2008-02-15 14:13:11 +01:00
/*
2002-08-22 22:48:54 +00:00
Unix SMB / CIFS implementation .
dump the remote SAM using rpc samsync operations
Copyright ( C ) Andrew Tridgell 2002
Copyright ( C ) Tim Potter 2001 , 2002
2005-07-06 21:02:43 +00:00
Copyright ( C ) Jim McDonough < jmcd @ us . ibm . com > 2005
2002-10-01 18:26:00 +00:00
Modified by Volker Lendecke 2002
2005-09-30 17:13:37 +00:00
Copyright ( C ) Jeremy Allison 2005.
2008-02-27 19:38:48 +01:00
Copyright ( C ) Guenther Deschner 2008.
2002-08-22 22:48:54 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2002-08-22 22:48:54 +00:00
( at your option ) any later version .
2008-02-15 14:13:11 +01:00
2002-08-22 22:48:54 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2008-02-15 14:13:11 +01:00
2002-08-22 22:48:54 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2002-08-22 22:48:54 +00:00
*/
# include "includes.h"
2004-10-07 04:01:18 +00:00
# include "utils/net.h"
2010-05-05 01:39:16 +02:00
# include "../librpc/gen_ndr/ndr_netlogon.h"
# include "../librpc/gen_ndr/ndr_drsuapi.h"
2010-07-02 00:14:04 +02:00
# include "libnet/libnet_dssync.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2011-03-22 16:50:02 +01:00
# include "passdb/machine_sid.h"
2002-08-22 22:48:54 +00:00
2008-02-15 14:13:11 +01:00
/**
2005-07-06 21:02:43 +00:00
* Basic usage function for ' net rpc vampire '
2008-05-09 23:22:12 +02:00
*
* @ param c A net_context structure
2005-07-06 21:02:43 +00:00
* @ param argc Standard main ( ) style argc
* @ param argc Standard main ( ) style argv . Initial components are already
* stripped
* */
2008-05-09 23:22:12 +02:00
int rpc_vampire_usage ( struct net_context * c , int argc , const char * * argv )
2008-02-15 14:13:11 +01:00
{
2009-08-10 19:54:27 +02:00
d_printf ( _ ( " net rpc vampire ([ldif [<ldif-filename>] | [keytab] "
" [<keytab-filename]) [options] \n "
" \t to pull accounts from a remote PDC where we are a BDC \n "
" \t \t no args puts accounts in local passdb from smb.conf \n "
" \t \t ldif - put accounts in ldif format (file defaults to "
" /tmp/tmp.ldif) \n "
" \t \t keytab - put account passwords in krb5 keytab "
" (defaults to system keytab) \n " ) ) ;
2005-07-06 21:02:43 +00:00
2008-05-09 23:22:12 +02:00
net_common_flags_usage ( c , argc , argv ) ;
2005-07-06 21:02:43 +00:00
return - 1 ;
}
2008-11-21 23:48:45 +01:00
static NTSTATUS rpc_vampire_ds_internals ( struct net_context * c ,
const struct dom_sid * domain_sid ,
const char * domain_name ,
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
{
NTSTATUS status ;
struct dssync_context * ctx = NULL ;
if ( ! dom_sid_equal ( domain_sid , get_global_sam_sid ( ) ) ) {
2018-12-10 12:47:36 +01:00
struct dom_sid_buf buf1 , buf2 ;
2008-11-21 23:48:45 +01:00
d_printf ( _ ( " Cannot import users from %s at this time, "
" as the current domain: \n \t %s: %s \n conflicts "
" with the remote domain \n \t %s: %s \n "
" Perhaps you need to set: \n \n \t security=user \n \t "
" workgroup=%s \n \n in your smb.conf? \n " ) ,
domain_name ,
get_global_sam_name ( ) ,
2018-12-10 12:47:36 +01:00
dom_sid_str_buf ( get_global_sam_sid ( ) , & buf1 ) ,
2008-11-21 23:48:45 +01:00
domain_name ,
2018-12-10 12:47:36 +01:00
dom_sid_str_buf ( domain_sid , & buf2 ) ,
2008-11-21 23:48:45 +01:00
domain_name ) ;
return NT_STATUS_UNSUCCESSFUL ;
}
status = libnet_dssync_init_context ( mem_ctx ,
& ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
ctx - > cli = pipe_hnd ;
ctx - > domain_name = domain_name ;
ctx - > ops = & libnet_dssync_passdb_ops ;
status = libnet_dssync ( mem_ctx , ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) & & ctx - > error_message ) {
d_fprintf ( stderr , " %s \n " , ctx - > error_message ) ;
goto out ;
}
if ( ctx - > result_message ) {
d_fprintf ( stdout , " %s \n " , ctx - > result_message ) ;
}
out :
TALLOC_FREE ( ctx ) ;
return status ;
}
2005-07-06 21:02:43 +00:00
2008-11-18 13:25:50 +01:00
int rpc_vampire_passdb ( struct net_context * c , int argc , const char * * argv )
{
2008-11-21 23:48:45 +01:00
int ret = 0 ;
NTSTATUS status ;
struct cli_state * cli = NULL ;
struct net_dc_info dc_info ;
2008-11-18 13:25:50 +01:00
if ( c - > display_usage ) {
2010-01-19 11:43:54 +01:00
d_printf ( " %s \n "
2009-08-10 19:54:27 +02:00
" net rpc vampire passdb \n "
2010-01-19 11:43:54 +01:00
" %s \n " ,
_ ( " Usage: " ) ,
_ ( " Dump remote SAM database to passdb " ) ) ;
2008-11-18 13:25:50 +01:00
return 0 ;
}
2008-11-21 23:48:45 +01:00
status = net_make_ipc_connection ( c , 0 , & cli ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return - 1 ;
}
status = net_scan_dc ( c , cli , & dc_info ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return - 1 ;
}
if ( ! dc_info . is_ad ) {
2017-09-19 15:03:43 -07:00
printf ( _ ( " DC is not running Active Directory, exiting \n " ) ) ;
return - 1 ;
2008-11-21 23:48:45 +01:00
}
if ( ! c - > opt_force ) {
d_printf ( " %s \n "
" net rpc vampire passdb \n "
" %s \n " ,
_ ( " Usage: " ) ,
_ ( " Should not be used against Active Directory, maybe use --force " ) ) ;
return - 1 ;
}
2012-01-10 21:53:42 +11:00
ret = run_rpc_command ( c , cli , & ndr_table_drsuapi ,
2008-11-21 23:48:45 +01:00
NET_FLAGS_SEAL | NET_FLAGS_TCP ,
rpc_vampire_ds_internals , argc , argv ) ;
return ret ;
2008-11-18 13:25:50 +01:00
}
2008-07-17 13:06:46 +02:00
static NTSTATUS rpc_vampire_keytab_ds_internals ( struct net_context * c ,
2010-05-21 11:25:01 +10:00
const struct dom_sid * domain_sid ,
2008-07-17 13:06:46 +02:00
const char * domain_name ,
struct cli_state * cli ,
struct rpc_pipe_client * pipe_hnd ,
TALLOC_CTX * mem_ctx ,
int argc ,
const char * * argv )
2008-06-27 15:36:19 +02:00
{
NTSTATUS status ;
struct dssync_context * ctx = NULL ;
status = libnet_dssync_init_context ( mem_ctx ,
& ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2008-07-30 17:46:13 +02:00
ctx - > force_full_replication = c - > opt_force_full_repl ? true : false ;
2008-08-01 00:12:18 +02:00
ctx - > clean_old_entries = c - > opt_clean_old_entries ? true : false ;
2008-07-29 22:52:59 +02:00
2008-11-10 09:51:39 +01:00
if ( argc < 1 ) {
/* the caller should ensure that a filename is provided */
return NT_STATUS_INVALID_PARAMETER ;
} else {
2008-06-27 15:36:19 +02:00
ctx - > output_filename = argv [ 0 ] ;
}
2008-11-10 09:51:39 +01:00
2008-07-18 00:18:40 +02:00
if ( argc > = 2 ) {
2008-07-30 13:02:36 +02:00
ctx - > object_dns = & argv [ 1 ] ;
ctx - > object_count = argc - 1 ;
2008-07-31 23:05:45 +02:00
ctx - > single_object_replication = c - > opt_single_obj_repl ? true
: false ;
2008-07-18 00:18:40 +02:00
}
2008-06-27 15:36:19 +02:00
ctx - > cli = pipe_hnd ;
ctx - > domain_name = domain_name ;
2008-07-16 17:12:04 +02:00
ctx - > ops = & libnet_dssync_keytab_ops ;
2008-06-27 15:36:19 +02:00
status = libnet_dssync ( mem_ctx , ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) & & ctx - > error_message ) {
d_fprintf ( stderr , " %s \n " , ctx - > error_message ) ;
goto out ;
}
if ( ctx - > result_message ) {
d_fprintf ( stdout , " %s \n " , ctx - > result_message ) ;
}
out :
TALLOC_FREE ( ctx ) ;
return status ;
}
2008-06-18 12:52:00 +02:00
/**
* Basic function for ' net rpc vampire keytab '
*
* @ param c A net_context structure
* @ param argc Standard main ( ) style argc
* @ param argc Standard main ( ) style argv . Initial components are already
* stripped
* */
int rpc_vampire_keytab ( struct net_context * c , int argc , const char * * argv )
{
2008-06-27 15:36:19 +02:00
int ret = 0 ;
2008-11-11 19:00:26 +01:00
NTSTATUS status ;
struct cli_state * cli = NULL ;
struct net_dc_info dc_info ;
2008-06-27 15:36:19 +02:00
2008-11-10 09:51:39 +01:00
if ( c - > display_usage | | ( argc < 1 ) ) {
2010-01-19 11:43:54 +01:00
d_printf ( " %s \n %s " ,
_ ( " Usage: " ) ,
_ ( " net rpc vampire keytab <keytabfile> \n "
2009-08-10 19:54:27 +02:00
" Dump remote SAM database to Kerberos keytab "
" file \n " ) ) ;
2008-06-18 12:52:00 +02:00
return 0 ;
}
2008-11-11 19:00:26 +01:00
status = net_make_ipc_connection ( c , 0 , & cli ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return - 1 ;
2008-06-27 15:36:19 +02:00
}
2008-11-11 19:00:26 +01:00
status = net_scan_dc ( c , cli , & dc_info ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return - 1 ;
}
if ( ! dc_info . is_ad ) {
2017-09-19 15:09:05 -07:00
printf ( _ ( " DC is not running Active Directory, exiting \n " ) ) ;
return - 1 ;
2008-11-11 19:00:26 +01:00
}
2017-09-19 15:09:05 -07:00
ret = run_rpc_command ( c , cli , & ndr_table_drsuapi ,
NET_FLAGS_SEAL | NET_FLAGS_TCP ,
rpc_vampire_keytab_ds_internals , argc , argv ) ;
2008-11-11 19:00:26 +01:00
return ret ;
2008-06-18 12:52:00 +02:00
}