net_rpc_samsync.c

samba-3.0.22.tar.gz 编译smb服务器的源码

	unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc),
			 sizeof(description)-1);

	/* Set up the group type */
	switch (db_type) {
		case SAM_DATABASE_DOMAIN:
			grouptype = 4;
			break;
		case SAM_DATABASE_BUILTIN:
			grouptype = 5;
			break;
		default:
			grouptype = 4;
			break;
	}

	/*
	These groups are entered by populate_ldap_for_ldif
	Note that populate creates a group called Relicators, 
	but NT returns a group called Replicator
	*/
	if (strcmp(aliasname, "Domain Admins") == 0 ||
	    strcmp(aliasname, "Domain Users") == 0 ||
	    strcmp(aliasname, "Domain Guests") == 0 ||
	    strcmp(aliasname, "Domain Computers") == 0 ||
	    strcmp(aliasname, "Administrators") == 0 ||
	    strcmp(aliasname, "Print Operators") == 0 ||
	    strcmp(aliasname, "Backup Operators") == 0 ||
	    strcmp(aliasname, "Replicator") == 0) {
		return NT_STATUS_OK;
	} else {
		/* Increment the gid for the new group */
		ldif_gid++;
	}

	/* Map the group rid and gid */
	g_rid = delta->group_info.gid.g_rid;
	groupmap->gidNumber = ldif_gid;
	pstr_sprintf(groupmap->sambaSID, "%s-%d", sid, g_rid);

	/* Write the data to the temporary add ldif file */
	fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr,
		suffix);
	fprintf(add_fd, "dn: cn=%s,ou=%s,%s\n", aliasname, group_attr,
		suffix);
	fprintf(add_fd, "objectClass: posixGroup\n");
	fprintf(add_fd, "objectClass: sambaGroupMapping\n");
	fprintf(add_fd, "cn: %s\n", aliasname);
	fprintf(add_fd, "gidNumber: %d\n", ldif_gid);
	fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID);
	fprintf(add_fd, "sambaGroupType: %d\n", grouptype);
	fprintf(add_fd, "displayName: %s\n", aliasname);
	fprintf(add_fd, "description: %s\n", description);
	fprintf(add_fd, "\n");
	fflush(add_fd);

	/* Return */
	return NT_STATUS_OK;
}

static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta,
			    GROUPMAP *groupmap, ACCOUNTMAP *accountmap, 
			    FILE *mod_fd, int alloced)
{
	fstring group_dn;
	uint32 group_rid = 0, rid = 0;
	int i, j, k;

	/* Get the dn for the group */
	if (delta->grp_mem_info.num_members > 0) {
		group_rid = hdr_delta->target_rid;
		for (j=0; j<alloced; j++) {
			if (groupmap[j].rid == group_rid) break;
		}
		if (j == alloced){
			DEBUG(1, ("Could not find rid %d in groupmap array\n", 
				  group_rid));
			return NT_STATUS_UNSUCCESSFUL;
		}
		pstr_sprintf(group_dn, "%s", groupmap[j].group_dn);
		fprintf(mod_fd, "dn: %s\n", group_dn);

		/* Get the cn for each member */
		for (i=0; i<delta->grp_mem_info.num_members; i++) {
			rid = delta->grp_mem_info.rids[i];
			for (k=0; k<alloced; k++) {
				if (accountmap[k].rid == rid) break;
			}
			if (k == alloced){
				DEBUG(1, ("Could not find rid %d in accountmap array\n", rid));
				return NT_STATUS_UNSUCCESSFUL;
			}
			fprintf(mod_fd, "memberUid: %s\n", accountmap[k].cn);
		}
		fprintf(mod_fd, "\n");
	}
	fflush(mod_fd);

	/* Return */
	return NT_STATUS_OK;
}

static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
					uint32 db_type,
					DOM_SID dom_sid,
					const char *user_file)
{
	char *suffix;
	const char *builtin_sid = "S-1-5-32";
	char *ldif_file;
	fstring sid, domainname;
	uint32 sync_context = 0;
	NTSTATUS result;
	int k;
	TALLOC_CTX *mem_ctx;
	SAM_DELTA_HDR *hdr_deltas;
	SAM_DELTA_CTR *deltas;
	uint32 num_deltas;
	const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif";
	FILE *add_fd, *mod_fd, *ldif_fd;
	char sys_cmd[1024];
	int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result;

	/* Set up array for mapping accounts to groups */
	/* Array element is the group rid */
	GROUPMAP *groupmap = NULL;

	/* Set up array for mapping account rid's to cn's */
	/* Array element is the account rid */
	ACCOUNTMAP *accountmap = NULL; 

	if (!(mem_ctx = talloc_init("fetch_database"))) {
		return NT_STATUS_NO_MEMORY;
	}

	/* Ensure we have an output file */
	if (user_file)
		ldif_file = talloc_strdup(mem_ctx, user_file);
	else
		ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif");
	
	if (ldif_file == NULL)
		return NT_STATUS_NO_MEMORY;

	/* Open the add and mod ldif files */
	add_fd = fopen(add_ldif, "a");
	mod_fd = fopen(mod_ldif, "a");
	if (add_fd == NULL || mod_fd == NULL) {
		DEBUG(1, ("Could not open %s\n", add_ldif));
		return NT_STATUS_UNSUCCESSFUL;
	} 

	/* Open the user's ldif file */
	ldif_fd = fopen(ldif_file, "a");
	if (ldif_fd == NULL) {
		DEBUG(1, ("Could not open %s\n", ldif_file));
		return NT_STATUS_UNSUCCESSFUL;
	}

	/* Get the sid */
	sid_to_string(sid, &dom_sid);

	/* Get the ldap suffix */
	suffix = lp_ldap_suffix();
	if (suffix == NULL || strcmp(suffix, "") == 0) {
		DEBUG(0,("ldap suffix missing from smb.conf--exiting\n"));
		exit(1);
	}

	/* Get other smb.conf data */
	if (!(lp_workgroup()) || !*(lp_workgroup())) {
		DEBUG(0,("workgroup missing from smb.conf--exiting\n"));
		exit(1);
	}

	/* Allocate initial memory for groupmap and accountmap arrays */
	if (init_ldap == 1) {
		groupmap = SMB_MALLOC_ARRAY(GROUPMAP, 8);
		accountmap = SMB_MALLOC_ARRAY(ACCOUNTMAP, 8);
		if (groupmap == NULL || accountmap == NULL) {
			DEBUG(1,("GROUPMAP malloc failed\n"));
			return NT_STATUS_NO_MEMORY;
		}

		/* Initialize the arrays */
		memset(groupmap, 0, sizeof(GROUPMAP)*8);
		memset(accountmap, 0, sizeof(ACCOUNTMAP)*8);

		/* Remember how many we malloced */
		num_alloced = 8;

		/* Initial database population */
		populate_ldap_for_ldif(sid, suffix, builtin_sid, add_fd);
		map_populate_groups(groupmap, accountmap, sid, suffix,
			    builtin_sid);

		/* Don't do this again */
		init_ldap = 0;
	}

	/* Announce what we are doing */
	switch( db_type ) {
		case SAM_DATABASE_DOMAIN:
			d_printf("Fetching DOMAIN database\n");
			break;
		case SAM_DATABASE_BUILTIN:
			d_printf("Fetching BUILTIN database\n");
			break;
		case SAM_DATABASE_PRIVS:
			d_printf("Fetching PRIVS databases\n");
			break;
		default:
			d_printf("Fetching unknown database type %u\n", db_type );
			break;
	}

	do {
		result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx,
					       db_type, sync_context,
					       &num_deltas, &hdr_deltas, 
					       &deltas);
		if (!NT_STATUS_IS_OK(result) &&
		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
			return NT_STATUS_OK;
		}

		/* Re-allocate memory for groupmap and accountmap arrays */
		groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP,
					num_deltas+num_alloced);
		accountmap = SMB_REALLOC_ARRAY(accountmap, ACCOUNTMAP,
					num_deltas+num_alloced);
		if (groupmap == NULL || accountmap == NULL) {
			DEBUG(1,("GROUPMAP malloc failed\n"));
			return NT_STATUS_NO_MEMORY;
		}

		/* Initialize the new records */
		memset(&groupmap[num_alloced], 0, 
		       sizeof(GROUPMAP)*num_deltas);
		memset(&accountmap[num_alloced], 0,
		       sizeof(ACCOUNTMAP)*num_deltas);

		/* Remember how many we alloced this time */
		num_alloced += num_deltas;

		/* Loop through the deltas */
		for (k=0; k<num_deltas; k++) {
			switch(hdr_deltas[k].type) {
				case SAM_DELTA_DOMAIN_INFO:
					/* Is this case needed? */
					unistr2_to_ascii(domainname, 
				    	&deltas[k].domain_info.uni_dom_name,
					    	sizeof(domainname)-1);
					break;

				case SAM_DELTA_GROUP_INFO:
					fetch_group_info_to_ldif(
						&deltas[k], &groupmap[g_index],
						add_fd, sid, suffix);
					g_index++;
					break;

				case SAM_DELTA_ACCOUNT_INFO:
					fetch_account_info_to_ldif(
						&deltas[k], groupmap, 
						&accountmap[a_index], add_fd,
						sid, suffix, num_alloced);
					a_index++;
					break;

				case SAM_DELTA_ALIAS_INFO:
					fetch_alias_info_to_ldif(
						&deltas[k], &groupmap[g_index],
						add_fd, sid, suffix, db_type);
					g_index++;
					break;

				case SAM_DELTA_GROUP_MEM:
					fetch_groupmem_info_to_ldif(
						&deltas[k], &hdr_deltas[k], 
						groupmap, accountmap, 
						mod_fd, num_alloced);
					break;

				case SAM_DELTA_ALIAS_MEM:
					break;
				case SAM_DELTA_POLICY_INFO:
					break;
				case SAM_DELTA_PRIVS_INFO:
					break;
				case SAM_DELTA_TRUST_DOMS:
					/* Implemented but broken */
					break;
				case SAM_DELTA_SECRET_INFO:
					/* Implemented but broken */
					break;
				case SAM_DELTA_RENAME_GROUP:
					/* Not yet implemented */
					break;
				case SAM_DELTA_RENAME_USER:
					/* Not yet implemented */
					break;
				case SAM_DELTA_RENAME_ALIAS:
					/* Not yet implemented */
					break;
				case SAM_DELTA_DELETE_GROUP:
					/* Not yet implemented */
					break;
				case SAM_DELTA_DELETE_USER:
					/* Not yet implemented */
					break;
				case SAM_DELTA_MODIFIED_COUNT:
					break;
				default:
				break;
			} /* end of switch */
		} /* end of for loop */

		/* Increment sync_context */
		sync_context += 1;

	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));

	/* Close the ldif files */
	fclose(add_fd);
	fclose(mod_fd);

	/* Write ldif data to the user's file */
	if (db_type == SAM_DATABASE_DOMAIN) {
		fprintf(ldif_fd,
			"# SAM_DATABASE_DOMAIN: ADD ENTITIES\n");
		fprintf(ldif_fd,
			"# =================================\n\n");
		fflush(ldif_fd);
	} else if (db_type == SAM_DATABASE_BUILTIN) {
		fprintf(ldif_fd,
			"# SAM_DATABASE_BUILTIN: ADD ENTITIES\n");
		fprintf(ldif_fd,
			"# ==================================\n\n");
		fflush(ldif_fd);
	}
	pstr_sprintf(sys_cmd, "cat %s >> %s", add_ldif, ldif_file);
	sys_cmd_result = system(sys_cmd);
	if (sys_cmd_result) {
		d_fprintf(stderr, "%s failed.  Error was (%s)\n",
			sys_cmd, strerror(errno));
		return NT_STATUS_UNSUCCESSFUL;
	}
	if (db_type == SAM_DATABASE_DOMAIN) {
		fprintf(ldif_fd,
			"# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n");
		fprintf(ldif_fd,
			"# ====================================\n\n");
		fflush(ldif_fd);
	} else if (db_type == SAM_DATABASE_BUILTIN) {
		fprintf(ldif_fd,
			"# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n");
		fprintf(ldif_fd,
			"# =====================================\n\n");
		fflush(ldif_fd);
	}
	pstr_sprintf(sys_cmd, "cat %s >> %s", mod_ldif, ldif_file);
	sys_cmd_result = system(sys_cmd);
	if (sys_cmd_result) {
		d_fprintf(stderr, "%s failed.  Error was (%s)\n",
			sys_cmd, strerror(errno));
		return NT_STATUS_UNSUCCESSFUL;
	}

	/* Delete the temporary ldif files */
	pstr_sprintf(sys_cmd, "rm -f %s %s", add_ldif, mod_ldif);
	sys_cmd_result = system(sys_cmd);
	if (sys_cmd_result) {
		d_fprintf(stderr, "%s failed.  Error was (%s)\n",
			sys_cmd, strerror(errno));
		return NT_STATUS_UNSUCCESSFUL;
	}

	/* Close the ldif file */
	fclose(ldif_fd);

	/* Deallocate memory for the mapping arrays */
	SAFE_FREE(groupmap);
	SAFE_FREE(accountmap);

	/* Return */
	talloc_destroy(mem_ctx);
	return NT_STATUS_OK;
}

/** 
 * Basic usage function for 'net rpc vampire'
 * @param argc  Standard main() style argc
 * @param argc  Standard main() style argv.  Initial components are already
 *              stripped
 **/

int rpc_vampire_usage(int argc, const char **argv) 
{	
	d_printf("net rpc vampire [ldif [<ldif-filename>] [options]\n"\
		 "\t to pull accounts from a remote PDC where we are a BDC\n"\
		 "\t\t no args puts accounts in local passdb from smb.conf\n"\
		 "\t\t ldif - put accounts in ldif format (file defaults to /tmp/tmp.ldif\n");

	net_common_flags_usage(argc, argv);
	return -1;
}


/* dump sam database via samsync rpc calls */
NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, 
				const char *domain_name, 
				struct cli_state *cli,
				struct rpc_pipe_client *pipe_hnd,
				TALLOC_CTX *mem_ctx, 
				int argc,
				const char **argv) 
{
        NTSTATUS result;
	fstring my_dom_sid_str;
	fstring rem_dom_sid_str;

	if (!sid_equal(domain_sid, get_global_sam_sid())) {
		d_printf("Cannot import users from %s at this time, "
			 "as the current domain:\n\t%s: %s\nconflicts "
			 "with the remote domain\n\t%s: %s\n"
			 "Perhaps you need to set: \n\n\tsecurity=user\n\tworkgroup=%s\n\n in your smb.conf?\n",
			 domain_name,
			 get_global_sam_name(), sid_to_string(my_dom_sid_str, 
							      get_global_sam_sid()),
			 domain_name, sid_to_string(rem_dom