search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
This is a first working version of net rpc vampire. First do a net rpc
[Samba/gebeck_regimport.git] / source3 / utils / net_rpc_samsync.c
blob202d5b5c88e604ebb6f2df8057a5a0196d658cf7
1 /*
2 Unix SMB/CIFS implementation.
3 dump the remote SAM using rpc samsync operations
4
5 Copyright (C) Andrew Tridgell 2002
6 Copyright (C) Tim Potter 2001,2002
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "../utils/net.h"
25
26 extern DOM_SID global_sid_Builtin;
27
28 static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g)
29 {
30 int i;
31 d_printf("Group mem %u: ", rid);
32 for (i=0;i<g->num_members;i++) {
33 d_printf("%u ", g->rids[i]);
34 }
35 d_printf("\n");
36 }
37
38 static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a)
39 {
40 d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name));
41 d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid);
42 }
43
44 static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a)
45 {
46 int i;
47 d_printf("Alias rid %u: ", rid);
48 for (i=0;i<a->num_members;i++) {
49 d_printf("%s ", sid_string_static(&a->sids[i].sid));
50 }
51 d_printf("\n");
52 }
53
54 static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
55 {
56 fstring hex_nt_passwd, hex_lm_passwd;
57 uchar lm_passwd[16], nt_passwd[16];
58
59 /* Decode hashes from password hash */
60 sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
61 sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
62
63 /* Encode as strings */
64 smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
65 smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
66
67 printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
68 a->user_rid, hex_lm_passwd, hex_nt_passwd,
69 smbpasswd_encode_acb_info(a->acb_info));
70 }
71
72 static void display_domain_info(SAM_DOMAIN_INFO *a)
73 {
74 d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name));
75 }
76
77 static void display_group_info(uint32 rid, SAM_GROUP_INFO *a)
78 {
79 d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name));
80 d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid);
81 }
82
83 static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta)
84 {
85 switch (hdr_delta->type) {
86 case SAM_DELTA_ACCOUNT_INFO:
87 display_account_info(hdr_delta->target_rid, &delta->account_info);
88 break;
89 case SAM_DELTA_GROUP_MEM:
90 display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info);
91 break;
92 case SAM_DELTA_ALIAS_INFO:
93 display_alias_info(hdr_delta->target_rid, &delta->alias_info);
94 break;
95 case SAM_DELTA_ALIAS_MEM:
96 display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info);
97 break;
98 case SAM_DELTA_DOMAIN_INFO:
99 display_domain_info(&delta->domain_info);
100 break;
101 case SAM_DELTA_GROUP_INFO:
102 display_group_info(hdr_delta->target_rid, &delta->group_info);
103 break;
104 default:
105 d_printf("Unknown delta record type %d\n", hdr_delta->type);
106 break;
107 }
108 }
109
110
111 static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds)
112 {
113 unsigned last_rid = -1;
114 NTSTATUS result;
115 int i;
116 TALLOC_CTX *mem_ctx;
117 SAM_DELTA_HDR *hdr_deltas;
118 SAM_DELTA_CTR *deltas;
119 uint32 num_deltas;
120
121 if (!(mem_ctx = talloc_init())) {
122 return;
123 }
124
125 d_printf("Dumping database %u\n", db_type);
126
127 do {
128 result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, last_rid+1,
129 &num_deltas, &hdr_deltas, &deltas);
130 clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds);
131 last_rid = 0;
132 for (i = 0; i < num_deltas; i++) {
133 display_sam_entry(&hdr_deltas[i], &deltas[i]);
134 last_rid = hdr_deltas[i].target_rid;
135 }
136 } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
137
138 talloc_destroy(mem_ctx);
139 }
140
141 /* dump sam database via samsync rpc calls */
142 int rpc_samdump(int argc, const char **argv)
143 {
144 NTSTATUS result;
145 struct cli_state *cli = NULL;
146 uchar trust_password[16];
147 DOM_CRED ret_creds;
148 uint32 neg_flags = 0x000001ff;
149
150
151 ZERO_STRUCT(ret_creds);
152
153 /* Connect to remote machine */
154 if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) {
155 return 1;
156 }
157
158 if (!cli_nt_session_open(cli, PIPE_NETLOGON)) {
159 DEBUG(0,("Error connecting to NETLOGON pipe\n"));
160 goto fail;
161 }
162
163 if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) {
164 d_printf("Could not retrieve domain trust secret");
165 goto fail;
166 }
167
168 result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password, &neg_flags, 2);
169 if (!NT_STATUS_IS_OK(result)) {
170 d_printf("Failed to setup BDC creds\n");
171 goto fail;
172 }
173
174 dump_database(cli, SAM_DATABASE_DOMAIN, &ret_creds);
175 dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds);
176 dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds);
177
178 cli_nt_session_close(cli);
179
180 return 0;
181
182 fail:
183 if (cli) {
184 cli_nt_session_close(cli);
185 }
186 return -1;
187 }
188
189 /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */
190
191 static NTSTATUS
192 sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
193 {
194 DOM_SID sid;
195 fstring s;
196 uchar lm_passwd[16], nt_passwd[16];
197
198 /* Username, fullname, home dir, dir drive, logon script, acct
199 desc, workstations, profile. */
200
201 unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
202 pdb_set_nt_username(account, s);
203
204 /* Unix username is the same - for sainity */
205 pdb_set_username(account, s);
206
207 unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
208 pdb_set_fullname(account, s);
209
210 unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
211 pdb_set_homedir(account, s, True);
212
213 unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
214 pdb_set_dir_drive(account, s, True);
215
216 unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
217 pdb_set_logon_script(account, s, True);
218
219 unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
220 pdb_set_acct_desc(account, s);
221
222 unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
223 pdb_set_workstations(account, s);
224
225 unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
226 pdb_set_profile_path(account, s, True);
227
228 /* User and group sid */
229
230 sid_copy(&sid, get_global_sam_sid());
231 sid_append_rid(&sid, delta->user_rid);
232 pdb_set_user_sid(account, &sid);
233
234 sid_copy(&sid, get_global_sam_sid());
235 sid_append_rid(&sid, delta->group_rid);
236 pdb_set_group_sid(account, &sid);
237
238 /* Logon and password information */
239
240 pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
241 pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time),
242 True);
243 pdb_set_logon_divs(account, delta->logon_divs);
244
245 /* TODO: logon hours */
246 /* TODO: bad password count */
247 /* TODO: logon count */
248
249 pdb_set_pass_last_set_time(
250 account, nt_time_to_unix(&delta->pwd_last_set_time));
251
252 pdb_set_kickoff_time(account, get_time_t_max(), True);
253
254 /* Decode hashes from password hash */
255 sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
256 sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
257 pdb_set_nt_passwd(account, nt_passwd);
258 pdb_set_lanman_passwd(account, lm_passwd);
259
260 /* TODO: account expiry time */
261
262 pdb_set_acct_ctrl(account, delta->acb_info);
263 return NT_STATUS_OK;
264 }
265
266 static NTSTATUS
267 fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
268 {
269 NTSTATUS nt_ret;
270 fstring account;
271 pstring add_script;
272 SAM_ACCOUNT *sam_account=NULL;
273 GROUP_MAP map;
274 struct group *grp;
275
276 fstrcpy(account, unistr2_static(&delta->uni_acct_name));
277 d_printf("Creating account: %s\n", account);
278
279 if (!NT_STATUS_IS_OK(nt_ret = pdb_init_sam(&sam_account)))
280 return nt_ret;
281
282 if (!pdb_getsampwnam(sam_account, account)) {
283 struct passwd *pw;
284
285 pdb_free_sam(&sam_account);
286
287 /* Create appropriate user */
288 if (delta->acb_info & ACB_NORMAL) {
289 pstrcpy(add_script, lp_adduser_script());
290 } else if ( (delta->acb_info & ACB_WSTRUST) ||
291 (delta->acb_info & ACB_SVRTRUST) ) {
292 pstrcpy(add_script, lp_addmachine_script());
293 } else {
294 DEBUG(1, ("Unknown user type: %s\n",
295 smbpasswd_encode_acb_info(delta->acb_info)));
296 pdb_free_sam(&sam_account);
297 return NT_STATUS_NO_SUCH_USER;
298 }
299 if (*add_script) {
300 int add_ret;
301 all_string_sub(add_script, "%u", account,
302 sizeof(account));
303 add_ret = smbrun(add_script,NULL);
304 DEBUG(1,("fetch_account: Running the command `%s' "
305 "gave %d\n", add_script, add_ret));
306 }
307 pw = getpwnam_alloc(account);
308 if (pw) {
309 nt_ret = pdb_init_sam_pw(&sam_account, pw);
310
311 if (!NT_STATUS_IS_OK(nt_ret)) {
312 passwd_free(&pw);
313 pdb_free_sam(&sam_account);
314 return nt_ret;
315 }
316 passwd_free(&pw);
317 } else {
318 DEBUG(3, ("Could not create account %s\n", account));
319 pdb_free_sam(&sam_account);
320 return NT_STATUS_NO_SUCH_USER;
321 }
322 }
323
324 sam_account_from_delta(sam_account, delta);
325
326 if (!pdb_add_sam_account(sam_account)) {
327 DEBUG(1, ("SAM Account for %s already existed, updating\n",
328 account));
329 pdb_update_sam_account(sam_account);
330 }
331
332 if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account),
333 &map, False)) {
334 DEBUG(0, ("Primary group of %s has no mapping!\n",
335 pdb_get_username(sam_account)));
336 pdb_free_sam(&sam_account);
337 return NT_STATUS_NO_SUCH_GROUP;
338 }
339
340 if (!(grp = getgrgid(map.gid))) {
341 DEBUG(0, ("Could not find unix group %d\n", map.gid));
342 pdb_free_sam(&sam_account);
343 return NT_STATUS_NO_SUCH_GROUP;
344 }
345
346 smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
347
348 pdb_free_sam(&sam_account);
349 return NT_STATUS_OK;
350 }
351
352 static NTSTATUS
353 fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
354 {
355 fstring name;
356 fstring comment;
357 struct group *grp = NULL;
358 DOM_SID group_sid;
359 fstring sid_string;
360 GROUP_MAP map;
361 int flag = TDB_INSERT;
362 gid_t gid;
363
364 unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
365 unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
366
367 if ((grp = getgrnam(name)) == NULL)
368 smb_create_group(name, &gid);
369
370 if ((grp = getgrgid(gid)) == NULL)
371 return NT_STATUS_ACCESS_DENIED;
372
373 /* add the group to the mapping table */
374 sid_copy(&group_sid, get_global_sam_sid());
375 sid_append_rid(&group_sid, rid);
376 sid_to_string(sid_string, &group_sid);
377
378 if (get_group_map_from_sid(group_sid, &map, False)) {
379 grp = getgrgid(map.gid);
380 flag = 0; /* Don't TDB_INSERT, mapping exists */
381 }
382
383 if (grp == NULL)
384 {
385 gid_t new_gid;
386 /* No group found from mapping, find it from its name. */
387 if ((grp = getgrnam(name)) == NULL) {
388 /* No appropriate group found, create one */
389 d_printf("Creating unix group: '%s'\n", name);
390 if (smb_create_group(name, &new_gid) != 0)
391 return NT_STATUS_ACCESS_DENIED;
392 }
393
394 if ((grp = getgrgid(new_gid)) == NULL)
395 return NT_STATUS_ACCESS_DENIED;
396 }
397
398 map.gid = grp->gr_gid;
399 map.sid = group_sid;
400 map.sid_name_use = SID_NAME_DOM_GRP;
401 fstrcpy(map.nt_name, name);
402 fstrcpy(map.comment, comment);
403
404 map.priv_set.count = 0;
405 map.priv_set.set = NULL;
406
407 add_mapping_entry(&map, flag);
408
409 return NT_STATUS_OK;
410 }
411
412 static NTSTATUS
413 fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
414 {
415 int i;
416 TALLOC_CTX *t = NULL;
417 char **nt_members = NULL;
418 char **unix_members;
419 DOM_SID group_sid;
420 GROUP_MAP map;
421 struct group *grp;
422
423 if (delta->num_members == 0) {
424 return NT_STATUS_OK;
425 }
426
427 sid_copy(&group_sid, get_global_sam_sid());
428 sid_append_rid(&group_sid, rid);
429
430 if (!get_domain_group_from_sid(group_sid, &map, False)) {
431 DEBUG(0, ("Could not find global group %d\n", rid));
432 return NT_STATUS_NO_SUCH_GROUP;
433 }
434
435 if (!(grp = getgrgid(map.gid))) {
436 DEBUG(0, ("Could not find unix group %d\n", map.gid));
437 return NT_STATUS_NO_SUCH_GROUP;
438 }
439
440 d_printf("Group members of %s: ", grp->gr_name);
441
442 if (!(t = talloc_init())) {
443 DEBUG(0, ("could not talloc_init\n"));
444 return NT_STATUS_NO_MEMORY;
445 }
446
447 nt_members = talloc_zero(t, sizeof(char *) * delta->num_members);
448
449 for (i=0; i<delta->num_members; i++) {
450 NTSTATUS nt_status;
451 SAM_ACCOUNT *member = NULL;
452 DOM_SID member_sid;
453
454 if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) {
455 talloc_destroy(t);
456 return nt_status;
457 }
458
459 sid_copy(&member_sid, get_global_sam_sid());
460 sid_append_rid(&member_sid, delta->rids[i]);
461
462 if (!pdb_getsampwsid(member, &member_sid)) {
463 DEBUG(1, ("Found bogus group member: %d\n",
464 delta->rids[i]));
465 pdb_free_sam(&member);
466 continue;
467 }
468
469 if (pdb_get_group_rid(member) == rid) {
470 d_printf("%s(primary),", pdb_get_username(member));
471 pdb_free_sam(&member);
472 continue;
473 }
474
475 d_printf("%s,", pdb_get_username(member));
476 nt_members[i] = talloc_strdup(t, pdb_get_username(member));
477 pdb_free_sam(&member);
478 }
479
480 d_printf("\n");
481
482 unix_members = grp->gr_mem;
483
484 while (*unix_members) {
485 BOOL is_nt_member = False;
486 for (i=0; i<delta->num_members; i++) {
487 if (nt_members[i] == NULL) {
488 /* This was a primary group */
489 continue;
490 }
491
492 if (strcmp(*unix_members, nt_members[i]) == 0) {
493 is_nt_member = True;
494 break;
495 }
496 }
497 if (!is_nt_member) {
498 /* We look at a unix group member that is not
499 an nt group member. So, remove it. NT is
500 boss here. */
501 smb_delete_user_group(grp->gr_name, *unix_members);
502 }
503 unix_members += 1;
504 }
505
506 for (i=0; i<delta->num_members; i++) {
507 BOOL is_unix_member = False;
508
509 if (nt_members[i] == NULL) {
510 /* This was the primary group */
511 continue;
512 }
513
514 unix_members = grp->gr_mem;
515
516 while (*unix_members) {
517 if (strcmp(*unix_members, nt_members[i]) == 0) {
518 is_unix_member = True;
519 break;
520 }
521 unix_members += 1;
522 }
523
524 if (!is_unix_member) {
525 /* We look at a nt group member that is not a
526 unix group member currently. So, add the nt
527 group member. */
528 smb_add_user_group(grp->gr_name, nt_members[i]);
529 }
530 }
531
532 talloc_destroy(t);
533 return NT_STATUS_OK;
534 }
535
536 static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
537 DOM_SID dom_sid)
538 {
539 fstring name;
540 fstring comment;
541 struct group *grp = NULL;
542 DOM_SID alias_sid;
543 fstring sid_string;
544 GROUP_MAP map;
545 int insert_flag = TDB_INSERT;
546
547 unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1);
548 unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1);
549
550 /* Find out whether the group is already mapped */
551 sid_copy(&alias_sid, &dom_sid);
552 sid_append_rid(&alias_sid, rid);
553 sid_to_string(sid_string, &alias_sid);
554
555 if (get_group_map_from_sid(alias_sid, &map, False)) {
556 grp = getgrgid(map.gid);
557 insert_flag = 0; /* Don't TDB_INSERT, mapping exists */
558 }
559
560 if (grp == NULL) {
561 gid_t new_gid;
562 /* No group found from mapping, find it from its name. */
563 if ((grp = getgrnam(name)) == NULL) {
564 /* No appropriate group found, create one */
565 d_printf("Creating unix group: '%s'\n", name);
566 if (smb_create_group(name, &new_gid) != 0)
567 return NT_STATUS_ACCESS_DENIED;
568 }
569
570 if ((grp = getgrgid(new_gid)) == NULL)
571 return NT_STATUS_ACCESS_DENIED;
572 }
573
574 map.gid = grp->gr_gid;
575 map.sid = alias_sid;
576 map.sid_name_use = SID_NAME_ALIAS;
577
578 fstrcpy(map.nt_name, name);
579 fstrcpy(map.comment, comment);
580
581 map.priv_set.count = 0;
582 map.priv_set.set = NULL;
583
584 add_mapping_entry(&map, insert_flag);
585
586 return NT_STATUS_OK;
587 }
588
589 static NTSTATUS
590 fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid)
591 {
592
593 return NT_STATUS_OK;
594 }
595
596 static void
597 fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta,
598 DOM_SID dom_sid)
599 {
600 switch(hdr_delta->type) {
601 case SAM_DELTA_ACCOUNT_INFO:
602 fetch_account_info(hdr_delta->target_rid,
603 &delta->account_info);
604 break;
605 case SAM_DELTA_GROUP_INFO:
606 fetch_group_info(hdr_delta->target_rid,
607 &delta->group_info);
608 break;
609 case SAM_DELTA_GROUP_MEM:
610 fetch_group_mem_info(hdr_delta->target_rid,
611 &delta->grp_mem_info);
612 break;
613 case SAM_DELTA_ALIAS_INFO:
614 fetch_alias_info(hdr_delta->target_rid,
615 &delta->alias_info, dom_sid);
616 break;
617 case SAM_DELTA_ALIAS_MEM:
618 fetch_alias_mem(hdr_delta->target_rid,
619 &delta->als_mem_info, dom_sid);
620 break;
621 default:
622 d_printf("Unknown delta record type %d\n", hdr_delta->type);
623 break;
624 }
625 }
626
627 static void
628 fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds,
629 DOM_SID dom_sid)
630 {
631 unsigned last_rid = -1;
632 NTSTATUS result;
633 int i;
634 TALLOC_CTX *mem_ctx;
635 SAM_DELTA_HDR *hdr_deltas;
636 SAM_DELTA_CTR *deltas;
637 uint32 num_deltas;
638
639 if (!(mem_ctx = talloc_init())) {
640 return;
641 }
642
643 d_printf("Fetching database %u\n", db_type);
644
645 do {
646 result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds,
647 db_type, last_rid+1,
648 &num_deltas,
649 &hdr_deltas, &deltas);
650 clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred),
651 ret_creds);
652 last_rid = 0;
653 for (i = 0; i < num_deltas; i++) {
654 fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid);
655 last_rid = hdr_deltas[i].target_rid;
656 }
657 } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
658
659 talloc_destroy(mem_ctx);
660 }
661
662 /* dump sam database via samsync rpc calls */
663 int rpc_vampire(int argc, const char **argv)
664 {
665 NTSTATUS result;
666 struct cli_state *cli = NULL;
667 uchar trust_password[16];
668 DOM_CRED ret_creds;
669 uint32 neg_flags = 0x000001ff;
670 DOM_SID dom_sid;
671
672 ZERO_STRUCT(ret_creds);
673
674 /* Connect to remote machine */
675 if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS |
676 NET_FLAGS_PDC))) {
677 return 1;
678 }
679
680 if (!cli_nt_session_open(cli, PIPE_NETLOGON)) {
681 DEBUG(0,("Error connecting to NETLOGON pipe\n"));
682 goto fail;
683 }
684
685 if (!secrets_fetch_trust_account_password(lp_workgroup(),
686 trust_password, NULL)) {
687 d_printf("Could not retrieve domain trust secret");
688 goto fail;
689 }
690
691 result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password,
692 &neg_flags, 2);
693 if (!NT_STATUS_IS_OK(result)) {
694 d_printf("Failed to setup BDC creds\n");
695 goto fail;
696 }
697
698 dom_sid = *get_global_sam_sid();
699 fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid);
700
701 sid_copy(&dom_sid, &global_sid_Builtin);
702 fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, dom_sid);
703
704 /* Currently we crash on PRIVS somewhere in unmarshalling */
705 /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */
706
707 cli_nt_session_close(cli);
708
709 return 0;
710
711 fail:
712 if (cli) {
713 cli_nt_session_close(cli);
714 }
715 return -1;
716 }
reg import