summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-12-12 15:25:22 +0000
committerJean-François Micouleau <jfm@samba.org>2001-12-12 15:25:22 +0000
commita5ba214479253425dc18521103945c7996f05583 (patch)
tree9a62cc938c3e38e702fddf8a3381ae55ae197472
parent1c95d1d16b570b13ae8214f7659e0720500df4fd (diff)
downloadsamba-a5ba214479253425dc18521103945c7996f05583.tar.gz
samba-a5ba214479253425dc18521103945c7996f05583.tar.bz2
samba-a5ba214479253425dc18521103945c7996f05583.zip
added a -V[erbose] option to samsync. Decode a lot of information
I'm looking at chaining the credentials J.F. (This used to be commit d49c8e4d3d64b48e243d0f517b9e7f037103af13)
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/rpcclient/display_sec.c2
-rw-r--r--source3/rpcclient/samsync.c291
3 files changed, 276 insertions, 19 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 2ad39114aa..ae019d6f63 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -302,7 +302,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \
$(READLINE_OBJ) $(GROUPDB_OBJ)
-SAMSYNC_OBJ1 = rpcclient/samsync.o rpc_client/cli_netlogon.o
+SAMSYNC_OBJ1 = rpcclient/samsync.o rpc_client/cli_netlogon.o rpcclient/display_sec.o
SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
diff --git a/source3/rpcclient/display_sec.c b/source3/rpcclient/display_sec.c
index 009f88e49b..412f918344 100644
--- a/source3/rpcclient/display_sec.c
+++ b/source3/rpcclient/display_sec.c
@@ -56,7 +56,7 @@ char *get_sec_mask_str(uint32 type)
if (type & DELETE_ACCESS)
fstrcat(typestr, "DELETE_ACCESS ");
- printf("Specific bits: 0x%x\n", type&SPECIFIC_RIGHTS_MASK);
+ printf("\t\tSpecific bits: 0x%x\n", type&SPECIFIC_RIGHTS_MASK);
return typestr;
}
diff --git a/source3/rpcclient/samsync.c b/source3/rpcclient/samsync.c
index be9ea2fe5e..1379485f1d 100644
--- a/source3/rpcclient/samsync.c
+++ b/source3/rpcclient/samsync.c
@@ -22,15 +22,246 @@
#include "includes.h"
+static void decode_domain_info(SAM_DOMAIN_INFO *a)
+{
+ fstring temp;
+ printf("Domain Information\n");
+ printf("------------------\n");
+
+ unistr2_to_ascii(temp, &a->uni_dom_name, sizeof(temp)-1);
+ printf("\tDomain :%s\n", temp);
+ printf("\tMin password len :%d\n", a->min_pwd_len);
+ printf("\tpassword history len:%d\n", a->pwd_history_len);
+ printf("\tcreation time :%s\n", http_timestring(nt_time_to_unix(&a->creation_time)));
+}
+
+static void decode_sam_group_info(SAM_GROUP_INFO *a)
+{
+ fstring temp;
+ printf("\nDomain Group Information\n");
+ printf("------------------------\n");
+
+ unistr2_to_ascii(temp, &a->uni_grp_name, sizeof(temp)-1);
+ printf("\tGroup name :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_grp_desc, sizeof(temp)-1);
+ printf("\tGroup description :%s\n", temp);
+ printf("\trid :%d\n", a->gid.g_rid);
+ printf("\tattribute :%d\n", a->gid.attr);
+}
+
+static void decode_sam_account_info(SAM_ACCOUNT_INFO *a)
+{
+ fstring temp;
+ printf("\nUser Information\n");
+ printf("----------------\n");
+
+ unistr2_to_ascii(temp, &a->uni_acct_name, sizeof(temp)-1);
+ printf("\tUser name :%s\n", temp);
+ printf("\tuser's rid :%d\n", a->user_rid);
+ printf("\tuser's primary gid :%d\n", a->group_rid);
+ unistr2_to_ascii(temp, &a->uni_full_name, sizeof(temp)-1);
+ printf("\tfull name :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_home_dir, sizeof(temp)-1);
+ printf("\thome directory :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_dir_drive, sizeof(temp)-1);
+ printf("\tdrive :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_logon_script, sizeof(temp)-1);
+ printf("\tlogon script :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_acct_desc, sizeof(temp)-1);
+ printf("\tdescription :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_workstations, sizeof(temp)-1);
+ printf("\tworkstations :%s\n", temp);
+}
+
+static void decode_sam_grp_mem_info(SAM_GROUP_MEM_INFO *a)
+{
+ int i;
+ printf("\nGroup members information\n");
+ printf("-------------------------\n");
+ printf("\tnum members :%d\n", a->num_members);
+
+ for (i=0; i<a->num_members; i++) {
+ printf("\trid, attr:%d, %d\n", a->rids[i], a->attribs[i]);
+ }
+}
+
+static void decode_sam_alias_info(SAM_ALIAS_INFO *a)
+{
+ fstring temp;
+ printf("\nAlias Information\n");
+ printf("-----------------\n");
+
+ unistr2_to_ascii(temp, &a->uni_als_name, sizeof(temp)-1);
+ printf("\tname :%s\n", temp);
+ unistr2_to_ascii(temp, &a->uni_als_desc, sizeof(temp)-1);
+ printf("\tdescription :%s\n", temp);
+ printf("\trid :%d\n", a->als_rid);
+}
+
+static void decode_sam_als_mem_info(SAM_ALIAS_MEM_INFO *a)
+{
+ int i;
+ fstring temp;
+ printf("\nAlias members Information\n");
+ printf("-------------------------\n");
+ printf("\tnum members :%d\n", a->num_members);
+ printf("\tnum sids :%d\n", a->num_sids);
+ for (i=0; i<a->num_sids; i++) {
+ printf("\tsid :%s\n", sid_to_string(temp, &a->sids[i].sid));
+ }
+
+
+}
+
+static void decode_sam_dom_info(SAM_DELTA_DOM *a)
+{
+ fstring temp;
+ printf("\nDomain information\n");
+ printf("------------------\n");
+
+ unistr2_to_ascii(temp, &a->domain_name, sizeof(temp)-1);
+ printf("\tdomain name :%s\n", temp);
+ printf("\tsid :%s\n", sid_to_string(temp, &a->domain_sid.sid));
+}
+
+static void decode_sam_unk0e_info(SAM_DELTA_UNK0E *a)
+{
+ fstring temp;
+ printf("\nTrust information\n");
+ printf("-----------------\n");
+
+ unistr2_to_ascii(temp, &a->domain, sizeof(temp)-1);
+ printf("\tdomain name :%s\n", temp);
+ printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid));
+ display_sec_desc(a->sec_desc);
+}
+
+static void decode_sam_privs_info(SAM_DELTA_PRIVS *a)
+{
+ int i;
+ fstring temp;
+ printf("\nSID and privileges information\n");
+ printf("------------------------------\n");
+ printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid));
+ display_sec_desc(a->sec_desc);
+ printf("\tprivileges count :%d\n", a->privlist_count);
+ for (i=0; i<a->privlist_count; i++) {
+ unistr2_to_ascii(temp, &a->uni_privslist[i], sizeof(temp)-1);
+ printf("\tprivilege name :%s\n", temp);
+ printf("\tattribute :%d\n", a->attributes[i]);
+ }
+}
+
+static void decode_sam_unk12_info(SAM_DELTA_UNK12 *a)
+{
+ fstring temp;
+ printf("\nTrusted information\n");
+ printf("-------------------\n");
+
+ unistr2_to_ascii(temp, &a->secret, sizeof(temp)-1);
+ printf("\tsecret name :%s\n", temp);
+ display_sec_desc(a->sec_desc);
+
+ printf("\ttime 1 :%s\n", http_timestring(nt_time_to_unix(&a->time1)));
+ printf("\ttime 2 :%s\n", http_timestring(nt_time_to_unix(&a->time2)));
+
+ display_sec_desc(a->sec_desc2);
+}
+
+static void decode_sam_stamp(SAM_DELTA_STAMP *a)
+{
+ printf("\nStamp information\n");
+ printf("-----------------\n");
+ printf("\tsequence number :%d\n", a->seqnum);
+}
+
+static void decode_sam_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas)
+{
+ int i;
+ for (i = 0; i < num_deltas; i++) {
+ switch (hdr_deltas[i].type) {
+ case SAM_DELTA_DOMAIN_INFO: {
+ SAM_DOMAIN_INFO *a;
+ a = &deltas[i].domain_info;
+ decode_domain_info(a);
+ break;
+ }
+ case SAM_DELTA_GROUP_INFO: {
+ SAM_GROUP_INFO *a;
+ a = &deltas[i].group_info;
+ decode_sam_group_info(a);
+ break;
+ }
+ case SAM_DELTA_ACCOUNT_INFO: {
+ SAM_ACCOUNT_INFO *a;
+ a = &deltas[i].account_info;
+ decode_sam_account_info(a);
+ break;
+ }
+ case SAM_DELTA_GROUP_MEM: {
+ SAM_GROUP_MEM_INFO *a;
+ a = &deltas[i].grp_mem_info;
+ decode_sam_grp_mem_info(a);
+ break;
+ }
+ case SAM_DELTA_ALIAS_INFO: {
+ SAM_ALIAS_INFO *a;
+ a = &deltas[i].alias_info;
+ decode_sam_alias_info(a);
+ break;
+ }
+ case SAM_DELTA_ALIAS_MEM: {
+ SAM_ALIAS_MEM_INFO *a;
+ a = &deltas[i].als_mem_info;
+ decode_sam_als_mem_info(a);
+ break;
+ }
+ case SAM_DELTA_DOM_INFO: {
+ SAM_DELTA_DOM *a;
+ a = &deltas[i].dom_info;
+ decode_sam_dom_info(a);
+ break;
+ }
+ case SAM_DELTA_UNK0E_INFO: {
+ SAM_DELTA_UNK0E *a;
+ a = &deltas[i].unk0e_info;
+ decode_sam_unk0e_info(a);
+ break;
+ }
+ case SAM_DELTA_PRIVS_INFO: {
+ SAM_DELTA_PRIVS *a;
+ a = &deltas[i].privs_info;
+ decode_sam_privs_info(a);
+ break;
+ }
+ case SAM_DELTA_UNK12_INFO: {
+ SAM_DELTA_UNK12 *a;
+ a = &deltas[i].unk12_info;
+ decode_sam_unk12_info(a);
+ break;
+ }
+ case SAM_DELTA_SAM_STAMP: {
+ SAM_DELTA_STAMP *a;
+ a = &deltas[i].stamp;
+ decode_sam_stamp(a);
+ break;
+ }
+ default:
+ DEBUG(0,("unknown delta type: %d\n", hdr_deltas[i].type));
+ break;
+ }
+ }
+}
+
/* Synchronise sam database */
static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
- BOOL do_smbpasswd_output)
+ BOOL do_smbpasswd_output, BOOL verbose)
{
TALLOC_CTX *mem_ctx;
- SAM_DELTA_HDR *hdr_deltas;
- SAM_DELTA_CTR *deltas;
- uint32 database_id = 0, num_deltas;
+ SAM_DELTA_HDR *hdr_deltas_0, *hdr_deltas_1, *hdr_deltas_2;
+ SAM_DELTA_CTR *deltas_0, *deltas_1, *deltas_2;
+ uint32 num_deltas_0, num_deltas_1, num_deltas_2;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
/* Initialise */
@@ -52,31 +283,53 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
goto done;
}
- /* Do sam synchronisation */
+ /* Do sam synchronisation on the SAM database*/
- result = cli_netlogon_sam_sync(cli, mem_ctx, database_id,
- &num_deltas, &hdr_deltas, &deltas);
+ result = cli_netlogon_sam_sync(cli, mem_ctx, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0);
- if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_IS_OK(result))
goto done;
- }
+
+ /* verbose mode */
+ if (verbose)
+ decode_sam_deltas(num_deltas_0, hdr_deltas_0, deltas_0);
+
+
+ /*
+ * we can't yet do several sam_sync in a raw, it's a credential problem
+ * we must chain the credentials
+ */
+
+
+#if 0
+ /* Do sam synchronisation on the LSA database */
+
+ result = cli_netlogon_sam_sync(cli, mem_ctx, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2);
+
+ if (!NT_STATUS_IS_OK(result))
+ goto done;
+
+ /* verbose mode */
+ if (verbose)
+ decode_sam_deltas(num_deltas_2, hdr_deltas_2, deltas_2);
+#endif
/* Produce smbpasswd output - good for migrating from NT! */
if (do_smbpasswd_output) {
int i;
- for (i = 0; i < num_deltas; i++) {
+ for (i = 0; i < num_deltas_0; i++) {
SAM_ACCOUNT_INFO *a;
fstring acct_name, hex_nt_passwd, hex_lm_passwd;
uchar lm_passwd[16], nt_passwd[16];
/* Skip non-user accounts */
- if (hdr_deltas[i].type != SAM_DELTA_ACCOUNT_INFO)
+ if (hdr_deltas_0[i].type != SAM_DELTA_ACCOUNT_INFO)
continue;
- a = &deltas[i].account_info;
+ a = &deltas_0[i].account_info;
unistr2_to_ascii(acct_name, &a->uni_acct_name,
sizeof(acct_name) - 1);
@@ -99,8 +352,7 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16],
printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name,
a->user_rid, hex_lm_passwd, hex_nt_passwd,
- smbpasswd_encode_acb_info(
- deltas[i].account_info.acb_info));
+ smbpasswd_encode_acb_info(a->acb_info));
}
goto done;
@@ -138,6 +390,7 @@ static void usage(void)
printf("\t-R replicate sam deltas\n");
printf("\t-U username username and password\n");
printf("\t-p produce smbpasswd output\n");
+ printf("\t-V verbose output\n");
printf("\n");
}
@@ -227,6 +480,7 @@ static struct cli_state *init_connection(struct cli_state *cli,
int opt;
extern pstring debugf;
BOOL interactive = False, do_smbpasswd_output = False;
+ BOOL verbose = False;
uint32 low_serial = 0;
unsigned char trust_passwd[16];
fstring username, domain, password;
@@ -242,7 +496,7 @@ static struct cli_state *init_connection(struct cli_state *cli,
/* Parse command line options */
- while((opt = getopt(argc, argv, "s:d:SR:hiU:W:p")) != EOF) {
+ while((opt = getopt(argc, argv, "s:d:SR:hiU:W:pV")) != EOF) {
switch (opt) {
case 's':
pstrcpy(dyn_CONFIGFILE, optarg);
@@ -278,7 +532,10 @@ static struct cli_state *init_connection(struct cli_state *cli,
case 'p':
do_smbpasswd_output = True;
break;
- case 'h':
+ case 'V':
+ verbose = True;
+ break;
+ case 'h':
default:
usage();
exit(1);
@@ -345,7 +602,7 @@ static struct cli_state *init_connection(struct cli_state *cli,
return 1;
if (do_sam_sync)
- result = sam_sync(&cli, trust_passwd, do_smbpasswd_output);
+ result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose);
if (do_sam_repl)
result = sam_repl(&cli, trust_passwd, low_serial);