added a 'net rpc samdump' command for dumping the whole sam via

samsync operations (as a BDC)
(This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)

6 files changed, 184 insertions, 19 deletions

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 009cd18228..788859a353 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -377,7 +377,7 @@ CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
              $(READLINE_OBJ) 
 
 NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \
-	   utils/net_rap.o utils/net_rpc.o \
+	   utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
 	   utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o
 
 NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index acc9135542..60048d189d 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -257,24 +257,23 @@ file.  They should be combined at some stage.  )-:
 
 static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
 {
-  /*
-   * Create the new client credentials.
-   */
-
-  cli->clnt_cred.timestamp.time = time(NULL);
-
-  memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
-
-  /* Calculate the new credentials. */
-  cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
-              new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
+	/*
+	 * Create the new client credentials.
+	 */
+	
+	cli->clnt_cred.timestamp.time = time(NULL);
+	
+	memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
 
+	/* Calculate the new credentials. */
+	cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
+		    new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
 }
 
 /* Sam synchronisation */
 
 NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
-                               uint32 database_id, uint32 *num_deltas,
+                               uint32 database_id, uint32 next_rid, uint32 *num_deltas,
                                SAM_DELTA_HDR **hdr_deltas, 
                                SAM_DELTA_CTR **deltas)
 {
@@ -297,7 +296,7 @@ NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_C
         gen_next_creds(cli, &clnt_creds);
 
 	init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
-                            &clnt_creds, ret_creds, database_id);
+                            &clnt_creds, ret_creds, database_id, next_rid);
 
 	/* Marshall data and send request */
 
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 7f8d1953d1..52cbc8e8df 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -1690,7 +1690,8 @@ makes a NET_Q_SAM_SYNC structure.
 ********************************************************************/
 BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
                          const char *cli_name, DOM_CRED *cli_creds, 
-                         DOM_CRED *ret_creds, uint32 database_id)
+                         DOM_CRED *ret_creds, uint32 database_id, 
+			 uint32 next_rid)
 {
 	DEBUG(5, ("init_q_sam_sync\n"));
 
@@ -1706,8 +1707,8 @@ BOOL init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
 		memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
 
 	q_s->database_id = database_id;
-	q_s->restart_state = 0;
-	q_s->sync_context = 0;
+	q_s->restart_state = 4;
+	q_s->sync_context = next_rid;
 	q_s->max_size = 0xffff;
 
 	return True;
@@ -2785,6 +2786,8 @@ BOOL net_io_r_sam_sync(char *desc, uint8 sess_key[16],
 	if (!prs_uint32("sync_context", ps, depth, &r_s->sync_context))
                 return False;
 
+	d_printf("Got sync context %u\n", r_s->sync_context);
+
 	if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas))
                 return False;
 	if (r_s->ptr_deltas != 0)
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
index be3d4211e0..a8344cd5e2 100644
--- a/source3/rpcclient/samsync.c
+++ b/source3/rpcclient/samsync.c
@@ -394,7 +394,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
 
         /* Do sam synchronisation on the SAM database*/
 
-	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, 
+	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, 0,
 				       &num_deltas_0, &hdr_deltas_0, 
 				       &deltas_0);
         
@@ -415,7 +415,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
 #if 1
         /* Do sam synchronisation on the LSA database */
 
-	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
+	result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, 0, &num_deltas_2, &hdr_deltas_2, &deltas_2);
         
         if (!NT_STATUS_IS_OK(result))
 		goto done;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index df5b67372d..a7d2a08b38 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -2245,6 +2245,7 @@ int net_rpc(int argc, const char **argv)
 		{"trustdom", rpc_trustdom},
 		{"abortshutdown", rpc_shutdown_abort},
 		{"shutdown", rpc_shutdown},
+		{"samdump", rpc_samdump},
 		{"getsid", net_rpc_getsid},
 		{"help", net_rpc_help},
 		{NULL, NULL}
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
new file mode 100644
index 0000000000..44c3fdb26a
--- /dev/null
+++ b/source3/utils/net_rpc_samsync.c
@@ -0,0 +1,162 @@
+/* 
+   Unix SMB/CIFS implementation.
+   dump the remote SAM using rpc samsync operations
+
+   Copyright (C) Andrew Tridgell 2002
+   Copyright (C) Tim Potter 2001,2002
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "../utils/net.h"
+
+static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g)
+{
+	int i;
+	d_printf("Group mem %u: ", rid);
+	for (i=0;i<g->num_members;i++) {
+		d_printf("%u ", g->rids[i]);
+	}
+	d_printf("\n");
+}
+
+static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a)
+{
+	d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name));
+	d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid);
+}
+
+static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a)
+{
+	int i;
+	d_printf("Alias rid %u: ", rid);
+	for (i=0;i<a->num_sids;i++) {
+		d_printf("%s ", sid_string_static(&a->sids[i].sid));
+	}
+	d_printf("\n");
+}
+
+static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
+{
+	fstring hex_nt_passwd, hex_lm_passwd;
+	uchar lm_passwd[16], nt_passwd[16];
+
+	/* Decode hashes from password hash */
+	sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
+	sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
+	
+	/* Encode as strings */
+	smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
+	smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
+	
+	printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
+	       a->user_rid, hex_lm_passwd, hex_nt_passwd,
+	       smbpasswd_encode_acb_info(a->acb_info));
+}
+
+static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta)
+{
+	switch (hdr_delta->type) {
+	case SAM_DELTA_ACCOUNT_INFO:
+		display_account_info(hdr_delta->target_rid, &delta->account_info);
+		break;
+	case SAM_DELTA_GROUP_MEM:
+		display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info);
+		break;
+	case SAM_DELTA_ALIAS_INFO:
+		display_alias_info(hdr_delta->target_rid, &delta->alias_info);
+		break;
+	case SAM_DELTA_ALIAS_MEM:
+		display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info);
+		break;
+	default:
+		d_printf("Unknown delta record type %d\n", hdr_delta->type);
+		break;
+	}
+}
+
+/* dump sam database via samsync rpc calls */
+int rpc_samdump(int argc, const char **argv)
+{
+        TALLOC_CTX *mem_ctx = NULL;
+        SAM_DELTA_HDR *hdr_deltas;
+        SAM_DELTA_CTR *deltas;
+        uint32 num_deltas;
+        NTSTATUS result;
+	int i;
+	unsigned last_rid=0;
+	DOM_CRED ret_creds;
+	struct cli_state *cli = NULL;
+	uchar trust_password[16];
+
+	/* Connect to remote machine */
+	if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) {
+		return 1;
+	}
+
+	if (!cli_nt_session_open(cli, PIPE_NETLOGON)) {
+		DEBUG(0,("Error connecting to NETLOGON pipe\n"));
+		goto fail;
+	}
+
+	if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) {
+		d_printf("Could not retrieve domain trust secret");
+		goto fail;
+	}
+	
+	result = cli_nt_setup_creds(cli, SEC_CHAN_BDC,  trust_password);
+	if (!NT_STATUS_IS_OK(result)) {
+		d_printf("Failed to setup BDC creds\n");
+		goto fail;
+	}
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0,("talloc_init failed\n"));
+		goto fail;
+	}
+
+	/* on first call the returnAuthenticator is empty */
+	memset(&ret_creds, 0, sizeof(ret_creds));
+
+        /* Do sam synchronisation on the SAM database*/
+	do {
+		result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, SAM_DATABASE_DOMAIN, last_rid+1,
+					       &num_deltas, &hdr_deltas, &deltas);
+		clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds);
+		last_rid = 0;
+                for (i = 0; i < num_deltas; i++) {
+			display_sam_entry(&hdr_deltas[i], &deltas[i]);
+			last_rid = hdr_deltas[i].target_rid;
+			if (last_rid == 0) {
+				break;
+			}
+                }
+	} while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+        
+        return 0;
+
+fail:
+	if (cli) {
+		cli_nt_session_close(cli);
+	}
+	if (mem_ctx) {
+		talloc_destroy(mem_ctx);
+	}
+	return -1;
+}