net_rpc_samsync.c

samba-3.0.22.tar.gz 编译smb服务器的源码

/* 
   Unix SMB/CIFS implementation.
   dump the remote SAM using rpc samsync operations

   Copyright (C) Andrew Tridgell 2002
   Copyright (C) Tim Potter 2001,2002
   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
   Modified by Volker Lendecke 2002
   Copyright (C) Jeremy Allison 2005.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "includes.h"
#include "utils/net.h"

/* uid's and gid's for writing deltas to ldif */
static uint32 ldif_gid = 999;
static uint32 ldif_uid = 999;
/* Kkeep track of ldap initialization */
static int init_ldap = 1;

static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g)
{
	int i;
	d_printf("Group mem %u: ", rid);
	for (i=0;i<g->num_members;i++) {
		d_printf("%u ", g->rids[i]);
	}
	d_printf("\n");
}

static const char *display_time(NTTIME *nttime)
{
	static fstring string;

	float high;
	float low;
	int sec;
	int days, hours, mins, secs;
	int offset = 1;

	if (nttime->high==0 && nttime->low==0)
		return "Now";

	if (nttime->high==0x80000000 && nttime->low==0)
		return "Never";

	high = 65536;	
	high = high/10000;
	high = high*65536;
	high = high/1000;
	high = high * (~nttime->high);

	low = ~nttime->low;	
	low = low/(1000*1000*10);

	sec=high+low;
	sec+=offset;

	days=sec/(60*60*24);
	hours=(sec - (days*60*60*24)) / (60*60);
	mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
	secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);

	fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
	return (string);
}


static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a)
{
	d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name));
	d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid);
}

static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a)
{
	int i;
	d_printf("Alias rid %u: ", rid);
	for (i=0;i<a->num_members;i++) {
		d_printf("%s ", sid_string_static(&a->sids[i].sid));
	}
	d_printf("\n");
}

static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
{
	fstring hex_nt_passwd, hex_lm_passwd;
	uchar lm_passwd[16], nt_passwd[16];
	static uchar zero_buf[16];

	/* Decode hashes from password hash (if they are not NULL) */
	
	if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) {
		sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
		pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
	} else {
		pdb_sethexpwd(hex_lm_passwd, NULL, 0);
	}

	if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) {
		sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
		pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
	} else {
		pdb_sethexpwd(hex_nt_passwd, NULL, 0);
	}
	
	printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
	       a->user_rid, hex_lm_passwd, hex_nt_passwd,
	       pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
}

static void display_domain_info(SAM_DOMAIN_INFO *a)
{
	time_t u_logout;

	u_logout = nt_time_to_unix_abs((NTTIME *)&a->force_logoff);

	d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name));

	d_printf("Minimal Password Length: %d\n", a->min_pwd_len);
	d_printf("Password History Length: %d\n", a->pwd_history_len);

	d_printf("Force Logoff: %d\n", (int)u_logout);

	d_printf("Max Password Age: %s\n", display_time((NTTIME *)&a->max_pwd_age));
	d_printf("Min Password Age: %s\n", display_time((NTTIME *)&a->min_pwd_age));

	d_printf("Lockout Time: %s\n", display_time((NTTIME *)&a->account_lockout.lockout_duration));
	d_printf("Lockout Reset Time: %s\n", display_time((NTTIME *)&a->account_lockout.reset_count));

	d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout);
	d_printf("User must logon to change password: %d\n", a->logon_chgpass);
}

static void display_group_info(uint32 rid, SAM_GROUP_INFO *a)
{
	d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name));
	d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid);
}

static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta)
{
	switch (hdr_delta->type) {
	case SAM_DELTA_ACCOUNT_INFO:
		display_account_info(hdr_delta->target_rid, &delta->account_info);
		break;
	case SAM_DELTA_GROUP_MEM:
		display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info);
		break;
	case SAM_DELTA_ALIAS_INFO:
		display_alias_info(hdr_delta->target_rid, &delta->alias_info);
		break;
	case SAM_DELTA_ALIAS_MEM:
		display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info);
		break;
	case SAM_DELTA_DOMAIN_INFO:
		display_domain_info(&delta->domain_info);
		break;
	case SAM_DELTA_GROUP_INFO:
		display_group_info(hdr_delta->target_rid, &delta->group_info);
		break;
		/* The following types are recognised but not handled */
	case SAM_DELTA_RENAME_GROUP:
		d_printf("SAM_DELTA_RENAME_GROUP not handled\n");
		break;
	case SAM_DELTA_RENAME_USER:
		d_printf("SAM_DELTA_RENAME_USER not handled\n");
		break;
	case SAM_DELTA_RENAME_ALIAS:
		d_printf("SAM_DELTA_RENAME_ALIAS not handled\n");
		break;
	case SAM_DELTA_POLICY_INFO:
		d_printf("SAM_DELTA_POLICY_INFO not handled\n");
		break;
	case SAM_DELTA_TRUST_DOMS:
		d_printf("SAM_DELTA_TRUST_DOMS not handled\n");
		break;
	case SAM_DELTA_PRIVS_INFO:
		d_printf("SAM_DELTA_PRIVS_INFO not handled\n");
		break;
	case SAM_DELTA_SECRET_INFO:
		d_printf("SAM_DELTA_SECRET_INFO not handled\n");
		break;
	case SAM_DELTA_DELETE_GROUP:
		d_printf("SAM_DELTA_DELETE_GROUP not handled\n");
		break;
	case SAM_DELTA_DELETE_USER:
		d_printf("SAM_DELTA_DELETE_USER not handled\n");
		break;
	case SAM_DELTA_MODIFIED_COUNT:
		d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n");
		break;
	default:
		d_printf("Unknown delta record type %d\n", hdr_delta->type);
		break;
	}
}

static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type)
{
	uint32 sync_context = 0;
        NTSTATUS result;
	int i;
        TALLOC_CTX *mem_ctx;
        SAM_DELTA_HDR *hdr_deltas;
        SAM_DELTA_CTR *deltas;
        uint32 num_deltas;

	if (!(mem_ctx = talloc_init("dump_database"))) {
		return;
	}

	switch( db_type ) {
	case SAM_DATABASE_DOMAIN:
		d_printf("Dumping DOMAIN database\n");
		break;
	case SAM_DATABASE_BUILTIN:
		d_printf("Dumping BUILTIN database\n");
		break;
	case SAM_DATABASE_PRIVS:
		d_printf("Dumping PRIVS databases\n");
		break;
	default:
		d_printf("Dumping unknown database type %u\n", db_type );
		break;
	}

	do {
		result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type,
					       sync_context,
					       &num_deltas, &hdr_deltas, &deltas);
		if (NT_STATUS_IS_ERR(result))
			break;

                for (i = 0; i < num_deltas; i++) {
			display_sam_entry(&hdr_deltas[i], &deltas[i]);
                }
		sync_context += 1;
	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));

	talloc_destroy(mem_ctx);
}

/* dump sam database via samsync rpc calls */
NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, 
				const char *domain_name, 
				struct cli_state *cli,
				struct rpc_pipe_client *pipe_hnd,
				TALLOC_CTX *mem_ctx, 
				int argc,
				const char **argv) 
{
#if 0
	/* net_rpc.c now always tries to create an schannel pipe.. */

	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
	uchar trust_password[16];
	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
	uint32 sec_channel_type = 0;

	if (!secrets_fetch_trust_account_password(domain_name,
						  trust_password,
						  NULL, &sec_channel_type)) {
		DEBUG(0,("Could not fetch trust account password\n"));
		goto fail;
	}

	nt_status = rpccli_netlogon_setup_creds(pipe_hnd,
						cli->desthost,
						domain_name,
                                                global_myname(),
                                                trust_password,
                                                sec_channel_type,
                                                &neg_flags);

	if (!NT_STATUS_IS_OK(nt_status)) {
		DEBUG(0,("Error connecting to NETLOGON pipe\n"));
		goto fail;
	}
#endif

	dump_database(pipe_hnd, SAM_DATABASE_DOMAIN);
	dump_database(pipe_hnd, SAM_DATABASE_BUILTIN);
	dump_database(pipe_hnd, SAM_DATABASE_PRIVS);

	return NT_STATUS_OK;
}

/* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */
#define STRING_CHANGED (old_string && !new_string) ||\
		    (!old_string && new_string) ||\
		(old_string && new_string && (strcmp(old_string, new_string) != 0))

static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
{
	const char *old_string, *new_string;
	time_t unix_time, stored_time;
	uchar lm_passwd[16], nt_passwd[16];
	static uchar zero_buf[16];

	/* Username, fullname, home dir, dir drive, logon script, acct
	   desc, workstations, profile. */

	if (delta->hdr_acct_name.buffer) {
		old_string = pdb_get_nt_username(account);
		new_string = unistr2_static(&delta->uni_acct_name);

		if (STRING_CHANGED) {
			pdb_set_nt_username(account, new_string, PDB_CHANGED);
              
		}
         
		/* Unix username is the same - for sanity */
		old_string = pdb_get_username( account );
		if (STRING_CHANGED) {
			pdb_set_username(account, new_string, PDB_CHANGED);
		}
	}

	if (delta->hdr_full_name.buffer) {
		old_string = pdb_get_fullname(account);
		new_string = unistr2_static(&delta->uni_full_name);

		if (STRING_CHANGED)
			pdb_set_fullname(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_home_dir.buffer) {
		old_string = pdb_get_homedir(account);
		new_string = unistr2_static(&delta->uni_home_dir);

		if (STRING_CHANGED)
			pdb_set_homedir(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_dir_drive.buffer) {
		old_string = pdb_get_dir_drive(account);
		new_string = unistr2_static(&delta->uni_dir_drive);

		if (STRING_CHANGED)
			pdb_set_dir_drive(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_logon_script.buffer) {
		old_string = pdb_get_logon_script(account);
		new_string = unistr2_static(&delta->uni_logon_script);

		if (STRING_CHANGED)
			pdb_set_logon_script(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_acct_desc.buffer) {
		old_string = pdb_get_acct_desc(account);
		new_string = unistr2_static(&delta->uni_acct_desc);

		if (STRING_CHANGED)
			pdb_set_acct_desc(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_workstations.buffer) {
		old_string = pdb_get_workstations(account);
		new_string = unistr2_static(&delta->uni_workstations);

		if (STRING_CHANGED)
			pdb_set_workstations(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_profile.buffer) {
		old_string = pdb_get_profile_path(account);
		new_string = unistr2_static(&delta->uni_profile);

		if (STRING_CHANGED)
			pdb_set_profile_path(account, new_string, PDB_CHANGED);
	}

	if (delta->hdr_parameters.buffer) {
		DATA_BLOB mung;
		old_string = pdb_get_munged_dial(account);
		mung.length = delta->hdr_parameters.uni_str_len;
		mung.data = (uint8 *) delta->uni_parameters.buffer;
		new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung);

		if (STRING_CHANGED)
			pdb_set_munged_dial(account, new_string, PDB_CHANGED);
	}

	/* User and group sid */
	if (pdb_get_user_rid(account) != delta->user_rid)
		pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED);
	if (pdb_get_group_rid(account) != delta->group_rid)
		pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED);

	/* Logon and password information */
	if (!nt_time_is_zero(&delta->logon_time)) {
		unix_time = nt_time_to_unix(&delta->logon_time);
		stored_time = pdb_get_logon_time(account);
		if (stored_time != unix_time)
			pdb_set_logon_time(account, unix_time, PDB_CHANGED);
	}

	if (!nt_time_is_zero(&delta->logoff_time)) {
		unix_time = nt_time_to_unix(&delta->logoff_time);
		stored_time = pdb_get_logoff_time(account);
		if (stored_time != unix_time)
			pdb_set_logoff_time(account, unix_time,PDB_CHANGED);
	}

	/* Logon Divs */
	if (pdb_get_logon_divs(account) != delta->logon_divs)
		pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);

	/* Max Logon Hours */
	if (delta->unknown1 != pdb_get_unknown_6(account)) {
		pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED);
	}

	/* Logon Hours Len */
	if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) {