libnet: Remove unused source4/libnet/libnet_sam{dump,sync}:

The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af38415163f248e3dbd5a2abc156761e74b87c) by Amitay Isaacs in 2011

This was a tool to dump a genine NT4 DC (never Samba) into smbpasswd file.

It did work against Windows AD, but DRS replication is much
more comprehensive.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  6 07:11:51 UTC 2019 on sn-devel-184

4 files changed, 1 insertions, 530 deletions

diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c
deleted file mode 100644
index 097a6efe54e..00000000000
--- a/source4/libnet/libnet_samdump.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   
-   Extract the user/system database from a remote SamSync server
-
-   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include "includes.h"
-#include "libnet/libnet.h"
-#include "../lib/util/dlinklist.h"
-#include "samba3/samba3.h"
-#include "libcli/security/security.h"
-#include "param/param.h"
-
-
-struct samdump_secret {
-	struct samdump_secret *prev, *next;
-	DATA_BLOB secret;
-	char *name;
-	NTTIME mtime;
-};
-
-struct samdump_trusted_domain {
-	struct samdump_trusted_domain *prev, *next;
-        struct dom_sid *sid;
-	char *name;
-};
-
-struct samdump_state {
-	struct samdump_secret *secrets;
-	struct samdump_trusted_domain *trusted_domains;
-};
-
-static NTSTATUS vampire_samdump_handle_user(TALLOC_CTX *mem_ctx,
-					    struct netr_DELTA_ENUM *delta) 
-{
-	uint32_t rid = delta->delta_id_union.rid;
-	struct netr_DELTA_USER *user = delta->delta_union.user;
-	const char *username = user->account_name.string;
-	char *hex_lm_password;
-	char *hex_nt_password;
-
-	hex_lm_password = smbpasswd_sethexpwd(mem_ctx, 
-					      user->lm_password_present ? &user->lmpassword : NULL, 
-					      user->acct_flags);
-	hex_nt_password = smbpasswd_sethexpwd(mem_ctx, 
-					      user->nt_password_present ? &user->ntpassword : NULL, 
-					      user->acct_flags);
-
-	printf("%s:%d:%s:%s:%s:LCT-%08X\n", username,
-	       rid, hex_lm_password, hex_nt_password,
-	       smbpasswd_encode_acb_info(mem_ctx, user->acct_flags),
-	       (unsigned int)nt_time_to_unix(user->last_password_change));
-
-	return NT_STATUS_OK;
-}
-
-static NTSTATUS vampire_samdump_handle_secret(TALLOC_CTX *mem_ctx,
-					      struct samdump_state *samdump_state,
-					      struct netr_DELTA_ENUM *delta) 
-{
-	struct netr_DELTA_SECRET *secret = delta->delta_union.secret;
-	const char *name = delta->delta_id_union.name;
-	struct samdump_secret *n = talloc(samdump_state, struct samdump_secret);
-
-	n->name = talloc_strdup(n, name);
-	n->secret = data_blob_talloc(n, secret->current_cipher.cipher_data, secret->current_cipher.maxlen);
-	n->mtime = secret->current_cipher_set_time;
-
-	DLIST_ADD(samdump_state->secrets, n);
-
-	return NT_STATUS_OK;
-}
-
-static NTSTATUS vampire_samdump_handle_trusted_domain(TALLOC_CTX *mem_ctx,
-					      struct samdump_state *samdump_state,
-					      struct netr_DELTA_ENUM *delta) 
-{
-	struct netr_DELTA_TRUSTED_DOMAIN *trusted_domain = delta->delta_union.trusted_domain;
-	struct dom_sid *dom_sid = delta->delta_id_union.sid;
-
-	struct samdump_trusted_domain *n = talloc(samdump_state, struct samdump_trusted_domain);
-
-	n->name = talloc_strdup(n, trusted_domain->domain_name.string);
-	n->sid = talloc_steal(n, dom_sid);
-
-	DLIST_ADD(samdump_state->trusted_domains, n);
-
-	return NT_STATUS_OK;
-}
-
-static NTSTATUS libnet_samdump_fn(TALLOC_CTX *mem_ctx,
-				  void *private_data,
-				  enum netr_SamDatabaseID database,
-				  struct netr_DELTA_ENUM *delta,
-				  char **error_string)
-{
-	NTSTATUS nt_status = NT_STATUS_OK;
-	struct samdump_state *samdump_state = (struct samdump_state *)private_data;
-
-	*error_string = NULL;
-	switch (delta->delta_type) {
-	case NETR_DELTA_USER:
-	{
-		/* not interested in builtin users */
-		if (database == SAM_DATABASE_DOMAIN) {
-			nt_status = vampire_samdump_handle_user(mem_ctx, 
-								delta);
-		}
-		break;
-	}
-	case NETR_DELTA_SECRET:
-	{
-		nt_status = vampire_samdump_handle_secret(mem_ctx,
-							  samdump_state,
-							  delta);
-		break;
-	}
-	case NETR_DELTA_TRUSTED_DOMAIN:
-	{
-		nt_status = vampire_samdump_handle_trusted_domain(mem_ctx,
-								  samdump_state,
-								  delta);
-		break;
-	}
-	default:
-		/* Can't dump them all right now */
-		break;
-	}
-	return nt_status;
-}
-
-NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, 
-			struct libnet_SamDump *r)
-{
-	NTSTATUS nt_status;
-	struct libnet_SamSync r2;
-	struct samdump_state *samdump_state = talloc(mem_ctx, struct samdump_state);
-
-	struct samdump_trusted_domain *t;
-	struct samdump_secret *s;
-
-	if (!samdump_state) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	samdump_state->secrets         = NULL;
-	samdump_state->trusted_domains = NULL;
-
-	r2.out.error_string            = NULL;
-	r2.in.binding_string           = r->in.binding_string;
-	r2.in.init_fn                  = NULL;
-	r2.in.delta_fn                 = libnet_samdump_fn;
-	r2.in.fn_ctx                   = samdump_state;
-	r2.in.machine_account          = r->in.machine_account;
-	nt_status                      = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
-	r->out.error_string            = r2.out.error_string;
-	talloc_steal(mem_ctx, r->out.error_string);
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		talloc_free(samdump_state);
-		return nt_status;
-	}
-
-	printf("Trusted domains, sids and secrets:\n");
-	for (t=samdump_state->trusted_domains; t; t=t->next) {
-		char *secret_name = talloc_asprintf(mem_ctx, "G$$%s", t->name);
-		for (s=samdump_state->secrets; s; s=s->next) {
-			size_t converted_size = 0;
-			char *secret_string;
-			struct dom_sid_buf buf;
-			if (strcasecmp_m(s->name, secret_name) != 0) {
-				continue;
-			}
-			if (!convert_string_talloc_handle(mem_ctx, lpcfg_iconv_handle(ctx->lp_ctx), CH_UTF16, CH_UNIX,
-						  s->secret.data, s->secret.length, 
-						  (void **)&secret_string, &converted_size)) {
-				r->out.error_string = talloc_asprintf(mem_ctx, 
-								      "Could not convert secret for domain %s to a string",
-								      t->name);
-				talloc_free(samdump_state);
-				return NT_STATUS_INVALID_PARAMETER;
-			}
-			printf("%s\t%s\t%s\n", 
-			       t->name,
-			       dom_sid_str_buf(t->sid, &buf),
-			       secret_string);
-		}
-	}
-	talloc_free(samdump_state);
-	return nt_status;
-}
-
diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet_samsync.c
deleted file mode 100644
index 206d81ee366..00000000000
--- a/source4/libnet/libnet_samsync.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   
-   Extract the user/system database from a remote SamSync server
-
-   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include "includes.h"
-#include "libnet/libnet.h"
-#include "libcli/auth/libcli_auth.h"
-#include "../libcli/samsync/samsync.h"
-#include "auth/gensec/gensec.h"
-#include "auth/credentials/credentials.h"
-#include "libcli/auth/schannel.h"
-#include "librpc/gen_ndr/ndr_netlogon.h"
-#include "librpc/gen_ndr/ndr_netlogon_c.h"
-#include "param/param.h"
-
-NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamSync *r)
-{
-	NTSTATUS nt_status, dbsync_nt_status;
-	TALLOC_CTX *samsync_ctx, *loop_ctx, *delta_ctx;
-	struct netlogon_creds_CredentialState *creds;
-	struct netr_DatabaseSync dbsync;
-	struct netr_Authenticator credential, return_authenticator;
-	struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
-	struct cli_credentials *machine_account;
-	struct dcerpc_pipe *p;
-	struct libnet_context *machine_net_ctx;
-	struct libnet_RpcConnect *c;
-	struct libnet_SamSync_state *state;
-	const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS}; 
-	unsigned int i;
-
-	samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context");
-
-	if (!r->in.machine_account) { 
-		machine_account = cli_credentials_init(samsync_ctx);
-		if (!machine_account) {
-			talloc_free(samsync_ctx);
-			return NT_STATUS_NO_MEMORY;
-		}
-		cli_credentials_set_conf(machine_account, ctx->lp_ctx);
-		nt_status = cli_credentials_set_machine_account(machine_account, ctx->lp_ctx);
-		if (!NT_STATUS_IS_OK(nt_status)) {
-			r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
-			talloc_free(samsync_ctx);
-			return nt_status;
-		}
-	} else {
-		machine_account = r->in.machine_account;
-	}
-
-	/* We cannot do this unless we are a BDC.  Check, before we get odd errors later */
-	if (cli_credentials_get_secure_channel_type(machine_account) != SEC_CHAN_BDC) {
-		r->out.error_string
-			= talloc_asprintf(mem_ctx, 
-					  "Our join to domain %s is not as a BDC (%d), please rejoin as a BDC",
-					  cli_credentials_get_domain(machine_account),
-					  cli_credentials_get_secure_channel_type(machine_account));
-		talloc_free(samsync_ctx);
-		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-	}
-
-	c = talloc_zero(samsync_ctx, struct libnet_RpcConnect);
-	if (!c) {
-		r->out.error_string = NULL;
-		talloc_free(samsync_ctx);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	c->level              = LIBNET_RPC_CONNECT_DC_INFO;
-	if (r->in.binding_string) {
-		c->in.binding = r->in.binding_string;
-		c->in.name    = NULL;
-	} else {
-		c->in.binding = NULL;
-		c->in.name    = cli_credentials_get_domain(machine_account);
-	}
-	
-	/* prepare connect to the NETLOGON pipe of PDC */
-	c->in.dcerpc_iface      = &ndr_table_netlogon;
-
-	/* We must do this as the machine, not as any command-line
-	 * user.  So we override the credentials in the
-	 * libnet_context */
-	machine_net_ctx = talloc(samsync_ctx, struct libnet_context);
-	if (!machine_net_ctx) {
-		r->out.error_string = NULL;
-		talloc_free(samsync_ctx);
-		return NT_STATUS_NO_MEMORY;
-	}
-	*machine_net_ctx = *ctx;
-	machine_net_ctx->cred = machine_account;
-
-	/* connect to the NETLOGON pipe of the PDC */
-	nt_status = libnet_RpcConnect(machine_net_ctx, samsync_ctx, c);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		if (r->in.binding_string) {
-			r->out.error_string = talloc_asprintf(mem_ctx,
-							      "Connection to NETLOGON pipe of DC %s failed: %s",
-							      r->in.binding_string, c->out.error_string);
-		} else {
-			r->out.error_string = talloc_asprintf(mem_ctx,
-							      "Connection to NETLOGON pipe of DC for %s failed: %s",
-							      c->in.name, c->out.error_string);
-		}
-		talloc_free(samsync_ctx);
-		return nt_status;
-	}
-
-	/* This makes a new pipe, on which we can do schannel.  We
-	 * should do this in the RpcConnect code, but the abstaction
-	 * layers do not suit yet */
-
-	nt_status = dcerpc_secondary_connection(c->out.dcerpc_pipe, &p,
-						c->out.dcerpc_pipe->binding);
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		r->out.error_string = talloc_asprintf(mem_ctx,
-						      "Secondary connection to NETLOGON pipe of DC %s failed: %s",
-						      dcerpc_server_name(p), nt_errstr(nt_status));
-		talloc_free(samsync_ctx);
-		return nt_status;
-	}
-
-	nt_status = dcerpc_bind_auth_schannel(samsync_ctx, p, &ndr_table_netlogon,
-					      machine_account, ctx->lp_ctx, DCERPC_AUTH_LEVEL_PRIVACY);
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		r->out.error_string = talloc_asprintf(mem_ctx,
-						      "SCHANNEL authentication to NETLOGON pipe of DC %s failed: %s",
-						      dcerpc_server_name(p), nt_errstr(nt_status));
-		talloc_free(samsync_ctx);
-		return nt_status;
-	}
-
-	state = talloc(samsync_ctx, struct libnet_SamSync_state);
-	if (!state) {
-		r->out.error_string = NULL;
-		talloc_free(samsync_ctx);
-		return nt_status;
-	}		
-
-	state->domain_name     = c->out.domain_name;
-	state->domain_sid      = c->out.domain_sid;
-	state->realm           = c->out.realm;
-	state->domain_guid     = c->out.guid;
-	state->machine_net_ctx = machine_net_ctx;
-	state->netlogon_pipe   = p;
-
-	/* initialise the callback layer.  It may wish to contact the
-	 * server with ldap, now we know the name */
-	
-	if (r->in.init_fn) {
-		char *error_string;
-		nt_status = r->in.init_fn(samsync_ctx, 
-					  r->in.fn_ctx,
-					  state, 
-					  &error_string); 
-		if (!NT_STATUS_IS_OK(nt_status)) {
-			r->out.error_string = talloc_steal(mem_ctx, error_string);
-			talloc_free(samsync_ctx);
-			return nt_status;
-		}
-	}
-
-	/* get NETLOGON credentials */
-
-	creds = cli_credentials_get_netlogon_creds(machine_account);
-	if (creds == NULL) {
-		r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from credentials");
-		talloc_free(samsync_ctx);
-		return nt_status;
-	}
-
-	/* Setup details for the synchronisation */
-
-	ZERO_STRUCT(return_authenticator);
-
-	dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
-	dbsync.in.computername = cli_credentials_get_workstation(machine_account);
-	dbsync.in.preferredmaximumlength = (uint32_t)-1;
-	dbsync.in.return_authenticator = &return_authenticator;
-	dbsync.out.return_authenticator = &return_authenticator;
-	dbsync.out.delta_enum_array = &delta_enum_array;
-
-	for (i=0;i< ARRAY_SIZE(database_ids); i++) {
-
-		uint32_t sync_context = 0;
-
-		dbsync.in.database_id = database_ids[i];
-		dbsync.in.sync_context = &sync_context;
-		dbsync.out.sync_context = &sync_context;
-		
-		do {
-			uint32_t d;
-			loop_ctx = talloc_named(samsync_ctx, 0, "DatabaseSync loop context");
-			netlogon_creds_client_authenticator(creds, &credential);
-
-			dbsync.in.credential = &credential;
-			
-			dbsync_nt_status = dcerpc_netr_DatabaseSync_r(p->binding_handle, loop_ctx, &dbsync);
-			if (NT_STATUS_IS_OK(dbsync_nt_status) && !NT_STATUS_IS_OK(dbsync.out.result)) {
-				dbsync_nt_status = dbsync.out.result;
-			}
-			if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
-			    !NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)) {
-				r->out.error_string = talloc_asprintf(mem_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status));
-				talloc_free(samsync_ctx);
-				return nt_status;
-			}
-			
-			if (!netlogon_creds_client_check(creds, &dbsync.out.return_authenticator->cred)) {
-				r->out.error_string = talloc_strdup(mem_ctx, "Credential chaining on incoming DatabaseSync failed");
-				talloc_free(samsync_ctx);
-				return NT_STATUS_ACCESS_DENIED;
-			}
-			
-			dbsync.in.sync_context = dbsync.out.sync_context;
-			
-			/* For every single remote 'delta' entry: */
-			for (d=0; d < delta_enum_array->num_deltas; d++) {
-				char *error_string = NULL;
-				delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
-				/* 'Fix' elements, by decrypting and
-				 * de-obfuscating the data */
-				nt_status = samsync_fix_delta(delta_ctx, 
-							      creds, 
-							      dbsync.in.database_id,
-							      &delta_enum_array->delta_enum[d]);
-				if (!NT_STATUS_IS_OK(nt_status)) {
-					r->out.error_string = talloc_steal(mem_ctx, error_string);
-					talloc_free(samsync_ctx);
-					return nt_status;
-				}
-
-				/* Now call the callback.  This will
-				 * do something like print the data or
-				 * write to an ldb */
-				nt_status = r->in.delta_fn(delta_ctx, 
-							   r->in.fn_ctx,
-							   dbsync.in.database_id,
-							   &delta_enum_array->delta_enum[d],
-							   &error_string);
-				if (!NT_STATUS_IS_OK(nt_status)) {
-					r->out.error_string = talloc_steal(mem_ctx, error_string);
-					talloc_free(samsync_ctx);
-					return nt_status;
-				}
-				talloc_free(delta_ctx);
-			}
-			talloc_free(loop_ctx);
-		} while (NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES));
-		
-		if (!NT_STATUS_IS_OK(dbsync_nt_status)) {
-			r->out.error_string = talloc_asprintf(mem_ctx, "libnet_SamSync_netlogon failed: unexpected inconsistency. Should not get error %s here", nt_errstr(dbsync_nt_status));
-			talloc_free(samsync_ctx);
-			return dbsync_nt_status;
-		}
-		nt_status = NT_STATUS_OK;
-	}
-	talloc_free(samsync_ctx);
-	return nt_status;
-}
-
diff --git a/source4/libnet/libnet_samsync.h b/source4/libnet/libnet_samsync.h
index 54aed0a0c90..fb938d0983a 100644
--- a/source4/libnet/libnet_samsync.h
+++ b/source4/libnet/libnet_samsync.h
@@ -19,46 +19,6 @@
 
 #include "librpc/gen_ndr/netlogon.h"
 
-struct libnet_SamSync_state {
-	struct libnet_context *machine_net_ctx;
-	struct dcerpc_pipe *netlogon_pipe;
-	const char *domain_name;
-	const struct dom_sid *domain_sid;
-	const char *realm;
-	struct GUID *domain_guid;
-};
-
-/* struct and enum for doing a remote domain vampire dump */
-struct libnet_SamSync {
-	struct {
-		const char *binding_string;
-		NTSTATUS (*init_fn)(TALLOC_CTX *mem_ctx, 		
-				    void *private_data,
-				    struct libnet_SamSync_state *samsync_state,
-				    char **error_string);
-		NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx, 		
-				     void *private_data,
-				     enum netr_SamDatabaseID database,
-				     struct netr_DELTA_ENUM *delta,
-				     char **error_string);
-		void *fn_ctx;
-		struct cli_credentials *machine_account;
-	} in;
-	struct {
-		const char *error_string;
-	} out;
-};
-
-struct libnet_SamDump {
-	struct {
-		const char *binding_string;
-		struct cli_credentials *machine_account;
-	} in;
-	struct {
-		const char *error_string;
-	} out;
-};
-
 struct libnet_SamDump_keytab {
 	struct {
 		const char *binding_string;
diff --git a/source4/libnet/wscript_build b/source4/libnet/wscript_build
index fc045d5f41b..44bc9231cde 100644
--- a/source4/libnet/wscript_build
+++ b/source4/libnet/wscript_build
@@ -6,7 +6,7 @@ provision = bld.pyembed_libname('PROVISION')
 name = bld.pyembed_libname('samba-net')
 auto_proto='libnet_proto.h'
 bld.SAMBA_LIBRARY(name,
-        source='libnet.c libnet_passwd.c libnet_time.c libnet_rpc.c libnet_join.c libnet_site.c libnet_become_dc.c libnet_unbecome_dc.c libnet_vampire.c libnet_samdump.c libnet_user.c libnet_group.c libnet_share.c libnet_lookup.c libnet_domain.c userinfo.c groupinfo.c userman.c groupman.c prereq_domain.c libnet_samsync.c',
+        source='libnet.c libnet_passwd.c libnet_time.c libnet_rpc.c libnet_join.c libnet_site.c libnet_become_dc.c libnet_unbecome_dc.c libnet_vampire.c libnet_user.c libnet_group.c libnet_share.c libnet_lookup.c libnet_domain.c userinfo.c groupinfo.c userman.c groupman.c prereq_domain.c',
         autoproto=auto_proto,
         public_deps='samba-credentials dcerpc dcerpc-samr RPC_NDR_LSA RPC_NDR_SRVSVC RPC_NDR_DRSUAPI cli_composite LIBCLI_RESOLVE LIBCLI_FINDDCS cli_cldap LIBCLI_FINDDCS gensec_schannel LIBCLI_AUTH ndr smbpasswdparser %s LIBCLI_SAMSYNC LIBTSOCKET' % (provision),
         private_library=True,