2 Unix SMB/CIFS implementation.
3 dump the remote SAM using rpc samsync operations
5 Copyright (C) Andrew Tridgell 2002
6 Copyright (C) Tim Potter 2001,2002
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
8 Modified by Volker Lendecke 2002
9 Copyright (C) Jeremy Allison 2005.
10 Copyright (C) Guenther Deschner 2008.
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "utils/net.h"
29 /* dump sam database via samsync rpc calls */
30 NTSTATUS rpc_samdump_internals(struct net_context *c,
31 const DOM_SID *domain_sid,
32 const char *domain_name,
33 struct cli_state *cli,
34 struct rpc_pipe_client *pipe_hnd,
39 struct samsync_context *ctx = NULL;
42 status = libnet_samsync_init_context(mem_ctx,
45 if (!NT_STATUS_IS_OK(status)) {
49 ctx->mode = NET_SAMSYNC_MODE_DUMP;
51 ctx->delta_fn = display_sam_entries;
52 ctx->domain_name = domain_name;
54 libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
56 libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
58 libnet_samsync(SAM_DATABASE_PRIVS, ctx);
66 * Basic usage function for 'net rpc vampire'
68 * @param c A net_context structure
69 * @param argc Standard main() style argc
70 * @param argc Standard main() style argv. Initial components are already
74 int rpc_vampire_usage(struct net_context *c, int argc, const char **argv)
76 d_printf("net rpc vampire ([ldif [<ldif-filename>] | [keytab] [<keytab-filename]) [options]\n"
77 "\t to pull accounts from a remote PDC where we are a BDC\n"
78 "\t\t no args puts accounts in local passdb from smb.conf\n"
79 "\t\t ldif - put accounts in ldif format (file defaults to "
81 "\t\t keytab - put account passwords in krb5 keytab (defaults "
82 "to system keytab)\n");
84 net_common_flags_usage(c, argc, argv);
89 /* dump sam database via samsync rpc calls */
90 NTSTATUS rpc_vampire_internals(struct net_context *c,
91 const DOM_SID *domain_sid,
92 const char *domain_name,
93 struct cli_state *cli,
94 struct rpc_pipe_client *pipe_hnd,
100 struct samsync_context *ctx = NULL;
102 if (!sid_equal(domain_sid, get_global_sam_sid())) {
103 d_printf("Cannot import users from %s at this time, "
104 "as the current domain:\n\t%s: %s\nconflicts "
105 "with the remote domain\n\t%s: %s\n"
106 "Perhaps you need to set: \n\n\tsecurity=user\n\t"
107 "workgroup=%s\n\n in your smb.conf?\n",
109 get_global_sam_name(),
110 sid_string_dbg(get_global_sam_sid()),
112 sid_string_dbg(domain_sid),
114 return NT_STATUS_UNSUCCESSFUL;
117 result = libnet_samsync_init_context(mem_ctx,
120 if (!NT_STATUS_IS_OK(result)) {
124 ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB;
126 ctx->delta_fn = fetch_sam_entries;
127 ctx->domain_name = domain_name;
130 result = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
132 if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
133 d_fprintf(stderr, "%s\n", ctx->error_message);
137 if (ctx->result_message) {
138 d_fprintf(stdout, "%s\n", ctx->result_message);
142 ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin);
143 ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
144 result = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
146 if (!NT_STATUS_IS_OK(result) && ctx->error_message) {
147 d_fprintf(stderr, "%s\n", ctx->error_message);
151 if (ctx->result_message) {
152 d_fprintf(stdout, "%s\n", ctx->result_message);
160 NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
161 const DOM_SID *domain_sid,
162 const char *domain_name,
163 struct cli_state *cli,
164 struct rpc_pipe_client *pipe_hnd,
170 struct samsync_context *ctx = NULL;
172 status = libnet_samsync_init_context(mem_ctx,
175 if (!NT_STATUS_IS_OK(status)) {
180 ctx->output_filename = argv[0];
183 ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF;
185 ctx->delta_fn = fetch_sam_entries_ldif;
186 ctx->domain_name = domain_name;
189 status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
191 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
192 d_fprintf(stderr, "%s\n", ctx->error_message);
196 if (ctx->result_message) {
197 d_fprintf(stdout, "%s\n", ctx->result_message);
201 ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin);
202 ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
203 status = libnet_samsync(SAM_DATABASE_BUILTIN, ctx);
205 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
206 d_fprintf(stderr, "%s\n", ctx->error_message);
210 if (ctx->result_message) {
211 d_fprintf(stdout, "%s\n", ctx->result_message);
219 int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
221 if (c->display_usage) {
223 "net rpc vampire ldif\n"
224 " Dump remote SAM database to LDIF file or stdout\n");
228 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
229 rpc_vampire_ldif_internals, argc, argv);
233 NTSTATUS rpc_vampire_keytab_internals(struct net_context *c,
234 const DOM_SID *domain_sid,
235 const char *domain_name,
236 struct cli_state *cli,
237 struct rpc_pipe_client *pipe_hnd,
243 struct samsync_context *ctx = NULL;
245 status = libnet_samsync_init_context(mem_ctx,
248 if (!NT_STATUS_IS_OK(status)) {
253 ctx->output_filename = argv[0];
256 ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB;
258 ctx->delta_fn = fetch_sam_entries_keytab;
259 ctx->domain_name = domain_name;
260 ctx->username = c->opt_user_name;
261 ctx->password = c->opt_password;
264 status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx);
266 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
267 d_fprintf(stderr, "%s\n", ctx->error_message);
271 if (ctx->result_message) {
272 d_fprintf(stdout, "%s\n", ctx->result_message);
281 static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
282 const DOM_SID *domain_sid,
283 const char *domain_name,
284 struct cli_state *cli,
285 struct rpc_pipe_client *pipe_hnd,
291 struct dssync_context *ctx = NULL;
293 status = libnet_dssync_init_context(mem_ctx,
295 if (!NT_STATUS_IS_OK(status)) {
299 ctx->force_full_replication = c->opt_force_full_repl ? true : false;
302 ctx->output_filename = argv[0];
305 ctx->object_dns = &argv[1];
306 ctx->object_count = argc - 1;
307 ctx->single_object_replication = true;
311 ctx->domain_name = domain_name;
312 ctx->ops = &libnet_dssync_keytab_ops;
314 status = libnet_dssync(mem_ctx, ctx);
315 if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
316 d_fprintf(stderr, "%s\n", ctx->error_message);
320 if (ctx->result_message) {
321 d_fprintf(stdout, "%s\n", ctx->result_message);
331 * Basic function for 'net rpc vampire keytab'
333 * @param c A net_context structure
334 * @param argc Standard main() style argc
335 * @param argc Standard main() style argv. Initial components are already
339 int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
343 if (c->display_usage) {
345 "net rpc vampire keytab\n"
346 " Dump remote SAM database to Kerberos keytab file\n");
350 ret = run_rpc_command(c, NULL, &ndr_table_drsuapi.syntax_id,
352 rpc_vampire_keytab_ds_internals, argc, argv);
357 return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0,
358 rpc_vampire_keytab_internals,