search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-printing: use spoolss types and structs while getting and deleting drivers.
[Samba/fernandojvsilva.git] / source3 / utils / net_rpc_samsync.c
blob89568eef94d2e565140ecb08a8ccd4b24b036bab
1 /*
2 Unix SMB/CIFS implementation.
3 dump the remote SAM using rpc samsync operations
4
5 Copyright (C) Andrew Tridgell 2002
6 Copyright (C) Tim Potter 2001,2002
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
8 Modified by Volker Lendecke 2002
9 Copyright (C) Jeremy Allison 2005.
10 Copyright (C) Guenther Deschner 2008.
11
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
16
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
21
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26 #include "includes.h"
27 #include "utils/net.h"
28
29 static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx,
30 int argc,
31 const char **argv,
32 bool *do_single_object_replication,
33 struct samsync_object **objects,
34 uint32_t *num_objects)
35 {
36 int i;
37
38 if (argc > 0) {
39 *do_single_object_replication = true;
40 }
41
42 for (i=0; i<argc; i++) {
43
44 struct samsync_object o;
45
46 ZERO_STRUCT(o);
47
48 if (!StrnCaseCmp(argv[i], "user_rid=", strlen("user_rid="))) {
49 o.object_identifier.rid = get_int_param(argv[i]);
50 o.object_type = NETR_DELTA_USER;
51 o.database_id = SAM_DATABASE_DOMAIN;
52 }
53 if (!StrnCaseCmp(argv[i], "group_rid=", strlen("group_rid="))) {
54 o.object_identifier.rid = get_int_param(argv[i]);
55 o.object_type = NETR_DELTA_GROUP;
56 o.database_id = SAM_DATABASE_DOMAIN;
57 }
58 if (!StrnCaseCmp(argv[i], "group_member_rid=", strlen("group_member_rid="))) {
59 o.object_identifier.rid = get_int_param(argv[i]);
60 o.object_type = NETR_DELTA_GROUP_MEMBER;
61 o.database_id = SAM_DATABASE_DOMAIN;
62 }
63 if (!StrnCaseCmp(argv[i], "alias_rid=", strlen("alias_rid="))) {
64 o.object_identifier.rid = get_int_param(argv[i]);
65 o.object_type = NETR_DELTA_ALIAS;
66 o.database_id = SAM_DATABASE_BUILTIN;
67 }
68 if (!StrnCaseCmp(argv[i], "alias_member_rid=", strlen("alias_member_rid="))) {
69 o.object_identifier.rid = get_int_param(argv[i]);
70 o.object_type = NETR_DELTA_ALIAS_MEMBER;
71 o.database_id = SAM_DATABASE_BUILTIN;
72 }
73 if (!StrnCaseCmp(argv[i], "account_sid=", strlen("account_sid="))) {
74 const char *sid_str = get_string_param(argv[i]);
75 string_to_sid(&o.object_identifier.sid, sid_str);
76 o.object_type = NETR_DELTA_ACCOUNT;
77 o.database_id = SAM_DATABASE_PRIVS;
78 }
79 if (!StrnCaseCmp(argv[i], "policy_sid=", strlen("policy_sid="))) {
80 const char *sid_str = get_string_param(argv[i]);
81 string_to_sid(&o.object_identifier.sid, sid_str);
82 o.object_type = NETR_DELTA_POLICY;
83 o.database_id = SAM_DATABASE_PRIVS;
84 }
85 if (!StrnCaseCmp(argv[i], "trustdom_sid=", strlen("trustdom_sid="))) {
86 const char *sid_str = get_string_param(argv[i]);
87 string_to_sid(&o.object_identifier.sid, sid_str);
88 o.object_type = NETR_DELTA_TRUSTED_DOMAIN;
89 o.database_id = SAM_DATABASE_PRIVS;
90 }
91 if (!StrnCaseCmp(argv[i], "secret_name=", strlen("secret_name="))) {
92 o.object_identifier.name = get_string_param(argv[i]);
93 o.object_type = NETR_DELTA_SECRET;
94 o.database_id = SAM_DATABASE_PRIVS;
95 }
96
97 if (o.object_type > 0) {
98 ADD_TO_ARRAY(mem_ctx, struct samsync_object, o,
99 objects, num_objects);
100 }
101 }
102 }
103
104 /* dump sam database via samsync rpc calls */
105 NTSTATUS rpc_samdump_internals(struct net_context *c,
106 const DOM_SID *domain_sid,
107 const char *domain_name,
108 struct cli_state *cli,
109 struct rpc_pipe_client *pipe_hnd,
110 TALLOC_CTX *mem_ctx,
111 int argc,
112 const char **argv)
113 {
114 struct samsync_context *ctx = NULL;
115 NTSTATUS status;
116
117 status = libnet_samsync_init_context(mem_ctx,
118 domain_sid,
119 &ctx);
120 if (!NT_STATUS_IS_OK(status)) {
121 return status;
122 }
123
124 ctx->mode = NET_SAMSYNC_MODE_DUMP;
125 ctx->cli = pipe_hnd;
126 ctx->ops = &libnet_samsync_display_ops;
127 ctx->domain_name = domain_name;
128
129 ctx->force_full_replication = c->opt_force_full_repl ? true : false;
130 ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
131
132 parse_samsync_partial_replication_objects(ctx, argc, argv,
133 &ctx->single_object_replication,
134 &ctx->objects,
135 &ctx->num_objects);
136
137 libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
138
139 libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
140
141 libnet_samsync(SAM_DATABASE_PRIVS, ctx);
142
143 TALLOC_FREE(ctx);
144
145 return NT_STATUS_OK;
146 }
147
148 /**
149 * Basic usage function for 'net rpc vampire'
150 *
151 * @param c A net_context structure
152 * @param argc Standard main() style argc
153 * @param argc Standard main() style argv. Initial components are already
154 * stripped
155 **/
156
157 int rpc_vampire_usage(struct net_context *c, int argc, const char **argv)
158 {
159 d_printf(_("net rpc vampire ([ldif [<ldif-filename>] | [keytab] "
160 "[<keytab-filename]) [options]\n"
161 "\t to pull accounts from a remote PDC where we are a BDC\n"
162 "\t\t no args puts accounts in local passdb from smb.conf\n"
163 "\t\t ldif - put accounts in ldif format (file defaults to "
164 "/tmp/tmp.ldif)\n"
165 "\t\t keytab - put account passwords in krb5 keytab "
166 "(defaults to system keytab)\n"));
167
168 net_common_flags_usage(c, argc, argv);
169 return -1;
170 }
171
172
173 /* dump sam database via samsync rpc calls */
174 NTSTATUS rpc_vampire_internals(struct net_context *c,
175 const DOM_SID *domain_sid,
176 const char *domain_name,
177 struct cli_state *cli,
178 struct rpc_pipe_client *pipe_hnd,
179 TALLOC_CTX *mem_ctx,
180 int argc,
181 const char **argv)
182 {
183 NTSTATUS result;
184 struct samsync_context *ctx = NULL;
185
186 if (!sid_equal(domain_sid, get_global_sam_sid())) {
187 d_printf(_("Cannot import users from %s at this time, "
188 "as the current domain:\n\t%s: %s\nconflicts "
189 "with the remote domain\n\t%s: %s\n"
190 "Perhaps you need to set: \n\n\tsecurity=user\n\t"
191 "workgroup=%s\n\n in your smb.conf?\n"),
192 domain_name,
193 get_global_sam_name(),
194 sid_string_dbg(get_global_sam_sid()),
195 domain_name,
196 sid_string_dbg(domain_sid),
197 domain_name);
198 return NT_STATUS_UNSUCCESSFUL;
199 }
200
201 result = libnet_samsync_init_context(mem_ctx,
202 domain_sid,
203 &ctx);
204 if (!NT_STATUS_IS_OK(result)) {
205 return result;
206 }
207
208 ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB;
209 ctx->cli = pipe_hnd;
210 ctx->ops = &libnet_samsync_passdb_ops;
211 ctx->domain_name = domain_name;
212
213 ctx->force_full_replication = c->opt_force_full_repl ? true : false;
214 ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
215
216 parse_samsync_partial_replication_objects(ctx, argc, argv,
217 &ctx->single_object_replication,
218 &ctx->objects,
219 &ctx->num_objects);
220
221 /* fetch domain */
222 result = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
223
224 if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
225 d_fprintf(stderr, "%s\n", ctx->error_message);
226 goto fail;
227 }
228
229 if (ctx->result_message) {
230 d_fprintf(stdout, "%s\n", ctx->result_message);
231 }
232
233 /* fetch builtin */
234 ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin);
235 ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
236 result = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
237
238 if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
239 d_fprintf(stderr, "%s\n", ctx->error_message);
240 goto fail;
241 }
242
243 if (ctx->result_message) {
244 d_fprintf(stdout, "%s\n", ctx->result_message);
245 }
246
247 fail:
248 TALLOC_FREE(ctx);
249 return result;
250 }
251
252 int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
253 {
254 if (c->display_usage) {
255 d_printf(_("Usage:\n"
256 "net rpc vampire passdb\n"
257 " Dump remote SAM database to passdb\n"));
258 return 0;
259 }
260
261 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
262 rpc_vampire_internals, argc, argv);
263 }
264
265 NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
266 const DOM_SID *domain_sid,
267 const char *domain_name,
268 struct cli_state *cli,
269 struct rpc_pipe_client *pipe_hnd,
270 TALLOC_CTX *mem_ctx,
271 int argc,
272 const char **argv)
273 {
274 NTSTATUS status;
275 struct samsync_context *ctx = NULL;
276
277 status = libnet_samsync_init_context(mem_ctx,
278 domain_sid,
279 &ctx);
280 if (!NT_STATUS_IS_OK(status)) {
281 return status;
282 }
283
284 if (argc >= 1) {
285 ctx->output_filename = argv[0];
286 }
287 if (argc >= 2) {
288 parse_samsync_partial_replication_objects(ctx, argc-1, argv+1,
289 &ctx->single_object_replication,
290 &ctx->objects,
291 &ctx->num_objects);
292 }
293
294 ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF;
295 ctx->cli = pipe_hnd;
296 ctx->ops = &libnet_samsync_ldif_ops;
297 ctx->domain_name = domain_name;
298
299 ctx->force_full_replication = c->opt_force_full_repl ? true : false;
300 ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
301
302 /* fetch domain */
303 status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
304
305 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
306 d_fprintf(stderr, "%s\n", ctx->error_message);
307 goto fail;
308 }
309
310 if (ctx->result_message) {
311 d_fprintf(stdout, "%s\n", ctx->result_message);
312 }
313
314 /* fetch builtin */
315 ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin);
316 ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
317 status = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
318
319 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
320 d_fprintf(stderr, "%s\n", ctx->error_message);
321 goto fail;
322 }
323
324 if (ctx->result_message) {
325 d_fprintf(stdout, "%s\n", ctx->result_message);
326 }
327
328 fail:
329 TALLOC_FREE(ctx);
330 return status;
331 }
332
333 int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
334 {
335 if (c->display_usage) {
336 d_printf(_("Usage:\n"
337 "net rpc vampire ldif\n"
338 " Dump remote SAM database to LDIF file or "
339 "stdout\n"));
340 return 0;
341 }
342
343 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
344 rpc_vampire_ldif_internals, argc, argv);
345 }
346
347
348 NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
349 const DOM_SID *domain_sid,
350 const char *domain_name,
351 struct cli_state *cli,
352 struct rpc_pipe_client *pipe_hnd,
353 TALLOC_CTX *mem_ctx,
354 int argc,
355 const char **argv)
356 {
357 NTSTATUS status;
358 struct samsync_context *ctx = NULL;
359
360 status = libnet_samsync_init_context(mem_ctx,
361 domain_sid,
362 &ctx);
363 if (!NT_STATUS_IS_OK(status)) {
364 return status;
365 }
366
367 if (argc < 1) {
368 /* the caller should ensure that a filename is provided */
369 return NT_STATUS_INVALID_PARAMETER;
370 } else {
371 ctx->output_filename = argv[0];
372 }
373 if (argc >= 2) {
374 parse_samsync_partial_replication_objects(ctx, argc-1, argv+1,
375 &ctx->single_object_replication,
376 &ctx->objects,
377 &ctx->num_objects);
378 }
379
380 ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB;
381 ctx->cli = pipe_hnd;
382 ctx->ops = &libnet_samsync_keytab_ops;
383 ctx->domain_name = domain_name;
384 ctx->username = c->opt_user_name;
385 ctx->password = c->opt_password;
386
387 ctx->force_full_replication = c->opt_force_full_repl ? true : false;
388 ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
389
390 /* fetch domain */
391 status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
392
393 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
394 d_fprintf(stderr, "%s\n", ctx->error_message);
395 goto out;
396 }
397
398 if (ctx->result_message) {
399 d_fprintf(stdout, "%s\n", ctx->result_message);
400 }
401
402 out:
403 TALLOC_FREE(ctx);
404
405 return status;
406 }
407
408 static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
409 const DOM_SID *domain_sid,
410 const char *domain_name,
411 struct cli_state *cli,
412 struct rpc_pipe_client *pipe_hnd,
413 TALLOC_CTX *mem_ctx,
414 int argc,
415 const char **argv)
416 {
417 NTSTATUS status;
418 struct dssync_context *ctx = NULL;
419
420 status = libnet_dssync_init_context(mem_ctx,
421 &ctx);
422 if (!NT_STATUS_IS_OK(status)) {
423 return status;
424 }
425
426 ctx->force_full_replication = c->opt_force_full_repl ? true : false;
427 ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
428
429 if (argc < 1) {
430 /* the caller should ensure that a filename is provided */
431 return NT_STATUS_INVALID_PARAMETER;
432 } else {
433 ctx->output_filename = argv[0];
434 }
435
436 if (argc >= 2) {
437 ctx->object_dns = &argv[1];
438 ctx->object_count = argc - 1;
439 ctx->single_object_replication = c->opt_single_obj_repl ? true
440 : false;
441 }
442
443 ctx->cli = pipe_hnd;
444 ctx->domain_name = domain_name;
445 ctx->ops = &libnet_dssync_keytab_ops;
446
447 status = libnet_dssync(mem_ctx, ctx);
448 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
449 d_fprintf(stderr, "%s\n", ctx->error_message);
450 goto out;
451 }
452
453 if (ctx->result_message) {
454 d_fprintf(stdout, "%s\n", ctx->result_message);
455 }
456
457 out:
458 TALLOC_FREE(ctx);
459
460 return status;
461 }
462
463 /**
464 * Basic function for 'net rpc vampire keytab'
465 *
466 * @param c A net_context structure
467 * @param argc Standard main() style argc
468 * @param argc Standard main() style argv. Initial components are already
469 * stripped
470 **/
471
472 int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
473 {
474 int ret = 0;
475 NTSTATUS status;
476 struct cli_state *cli = NULL;
477 struct net_dc_info dc_info;
478
479 if (c->display_usage || (argc < 1)) {
480 d_printf(_("Usage:\n"
481 "net rpc vampire keytab <keytabfile>\n"
482 " Dump remote SAM database to Kerberos keytab "
483 "file\n"));
484 return 0;
485 }
486
487 status = net_make_ipc_connection(c, 0, &cli);
488 if (!NT_STATUS_IS_OK(status)) {
489 return -1;
490 }
491
492 status = net_scan_dc(c, cli, &dc_info);
493 if (!NT_STATUS_IS_OK(status)) {
494 return -1;
495 }
496
497 if (!dc_info.is_ad) {
498 printf(_("DC is not running Active Directory\n"));
499 ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id,
500 0,
501 rpc_vampire_keytab_internals, argc, argv);
502 return -1;
503 } else {
504 ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id,
505 NET_FLAGS_SEAL | NET_FLAGS_TCP,
506 rpc_vampire_keytab_ds_internals, argc, argv);
507 if (ret != 0 && dc_info.is_mixed_mode) {
508 printf(_("Fallback to NT4 vampire on Mixed-Mode AD "
509 "Domain\n"));
510 ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id,
511 0,
512 rpc_vampire_keytab_internals, argc, argv);
513 }
514 }
515
516 return ret;
517 }
fernandojvsilva's samba4 branch