sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-17 02:05:21 +03:00
Code
samba-mirror/source3/rpcclient/samsync.c
Jeremy Allison 0fdf60f051 Finish adding strings to all talloc_init() calls. 
Jeremy.
(This used to be commit 784d15761c3271bfd602866f8f9f880dac77671c)
2002-12-23 23:53:56 +00:00

773 lines
20 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
SAM synchronisation and replication
Copyright (C) Tim Potter 2001,2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
DOM_SID domain_sid;
static void decode_domain_info(SAM_DOMAIN_INFO *a)
{
fstring temp;
printf("Domain Information\n");
printf("------------------\n");
unistr2_to_ascii(temp, &a->uni_dom_name, sizeof(temp)-1);
printf("\tDomain :%s\n", temp);
printf("\tMin password len :%d\n", a->min_pwd_len);
printf("\tpassword history len:%d\n", a->pwd_history_len);
printf("\tcreation time :%s\n", http_timestring(nt_time_to_unix(&a->creation_time)));
}
static void decode_sam_group_info(SAM_GROUP_INFO *a)
{
fstring temp;
printf("\nDomain Group Information\n");
printf("------------------------\n");
unistr2_to_ascii(temp, &a->uni_grp_name, sizeof(temp)-1);
printf("\tGroup name :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_grp_desc, sizeof(temp)-1);
printf("\tGroup description :%s\n", temp);
printf("\trid :%d\n", a->gid.g_rid);
printf("\tattribute :%d\n", a->gid.attr);
}
static void decode_sam_account_info(SAM_ACCOUNT_INFO *a)
{
fstring temp;
printf("\nUser Information\n");
printf("----------------\n");
unistr2_to_ascii(temp, &a->uni_acct_name, sizeof(temp)-1);
printf("\tUser name :%s\n", temp);
printf("\tuser's rid :%d\n", a->user_rid);
printf("\tuser's primary gid :%d\n", a->group_rid);
unistr2_to_ascii(temp, &a->uni_full_name, sizeof(temp)-1);
printf("\tfull name :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_home_dir, sizeof(temp)-1);
printf("\thome directory :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_dir_drive, sizeof(temp)-1);
printf("\tdrive :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_logon_script, sizeof(temp)-1);
printf("\tlogon script :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_acct_desc, sizeof(temp)-1);
printf("\tdescription :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_workstations, sizeof(temp)-1);
printf("\tworkstations :%s\n", temp);
}
static void decode_sam_grp_mem_info(SAM_GROUP_MEM_INFO *a)
{
int i;
printf("\nGroup members information\n");
printf("-------------------------\n");
printf("\tnum members :%d\n", a->num_members);
for (i=0; i<a->num_members; i++) {
printf("\trid, attr:%d, %d\n", a->rids[i], a->attribs[i]);
}
}
static void decode_sam_alias_info(SAM_ALIAS_INFO *a)
{
fstring temp;
printf("\nAlias Information\n");
printf("-----------------\n");
unistr2_to_ascii(temp, &a->uni_als_name, sizeof(temp)-1);
printf("\tname :%s\n", temp);
unistr2_to_ascii(temp, &a->uni_als_desc, sizeof(temp)-1);
printf("\tdescription :%s\n", temp);
printf("\trid :%d\n", a->als_rid);
}
static void decode_sam_als_mem_info(SAM_ALIAS_MEM_INFO *a)
{
int i;
fstring temp;
printf("\nAlias members Information\n");
printf("-------------------------\n");
printf("\tnum members :%d\n", a->num_members);
printf("\tnum sids :%d\n", a->num_sids);
for (i=0; i<a->num_sids; i++) {
printf("\tsid :%s\n", sid_to_string(temp, &a->sids[i].sid));
}
}
static void decode_sam_dom_info(SAM_DELTA_DOM *a)
{
fstring temp;
printf("\nDomain information\n");
printf("------------------\n");
unistr2_to_ascii(temp, &a->domain_name, sizeof(temp)-1);
printf("\tdomain name :%s\n", temp);
printf("\tsid :%s\n", sid_to_string(temp, &a->domain_sid.sid));
}
static void decode_sam_unk0e_info(SAM_DELTA_UNK0E *a)
{
fstring temp;
printf("\nTrust information\n");
printf("-----------------\n");
unistr2_to_ascii(temp, &a->domain, sizeof(temp)-1);
printf("\tdomain name :%s\n", temp);
printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid));
display_sec_desc(a->sec_desc);
}
static void decode_sam_privs_info(SAM_DELTA_PRIVS *a)
{
int i;
fstring temp;
printf("\nSID and privileges information\n");
printf("------------------------------\n");
printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid));
display_sec_desc(a->sec_desc);
printf("\tprivileges count :%d\n", a->privlist_count);
for (i=0; i<a->privlist_count; i++) {
unistr2_to_ascii(temp, &a->uni_privslist[i], sizeof(temp)-1);
printf("\tprivilege name :%s\n", temp);
printf("\tattribute :%d\n", a->attributes[i]);
}
}
static void decode_sam_unk12_info(SAM_DELTA_UNK12 *a)
{
fstring temp;
printf("\nTrusted information\n");
printf("-------------------\n");
unistr2_to_ascii(temp, &a->secret, sizeof(temp)-1);
printf("\tsecret name :%s\n", temp);
display_sec_desc(a->sec_desc);
printf("\ttime 1 :%s\n", http_timestring(nt_time_to_unix(&a->time1)));
printf("\ttime 2 :%s\n", http_timestring(nt_time_to_unix(&a->time2)));
display_sec_desc(a->sec_desc2);
}
static void decode_sam_stamp(SAM_DELTA_STAMP *a)
{
printf("\nStamp information\n");
printf("-----------------\n");
printf("\tsequence number :%d\n", a->seqnum);
}
static void decode_sam_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas)
{
int i;
for (i = 0; i < num_deltas; i++) {
switch (hdr_deltas[i].type) {
case SAM_DELTA_DOMAIN_INFO: {
SAM_DOMAIN_INFO *a;
a = &deltas[i].domain_info;
decode_domain_info(a);
break;
}
case SAM_DELTA_GROUP_INFO: {
SAM_GROUP_INFO *a;
a = &deltas[i].group_info;
decode_sam_group_info(a);
break;
}
case SAM_DELTA_ACCOUNT_INFO: {
SAM_ACCOUNT_INFO *a;
a = &deltas[i].account_info;
decode_sam_account_info(a);
break;
}
case SAM_DELTA_GROUP_MEM: {
SAM_GROUP_MEM_INFO *a;
a = &deltas[i].grp_mem_info;
decode_sam_grp_mem_info(a);
break;
}
case SAM_DELTA_ALIAS_INFO: {
SAM_ALIAS_INFO *a;
a = &deltas[i].alias_info;
decode_sam_alias_info(a);
break;
}
case SAM_DELTA_ALIAS_MEM: {
SAM_ALIAS_MEM_INFO *a;
a = &deltas[i].als_mem_info;
decode_sam_als_mem_info(a);
break;
}
case SAM_DELTA_POLICY_INFO: {
SAM_DELTA_POLICY *a;
a = &deltas[i].dom_info;
decode_sam_dom_info(a);
break;
}
case SAM_DELTA_UNK0E_INFO: {
SAM_DELTA_UNK0E *a;
a = &deltas[i].unk0e_info;
decode_sam_unk0e_info(a);
break;
}
case SAM_DELTA_PRIVS_INFO: {
SAM_DELTA_PRIVS *a;
a = &deltas[i].privs_info;
decode_sam_privs_info(a);
break;
}
case SAM_DELTA_UNK12_INFO: {
SAM_DELTA_UNK12 *a;
a = &deltas[i].unk12_info;
decode_sam_unk12_info(a);
break;
}
case SAM_DELTA_SAM_STAMP: {
SAM_DELTA_STAMP *a;
a = &deltas[i].stamp;
decode_sam_stamp(a);
break;
}
default:
DEBUG(0,("unknown delta type: %d\n", hdr_deltas[i].type));
break;
}
}
}
/* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */
static void sam_account_from_delta(SAM_ACCOUNT *account,
SAM_ACCOUNT_INFO *delta)
{
DOM_SID sid;
fstring s;
/* Username, fullname, home dir, dir drive, logon script, acct
desc, workstations, profile. */
unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
pdb_set_nt_username(account, s);
/* Unix username is the same - for sainity */
pdb_set_username(account, s);
unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
pdb_set_fullname(account, s);
unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
pdb_set_homedir(account, s, True);
unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
pdb_set_dir_drive(account, s, True);
unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
pdb_set_logon_script(account, s, True);
unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
pdb_set_acct_desc(account, s);
unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
pdb_set_workstations(account, s);
unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
pdb_set_profile_path(account, s, True);
/* User and group sid */
sid_copy(&sid, &domain_sid);
sid_append_rid(&sid, delta->user_rid);
pdb_set_user_sid(account, &sid);
sid_copy(&sid, &domain_sid);
sid_append_rid(&sid, delta->group_rid);
pdb_set_group_sid(account, &sid);
/* Logon and password information */
pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time),
True);
pdb_set_logon_divs(account, delta->logon_divs);
/* TODO: logon hours */
/* TODO: bad password count */
/* TODO: logon count */
pdb_set_pass_last_set_time(
account, nt_time_to_unix(&delta->pwd_last_set_time));
/* TODO: account expiry time */
pdb_set_acct_ctrl(account, delta->acb_info);
}
static void apply_account_info(SAM_ACCOUNT_INFO *sam_acct_delta)
{
SAM_ACCOUNT *sam_acct;
BOOL result;
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_acct))) {
return;
}
sam_account_from_delta(sam_acct, sam_acct_delta);
result = pdb_add_sam_account(sam_acct);
}
/* Apply an array of deltas to the SAM database */
static void apply_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas,
SAM_DELTA_CTR *deltas)
{
uint32 i;
for (i = 0; i < num_deltas; i++) {
switch(hdr_deltas[i].type) {
case SAM_DELTA_ACCOUNT_INFO:
apply_account_info(&deltas[i].account_info);
break;
}
}
}
/* Synchronise sam database */
static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
BOOL do_smbpasswd_output, BOOL verbose)
{
TALLOC_CTX *mem_ctx;
SAM_DELTA_HDR *hdr_deltas_0, *hdr_deltas_2;
SAM_DELTA_CTR *deltas_0, *deltas_2;
uint32 num_deltas_0, num_deltas_2;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct pdb_context *in;
uint32 neg_flags = 0x000001ff;
DOM_CRED ret_creds;
/* Initialise */
if (!NT_STATUS_IS_OK(make_pdb_context_list(&in, lp_passdb_backend()))){
DEBUG(0, ("Can't initialize passdb backend.\n"));
return result;
}
if (!(mem_ctx = talloc_init("sam_sync"))) {
DEBUG(0,("talloc_init failed\n"));
return result;
}
if (!cli_nt_session_open (cli, PI_NETLOGON)) {
DEBUG(0, ("Could not initialize netlogon pipe!\n"));
goto done;
}
/* Request a challenge */
if (!NT_STATUS_IS_OK(cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_passwd, &neg_flags, 2))) {
DEBUG(0, ("Error initialising session creds\n"));
goto done;
}
/* on first call the returnAuthenticator is empty */
memset(&ret_creds, 0, sizeof(ret_creds));
/* Do sam synchronisation on the SAM database*/
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, 0,
&num_deltas_0, &hdr_deltas_0,
&deltas_0);
if (!NT_STATUS_IS_OK(result))
goto done;
/* Update sam */
apply_deltas(num_deltas_0, hdr_deltas_0, deltas_0);
/*
* we can't yet do several sam_sync in a raw, it's a credential problem
* we must chain the credentials
*/
#if 1
/* Do sam synchronisation on the LSA database */
result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, 0, &num_deltas_2, &hdr_deltas_2, &deltas_2);
if (!NT_STATUS_IS_OK(result))
goto done;
/* verbose mode */
if (verbose)
decode_sam_deltas(num_deltas_2, hdr_deltas_2, deltas_2);
#endif
/* Produce smbpasswd output - good for migrating from NT! */
if (do_smbpasswd_output) {
int i;
for (i = 0; i < num_deltas_0; i++) {
SAM_ACCOUNT_INFO *a;
fstring acct_name, hex_nt_passwd, hex_lm_passwd;
uchar lm_passwd[16], nt_passwd[16];
/* Skip non-user accounts */
if (hdr_deltas_0[i].type != SAM_DELTA_ACCOUNT_INFO)
continue;
a = &deltas_0[i].account_info;
unistr2_to_ascii(acct_name, &a->uni_acct_name,
sizeof(acct_name) - 1);
/* Decode hashes from password hash */
sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd,
lm_passwd, 0);
sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd,
nt_passwd, 0);
/* Encode as strings */
smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd,
a->acb_info);
smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd,
a->acb_info);
/* Display user info */
printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name,
a->user_rid, hex_lm_passwd, hex_nt_passwd,
smbpasswd_encode_acb_info(a->acb_info));
}
goto done;
}
done:
cli_nt_session_close(cli);
talloc_destroy(mem_ctx);
return result;
}
/* Replicate sam deltas */
static NTSTATUS sam_repl(struct cli_state *cli, unsigned char trust_passwde[16],
uint32 low_serial)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
return result;
}
/* Connect to primary domain controller */
static struct cli_state *init_connection(struct cli_state **cli,
char *username, char *domain,
char *password)
{
extern pstring global_myname;
struct in_addr pdc_ip;
fstring dest_host;
/* Initialise myname */
if (!global_myname[0]) {
char *p;
fstrcpy(global_myname, myhostname());
p = strchr(global_myname, '.');
if (p)
*p = 0;
}
/* Look up name of PDC controller */
if (!get_pdc_ip(lp_workgroup(), &pdc_ip)) {
DEBUG(0, ("Cannot find domain controller for domain %s\n",
lp_workgroup()));
return NULL;
}
if (!lookup_dc_name(global_myname, lp_workgroup(), pdc_ip,
dest_host)) {
DEBUG(0, ("Could not lookup up PDC name for domain %s\n",
lp_workgroup()));
return NULL;
}
if (NT_STATUS_IS_OK(cli_full_connection(cli, global_myname, dest_host,
pdc_ip, 0,
"IPC$", "IPC",
username, domain,
password, 0))) {
return *cli;
}
return NULL;
}
/* Main function */
static fstring popt_username, popt_domain, popt_password;
static BOOL popt_got_pass;
static void user_callback(poptContext con,
enum poptCallbackReason reason,
const struct poptOption *opt,
const char *arg, const void *data)
{
const char *p, *ch;
if (!arg)
return;
switch(opt->val) {
/* Check for [DOMAIN\\]username[%password]*/
case 'U':
p = arg;
if ((ch = strchr(p, '\\'))) {
fstrcpy(popt_domain, p);
popt_domain[ch - p] = 0;
}
fstrcpy(popt_username, p);
if ((ch = strchr(p, '%'))) {
popt_username[ch - p] = 0;
fstrcpy(popt_password, ch + 1);
popt_got_pass = True;
}
break;
case 'W':
fstrcpy(popt_domain, arg);
break;
}
}
/* Return domain, username and password passed in from cmd line */
void popt_common_get_auth_info(char **domain, char **username, char **password,
BOOL *got_pass)
{
*domain = popt_domain;
*username = popt_username;
*password = popt_password;
*got_pass = popt_got_pass;
}
struct poptOption popt_common_auth_info[] = {
{ NULL, 0, POPT_ARG_CALLBACK, user_callback },
{ "user", 'U', POPT_ARG_STRING, NULL, 'U', "Set username",
"[DOMAIN\\]username[%password]" },
{ "domain", 'W', POPT_ARG_STRING, NULL, 'W', "Set domain name",
"DOMAIN"},
{ 0 }
};
static BOOL popt_interactive;
BOOL popt_common_is_interactive(void)
{
return popt_interactive;
}
struct poptOption popt_common_interactive[] = {
{ "interactive", 'i', POPT_ARG_NONE, &popt_interactive, 'i',
"Log to stdout" },
{ 0 }
};
int main(int argc, char **argv)
{
BOOL do_sam_sync = False, do_sam_repl = False;
struct cli_state *cli;
NTSTATUS result;
pstring logfile;
BOOL do_smbpasswd_output = False;
BOOL verbose = True, got_pass = False;
uint32 serial = 0;
unsigned char trust_passwd[16];
char *username, *domain, *password;
poptContext pc;
char c;
struct poptOption popt_samsync_opts[] = {
{ "synchronise", 'S', POPT_ARG_NONE, &do_sam_sync, 'S',
"Perform full SAM synchronisation" },
{ "replicate", 'R', POPT_ARG_NONE, &do_sam_repl, 'R',
"Replicate SAM changes" },
{ "serial", 0, POPT_ARG_INT, &serial, 0, "SAM serial number" },
{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_auth_info },
{ NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_interactive },
POPT_AUTOHELP
{ 0 }
};
/* Read command line options */
pc = poptGetContext("samsync", argc, (const char **)argv,
popt_samsync_opts, 0);
if (argc == 1) {
poptPrintUsage(pc, stdout, 0);
return 1;
}
while ((c = poptGetNextOpt(pc)) != -1) {
/* Argument processing error */
if (c < -1) {
fprintf(stderr, "samsync: %s: %s\n",
poptBadOption(pc, POPT_BADOPTION_NOALIAS),
poptStrerror(c));
return 1;
}
/* Handle arguments */
switch (c) {
case 'h':
poptPrintHelp(pc, stdout, 0);
return 1;
case 'u':
poptPrintUsage(pc, stdout, 0);
return 1;
}
}
/* Bail out if any extra args were passed */
if (poptPeekArg(pc)) {
fprintf(stderr, "samsync: invalid argument %s\n",
poptPeekArg(pc));
poptPrintUsage(pc, stdout, 0);
return 1;
}
poptFreeContext(pc);
/* Setup logging */
dbf = x_stdout;
if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
d_fprintf(stderr, "samsync: error opening config file %s. "
"Error was %s\n", dyn_CONFIGFILE, strerror(errno));
return 1;
}
slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", dyn_LOGFILEBASE,
"samsync");
lp_set_logfile(logfile);
setup_logging("samsync", popt_common_is_interactive());
if (!popt_common_is_interactive())
reopen_logs();
load_interfaces();
/* Check arguments make sense */
if (do_sam_sync && do_sam_repl) {
DEBUG(0, ("cannot specify both -S and -R\n"));
return 1;
}
if (!do_sam_sync && !do_sam_repl) {
DEBUG(0, ("samsync: you must either --synchronise or "
"--replicate the SAM database\n"));
return 1;
}
if (do_sam_repl && serial == 0) {
DEBUG(0, ("samsync: must specify serial number\n"));
return 1;
}
if (do_sam_sync && serial != 0) {
DEBUG(0, ("samsync: you can't specify a serial number when "
"synchonising the SAM database\n"));
return 1;
}
/* BDC operations require the machine account password */
if (!secrets_init()) {
DEBUG(0, ("samsync: unable to initialise secrets database\n"));
return 1;
}
if (!secrets_fetch_trust_account_password(lp_workgroup(),
trust_passwd, NULL)) {
DEBUG(0, ("samsync: could not fetch trust account password\n"));
return 1;
}
/* I wish the domain sid wasn't stored in secrets.tdb */
if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
DEBUG(0, ("samsync: could not retrieve domain sid\n"));
return 1;
}
/* Perform sync or replication */
popt_common_get_auth_info(&domain, &username, &password, &got_pass);
if (!init_connection(&cli, username, domain, password))
return 1;
if (do_sam_sync)
result = sam_sync(cli, trust_passwd, do_smbpasswd_output,
verbose);
if (do_sam_repl)
result = sam_repl(cli, trust_passwd, serial);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("%s\n", nt_errstr(result)));
return 1;
}
return 0;
}
View Git Blame Copy Permalink