2 Unix SMB/CIFS implementation.
4 Extract the user/system database from a remote SamSync server
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "libnet/libnet.h"
25 #include "../lib/util/dlinklist.h"
26 #include "samba3/samba3.h"
27 #include "libcli/security/security.h"
30 struct samdump_secret
{
31 struct samdump_secret
*prev
, *next
;
37 struct samdump_trusted_domain
{
38 struct samdump_trusted_domain
*prev
, *next
;
43 struct samdump_state
{
44 struct samdump_secret
*secrets
;
45 struct samdump_trusted_domain
*trusted_domains
;
48 static NTSTATUS
vampire_samdump_handle_user(TALLOC_CTX
*mem_ctx
,
49 struct netr_DELTA_ENUM
*delta
)
51 uint32_t rid
= delta
->delta_id_union
.rid
;
52 struct netr_DELTA_USER
*user
= delta
->delta_union
.user
;
53 const char *username
= user
->account_name
.string
;
54 char *hex_lm_password
;
55 char *hex_nt_password
;
57 hex_lm_password
= smbpasswd_sethexpwd(mem_ctx
,
58 user
->lm_password_present
? &user
->lmpassword
: NULL
,
60 hex_nt_password
= smbpasswd_sethexpwd(mem_ctx
,
61 user
->nt_password_present
? &user
->ntpassword
: NULL
,
64 printf("%s:%d:%s:%s:%s:LCT-%08X\n", username
,
65 rid
, hex_lm_password
, hex_nt_password
,
66 smbpasswd_encode_acb_info(mem_ctx
, user
->acct_flags
),
67 (unsigned int)nt_time_to_unix(user
->last_password_change
));
72 static NTSTATUS
vampire_samdump_handle_secret(TALLOC_CTX
*mem_ctx
,
73 struct samdump_state
*samdump_state
,
74 struct netr_DELTA_ENUM
*delta
)
76 struct netr_DELTA_SECRET
*secret
= delta
->delta_union
.secret
;
77 const char *name
= delta
->delta_id_union
.name
;
78 struct samdump_secret
*n
= talloc(samdump_state
, struct samdump_secret
);
80 n
->name
= talloc_strdup(n
, name
);
81 n
->secret
= data_blob_talloc(n
, secret
->current_cipher
.cipher_data
, secret
->current_cipher
.maxlen
);
82 n
->mtime
= secret
->current_cipher_set_time
;
84 DLIST_ADD(samdump_state
->secrets
, n
);
89 static NTSTATUS
vampire_samdump_handle_trusted_domain(TALLOC_CTX
*mem_ctx
,
90 struct samdump_state
*samdump_state
,
91 struct netr_DELTA_ENUM
*delta
)
93 struct netr_DELTA_TRUSTED_DOMAIN
*trusted_domain
= delta
->delta_union
.trusted_domain
;
94 struct dom_sid
*dom_sid
= delta
->delta_id_union
.sid
;
96 struct samdump_trusted_domain
*n
= talloc(samdump_state
, struct samdump_trusted_domain
);
98 n
->name
= talloc_strdup(n
, trusted_domain
->domain_name
.string
);
99 n
->sid
= talloc_steal(n
, dom_sid
);
101 DLIST_ADD(samdump_state
->trusted_domains
, n
);
106 static NTSTATUS
libnet_samdump_fn(TALLOC_CTX
*mem_ctx
,
108 enum netr_SamDatabaseID database
,
109 struct netr_DELTA_ENUM
*delta
,
112 NTSTATUS nt_status
= NT_STATUS_OK
;
113 struct samdump_state
*samdump_state
= (struct samdump_state
*)private_data
;
115 *error_string
= NULL
;
116 switch (delta
->delta_type
) {
117 case NETR_DELTA_USER
:
119 /* not interested in builtin users */
120 if (database
== SAM_DATABASE_DOMAIN
) {
121 nt_status
= vampire_samdump_handle_user(mem_ctx
,
126 case NETR_DELTA_SECRET
:
128 nt_status
= vampire_samdump_handle_secret(mem_ctx
,
133 case NETR_DELTA_TRUSTED_DOMAIN
:
135 nt_status
= vampire_samdump_handle_trusted_domain(mem_ctx
,
141 /* Can't dump them all right now */
147 NTSTATUS
libnet_SamDump(struct libnet_context
*ctx
, TALLOC_CTX
*mem_ctx
,
148 struct libnet_SamDump
*r
)
151 struct libnet_SamSync r2
;
152 struct samdump_state
*samdump_state
= talloc(mem_ctx
, struct samdump_state
);
154 struct samdump_trusted_domain
*t
;
155 struct samdump_secret
*s
;
157 if (!samdump_state
) {
158 return NT_STATUS_NO_MEMORY
;
161 samdump_state
->secrets
= NULL
;
162 samdump_state
->trusted_domains
= NULL
;
164 r2
.out
.error_string
= NULL
;
165 r2
.in
.binding_string
= r
->in
.binding_string
;
166 r2
.in
.rid_crypt
= lp_parm_bool(ctx
->lp_ctx
, NULL
, "vampire", "rid decrypt", true);
167 r2
.in
.init_fn
= NULL
;
168 r2
.in
.delta_fn
= libnet_samdump_fn
;
169 r2
.in
.fn_ctx
= samdump_state
;
170 r2
.in
.machine_account
= r
->in
.machine_account
;
171 nt_status
= libnet_SamSync_netlogon(ctx
, samdump_state
, &r2
);
172 r
->out
.error_string
= r2
.out
.error_string
;
173 talloc_steal(mem_ctx
, r
->out
.error_string
);
175 if (!NT_STATUS_IS_OK(nt_status
)) {
176 talloc_free(samdump_state
);
180 printf("Trusted domains, sids and secrets:\n");
181 for (t
=samdump_state
->trusted_domains
; t
; t
=t
->next
) {
182 char *secret_name
= talloc_asprintf(mem_ctx
, "G$$%s", t
->name
);
183 for (s
=samdump_state
->secrets
; s
; s
=s
->next
) {
185 if (strcasecmp_m(s
->name
, secret_name
) != 0) {
188 if (!convert_string_talloc_convenience(mem_ctx
, lp_iconv_convenience(ctx
->lp_ctx
), CH_UTF16
, CH_UNIX
,
189 s
->secret
.data
, s
->secret
.length
,
190 (void **)&secret_string
, NULL
, false)) {
191 r
->out
.error_string
= talloc_asprintf(mem_ctx
,
192 "Could not convert secret for domain %s to a string",
194 talloc_free(samdump_state
);
195 return NT_STATUS_INVALID_PARAMETER
;
197 printf("%s\t%s\t%s\n",
198 t
->name
, dom_sid_string(mem_ctx
, t
->sid
),
202 talloc_free(samdump_state
);