diff options
Diffstat (limited to 'source3/utils/net_rpc_samsync.c')
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 90 |
1 files changed, 38 insertions, 52 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index cb395de828..882f3a02bc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -196,36 +196,29 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret } /* dump sam database via samsync rpc calls */ -int rpc_samdump(int argc, const char **argv) +NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) { - struct cli_state *cli = NULL; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; DOM_CRED ret_creds; uint32 sec_channel; ZERO_STRUCT(ret_creds); - /* Connect to remote machine */ - if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { - return 1; - } - - fstrcpy(cli->domain, lp_workgroup()); - - if (!cli_nt_session_open(cli, PI_NETLOGON)) { - DEBUG(0,("Could not open connection to NETLOGON pipe\n")); - goto fail; - } + fstrcpy(cli->domain, domain_name); - if (!secrets_fetch_trust_account_password(lp_workgroup(), + if (!secrets_fetch_trust_account_password(domain_name, trust_password, NULL, &sec_channel)) { DEBUG(0,("Could not fetch trust account password\n")); goto fail; } - if (!NT_STATUS_IS_OK(cli_nt_establish_netlogon(cli, sec_channel, - trust_password))) { + if (!NT_STATUS_IS_OK(nt_status = cli_nt_establish_netlogon(cli, sec_channel, + trust_password))) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } @@ -234,15 +227,11 @@ int rpc_samdump(int argc, const char **argv) dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); - cli_nt_session_close(cli); - - return 0; + nt_status = NT_STATUS_OK; fail: - if (cli) { - cli_nt_session_close(cli); - } - return -1; + cli_nt_session_close(cli); + return nt_status; } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ @@ -457,7 +446,6 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) nt_ret = NT_STATUS_NO_SUCH_USER; goto done; } - } sid_copy(&user_sid, get_global_sam_sid()); @@ -1020,75 +1008,73 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, } /* dump sam database via samsync rpc calls */ -int rpc_vampire(int argc, const char **argv) +NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) { NTSTATUS result; - struct cli_state *cli = NULL; uchar trust_password[16]; DOM_CRED ret_creds; - DOM_SID dom_sid; + fstring my_dom_sid_str; + fstring rem_dom_sid_str; uint32 sec_channel; ZERO_STRUCT(ret_creds); - /* Connect to remote machine */ - if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | - NET_FLAGS_PDC))) { - return 1; + if (!sid_equal(domain_sid, get_global_sam_sid())) { + d_printf("Cannot import users from %s at this time, " + "as the current domain:\n\t%s: %s\nconflicts " + "with the remote domain\n\t%s: %s\n" + "Perhaps you need to set: \n\n\tsecurity=user\n\tworkgroup=%s\n\n in your smb.conf?\n", + domain_name, + get_global_sam_name(), sid_to_string(my_dom_sid_str, + get_global_sam_sid()), + domain_name, sid_to_string(rem_dom_sid_str, domain_sid), + domain_name); + return NT_STATUS_UNSUCCESSFUL; } - if (!cli_nt_session_open(cli, PI_NETLOGON)) { - DEBUG(0,("Error connecting to NETLOGON pipe\n")); - goto fail; - } + fstrcpy(cli->domain, domain_name); - if (!secrets_fetch_trust_account_password(opt_target_workgroup, + if (!secrets_fetch_trust_account_password(domain_name, trust_password, NULL, &sec_channel)) { + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; d_printf("Could not retrieve domain trust secret\n"); goto fail; } - result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); + result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to setup BDC creds\n"); goto fail; } - sid_copy( &dom_sid, get_global_sam_sid() ); - result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); + result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, *domain_sid); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to fetch domain database: %s\n", nt_errstr(result)); if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) d_printf("Perhaps %s is a Windows 2000 native mode " - "domain?\n", opt_target_workgroup); + "domain?\n", domain_name); goto fail; } - sid_copy(&dom_sid, &global_sid_Builtin); - result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, - dom_sid); + global_sid_Builtin); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to fetch builtin database: %s\n", nt_errstr(result)); goto fail; - } + } /* Currently we crash on PRIVS somewhere in unmarshalling */ /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ - cli_nt_session_close(cli); - - return 0; - fail: - if (cli) - cli_nt_session_close(cli); - - return -1; + return result; } |