Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : dump the remote SAM using rpc samsync operations
4 :
5 : Copyright (C) Andrew Tridgell 2002
6 : Copyright (C) Tim Potter 2001,2002
7 : Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
8 : Modified by Volker Lendecke 2002
9 : Copyright (C) Jeremy Allison 2005.
10 : Copyright (C) Guenther Deschner 2008.
11 :
12 : This program is free software; you can redistribute it and/or modify
13 : it under the terms of the GNU General Public License as published by
14 : the Free Software Foundation; either version 3 of the License, or
15 : (at your option) any later version.
16 :
17 : This program is distributed in the hope that it will be useful,
18 : but WITHOUT ANY WARRANTY; without even the implied warranty of
19 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 : GNU General Public License for more details.
21 :
22 : You should have received a copy of the GNU General Public License
23 : along with this program. If not, see <http://www.gnu.org/licenses/>.
24 : */
25 :
26 : #include "includes.h"
27 : #include "utils/net.h"
28 : #include "../librpc/gen_ndr/ndr_netlogon.h"
29 : #include "../librpc/gen_ndr/ndr_drsuapi.h"
30 : #include "libnet/libnet_dssync.h"
31 : #include "../libcli/security/security.h"
32 : #include "passdb/machine_sid.h"
33 :
34 : /**
35 : * Basic usage function for 'net rpc vampire'
36 : *
37 : * @param c A net_context structure
38 : * @param argc Standard main() style argc
39 : * @param argc Standard main() style argv. Initial components are already
40 : * stripped
41 : **/
42 :
43 0 : int rpc_vampire_usage(struct net_context *c, int argc, const char **argv)
44 : {
45 0 : d_printf(_("net rpc vampire ([ldif [<ldif-filename>] | [keytab] "
46 : "[<keytab-filename]) [options]\n"
47 : "\t to pull accounts from a remote PDC where we are a BDC\n"
48 : "\t\t no args puts accounts in local passdb from smb.conf\n"
49 : "\t\t ldif - put accounts in ldif format (file defaults to "
50 : "/tmp/tmp.ldif)\n"
51 : "\t\t keytab - put account passwords in krb5 keytab "
52 : "(defaults to system keytab)\n"));
53 :
54 0 : net_common_flags_usage(c, argc, argv);
55 0 : return -1;
56 : }
57 :
58 0 : static NTSTATUS rpc_vampire_ds_internals(struct net_context *c,
59 : const struct dom_sid *domain_sid,
60 : const char *domain_name,
61 : struct cli_state *cli,
62 : struct rpc_pipe_client *pipe_hnd,
63 : TALLOC_CTX *mem_ctx,
64 : int argc,
65 : const char **argv)
66 : {
67 0 : NTSTATUS status;
68 0 : struct dssync_context *ctx = NULL;
69 :
70 0 : if (!dom_sid_equal(domain_sid, get_global_sam_sid())) {
71 0 : struct dom_sid_buf buf1, buf2;
72 0 : d_printf(_("Cannot import users from %s at this time, "
73 : "as the current domain:\n\t%s: %s\nconflicts "
74 : "with the remote domain\n\t%s: %s\n"
75 : "Perhaps you need to set: \n\n\tsecurity=user\n\t"
76 : "workgroup=%s\n\n in your smb.conf?\n"),
77 : domain_name,
78 : get_global_sam_name(),
79 0 : dom_sid_str_buf(get_global_sam_sid(), &buf1),
80 : domain_name,
81 : dom_sid_str_buf(domain_sid, &buf2),
82 : domain_name);
83 0 : return NT_STATUS_UNSUCCESSFUL;
84 : }
85 :
86 0 : status = libnet_dssync_init_context(mem_ctx,
87 : &ctx);
88 0 : if (!NT_STATUS_IS_OK(status)) {
89 0 : return status;
90 : }
91 :
92 0 : ctx->cli = pipe_hnd;
93 0 : ctx->domain_name = domain_name;
94 0 : ctx->ops = &libnet_dssync_passdb_ops;
95 :
96 0 : status = libnet_dssync(mem_ctx, ctx);
97 0 : if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
98 0 : d_fprintf(stderr, "%s\n", ctx->error_message);
99 0 : goto out;
100 : }
101 :
102 0 : if (ctx->result_message) {
103 0 : d_fprintf(stdout, "%s\n", ctx->result_message);
104 : }
105 :
106 0 : out:
107 0 : TALLOC_FREE(ctx);
108 :
109 0 : return status;
110 : }
111 :
112 0 : int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv)
113 : {
114 0 : int ret = 0;
115 0 : NTSTATUS status;
116 0 : struct cli_state *cli = NULL;
117 0 : struct net_dc_info dc_info;
118 :
119 0 : if (c->display_usage) {
120 0 : d_printf( "%s\n"
121 : "net rpc vampire passdb\n"
122 : " %s\n",
123 : _("Usage:"),
124 : _("Dump remote SAM database to passdb"));
125 0 : return 0;
126 : }
127 :
128 0 : status = net_make_ipc_connection(c, 0, &cli);
129 0 : if (!NT_STATUS_IS_OK(status)) {
130 0 : return -1;
131 : }
132 :
133 0 : status = net_scan_dc(c, cli, &dc_info);
134 0 : if (!NT_STATUS_IS_OK(status)) {
135 0 : return -1;
136 : }
137 :
138 0 : if (!dc_info.is_ad) {
139 0 : printf(_("DC is not running Active Directory, exiting\n"));
140 0 : return -1;
141 : }
142 :
143 0 : if (!c->opt_force) {
144 0 : d_printf( "%s\n"
145 : "net rpc vampire passdb\n"
146 : " %s\n",
147 : _("Usage:"),
148 : _("Should not be used against Active Directory, maybe use --force"));
149 0 : return -1;
150 : }
151 :
152 0 : ret = run_rpc_command(c, cli, &ndr_table_drsuapi,
153 : NET_FLAGS_SEAL | NET_FLAGS_TCP,
154 : rpc_vampire_ds_internals, argc, argv);
155 0 : return ret;
156 : }
157 :
158 0 : static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c,
159 : const struct dom_sid *domain_sid,
160 : const char *domain_name,
161 : struct cli_state *cli,
162 : struct rpc_pipe_client *pipe_hnd,
163 : TALLOC_CTX *mem_ctx,
164 : int argc,
165 : const char **argv)
166 : {
167 0 : NTSTATUS status;
168 0 : struct dssync_context *ctx = NULL;
169 :
170 0 : status = libnet_dssync_init_context(mem_ctx,
171 : &ctx);
172 0 : if (!NT_STATUS_IS_OK(status)) {
173 0 : return status;
174 : }
175 :
176 0 : ctx->force_full_replication = c->opt_force_full_repl ? true : false;
177 0 : ctx->clean_old_entries = c->opt_clean_old_entries ? true : false;
178 :
179 0 : if (argc < 1) {
180 : /* the caller should ensure that a filename is provided */
181 0 : return NT_STATUS_INVALID_PARAMETER;
182 : } else {
183 0 : ctx->output_filename = argv[0];
184 : }
185 :
186 0 : if (argc >= 2) {
187 0 : ctx->object_dns = &argv[1];
188 0 : ctx->object_count = argc - 1;
189 0 : ctx->single_object_replication = c->opt_single_obj_repl ? true
190 0 : : false;
191 : }
192 :
193 0 : ctx->cli = pipe_hnd;
194 0 : ctx->domain_name = domain_name;
195 0 : ctx->ops = &libnet_dssync_keytab_ops;
196 :
197 0 : status = libnet_dssync(mem_ctx, ctx);
198 0 : if (!NT_STATUS_IS_OK(status) && ctx->error_message) {
199 0 : d_fprintf(stderr, "%s\n", ctx->error_message);
200 0 : goto out;
201 : }
202 :
203 0 : if (ctx->result_message) {
204 0 : d_fprintf(stdout, "%s\n", ctx->result_message);
205 : }
206 :
207 0 : out:
208 0 : TALLOC_FREE(ctx);
209 :
210 0 : return status;
211 : }
212 :
213 : /**
214 : * Basic function for 'net rpc vampire keytab'
215 : *
216 : * @param c A net_context structure
217 : * @param argc Standard main() style argc
218 : * @param argc Standard main() style argv. Initial components are already
219 : * stripped
220 : **/
221 :
222 0 : int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
223 : {
224 0 : int ret = 0;
225 0 : NTSTATUS status;
226 0 : struct cli_state *cli = NULL;
227 0 : struct net_dc_info dc_info;
228 :
229 0 : if (c->display_usage || (argc < 1)) {
230 0 : d_printf("%s\n%s",
231 : _("Usage:"),
232 : _("net rpc vampire keytab <keytabfile>\n"
233 : " Dump remote SAM database to Kerberos keytab "
234 : "file\n"));
235 0 : return 0;
236 : }
237 :
238 0 : status = net_make_ipc_connection(c, 0, &cli);
239 0 : if (!NT_STATUS_IS_OK(status)) {
240 0 : return -1;
241 : }
242 :
243 0 : status = net_scan_dc(c, cli, &dc_info);
244 0 : if (!NT_STATUS_IS_OK(status)) {
245 0 : return -1;
246 : }
247 :
248 0 : if (!dc_info.is_ad) {
249 0 : printf(_("DC is not running Active Directory, exiting\n"));
250 0 : return -1;
251 : }
252 :
253 0 : ret = run_rpc_command(c, cli, &ndr_table_drsuapi,
254 : NET_FLAGS_SEAL | NET_FLAGS_TCP,
255 : rpc_vampire_keytab_ds_internals, argc, argv);
256 0 : return ret;
257 : }
|
