16];
328
329 /* Skip non-user accounts */
330
331 if (hdr_deltas_0[i].type != SAM_DELTA_ACCOUNT_INFO)
332 continue;
333
334 a = &deltas_0[i].account_info;
335
336 unistr2_to_ascii(acct_name, &a->uni_acct_name,
337 sizeof(acct_name) - 1);
338
339 /* Decode hashes from password hash */
340
341 sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd,
342 lm_passwd, 0);
343 sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd,
344 nt_passwd, 0);
345
346 /* Encode as strings */
347
348 smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd,
349 a->acb_info);
350 smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd,
351 a->acb_info);
352
353 /* Display user info */
354
355 printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name,
356 a->user_rid, hex_lm_passwd, hex_nt_passwd,
357 smbpasswd_encode_acb_info(a->acb_info));
358 }
359
360 goto done;
361 }
362
363 /* Update sam tdb */
364
365 done:
366 cli_nt_session_close(cli);
367 talloc_destroy(mem_ctx);
368
369 return result;
370 }
371
372 /* Replicate sam deltas */
373
374 static NTSTATUS sam_repl(struct cli_state *cli, unsigned char trust_passwde[16],
375 uint32 low_serial)
376 {
377 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
378
379 return result;
380 }
381
382 /* Print usage information */
383
384 static void usage(void)
385 {
386 printf("Usage: samsync [options]\n");
387
388 printf("\t-d debuglevel set the debuglevel\n");
389 printf("\t-h Print this help message.\n");
390 printf("\t-s configfile specify an alternative config file\n");
391 printf("\t-S synchronise sam database\n");
392 printf("\t-R replicate sam deltas\n");
393 printf("\t-U username username and password\n");
394 printf("\t-p produce smbpasswd output\n");
395 printf("\t-V verbose output\n");
396 printf("\n");
397 }
398
399 /* Initialise client credentials for authenticated pipe access */
400
401 void init_rpcclient_creds(struct ntuser_creds *creds, char* username,
402 char* domain, char* password)
403 {
404 ZERO_STRUCTP(creds);
405
406 if (lp_encrypted_passwords()) {
407 pwd_make_lm_nt_16(&creds->pwd, password);
408 } else {
409 pwd_set_cleartext(&creds->pwd, password);
410 }
411
412 fstrcpy(creds->user_name, username);
413 fstrcpy(creds->domain, domain);
414
415 if (! *username) {
416 creds->pwd.null_pwd = True;
417 }
418 }
419
420 /* Connect to primary domain controller */
421
422 static struct cli_state *init_connection(struct cli_state *cli,
423 char *username, char *domain,
424 char *password)
425 {
426 struct ntuser_creds creds;
427 extern pstring global_myname;
428 struct in_addr *dest_ip;
429 struct nmb_name calling, called;
430 int count;
431 fstring dest_host;
432
433 /* Initialise cli_state information */
434
435 ZERO_STRUCTP(cli);
436
437 if (!cli_initialise(cli)) {
438 return NULL;
439 }
440
441 init_rpcclient_creds(&creds, username, domain, password);
442 cli_init_creds(cli, &creds);
443
444 /* Look up name of PDC controller */
445
446 if (!get_dc_list(True, lp_workgroup(), &dest_ip, &count)) {
447 DEBUG(0, ("Cannot find domain controller for domain %s\n",
448 lp_workgroup()));
449 return NULL;
450 }
451
452 if (!lookup_dc_name(global_myname, lp_workgroup(), dest_ip,
453 dest_host)) {
454 DEBUG(0, ("Could not lookup up PDC name for domain %s\n",
455 lp_workgroup()));
456 return NULL;
457 }
458
459 get_myname((*global_myname)?NULL:global_myname);
460 strupper(global_myname);
461
462 make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
463 make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
464
465 /* Establish a SMB connection */
466
467 if (!cli_establish_connection(cli, dest_host, dest_ip, &calling,
468 &called, "IPC$", "IPC", False, True)) {
469 return NULL;
470 }
471
472 return cli;
473 }
474
475 /* Main function */
476
477 int main(int argc, char **argv)
478 {
479 BOOL do_sam_sync = False, do_sam_repl = False;
480 struct cli_state cli;
481 NTSTATUS result;
482 int opt;
483 pstring logfile;
484 BOOL interactive = False, do_smbpasswd_output = False;
485 BOOL verbose = False;
486 uint32 low_serial = 0;
487 unsigned char trust_passwd[16];
488 fstring username, domain, password;
489
490 if (argc == 1) {
491 usage();
492 return 1;
493 }
494
495 ZERO_STRUCT(username);
496 ZERO_STRUCT(domain);
497 ZERO_STRUCT(password);
498
499 /* Parse command line options */
500
501 while((opt = getopt(argc, argv, "s:d:SR:hiU:W:pV")) != EOF) {
502 switch (opt) {
503 case 's':
504 pstrcpy(dyn_CONFIGFILE, optarg);
505 break;
506 case 'd':
507 DEBUGLEVEL = atoi(optarg);
508 break;
509 case 'S':
510 do_sam_sync = 1;
511 break;
512 case 'R':
513 do_sam_repl = 1;
514 low_serial = atoi(optarg);
515 break;
516 case 'i':
517 interactive = True;
518 break;
519 case 'U': {
520 char *lp;
521
522 fstrcpy(username,optarg);
523 if ((lp=strchr_m(username,'%'))) {
524 *lp = 0;
525 fstrcpy(password,lp+1);
526 memset(strchr_m(optarg, '%') + 1, 'X',
527 strlen(password));
528 }
529 break;
530 }
531 case 'W':
532 pstrcpy(domain, optarg);
533 break;
534 case 'p':
535 do_smbpasswd_output = True;
536 break;
537 case 'V':
538 verbose = True;
539 break;
540 case 'h':
541 default:
542 usage();
543 exit(1);
544 }
545 }
546
547 argc -= optind;
548
549 if (argc > 0) {
550 usage();
551 return 1;
552 }
553
554 /* Initialise samba */
555
556 slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", dyn_LOGFILEBASE,
557 "samsync");
558 lp_set_logfile(logfile);
559
560 setup_logging("samsync", interactive);
561
562 if (!interactive)
563 reopen_logs();
564
565 if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
566 fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE);
567 }
568
569 load_interfaces();
570
571 /* Check arguments make sense */
572
573 if (do_sam_sync && do_sam_repl) {
574 fprintf(stderr, "cannot specify both -S and -R\n");
575 return 1;
576
577 }
578
579 if (!do_sam_sync && !do_sam_repl) {
580 fprintf(stderr, "must specify either -S or -R\n");
581 return 1;
582 }
583
584 if (do_sam_repl && low_serial == 0) {
585 fprintf(stderr, "serial number must be positive\n");
586 return 1;
587 }
588
589 /* BDC operations require the machine account password */
590
591 if (!secrets_init()) {
592 DEBUG(0, ("Unable to initialise secrets database\n"));
593 return 1;
594 }
595
596 if (!secrets_fetch_trust_account_password(lp_workgroup(),
597 trust_passwd, NULL)) {
598 DEBUG(0, ("could not fetch trust account password\n"));
599 return 1;
600 }
601
602 /* Perform sync or replication */
603
604 if (!init_connection(&cli, username, domain, password))
605 return 1;
606
607 if (do_sam_sync)
608 result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose);
609
610 if (do_sam_repl)
611 result = sam_repl(&cli, trust_passwd, low_serial);
612
613 if (!NT_STATUS_IS_OK(result)) {
614 DEBUG(0, ("%s\n", get_nt_error_msg(result)));
615 return 1;
616 }
617
618 return 0;
619 }