search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-build: Separate test backtrace support into separate subsystem
[Samba.git] / nsswitch / wbinfo.c
blob55b9e268c395807e34378d4a9163c615e81479cd
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind status program.
5
6 Copyright (C) Tim Potter 2000-2003
7 Copyright (C) Andrew Bartlett 2002-2007
8 Copyright (C) Volker Lendecke 2009
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "libwbclient/wbclient.h"
26 #include "winbind_struct_protocol.h"
27 #include "libwbclient/wbclient_internal.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "lib/cmdline/cmdline.h"
30 #include "lib/afs/afs_settoken.h"
31 #include "lib/util/smb_strtox.h"
32 #include "lib/util/string_wrappers.h"
33
34 #ifdef DBGC_CLASS
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_WINBIND
37 #endif
38
39 static struct wbcInterfaceDetails *init_interface_details(void)
40 {
41 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42 static struct wbcInterfaceDetails *details;
43
44 if (details) {
45 return details;
46 }
47
48 wbc_status = wbcInterfaceDetails(&details);
49 if (!WBC_ERROR_IS_OK(wbc_status)) {
50 d_fprintf(stderr, "could not obtain winbind interface "
51 "details: %s\n", wbcErrorString(wbc_status));
52 }
53
54 return details;
55 }
56
57 static char winbind_separator(void)
58 {
59 struct wbcInterfaceDetails *details;
60 static bool got_sep;
61 static char sep;
62
63 if (got_sep)
64 return sep;
65
66 details = init_interface_details();
67
68 if (!details) {
69 d_fprintf(stderr, "could not obtain winbind separator!\n");
70 return 0;
71 }
72
73 sep = details->winbind_separator;
74 got_sep = true;
75
76 if (!sep) {
77 d_fprintf(stderr, "winbind separator was NULL!\n");
78 return 0;
79 }
80
81 return sep;
82 }
83
84 static const char *get_winbind_domain(void)
85 {
86 static struct wbcInterfaceDetails *details;
87
88 details = init_interface_details();
89
90 if (!details) {
91 d_fprintf(stderr, "could not obtain winbind domain name!\n");
92 return 0;
93 }
94
95 return details->netbios_domain;
96 }
97
98 static const char *get_winbind_netbios_name(void)
99 {
100 static struct wbcInterfaceDetails *details;
101
102 details = init_interface_details();
103
104 if (!details) {
105 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106 return 0;
107 }
108
109 return details->netbios_name;
110 }
111
112 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
113 form DOMAIN/user into a domain and a user */
114
115 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116 fstring user)
117 {
118
119 char *p = strchr(domuser,winbind_separator());
120
121 if (!p) {
122 /* Maybe it was a UPN? */
123 p = strchr(domuser, '@');
124 if (p != NULL) {
125 fstrcpy(domain, "");
126 fstrcpy(user, domuser);
127 return true;
128 }
129
130 fstrcpy(user, domuser);
131 fstrcpy(domain, get_winbind_domain());
132 return true;
133 }
134
135 fstrcpy(user, p+1);
136 fstrcpy(domain, domuser);
137 domain[PTR_DIFF(p, domuser)] = 0;
138
139 return true;
140 }
141
142 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143 * Return true if input was valid, false otherwise. */
144 static bool parse_mapping_arg(char *arg, int *id, char **sid)
145 {
146 char *tmp;
147 int error = 0;
148
149 if (!arg || !*arg)
150 return false;
151
152 tmp = strtok(arg, ",");
153 *sid = strtok(NULL, ",");
154
155 if (!tmp || !*tmp || !*sid || !**sid)
156 return false;
157
158 /* Because atoi() can return 0 on invalid input, which would be a valid
159 * UID/GID we must use strtoul() and do error checking */
160 *id = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
161 if (error != 0)
162 return false;
163
164 return true;
165 }
166
167 /* pull pwent info for a given user */
168
169 static bool wbinfo_get_userinfo(char *user)
170 {
171 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172 struct passwd *pwd = NULL;
173
174 wbc_status = wbcGetpwnam(user, &pwd);
175 if (!WBC_ERROR_IS_OK(wbc_status)) {
176 d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177 wbcErrorString(wbc_status));
178 return false;
179 }
180
181 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182 pwd->pw_name,
183 pwd->pw_passwd,
184 (unsigned int)pwd->pw_uid,
185 (unsigned int)pwd->pw_gid,
186 pwd->pw_gecos,
187 pwd->pw_dir,
188 pwd->pw_shell);
189
190 wbcFreeMemory(pwd);
191
192 return true;
193 }
194
195 /* pull pwent info for a given uid */
196 static bool wbinfo_get_uidinfo(int uid)
197 {
198 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
199 struct passwd *pwd = NULL;
200
201 wbc_status = wbcGetpwuid(uid, &pwd);
202 if (!WBC_ERROR_IS_OK(wbc_status)) {
203 d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
204 wbcErrorString(wbc_status));
205 return false;
206 }
207
208 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
209 pwd->pw_name,
210 pwd->pw_passwd,
211 (unsigned int)pwd->pw_uid,
212 (unsigned int)pwd->pw_gid,
213 pwd->pw_gecos,
214 pwd->pw_dir,
215 pwd->pw_shell);
216
217 wbcFreeMemory(pwd);
218
219 return true;
220 }
221
222 static bool wbinfo_get_user_sidinfo(const char *sid_str)
223 {
224 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
225 struct passwd *pwd = NULL;
226 struct wbcDomainSid sid;
227
228 wbc_status = wbcStringToSid(sid_str, &sid);
229 wbc_status = wbcGetpwsid(&sid, &pwd);
230 if (!WBC_ERROR_IS_OK(wbc_status)) {
231 d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
232 wbcErrorString(wbc_status));
233 return false;
234 }
235
236 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
237 pwd->pw_name,
238 pwd->pw_passwd,
239 (unsigned int)pwd->pw_uid,
240 (unsigned int)pwd->pw_gid,
241 pwd->pw_gecos,
242 pwd->pw_dir,
243 pwd->pw_shell);
244
245 wbcFreeMemory(pwd);
246
247 return true;
248 }
249
250
251 /* pull grent for a given group */
252 static bool wbinfo_get_groupinfo(const char *group)
253 {
254 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
255 struct group *grp;
256 char **mem;
257
258 wbc_status = wbcGetgrnam(group, &grp);
259 if (!WBC_ERROR_IS_OK(wbc_status)) {
260 d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
261 wbcErrorString(wbc_status));
262 return false;
263 }
264
265 d_printf("%s:%s:%u:",
266 grp->gr_name,
267 grp->gr_passwd,
268 (unsigned int)grp->gr_gid);
269
270 mem = grp->gr_mem;
271 while (*mem != NULL) {
272 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
273 mem += 1;
274 }
275 d_printf("\n");
276
277 wbcFreeMemory(grp);
278
279 return true;
280 }
281
282 /* pull grent for a given gid */
283 static bool wbinfo_get_gidinfo(int gid)
284 {
285 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
286 struct group *grp;
287 char **mem;
288
289 wbc_status = wbcGetgrgid(gid, &grp);
290 if (!WBC_ERROR_IS_OK(wbc_status)) {
291 d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
292 wbcErrorString(wbc_status));
293 return false;
294 }
295
296 d_printf("%s:%s:%u:",
297 grp->gr_name,
298 grp->gr_passwd,
299 (unsigned int)grp->gr_gid);
300
301 mem = grp->gr_mem;
302 while (*mem != NULL) {
303 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
304 mem += 1;
305 }
306 d_printf("\n");
307
308 wbcFreeMemory(grp);
309
310 return true;
311 }
312
313 /* List groups a user is a member of */
314
315 static bool wbinfo_get_usergroups(const char *user)
316 {
317 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
318 uint32_t num_groups;
319 uint32_t i;
320 gid_t *groups = NULL;
321
322 /* Send request */
323
324 wbc_status = wbcGetGroups(user, &num_groups, &groups);
325 if (!WBC_ERROR_IS_OK(wbc_status)) {
326 d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
327 wbcErrorString(wbc_status));
328 return false;
329 }
330
331 for (i = 0; i < num_groups; i++) {
332 d_printf("%d\n", (int)groups[i]);
333 }
334
335 wbcFreeMemory(groups);
336
337 return true;
338 }
339
340
341 /* List group SIDs a user SID is a member of */
342 static bool wbinfo_get_usersids(const char *user_sid_str)
343 {
344 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
345 uint32_t num_sids;
346 uint32_t i;
347 struct wbcDomainSid user_sid, *sids = NULL;
348
349 /* Send request */
350
351 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
352 if (!WBC_ERROR_IS_OK(wbc_status)) {
353 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
354 wbcErrorString(wbc_status));
355 return false;
356 }
357
358 wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
359 if (!WBC_ERROR_IS_OK(wbc_status)) {
360 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
361 wbcErrorString(wbc_status));
362 return false;
363 }
364
365 for (i = 0; i < num_sids; i++) {
366 char str[WBC_SID_STRING_BUFLEN];
367 wbcSidToStringBuf(&sids[i], str, sizeof(str));
368 d_printf("%s\n", str);
369 }
370
371 wbcFreeMemory(sids);
372
373 return true;
374 }
375
376 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
377 {
378 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
379 uint32_t num_sids;
380 uint32_t i;
381 struct wbcDomainSid user_sid, *sids = NULL;
382
383 /* Send request */
384
385 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
386 if (!WBC_ERROR_IS_OK(wbc_status)) {
387 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
388 wbcErrorString(wbc_status));
389 return false;
390 }
391
392 wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
393 if (!WBC_ERROR_IS_OK(wbc_status)) {
394 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
395 wbcErrorString(wbc_status));
396 return false;
397 }
398
399 for (i = 0; i < num_sids; i++) {
400 char str[WBC_SID_STRING_BUFLEN];
401 wbcSidToStringBuf(&sids[i], str, sizeof(str));
402 d_printf("%s\n", str);
403 }
404
405 wbcFreeMemory(sids);
406
407 return true;
408 }
409
410 static bool wbinfo_get_sidaliases(const char *domain,
411 const char *user_sid_str)
412 {
413 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
414 struct wbcDomainInfo *dinfo = NULL;
415 uint32_t i;
416 struct wbcDomainSid user_sid;
417 uint32_t *alias_rids = NULL;
418 uint32_t num_alias_rids;
419 char domain_sid_str[WBC_SID_STRING_BUFLEN];
420
421 /* Send request */
422 if ((domain == NULL) || (strequal(domain, ".")) ||
423 (domain[0] == '\0')) {
424 domain = get_winbind_domain();
425 }
426
427 /* Send request */
428
429 wbc_status = wbcDomainInfo(domain, &dinfo);
430 if (!WBC_ERROR_IS_OK(wbc_status)) {
431 d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
432 wbcErrorString(wbc_status));
433 goto done;
434 }
435 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
436 if (!WBC_ERROR_IS_OK(wbc_status)) {
437 goto done;
438 }
439
440 wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
441 &alias_rids, &num_alias_rids);
442 if (!WBC_ERROR_IS_OK(wbc_status)) {
443 goto done;
444 }
445
446 wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
447
448 for (i = 0; i < num_alias_rids; i++) {
449 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
450 }
451
452 wbcFreeMemory(alias_rids);
453
454 done:
455 wbcFreeMemory(dinfo);
456 return (WBC_ERR_SUCCESS == wbc_status);
457 }
458
459
460 /* Convert NetBIOS name to IP */
461
462 static bool wbinfo_wins_byname(const char *name)
463 {
464 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
465 char *ip = NULL;
466
467 wbc_status = wbcResolveWinsByName(name, &ip);
468 if (!WBC_ERROR_IS_OK(wbc_status)) {
469 d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
470 wbcErrorString(wbc_status));
471 return false;
472 }
473
474 /* Display response */
475
476 d_printf("%s\n", ip);
477
478 wbcFreeMemory(ip);
479
480 return true;
481 }
482
483 /* Convert IP to NetBIOS name */
484
485 static bool wbinfo_wins_byip(const char *ip)
486 {
487 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
488 char *name = NULL;
489
490 wbc_status = wbcResolveWinsByIP(ip, &name);
491 if (!WBC_ERROR_IS_OK(wbc_status)) {
492 d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
493 wbcErrorString(wbc_status));
494 return false;
495 }
496
497 /* Display response */
498
499 d_printf("%s\n", name);
500
501 wbcFreeMemory(name);
502
503 return true;
504 }
505
506 /* List all/trusted domains */
507
508 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
509 {
510 struct wbcDomainInfo *domain_list = NULL;
511 size_t i, num_domains;
512 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
513 bool print_all = !list_all_domains && verbose;
514
515 wbc_status = wbcListTrusts(&domain_list, &num_domains);
516 if (!WBC_ERROR_IS_OK(wbc_status)) {
517 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
518 wbcErrorString(wbc_status));
519 return false;
520 }
521
522 if (print_all) {
523 d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
524 "Domain Name", "DNS Domain", "Trust Type",
525 "Transitive", "In", "Out");
526 }
527
528 for (i=0; i<num_domains; i++) {
529 if (print_all) {
530 d_printf("%-16s", domain_list[i].short_name);
531 } else {
532 d_printf("%s", domain_list[i].short_name);
533 d_printf("\n");
534 continue;
535 }
536
537 d_printf("%-65s", domain_list[i].dns_name);
538
539 switch(domain_list[i].trust_type) {
540 case WBC_DOMINFO_TRUSTTYPE_NONE:
541 if (domain_list[i].trust_routing != NULL) {
542 d_printf("%s\n", domain_list[i].trust_routing);
543 } else {
544 d_printf("None\n");
545 }
546 continue;
547 case WBC_DOMINFO_TRUSTTYPE_LOCAL:
548 d_printf("Local\n");
549 continue;
550 case WBC_DOMINFO_TRUSTTYPE_RWDC:
551 d_printf("RWDC\n");
552 continue;
553 case WBC_DOMINFO_TRUSTTYPE_RODC:
554 d_printf("RODC\n");
555 continue;
556 case WBC_DOMINFO_TRUSTTYPE_PDC:
557 d_printf("PDC\n");
558 continue;
559 case WBC_DOMINFO_TRUSTTYPE_WKSTA:
560 d_printf("Workstation ");
561 break;
562 case WBC_DOMINFO_TRUSTTYPE_FOREST:
563 d_printf("Forest ");
564 break;
565 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
566 d_printf("External ");
567 break;
568 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
569 d_printf("In-Forest ");
570 break;
571 }
572
573 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
574 d_printf("Yes ");
575 } else {
576 d_printf("No ");
577 }
578
579 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
580 d_printf("Yes ");
581 } else {
582 d_printf("No ");
583 }
584
585 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
586 d_printf("Yes ");
587 } else {
588 d_printf("No ");
589 }
590
591 d_printf("\n");
592 }
593
594 wbcFreeMemory(domain_list);
595
596 return true;
597 }
598
599 /* List own domain */
600
601 static bool wbinfo_list_own_domain(void)
602 {
603 d_printf("%s\n", get_winbind_domain());
604
605 return true;
606 }
607
608 /* show sequence numbers */
609 static bool wbinfo_show_sequence(const char *domain)
610 {
611 d_printf("This command has been deprecated. Please use the "
612 "--online-status option instead.\n");
613 return false;
614 }
615
616 /* show sequence numbers */
617 static bool wbinfo_show_onlinestatus(const char *domain)
618 {
619 struct wbcDomainInfo *domain_list = NULL;
620 size_t i, num_domains;
621 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
622
623 wbc_status = wbcListTrusts(&domain_list, &num_domains);
624 if (!WBC_ERROR_IS_OK(wbc_status)) {
625 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
626 wbcErrorString(wbc_status));
627 return false;
628 }
629
630 for (i=0; i<num_domains; i++) {
631 bool is_offline;
632
633 if (domain) {
634 if (!strequal(domain_list[i].short_name, domain)) {
635 continue;
636 }
637 }
638
639 is_offline = (domain_list[i].domain_flags &
640 WBC_DOMINFO_DOMAIN_OFFLINE);
641
642 d_printf("%s : %s\n",
643 domain_list[i].short_name,
644 is_offline ? "no active connection" : "active connection" );
645 }
646
647 wbcFreeMemory(domain_list);
648
649 return true;
650 }
651
652
653 /* Show domain info */
654
655 static bool wbinfo_domain_info(const char *domain)
656 {
657 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
658 struct wbcDomainInfo *dinfo = NULL;
659 char sid_str[WBC_SID_STRING_BUFLEN];
660
661 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
662 domain = get_winbind_domain();
663 }
664
665 /* Send request */
666
667 wbc_status = wbcDomainInfo(domain, &dinfo);
668 if (!WBC_ERROR_IS_OK(wbc_status)) {
669 d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
670 wbcErrorString(wbc_status));
671 return false;
672 }
673
674 wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
675
676 /* Display response */
677
678 d_printf("Name : %s\n", dinfo->short_name);
679 d_printf("Alt_Name : %s\n", dinfo->dns_name);
680
681 d_printf("SID : %s\n", sid_str);
682
683 d_printf("Active Directory : %s\n",
684 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
685 d_printf("Native : %s\n",
686 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
687 "Yes" : "No");
688
689 d_printf("Primary : %s\n",
690 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
691 "Yes" : "No");
692
693 wbcFreeMemory(dinfo);
694
695 return true;
696 }
697
698 /* Get a foreign DC's name */
699 static bool wbinfo_getdcname(const char *domain_name)
700 {
701 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
702 struct winbindd_request request;
703 struct winbindd_response response;
704
705 ZERO_STRUCT(request);
706 ZERO_STRUCT(response);
707
708 fstrcpy(request.domain_name, domain_name);
709
710 /* Send request */
711
712 wbc_status = wbcRequestResponse(NULL, WINBINDD_GETDCNAME,
713 &request, &response);
714 if (!WBC_ERROR_IS_OK(wbc_status)) {
715 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
716 return false;
717 }
718
719 /* Display response */
720
721 d_printf("%s\n", response.data.dc_name);
722
723 return true;
724 }
725
726 /* Find a DC */
727 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
728 {
729 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
730 struct wbcDomainControllerInfoEx *dc_info;
731 char *str = NULL;
732
733 wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
734 flags | DS_DIRECTORY_SERVICE_REQUIRED,
735 &dc_info);
736 if (!WBC_ERROR_IS_OK(wbc_status)) {
737 printf("Could not find dc for %s\n", domain_name);
738 return false;
739 }
740
741 wbcGuidToString(dc_info->domain_guid, &str);
742
743 d_printf("%s\n", dc_info->dc_unc);
744 d_printf("%s\n", dc_info->dc_address);
745 d_printf("%d\n", dc_info->dc_address_type);
746 d_printf("%s\n", str);
747 d_printf("%s\n", dc_info->domain_name);
748 d_printf("%s\n", dc_info->forest_name);
749 d_printf("0x%08x\n", dc_info->dc_flags);
750 d_printf("%s\n", dc_info->dc_site_name);
751 d_printf("%s\n", dc_info->client_site_name);
752
753 wbcFreeMemory(str);
754 wbcFreeMemory(dc_info);
755
756 return true;
757 }
758
759 /* Check trust account password */
760
761 static bool wbinfo_check_secret(const char *domain)
762 {
763 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
764 struct wbcAuthErrorInfo *error = NULL;
765 const char *domain_name;
766
767 if (domain) {
768 domain_name = domain;
769 } else {
770 domain_name = get_winbind_domain();
771 }
772
773 wbc_status = wbcCheckTrustCredentials(domain_name, &error);
774
775 d_printf("checking the trust secret for domain %s via RPC calls %s\n",
776 domain_name,
777 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
778
779 if (wbc_status == WBC_ERR_AUTH_ERROR) {
780 d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
781 domain_name, error->nt_string, error->nt_status);
782 wbcFreeMemory(error);
783 }
784 if (!WBC_ERROR_IS_OK(wbc_status)) {
785 d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
786 "%s\n", wbcErrorString(wbc_status));
787 return false;
788 }
789
790 return true;
791 }
792
793 /* Find the currently connected DCs */
794
795 static bool wbinfo_dc_info(const char *domain_name)
796 {
797 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
798 size_t i, num_dcs;
799 const char **dc_names, **dc_ips;
800
801 wbc_status = wbcDcInfo(domain_name, &num_dcs,
802 &dc_names, &dc_ips);
803 if (!WBC_ERROR_IS_OK(wbc_status)) {
804 printf("Could not find dc info %s\n",
805 domain_name ? domain_name : "our domain");
806 return false;
807 }
808
809 for (i=0; i<num_dcs; i++) {
810 printf("%s (%s)\n", dc_names[i], dc_ips[i]);
811 }
812 wbcFreeMemory(dc_names);
813 wbcFreeMemory(dc_ips);
814
815 return true;
816 }
817
818 /* Change trust account password */
819
820 static bool wbinfo_change_secret(const char *domain)
821 {
822 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
823 struct wbcAuthErrorInfo *error = NULL;
824 const char *domain_name;
825
826 if (domain) {
827 domain_name = domain;
828 } else {
829 domain_name = get_winbind_domain();
830 }
831
832 wbc_status = wbcChangeTrustCredentials(domain_name, &error);
833
834 d_printf("changing the trust secret for domain %s via RPC calls %s\n",
835 domain_name,
836 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
837
838 if (wbc_status == WBC_ERR_AUTH_ERROR) {
839 d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
840 domain_name, error->nt_string, error->nt_status);
841 wbcFreeMemory(error);
842 }
843 if (!WBC_ERROR_IS_OK(wbc_status)) {
844 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
845 "%s\n", wbcErrorString(wbc_status));
846 return false;
847 }
848
849 return true;
850 }
851
852 /* Check DC connection */
853
854 static bool wbinfo_ping_dc(const char *domain)
855 {
856 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
857 struct wbcAuthErrorInfo *error = NULL;
858 char *dcname = NULL;
859
860 const char *domain_name;
861
862 if (domain) {
863 domain_name = domain;
864 } else {
865 domain_name = get_winbind_domain();
866 }
867
868 wbc_status = wbcPingDc2(domain_name, &error, &dcname);
869
870 d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
871 domain_name ? domain_name : "",
872 dcname ? dcname : "",
873 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
874
875 wbcFreeMemory(dcname);
876 if (wbc_status == WBC_ERR_AUTH_ERROR) {
877 d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
878 domain_name, error->nt_string, error->nt_status);
879 wbcFreeMemory(error);
880 return false;
881 }
882 if (!WBC_ERROR_IS_OK(wbc_status)) {
883 d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
884 wbcErrorString(wbc_status));
885 return false;
886 }
887
888 return true;
889 }
890
891 /* Convert uid to sid */
892
893 static bool wbinfo_uid_to_sid(uid_t uid)
894 {
895 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
896 struct wbcDomainSid sid;
897 char sid_str[WBC_SID_STRING_BUFLEN];
898
899 /* Send request */
900
901 wbc_status = wbcUidToSid(uid, &sid);
902 if (!WBC_ERROR_IS_OK(wbc_status)) {
903 d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
904 wbcErrorString(wbc_status));
905 return false;
906 }
907
908 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
909
910 /* Display response */
911
912 d_printf("%s\n", sid_str);
913
914 return true;
915 }
916
917 /* Convert gid to sid */
918
919 static bool wbinfo_gid_to_sid(gid_t gid)
920 {
921 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
922 struct wbcDomainSid sid;
923 char sid_str[WBC_SID_STRING_BUFLEN];
924
925 /* Send request */
926
927 wbc_status = wbcGidToSid(gid, &sid);
928 if (!WBC_ERROR_IS_OK(wbc_status)) {
929 d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
930 wbcErrorString(wbc_status));
931 return false;
932 }
933
934 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
935
936 /* Display response */
937
938 d_printf("%s\n", sid_str);
939
940 return true;
941 }
942
943 /* Convert sid to uid */
944
945 static bool wbinfo_sid_to_uid(const char *sid_str)
946 {
947 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
948 struct wbcDomainSid sid;
949 uid_t uid;
950
951 /* Send request */
952
953 wbc_status = wbcStringToSid(sid_str, &sid);
954 if (!WBC_ERROR_IS_OK(wbc_status)) {
955 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
956 wbcErrorString(wbc_status));
957 return false;
958 }
959
960 wbc_status = wbcSidToUid(&sid, &uid);
961 if (!WBC_ERROR_IS_OK(wbc_status)) {
962 d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
963 wbcErrorString(wbc_status));
964 return false;
965 }
966
967 /* Display response */
968
969 d_printf("%d\n", (int)uid);
970
971 return true;
972 }
973
974 static bool wbinfo_sid_to_gid(const char *sid_str)
975 {
976 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
977 struct wbcDomainSid sid;
978 gid_t gid;
979
980 /* Send request */
981
982 wbc_status = wbcStringToSid(sid_str, &sid);
983 if (!WBC_ERROR_IS_OK(wbc_status)) {
984 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
985 wbcErrorString(wbc_status));
986 return false;
987 }
988
989 wbc_status = wbcSidToGid(&sid, &gid);
990 if (!WBC_ERROR_IS_OK(wbc_status)) {
991 d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
992 wbcErrorString(wbc_status));
993 return false;
994 }
995
996 /* Display response */
997
998 d_printf("%d\n", (int)gid);
999
1000 return true;
1001 }
1002
1003 static bool wbinfo_sids_to_unix_ids(const char *arg)
1004 {
1005 char sidstr[WBC_SID_STRING_BUFLEN];
1006 struct wbcDomainSid *sids;
1007 struct wbcUnixId *unix_ids;
1008 int i, num_sids;
1009 const char *p;
1010 wbcErr wbc_status;
1011
1012
1013 num_sids = 0;
1014 sids = NULL;
1015 p = arg;
1016
1017 while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1018 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1019 num_sids+1);
1020 if (sids == NULL) {
1021 d_fprintf(stderr, "talloc failed\n");
1022 return false;
1023 }
1024 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1025 if (!WBC_ERROR_IS_OK(wbc_status)) {
1026 d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1027 sidstr, wbcErrorString(wbc_status));
1028 TALLOC_FREE(sids);
1029 return false;
1030 }
1031 num_sids += 1;
1032 }
1033
1034 unix_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_sids);
1035 if (unix_ids == NULL) {
1036 TALLOC_FREE(sids);
1037 return false;
1038 }
1039
1040 wbc_status = wbcSidsToUnixIds(sids, num_sids, unix_ids);
1041 if (!WBC_ERROR_IS_OK(wbc_status)) {
1042 d_fprintf(stderr, "wbcSidsToUnixIds failed: %s\n",
1043 wbcErrorString(wbc_status));
1044 TALLOC_FREE(sids);
1045 return false;
1046 }
1047
1048 for (i=0; i<num_sids; i++) {
1049
1050 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1051
1052 switch(unix_ids[i].type) {
1053 case WBC_ID_TYPE_UID:
1054 d_printf("%s -> uid %d\n", sidstr, unix_ids[i].id.uid);
1055 break;
1056 case WBC_ID_TYPE_GID:
1057 d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
1058 break;
1059 case WBC_ID_TYPE_BOTH:
1060 d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
1061 break;
1062 default:
1063 d_printf("%s -> unmapped\n", sidstr);
1064 break;
1065 }
1066 }
1067
1068 TALLOC_FREE(sids);
1069 TALLOC_FREE(unix_ids);
1070
1071 return true;
1072 }
1073
1074 static bool wbinfo_xids_to_sids(const char *arg)
1075 {
1076 fstring idstr;
1077 struct wbcUnixId *xids = NULL;
1078 struct wbcDomainSid *sids;
1079 wbcErr wbc_status;
1080 int num_xids = 0;
1081 const char *p;
1082 int i;
1083
1084 p = arg;
1085
1086 while (next_token(&p, idstr, LIST_SEP, sizeof(idstr))) {
1087 xids = talloc_realloc(talloc_tos(), xids, struct wbcUnixId,
1088 num_xids+1);
1089 if (xids == NULL) {
1090 d_fprintf(stderr, "talloc failed\n");
1091 return false;
1092 }
1093
1094 switch (idstr[0]) {
1095 case 'u':
1096 xids[num_xids] = (struct wbcUnixId) {
1097 .type = WBC_ID_TYPE_UID,
1098 .id.uid = atoi(&idstr[1])
1099 };
1100 break;
1101 case 'g':
1102 xids[num_xids] = (struct wbcUnixId) {
1103 .type = WBC_ID_TYPE_GID,
1104 .id.gid = atoi(&idstr[1])
1105 };
1106 break;
1107 default:
1108 d_fprintf(stderr, "%s is an invalid id\n", idstr);
1109 TALLOC_FREE(xids);
1110 return false;
1111 }
1112 num_xids += 1;
1113 }
1114
1115 sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_xids);
1116 if (sids == NULL) {
1117 d_fprintf(stderr, "talloc failed\n");
1118 TALLOC_FREE(xids);
1119 return false;
1120 }
1121
1122 wbc_status = wbcUnixIdsToSids(xids, num_xids, sids);
1123 if (!WBC_ERROR_IS_OK(wbc_status)) {
1124 d_fprintf(stderr, "wbcUnixIdsToSids failed: %s\n",
1125 wbcErrorString(wbc_status));
1126 TALLOC_FREE(sids);
1127 TALLOC_FREE(xids);
1128 return false;
1129 }
1130
1131 for (i=0; i<num_xids; i++) {
1132 char str[WBC_SID_STRING_BUFLEN];
1133 struct wbcDomainSid null_sid = { 0 };
1134
1135 if (memcmp(&null_sid, &sids[i], sizeof(struct wbcDomainSid)) == 0) {
1136 d_printf("NOT MAPPED\n");
1137 continue;
1138 }
1139 wbcSidToStringBuf(&sids[i], str, sizeof(str));
1140 d_printf("%s\n", str);
1141 }
1142
1143 return true;
1144 }
1145
1146 static bool wbinfo_allocate_uid(void)
1147 {
1148 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1149 uid_t uid;
1150
1151 /* Send request */
1152
1153 wbc_status = wbcAllocateUid(&uid);
1154 if (!WBC_ERROR_IS_OK(wbc_status)) {
1155 d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
1156 wbcErrorString(wbc_status));
1157 return false;
1158 }
1159
1160 /* Display response */
1161
1162 d_printf("New uid: %u\n", (unsigned int)uid);
1163
1164 return true;
1165 }
1166
1167 static bool wbinfo_allocate_gid(void)
1168 {
1169 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1170 gid_t gid;
1171
1172 /* Send request */
1173
1174 wbc_status = wbcAllocateGid(&gid);
1175 if (!WBC_ERROR_IS_OK(wbc_status)) {
1176 d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
1177 wbcErrorString(wbc_status));
1178 return false;
1179 }
1180
1181 /* Display response */
1182
1183 d_printf("New gid: %u\n", (unsigned int)gid);
1184
1185 return true;
1186 }
1187
1188 static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
1189 {
1190 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1191 struct wbcDomainSid sid;
1192
1193 /* Send request */
1194
1195 wbc_status = wbcStringToSid(sid_str, &sid);
1196 if (!WBC_ERROR_IS_OK(wbc_status)) {
1197 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1198 wbcErrorString(wbc_status));
1199 return false;
1200 }
1201
1202 wbc_status = wbcSetUidMapping(uid, &sid);
1203 if (!WBC_ERROR_IS_OK(wbc_status)) {
1204 d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
1205 wbcErrorString(wbc_status));
1206 return false;
1207 }
1208
1209 /* Display response */
1210
1211 d_printf("uid %u now mapped to sid %s\n",
1212 (unsigned int)uid, sid_str);
1213
1214 return true;
1215 }
1216
1217 static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
1218 {
1219 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1220 struct wbcDomainSid sid;
1221
1222 /* Send request */
1223
1224 wbc_status = wbcStringToSid(sid_str, &sid);
1225 if (!WBC_ERROR_IS_OK(wbc_status)) {
1226 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1227 wbcErrorString(wbc_status));
1228 return false;
1229 }
1230
1231 wbc_status = wbcSetGidMapping(gid, &sid);
1232 if (!WBC_ERROR_IS_OK(wbc_status)) {
1233 d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
1234 wbcErrorString(wbc_status));
1235 return false;
1236 }
1237
1238 /* Display response */
1239
1240 d_printf("gid %u now mapped to sid %s\n",
1241 (unsigned int)gid, sid_str);
1242
1243 return true;
1244 }
1245
1246 static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1247 {
1248 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1249 struct wbcDomainSid sid;
1250
1251 /* Send request */
1252
1253 wbc_status = wbcStringToSid(sid_str, &sid);
1254 if (!WBC_ERROR_IS_OK(wbc_status)) {
1255 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1256 wbcErrorString(wbc_status));
1257 return false;
1258 }
1259
1260 wbc_status = wbcRemoveUidMapping(uid, &sid);
1261 if (!WBC_ERROR_IS_OK(wbc_status)) {
1262 d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
1263 wbcErrorString(wbc_status));
1264 return false;
1265 }
1266
1267 /* Display response */
1268
1269 d_printf("Removed uid %u to sid %s mapping\n",
1270 (unsigned int)uid, sid_str);
1271
1272 return true;
1273 }
1274
1275 static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1276 {
1277 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1278 struct wbcDomainSid sid;
1279
1280 /* Send request */
1281
1282 wbc_status = wbcStringToSid(sid_str, &sid);
1283 if (!WBC_ERROR_IS_OK(wbc_status)) {
1284 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1285 wbcErrorString(wbc_status));
1286 return false;
1287 }
1288
1289 wbc_status = wbcRemoveGidMapping(gid, &sid);
1290 if (!WBC_ERROR_IS_OK(wbc_status)) {
1291 d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
1292 wbcErrorString(wbc_status));
1293 return false;
1294 }
1295
1296 /* Display response */
1297
1298 d_printf("Removed gid %u to sid %s mapping\n",
1299 (unsigned int)gid, sid_str);
1300
1301 return true;
1302 }
1303
1304 /* Convert sid to string */
1305
1306 static bool wbinfo_lookupsid(const char *sid_str)
1307 {
1308 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1309 struct wbcDomainSid sid;
1310 char *domain;
1311 char *name;
1312 enum wbcSidType type;
1313
1314 /* Send off request */
1315
1316 wbc_status = wbcStringToSid(sid_str, &sid);
1317 if (!WBC_ERROR_IS_OK(wbc_status)) {
1318 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1319 wbcErrorString(wbc_status));
1320 return false;
1321 }
1322
1323 wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1324 if (!WBC_ERROR_IS_OK(wbc_status)) {
1325 d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1326 wbcErrorString(wbc_status));
1327 return false;
1328 }
1329
1330 /* Display response */
1331
1332 if (type == WBC_SID_NAME_DOMAIN) {
1333 d_printf("%s %d\n", domain, type);
1334 } else {
1335 d_printf("%s%c%s %d\n",
1336 domain, winbind_separator(), name, type);
1337 }
1338
1339 wbcFreeMemory(domain);
1340 wbcFreeMemory(name);
1341
1342 return true;
1343 }
1344
1345 /* Convert sid to fullname */
1346
1347 static bool wbinfo_lookupsid_fullname(const char *sid_str)
1348 {
1349 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1350 struct wbcDomainSid sid;
1351 char *domain;
1352 char *name;
1353 enum wbcSidType type;
1354
1355 /* Send off request */
1356
1357 wbc_status = wbcStringToSid(sid_str, &sid);
1358 if (!WBC_ERROR_IS_OK(wbc_status)) {
1359 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1360 wbcErrorString(wbc_status));
1361 return false;
1362 }
1363
1364 wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1365 if (!WBC_ERROR_IS_OK(wbc_status)) {
1366 d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1367 wbcErrorString(wbc_status));
1368 return false;
1369 }
1370
1371 /* Display response */
1372
1373 d_printf("%s%c%s %d\n",
1374 domain, winbind_separator(), name, type);
1375
1376 wbcFreeMemory(domain);
1377 wbcFreeMemory(name);
1378
1379 return true;
1380 }
1381
1382 /* Lookup a list of RIDs */
1383
1384 static bool wbinfo_lookuprids(const char *domain, const char *arg)
1385 {
1386 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1387 struct wbcDomainSid dsid;
1388 char *domain_name = NULL;
1389 const char **names = NULL;
1390 enum wbcSidType *types = NULL;
1391 size_t i, num_rids;
1392 uint32_t *rids = NULL;
1393 const char *p;
1394 char *ridstr;
1395 TALLOC_CTX *mem_ctx = NULL;
1396 bool ret = false;
1397
1398 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1399 domain = get_winbind_domain();
1400 }
1401
1402 wbc_status = wbcStringToSid(domain, &dsid);
1403 if (!WBC_ERROR_IS_OK(wbc_status)) {
1404 struct wbcDomainInfo *dinfo = NULL;
1405
1406 wbc_status = wbcDomainInfo(domain, &dinfo);
1407 if (!WBC_ERROR_IS_OK(wbc_status)) {
1408 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1409 wbcErrorString(wbc_status));
1410 goto done;
1411 }
1412
1413 dsid = dinfo->sid;
1414 wbcFreeMemory(dinfo);
1415 }
1416
1417 mem_ctx = talloc_new(NULL);
1418 if (mem_ctx == NULL) {
1419 d_printf("talloc_new failed\n");
1420 goto done;
1421 }
1422
1423 num_rids = 0;
1424 rids = NULL;
1425 p = arg;
1426
1427 while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1428 int error = 0;
1429 uint32_t rid;
1430
1431 rid = smb_strtoul(ridstr, NULL, 10, &error, SMB_STR_STANDARD);
1432 if (error != 0) {
1433 d_printf("failed to convert rid\n");
1434 goto done;
1435 }
1436 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1437 if (rids == NULL) {
1438 d_printf("talloc_realloc failed\n");
1439 }
1440 rids[num_rids] = rid;
1441 num_rids += 1;
1442 }
1443
1444 if (rids == NULL) {
1445 d_printf("no rids\n");
1446 goto done;
1447 }
1448
1449 wbc_status = wbcLookupRids(
1450 &dsid, num_rids, rids, &p, &names, &types);
1451 if (!WBC_ERROR_IS_OK(wbc_status)) {
1452 d_printf("winbind_lookup_rids failed: %s\n",
1453 wbcErrorString(wbc_status));
1454 goto done;
1455 }
1456
1457 domain_name = discard_const_p(char, p);
1458 d_printf("Domain: %s\n", domain_name);
1459
1460 for (i=0; i<num_rids; i++) {
1461 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1462 wbcSidTypeString(types[i]));
1463 }
1464
1465 ret = true;
1466 done:
1467 wbcFreeMemory(domain_name);
1468 wbcFreeMemory(names);
1469 wbcFreeMemory(types);
1470 TALLOC_FREE(mem_ctx);
1471 return ret;
1472 }
1473
1474 static bool wbinfo_lookup_sids(const char *arg)
1475 {
1476 char sidstr[WBC_SID_STRING_BUFLEN];
1477 struct wbcDomainSid *sids;
1478 struct wbcDomainInfo *domains;
1479 struct wbcTranslatedName *names;
1480 int num_domains;
1481 int i, num_sids;
1482 const char *p;
1483 wbcErr wbc_status;
1484
1485
1486 num_sids = 0;
1487 sids = NULL;
1488 p = arg;
1489
1490 while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1491 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1492 num_sids+1);
1493 if (sids == NULL) {
1494 d_fprintf(stderr, "talloc failed\n");
1495 return false;
1496 }
1497 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1498 if (!WBC_ERROR_IS_OK(wbc_status)) {
1499 d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1500 sidstr, wbcErrorString(wbc_status));
1501 TALLOC_FREE(sids);
1502 return false;
1503 }
1504 num_sids += 1;
1505 }
1506
1507 wbc_status = wbcLookupSids(sids, num_sids, &domains, &num_domains,
1508 &names);
1509 if (!WBC_ERROR_IS_OK(wbc_status)) {
1510 d_fprintf(stderr, "wbcLookupSids failed: %s\n",
1511 wbcErrorString(wbc_status));
1512 TALLOC_FREE(sids);
1513 return false;
1514 }
1515
1516 for (i=0; i<num_sids; i++) {
1517 const char *domain = NULL;
1518
1519 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1520
1521 if (names[i].domain_index >= num_domains) {
1522 domain = "<none>";
1523 } else if (names[i].domain_index < 0) {
1524 domain = "<none>";
1525 } else {
1526 domain = domains[names[i].domain_index].short_name;
1527 }
1528
1529 if (names[i].type == WBC_SID_NAME_DOMAIN) {
1530 d_printf("%s -> %s %d\n", sidstr,
1531 domain,
1532 names[i].type);
1533 } else {
1534 d_printf("%s -> %s%c%s %d\n", sidstr,
1535 domain,
1536 winbind_separator(),
1537 names[i].name, names[i].type);
1538 }
1539 }
1540 wbcFreeMemory(names);
1541 wbcFreeMemory(domains);
1542 return true;
1543 }
1544
1545 /* Convert string to sid */
1546
1547 static bool wbinfo_lookupname(const char *full_name)
1548 {
1549 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1550 struct wbcDomainSid sid;
1551 char sid_str[WBC_SID_STRING_BUFLEN];
1552 enum wbcSidType type;
1553 fstring domain_name;
1554 fstring account_name;
1555
1556 /* Send off request */
1557
1558 parse_wbinfo_domain_user(full_name, domain_name,
1559 account_name);
1560
1561 wbc_status = wbcLookupName(domain_name, account_name,
1562 &sid, &type);
1563 if (!WBC_ERROR_IS_OK(wbc_status)) {
1564 d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1565 wbcErrorString(wbc_status));
1566 return false;
1567 }
1568
1569 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
1570
1571 /* Display response */
1572
1573 d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1574
1575 return true;
1576 }
1577
1578 static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1579 const char *prefix,
1580 const char *username)
1581 {
1582 char *prompt;
1583 char buf[1024] = {0};
1584 int rc;
1585
1586 prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1587 if (!prompt) {
1588 return NULL;
1589 }
1590 if (prefix) {
1591 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1592 if (!prompt) {
1593 return NULL;
1594 }
1595 }
1596 prompt = talloc_asprintf_append(prompt, "password: ");
1597 if (!prompt) {
1598 return NULL;
1599 }
1600
1601 rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
1602 TALLOC_FREE(prompt);
1603 if (rc < 0) {
1604 return NULL;
1605 }
1606
1607 return talloc_strdup(mem_ctx, buf);
1608 }
1609
1610 /* Authenticate a user with a plaintext password */
1611
1612 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1613 {
1614 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1615 char *s = NULL;
1616 char *p = NULL;
1617 char *password = NULL;
1618 char *name = NULL;
1619 char *local_cctype = NULL;
1620 uid_t uid;
1621 struct wbcLogonUserParams params;
1622 struct wbcLogonUserInfo *info;
1623 struct wbcAuthErrorInfo *error;
1624 struct wbcUserPasswordPolicyInfo *policy;
1625 TALLOC_CTX *frame = talloc_tos();
1626
1627 if ((s = talloc_strdup(frame, username)) == NULL) {
1628 return false;
1629 }
1630
1631 if ((p = strchr(s, '%')) != NULL) {
1632 *p = 0;
1633 p++;
1634 password = talloc_strdup(frame, p);
1635 } else {
1636 password = wbinfo_prompt_pass(frame, NULL, username);
1637 }
1638
1639 local_cctype = talloc_strdup(frame, cctype);
1640
1641 name = s;
1642
1643 uid = geteuid();
1644
1645 params.username = name;
1646 params.password = password;
1647 params.num_blobs = 0;
1648 params.blobs = NULL;
1649
1650 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1651 &params.blobs,
1652 "flags",
1653 0,
1654 (uint8_t *)&flags,
1655 sizeof(flags));
1656 if (!WBC_ERROR_IS_OK(wbc_status)) {
1657 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1658 wbcErrorString(wbc_status));
1659 goto done;
1660 }
1661
1662 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1663 &params.blobs,
1664 "user_uid",
1665 0,
1666 (uint8_t *)&uid,
1667 sizeof(uid));
1668 if (!WBC_ERROR_IS_OK(wbc_status)) {
1669 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1670 wbcErrorString(wbc_status));
1671 goto done;
1672 }
1673
1674 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1675 &params.blobs,
1676 "krb5_cc_type",
1677 0,
1678 (uint8_t *)local_cctype,
1679 strlen(cctype)+1);
1680 if (!WBC_ERROR_IS_OK(wbc_status)) {
1681 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1682 wbcErrorString(wbc_status));
1683 goto done;
1684 }
1685
1686 wbc_status = wbcLogonUser(&params, &info, &error, &policy);
1687
1688 d_printf("plaintext kerberos password authentication for [%s] %s "
1689 "(requesting cctype: %s)\n",
1690 name, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1691 cctype);
1692
1693 if (error) {
1694 d_fprintf(stderr,
1695 "wbcLogonUser(%s): error code was %s (0x%x)\n"
1696 "error message was: %s\n",
1697 params.username, error->nt_string,
1698 error->nt_status,
1699 error->display_string);
1700 }
1701
1702 if (WBC_ERROR_IS_OK(wbc_status)) {
1703 if (flags & WBFLAG_PAM_INFO3_TEXT) {
1704 if (info && info->info && info->info->user_flags &
1705 NETLOGON_CACHED_ACCOUNT) {
1706 d_printf("user_flgs: "
1707 "NETLOGON_CACHED_ACCOUNT\n");
1708 }
1709 }
1710
1711 if (info) {
1712 size_t i;
1713 for (i=0; i < info->num_blobs; i++) {
1714 if (strequal(info->blobs[i].name,
1715 "krb5ccname")) {
1716 d_printf("credentials were put "
1717 "in: %s\n",
1718 (const char *)
1719 info->blobs[i].blob.data);
1720 break;
1721 }
1722 }
1723 } else {
1724 d_printf("no credentials cached\n");
1725 }
1726 }
1727 done:
1728
1729 wbcFreeMemory(params.blobs);
1730
1731 return WBC_ERROR_IS_OK(wbc_status);
1732 }
1733
1734 /* Authenticate a user with a plaintext password */
1735
1736 static bool wbinfo_auth(char *username)
1737 {
1738 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1739 char *s = NULL;
1740 char *p = NULL;
1741 char *password = NULL;
1742 char *name = NULL;
1743 TALLOC_CTX *frame = talloc_tos();
1744
1745 if ((s = talloc_strdup(frame, username)) == NULL) {
1746 return false;
1747 }
1748
1749 if ((p = strchr(s, '%')) != NULL) {
1750 *p = 0;
1751 p++;
1752 password = talloc_strdup(frame, p);
1753 } else {
1754 password = wbinfo_prompt_pass(frame, NULL, username);
1755 }
1756
1757 name = s;
1758
1759 wbc_status = wbcAuthenticateUser(name, password);
1760
1761 d_printf("plaintext password authentication %s\n",
1762 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1763
1764 #if 0
1765 if (response.data.auth.nt_status)
1766 d_fprintf(stderr,
1767 "error code was %s (0x%x)\nerror message was: %s\n",
1768 response.data.auth.nt_status_string,
1769 response.data.auth.nt_status,
1770 response.data.auth.error_string);
1771 #endif
1772
1773 return WBC_ERROR_IS_OK(wbc_status);
1774 }
1775
1776 /* Authenticate a user with a challenge/response */
1777
1778 static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1779 {
1780 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1781 struct wbcAuthUserParams params;
1782 struct wbcAuthUserInfo *info = NULL;
1783 struct wbcAuthErrorInfo *err = NULL;
1784 DATA_BLOB lm = data_blob_null;
1785 DATA_BLOB nt = data_blob_null;
1786 fstring name_user;
1787 fstring name_domain;
1788 char *pass;
1789 char *p;
1790 TALLOC_CTX *frame = talloc_tos();
1791
1792 p = strchr(username, '%');
1793
1794 if (p) {
1795 *p = 0;
1796 pass = talloc_strdup(frame, p + 1);
1797 } else {
1798 pass = wbinfo_prompt_pass(frame, NULL, username);
1799 }
1800
1801 parse_wbinfo_domain_user(username, name_domain, name_user);
1802
1803 params.account_name = name_user;
1804 params.domain_name = name_domain;
1805 params.workstation_name = NULL;
1806
1807 params.flags = 0;
1808 params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1809 WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1810
1811 params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1812
1813 generate_random_buffer(params.password.response.challenge, 8);
1814
1815 if (use_ntlmv2) {
1816 DATA_BLOB server_chal;
1817 DATA_BLOB names_blob;
1818 const char *netbios_name = NULL;
1819 const char *domain = NULL;
1820
1821 netbios_name = get_winbind_netbios_name(),
1822 domain = get_winbind_domain();
1823 if (domain == NULL) {
1824 d_fprintf(stderr, "Failed to get domain from winbindd\n");
1825 return false;
1826 }
1827
1828 server_chal = data_blob(params.password.response.challenge, 8);
1829
1830 /* Pretend this is a login to 'us', for blob purposes */
1831 names_blob = NTLMv2_generate_names_blob(NULL,
1832 netbios_name,
1833 domain);
1834
1835 if (pass != NULL &&
1836 !SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1837 &server_chal,
1838 &names_blob,
1839 &lm, &nt, NULL, NULL)) {
1840 data_blob_free(&names_blob);
1841 data_blob_free(&server_chal);
1842 TALLOC_FREE(pass);
1843 return false;
1844 }
1845 data_blob_free(&names_blob);
1846 data_blob_free(&server_chal);
1847
1848 } else {
1849 if (use_lanman) {
1850 bool ok;
1851 lm = data_blob(NULL, 24);
1852 ok = SMBencrypt(pass,
1853 params.password.response.challenge,
1854 lm.data);
1855 if (!ok) {
1856 data_blob_free(&lm);
1857 }
1858 }
1859 nt = data_blob(NULL, 24);
1860 SMBNTencrypt(pass, params.password.response.challenge,
1861 nt.data);
1862 }
1863
1864 params.password.response.nt_length = nt.length;
1865 params.password.response.nt_data = nt.data;
1866 params.password.response.lm_length = lm.length;
1867 params.password.response.lm_data = lm.data;
1868
1869 wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1870
1871 /* Display response */
1872
1873 d_printf("challenge/response password authentication %s\n",
1874 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1875
1876 if (wbc_status == WBC_ERR_AUTH_ERROR) {
1877 d_fprintf(stderr,
1878 "wbcAuthenticateUserEx(%s%c%s): error code was "
1879 "%s (0x%x, authoritative=%"PRIu8")\n"
1880 "error message was: %s\n",
1881 name_domain,
1882 winbind_separator(),
1883 name_user,
1884 err->nt_string,
1885 err->nt_status,
1886 err->authoritative,
1887 err->display_string);
1888 wbcFreeMemory(err);
1889 } else if (WBC_ERROR_IS_OK(wbc_status)) {
1890 wbcFreeMemory(info);
1891 }
1892
1893 data_blob_free(&nt);
1894 data_blob_free(&lm);
1895
1896 return WBC_ERROR_IS_OK(wbc_status);
1897 }
1898
1899 /* Authenticate a user with a plaintext password */
1900
1901 static bool wbinfo_pam_logon(char *username, bool verbose)
1902 {
1903 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1904 struct wbcLogonUserParams params;
1905 struct wbcLogonUserInfo *info = NULL;
1906 struct wbcAuthErrorInfo *error = NULL;
1907 char *s = NULL;
1908 char *p = NULL;
1909 TALLOC_CTX *frame = talloc_tos();
1910 uint32_t flags;
1911 uint32_t uid;
1912
1913 ZERO_STRUCT(params);
1914
1915 if ((s = talloc_strdup(frame, username)) == NULL) {
1916 return false;
1917 }
1918
1919 if ((p = strchr(s, '%')) != NULL) {
1920 *p = 0;
1921 p++;
1922 params.password = talloc_strdup(frame, p);
1923 } else {
1924 params.password = wbinfo_prompt_pass(frame, NULL, username);
1925 }
1926 params.username = s;
1927
1928 flags = WBFLAG_PAM_CACHED_LOGIN;
1929
1930 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1931 "flags", 0,
1932 (uint8_t *)&flags, sizeof(flags));
1933 if (!WBC_ERROR_IS_OK(wbc_status)) {
1934 d_printf("wbcAddNamedBlob failed: %s\n",
1935 wbcErrorString(wbc_status));
1936 return false;
1937 }
1938
1939 uid = getuid();
1940
1941 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1942 "user_uid", 0,
1943 (uint8_t *)&uid, sizeof(uid));
1944 if (!WBC_ERROR_IS_OK(wbc_status)) {
1945 d_printf("wbcAddNamedBlob failed: %s\n",
1946 wbcErrorString(wbc_status));
1947 return false;
1948 }
1949
1950 wbc_status = wbcLogonUser(&params, &info, &error, NULL);
1951
1952 if (verbose && (info != NULL)) {
1953 struct wbcAuthUserInfo *i = info->info;
1954 uint32_t j;
1955
1956 if (i->account_name != NULL) {
1957 d_printf("account_name: %s\n", i->account_name);
1958 }
1959 if (i->user_principal != NULL) {
1960 d_printf("user_principal: %s\n", i->user_principal);
1961 }
1962 if (i->full_name != NULL) {
1963 d_printf("full_name: %s\n", i->full_name);
1964 }
1965 if (i->domain_name != NULL) {
1966 d_printf("domain_name: %s\n", i->domain_name);
1967 }
1968 if (i->dns_domain_name != NULL) {
1969 d_printf("dns_domain_name: %s\n", i->dns_domain_name);
1970 }
1971 if (i->logon_server != NULL) {
1972 d_printf("logon_server: %s\n", i->logon_server);
1973 }
1974 if (i->logon_script != NULL) {
1975 d_printf("logon_script: %s\n", i->logon_script);
1976 }
1977 if (i->profile_path != NULL) {
1978 d_printf("profile_path: %s\n", i->profile_path);
1979 }
1980 if (i->home_directory != NULL) {
1981 d_printf("home_directory: %s\n", i->home_directory);
1982 }
1983 if (i->home_drive != NULL) {
1984 d_printf("home_drive: %s\n", i->home_drive);
1985 }
1986
1987 d_printf("sids:");
1988
1989 for (j=0; j<i->num_sids; j++) {
1990 char buf[WBC_SID_STRING_BUFLEN];
1991 wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
1992 d_printf(" %s", buf);
1993 }
1994 d_printf("\n");
1995
1996 wbcFreeMemory(info);
1997 info = NULL;
1998 }
1999
2000 wbcFreeMemory(params.blobs);
2001
2002 d_printf("plaintext password authentication %s\n",
2003 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2004
2005 if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
2006 d_fprintf(stderr,
2007 "wbcLogonUser(%s): error code was %s (0x%x)\n"
2008 "error message was: %s\n",
2009 params.username,
2010 error->nt_string,
2011 (int)error->nt_status,
2012 error->display_string);
2013 wbcFreeMemory(error);
2014 }
2015 return WBC_ERROR_IS_OK(wbc_status);
2016 }
2017
2018 /* Save creds with winbind */
2019
2020 static bool wbinfo_ccache_save(char *username)
2021 {
2022 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2023 char *s = NULL;
2024 char *p = NULL;
2025 char *password = NULL;
2026 char *name = NULL;
2027 TALLOC_CTX *frame = talloc_stackframe();
2028
2029 s = talloc_strdup(frame, username);
2030 if (s == NULL) {
2031 return false;
2032 }
2033
2034 p = strchr(s, '%');
2035 if (p != NULL) {
2036 *p = 0;
2037 p++;
2038 password = talloc_strdup(frame, p);
2039 } else {
2040 password = wbinfo_prompt_pass(frame, NULL, username);
2041 }
2042
2043 name = s;
2044
2045 wbc_status = wbcCredentialSave(name, password);
2046
2047 d_printf("saving creds %s\n",
2048 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2049
2050 TALLOC_FREE(frame);
2051
2052 return WBC_ERROR_IS_OK(wbc_status);
2053 }
2054
2055 #ifdef WITH_FAKE_KASERVER
2056 /* Authenticate a user with a plaintext password and set a token */
2057
2058 static bool wbinfo_klog(char *username)
2059 {
2060 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2061 struct winbindd_request request;
2062 struct winbindd_response response;
2063 char *p;
2064
2065 /* Send off request */
2066
2067 ZERO_STRUCT(request);
2068 ZERO_STRUCT(response);
2069
2070 p = strchr(username, '%');
2071
2072 if (p) {
2073 *p = 0;
2074 fstrcpy(request.data.auth.user, username);
2075 fstrcpy(request.data.auth.pass, p + 1);
2076 *p = '%';
2077 } else {
2078 fstrcpy(request.data.auth.user, username);
2079 (void) samba_getpass("Password: ",
2080 request.data.auth.pass,
2081 sizeof(request.data.auth.pass),
2082 false, false);
2083 }
2084
2085 request.flags |= WBFLAG_PAM_AFS_TOKEN;
2086
2087 wbc_status = wbcRequestResponse(NULL, WINBINDD_PAM_AUTH,
2088 &request, &response);
2089
2090 /* Display response */
2091
2092 d_printf("plaintext password authentication %s\n",
2093 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2094
2095 if (response.data.auth.nt_status)
2096 d_fprintf(stderr,
2097 "error code was %s (0x%x)\nerror message was: %s\n",
2098 response.data.auth.nt_status_string,
2099 response.data.auth.nt_status,
2100 response.data.auth.error_string);
2101
2102 if (!WBC_ERROR_IS_OK(wbc_status))
2103 return false;
2104
2105 if (response.extra_data.data == NULL) {
2106 d_fprintf(stderr, "Did not get token data\n");
2107 return false;
2108 }
2109
2110 if (!afs_settoken_str((char *)response.extra_data.data)) {
2111 winbindd_free_response(&response);
2112 d_fprintf(stderr, "Could not set token\n");
2113 return false;
2114 }
2115
2116 winbindd_free_response(&response);
2117 d_printf("Successfully created AFS token\n");
2118 return true;
2119 }
2120 #else
2121 static bool wbinfo_klog(char *username)
2122 {
2123 d_fprintf(stderr, "No AFS support compiled in.\n");
2124 return false;
2125 }
2126 #endif
2127
2128 /* Print domain users */
2129
2130 static bool print_domain_users(const char *domain)
2131 {
2132 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2133 uint32_t i;
2134 uint32_t num_users = 0;
2135 const char **users = NULL;
2136
2137 /* Send request to winbind daemon */
2138
2139 if (domain == NULL) {
2140 domain = get_winbind_domain();
2141 } else {
2142 /* '.' is the special sign for our own domain */
2143 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2144 domain = get_winbind_domain();
2145 /* '*' is the special sign for all domains */
2146 } else if (strcmp(domain, "*") == 0) {
2147 domain = NULL;
2148 }
2149 }
2150
2151 wbc_status = wbcListUsers(domain, &num_users, &users);
2152 if (!WBC_ERROR_IS_OK(wbc_status)) {
2153 return false;
2154 }
2155
2156 for (i=0; i < num_users; i++) {
2157 d_printf("%s\n", users[i]);
2158 }
2159
2160 wbcFreeMemory(users);
2161
2162 return true;
2163 }
2164
2165 /* Print domain groups */
2166
2167 static bool print_domain_groups(const char *domain)
2168 {
2169 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2170 uint32_t i;
2171 uint32_t num_groups = 0;
2172 const char **groups = NULL;
2173
2174 /* Send request to winbind daemon */
2175
2176 if (domain == NULL) {
2177 domain = get_winbind_domain();
2178 } else {
2179 /* '.' is the special sign for our own domain */
2180 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2181 domain = get_winbind_domain();
2182 /* '*' is the special sign for all domains */
2183 } else if (strcmp(domain, "*") == 0) {
2184 domain = NULL;
2185 }
2186 }
2187
2188 wbc_status = wbcListGroups(domain, &num_groups, &groups);
2189 if (!WBC_ERROR_IS_OK(wbc_status)) {
2190 d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
2191 wbcErrorString(wbc_status));
2192 return false;
2193 }
2194
2195 for (i=0; i < num_groups; i++) {
2196 d_printf("%s\n", groups[i]);
2197 }
2198
2199 wbcFreeMemory(groups);
2200
2201 return true;
2202 }
2203
2204 /* Set the authorised user for winbindd access in secrets.tdb */
2205
2206 static bool wbinfo_set_auth_user(char *username)
2207 {
2208 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2209 "See 'net help setauthuser' for details.\n");
2210 return false;
2211 }
2212
2213 static void wbinfo_get_auth_user(void)
2214 {
2215 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2216 "See 'net help getauthuser' for details.\n");
2217 }
2218
2219 static bool wbinfo_ping(void)
2220 {
2221 wbcErr wbc_status;
2222
2223 wbc_status = wbcPing();
2224
2225 /* Display response */
2226
2227 d_printf("Ping to winbindd %s\n",
2228 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2229
2230 return WBC_ERROR_IS_OK(wbc_status);
2231 }
2232
2233 static bool wbinfo_change_user_password(const char *username)
2234 {
2235 wbcErr wbc_status;
2236 char *old_password = NULL;
2237 char *new_password = NULL;
2238 TALLOC_CTX *frame = talloc_tos();
2239
2240 old_password = wbinfo_prompt_pass(frame, "old", username);
2241 new_password = wbinfo_prompt_pass(frame, "new", username);
2242
2243 wbc_status = wbcChangeUserPassword(username, old_password,new_password);
2244
2245 /* Display response */
2246
2247 d_printf("Password change for user %s %s\n", username,
2248 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2249
2250 return WBC_ERROR_IS_OK(wbc_status);
2251 }
2252
2253 /* Main program */
2254
2255 enum {
2256 OPT_SET_AUTH_USER = 1000,
2257 OPT_GET_AUTH_USER,
2258 OPT_DOMAIN_NAME,
2259 OPT_SEQUENCE,
2260 OPT_GETDCNAME,
2261 OPT_DSGETDCNAME,
2262 OPT_DC_INFO,
2263 OPT_USERDOMGROUPS,
2264 OPT_SIDALIASES,
2265 OPT_USERSIDS,
2266 OPT_LOOKUP_SIDS,
2267 OPT_ALLOCATE_UID,
2268 OPT_ALLOCATE_GID,
2269 OPT_SET_UID_MAPPING,
2270 OPT_SET_GID_MAPPING,
2271 OPT_REMOVE_UID_MAPPING,
2272 OPT_REMOVE_GID_MAPPING,
2273 OPT_SIDS_TO_XIDS,
2274 OPT_XIDS_TO_SIDS,
2275 OPT_SEPARATOR,
2276 OPT_LIST_ALL_DOMAINS,
2277 OPT_LIST_OWN_DOMAIN,
2278 OPT_UID_INFO,
2279 OPT_USER_SIDINFO,
2280 OPT_GROUP_INFO,
2281 OPT_GID_INFO,
2282 OPT_VERBOSE,
2283 OPT_ONLINESTATUS,
2284 OPT_CHANGE_USER_PASSWORD,
2285 OPT_CCACHE_SAVE,
2286 OPT_SID_TO_FULLNAME,
2287 OPT_NTLMV1,
2288 OPT_NTLMV2,
2289 OPT_PAM_LOGON,
2290 OPT_LOGOFF,
2291 OPT_LOGOFF_USER,
2292 OPT_LOGOFF_UID,
2293 OPT_LANMAN,
2294 OPT_KRB5CCNAME
2295 };
2296
2297 int main(int argc, const char **argv, char **envp)
2298 {
2299 int opt;
2300 TALLOC_CTX *frame = talloc_stackframe();
2301 poptContext pc;
2302 static char *string_arg;
2303 char *string_subarg = NULL;
2304 static char *opt_domain_name;
2305 static int int_arg;
2306 int int_subarg = -1;
2307 int result = 1;
2308 bool verbose = false;
2309 bool use_ntlmv2 = true;
2310 bool use_lanman = false;
2311 char *logoff_user = getenv("USER");
2312 int logoff_uid = geteuid();
2313 const char *opt_krb5ccname = "FILE";
2314
2315 struct poptOption long_options[] = {
2316 POPT_AUTOHELP
2317
2318 /* longName, shortName, argInfo, argPtr, value, descrip,
2319 argDesc */
2320
2321 {
2322 .longName = "domain-users",
2323 .shortName = 'u',
2324 .argInfo = POPT_ARG_NONE,
2325 .val = 'u',
2326 .descrip = "Lists all domain users",
2327 .argDescrip = "domain"
2328 },
2329 {
2330 .longName = "domain-groups",
2331 .shortName = 'g',
2332 .argInfo = POPT_ARG_NONE,
2333 .val = 'g',
2334 .descrip = "Lists all domain groups",
2335 .argDescrip = "domain"
2336 },
2337 {
2338 .longName = "WINS-by-name",
2339 .shortName = 'N',
2340 .argInfo = POPT_ARG_STRING,
2341 .arg = &string_arg,
2342 .val = 'N',
2343 .descrip = "Converts NetBIOS name to IP",
2344 .argDescrip = "NETBIOS-NAME"
2345 },
2346 {
2347 .longName = "WINS-by-ip",
2348 .shortName = 'I',
2349 .argInfo = POPT_ARG_STRING,
2350 .arg = &string_arg,
2351 .val = 'I',
2352 .descrip = "Converts IP address to NetBIOS name",
2353 .argDescrip = "IP"
2354 },
2355 {
2356 .longName = "name-to-sid",
2357 .shortName = 'n',
2358 .argInfo = POPT_ARG_STRING,
2359 .arg = &string_arg,
2360 .val = 'n',
2361 .descrip = "Converts name to sid",
2362 .argDescrip = "NAME"
2363 },
2364 {
2365 .longName = "sid-to-name",
2366 .shortName = 's',
2367 .argInfo = POPT_ARG_STRING,
2368 .arg = &string_arg,
2369 .val = 's',
2370 .descrip = "Converts sid to name",
2371 .argDescrip = "SID"
2372 },
2373 {
2374 .longName = "sid-to-fullname",
2375 .argInfo = POPT_ARG_STRING,
2376 .arg = &string_arg,
2377 .val = OPT_SID_TO_FULLNAME,
2378 .descrip = "Converts sid to fullname",
2379 .argDescrip = "SID"
2380 },
2381 {
2382 .longName = "lookup-rids",
2383 .shortName = 'R',
2384 .argInfo = POPT_ARG_STRING,
2385 .arg = &string_arg,
2386 .val = 'R',
2387 .descrip = "Converts RIDs to names",
2388 .argDescrip = "RIDs"
2389 },
2390 {
2391 .longName = "lookup-sids",
2392 .argInfo = POPT_ARG_STRING,
2393 .arg = &string_arg,
2394 .val = OPT_LOOKUP_SIDS,
2395 .descrip = "Converts SIDs to types and names",
2396 .argDescrip = "Sid-List"
2397 },
2398 {
2399 .longName = "uid-to-sid",
2400 .shortName = 'U',
2401 .argInfo = POPT_ARG_INT,
2402 .arg = &int_arg,
2403 .val = 'U',
2404 .descrip = "Converts uid to sid",
2405 .argDescrip = "UID"
2406 },
2407 {
2408 .longName = "gid-to-sid",
2409 .shortName = 'G',
2410 .argInfo = POPT_ARG_INT,
2411 .arg = &int_arg,
2412 .val = 'G',
2413 .descrip = "Converts gid to sid",
2414 .argDescrip = "GID"
2415 },
2416 {
2417 .longName = "sid-to-uid",
2418 .shortName = 'S',
2419 .argInfo = POPT_ARG_STRING,
2420 .arg = &string_arg,
2421 .val = 'S',
2422 .descrip = "Converts sid to uid",
2423 .argDescrip = "SID"
2424 },
2425 {
2426 .longName = "sid-to-gid",
2427 .shortName = 'Y',
2428 .argInfo = POPT_ARG_STRING,
2429 .arg = &string_arg,
2430 .val = 'Y',
2431 .descrip = "Converts sid to gid",
2432 .argDescrip = "SID"
2433 },
2434 {
2435 .longName = "allocate-uid",
2436 .argInfo = POPT_ARG_NONE,
2437 .val = OPT_ALLOCATE_UID,
2438 .descrip = "Get a new UID out of idmap"
2439 },
2440 {
2441 .longName = "allocate-gid",
2442 .argInfo = POPT_ARG_NONE,
2443 .val = OPT_ALLOCATE_GID,
2444 .descrip = "Get a new GID out of idmap"
2445 },
2446 {
2447 .longName = "set-uid-mapping",
2448 .argInfo = POPT_ARG_STRING,
2449 .arg = &string_arg,
2450 .val = OPT_SET_UID_MAPPING,
2451 .descrip = "Create or modify uid to sid mapping in "
2452 "idmap",
2453 .argDescrip = "UID,SID"
2454 },
2455 {
2456 .longName = "set-gid-mapping",
2457 .argInfo = POPT_ARG_STRING,
2458 .arg = &string_arg,
2459 .val = OPT_SET_GID_MAPPING,
2460 .descrip = "Create or modify gid to sid mapping in "
2461 "idmap",
2462 .argDescrip = "GID,SID"
2463 },
2464 {
2465 .longName = "remove-uid-mapping",
2466 .argInfo = POPT_ARG_STRING,
2467 .arg = &string_arg,
2468 .val = OPT_REMOVE_UID_MAPPING,
2469 .descrip = "Remove uid to sid mapping in idmap",
2470 .argDescrip = "UID,SID"
2471 },
2472 {
2473 .longName = "remove-gid-mapping",
2474 .argInfo = POPT_ARG_STRING,
2475 .arg = &string_arg,
2476 .val = OPT_REMOVE_GID_MAPPING,
2477 .descrip = "Remove gid to sid mapping in idmap",
2478 .argDescrip = "GID,SID",
2479 },
2480 {
2481 .longName = "sids-to-unix-ids",
2482 .argInfo = POPT_ARG_STRING,
2483 .arg = &string_arg,
2484 .val = OPT_SIDS_TO_XIDS,
2485 .descrip = "Translate SIDs to Unix IDs",
2486 .argDescrip = "Sid-List",
2487 },
2488 {
2489 .longName = "unix-ids-to-sids",
2490 .argInfo = POPT_ARG_STRING,
2491 .arg = &string_arg,
2492 .val = OPT_XIDS_TO_SIDS,
2493 .descrip = "Translate Unix IDs to SIDs",
2494 .argDescrip = "ID-List (u<num> g<num>)",
2495 },
2496 {
2497 .longName = "check-secret",
2498 .shortName = 't',
2499 .argInfo = POPT_ARG_NONE,
2500 .val = 't',
2501 .descrip = "Check shared secret",
2502 },
2503 {
2504 .longName = "change-secret",
2505 .shortName = 'c',
2506 .argInfo = POPT_ARG_NONE,
2507 .val = 'c',
2508 .descrip = "Change shared secret",
2509 },
2510 {
2511 .longName = "ping-dc",
2512 .shortName = 'P',
2513 .argInfo = POPT_ARG_NONE,
2514 .val = 'P',
2515 .descrip = "Check the NETLOGON connection",
2516 },
2517 {
2518 .longName = "trusted-domains",
2519 .shortName = 'm',
2520 .argInfo = POPT_ARG_NONE,
2521 .val = 'm',
2522 .descrip = "List trusted domains",
2523 },
2524 {
2525 .longName = "all-domains",
2526 .argInfo = POPT_ARG_NONE,
2527 .val = OPT_LIST_ALL_DOMAINS,
2528 .descrip = "List all domains (trusted and own "
2529 "domain)",
2530 },
2531 {
2532 .longName = "own-domain",
2533 .argInfo = POPT_ARG_NONE,
2534 .val = OPT_LIST_OWN_DOMAIN,
2535 .descrip = "List own domain",
2536 },
2537 {
2538 .longName = "sequence",
2539 .argInfo = POPT_ARG_NONE,
2540 .val = OPT_SEQUENCE,
2541 .descrip = "Deprecated command, see --online-status",
2542 },
2543 {
2544 .longName = "online-status",
2545 .argInfo = POPT_ARG_NONE,
2546 .val = OPT_ONLINESTATUS,
2547 .descrip = "Show whether domains maintain an active "
2548 "connection",
2549 },
2550 {
2551 .longName = "domain-info",
2552 .shortName = 'D',
2553 .argInfo = POPT_ARG_STRING,
2554 .arg = &string_arg,
2555 .val = 'D',
2556 .descrip = "Show most of the info we have about the "
2557 "domain",
2558 },
2559 {
2560 .longName = "user-info",
2561 .shortName = 'i',
2562 .argInfo = POPT_ARG_STRING,
2563 .arg = &string_arg,
2564 .val = 'i',
2565 .descrip = "Get user info",
2566 .argDescrip = "USER",
2567 },
2568 {
2569 .longName = "uid-info",
2570 .argInfo = POPT_ARG_INT,
2571 .arg = &int_arg,
2572 .val = OPT_UID_INFO,
2573 .descrip = "Get user info from uid",
2574 .argDescrip = "UID",
2575 },
2576 {
2577 .longName = "group-info",
2578 .argInfo = POPT_ARG_STRING,
2579 .arg = &string_arg,
2580 .val = OPT_GROUP_INFO,
2581 .descrip = "Get group info",
2582 .argDescrip = "GROUP",
2583 },
2584 {
2585 .longName = "user-sidinfo",
2586 .argInfo = POPT_ARG_STRING,
2587 .arg = &string_arg,
2588 .val = OPT_USER_SIDINFO,
2589 .descrip = "Get user info from sid",
2590 .argDescrip = "SID",
2591 },
2592 {
2593 .longName = "gid-info",
2594 .argInfo = POPT_ARG_INT,
2595 .arg = &int_arg,
2596 .val = OPT_GID_INFO,
2597 .descrip = "Get group info from gid",
2598 .argDescrip = "GID",
2599 },
2600 {
2601 .longName = "user-groups",
2602 .shortName = 'r',
2603 .argInfo = POPT_ARG_STRING,
2604 .arg = &string_arg,
2605 .val = 'r',
2606 .descrip = "Get user groups",
2607 .argDescrip = "USER",
2608 },
2609 {
2610 .longName = "user-domgroups",
2611 .argInfo = POPT_ARG_STRING,
2612 .arg = &string_arg,
2613 .val = OPT_USERDOMGROUPS,
2614 .descrip = "Get user domain groups",
2615 .argDescrip = "SID",
2616 },
2617 {
2618 .longName = "sid-aliases",
2619 .argInfo = POPT_ARG_STRING,
2620 .arg = &string_arg,
2621 .val = OPT_SIDALIASES,
2622 .descrip = "Get sid aliases",
2623 .argDescrip = "SID",
2624 },
2625 {
2626 .longName = "user-sids",
2627 .argInfo = POPT_ARG_STRING,
2628 .arg = &string_arg,
2629 .val = OPT_USERSIDS,
2630 .descrip = "Get user group sids for user SID",
2631 .argDescrip = "SID",
2632 },
2633 {
2634 .longName = "authenticate",
2635 .shortName = 'a',
2636 .argInfo = POPT_ARG_STRING,
2637 .arg = &string_arg,
2638 .val = 'a',
2639 .descrip = "authenticate user",
2640 .argDescrip = "user%password",
2641 },
2642 {
2643 .longName = "pam-logon",
2644 .argInfo = POPT_ARG_STRING,
2645 .arg = &string_arg,
2646 .val = OPT_PAM_LOGON,
2647 .descrip = "do a pam logon equivalent",
2648 .argDescrip = "user%password",
2649 },
2650 {
2651 .longName = "logoff",
2652 .argInfo = POPT_ARG_NONE,
2653 .val = OPT_LOGOFF,
2654 .descrip = "log off user",
2655 .argDescrip = "uid",
2656 },
2657 {
2658 .longName = "logoff-user",
2659 .argInfo = POPT_ARG_STRING,
2660 .arg = &logoff_user,
2661 .val = OPT_LOGOFF_USER,
2662 .descrip = "username to log off"
2663 },
2664 {
2665 .longName = "logoff-uid",
2666 .argInfo = POPT_ARG_INT,
2667 .arg = &logoff_uid,
2668 .val = OPT_LOGOFF_UID,
2669 .descrip = "uid to log off",
2670 },
2671 {
2672 .longName = "set-auth-user",
2673 .argInfo = POPT_ARG_STRING,
2674 .arg = &string_arg,
2675 .val = OPT_SET_AUTH_USER,
2676 .descrip = "Store user and password used by "
2677 "winbindd (root only)",
2678 .argDescrip = "user%password",
2679 },
2680 {
2681 .longName = "ccache-save",
2682 .shortName = 0,
2683 .argInfo = POPT_ARG_STRING,
2684 .arg = &string_arg,
2685 .val = OPT_CCACHE_SAVE,
2686 .descrip = "Store user and password for ccache "
2687 "operation",
2688 .argDescrip = "user%password",
2689 },
2690 {
2691 .longName = "getdcname",
2692 .argInfo = POPT_ARG_STRING,
2693 .arg = &string_arg,
2694 .val = OPT_GETDCNAME,
2695 .descrip = "Get a DC name for a foreign domain",
2696 .argDescrip = "domainname",
2697 },
2698 {
2699 .longName = "dsgetdcname",
2700 .argInfo = POPT_ARG_STRING,
2701 .arg = &string_arg,
2702 .val = OPT_DSGETDCNAME,
2703 .descrip = "Find a DC for a domain",
2704 .argDescrip = "domainname",
2705 },
2706 {
2707 .longName = "dc-info",
2708 .argInfo = POPT_ARG_STRING,
2709 .arg = &string_arg,
2710 .val = OPT_DC_INFO,
2711 .descrip = "Find the currently known DCs",
2712 .argDescrip = "domainname",
2713 },
2714 {
2715 .longName = "get-auth-user",
2716 .argInfo = POPT_ARG_NONE,
2717 .val = OPT_GET_AUTH_USER,
2718 .descrip = "Retrieve user and password used by "
2719 "winbindd (root only)",
2720 },
2721 {
2722 .longName = "ping",
2723 .shortName = 'p',
2724 .argInfo = POPT_ARG_NONE,
2725 .arg = 0,
2726 .val = 'p',
2727 .descrip = "Ping winbindd to see if it is alive",
2728 },
2729 {
2730 .longName = "domain",
2731 .shortName = 0,
2732 .argInfo = POPT_ARG_STRING,
2733 .arg = &opt_domain_name,
2734 .val = OPT_DOMAIN_NAME,
2735 .descrip = "Define to the domain to restrict "
2736 "operation",
2737 .argDescrip = "domain",
2738 },
2739 #ifdef WITH_FAKE_KASERVER
2740 {
2741 .longName = "klog",
2742 .shortName = 'k',
2743 .argInfo = POPT_ARG_STRING,
2744 .arg = &string_arg,
2745 .val = 'k',
2746 .descrip = "set an AFS token from winbind",
2747 .argDescrip = "user%password",
2748 },
2749 #endif
2750 #ifdef HAVE_KRB5
2751 {
2752 .longName = "krb5auth",
2753 .shortName = 'K',
2754 .argInfo = POPT_ARG_STRING,
2755 .arg = &string_arg,
2756 .val = 'K',
2757 .descrip = "authenticate user using Kerberos",
2758 .argDescrip = "user%password",
2759 },
2760 /* destroys wbinfo --help output */
2761 /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
2762 */
2763 {
2764 .longName = "krb5ccname",
2765 .argInfo = POPT_ARG_STRING,
2766 .arg = &opt_krb5ccname,
2767 .val = OPT_KRB5CCNAME,
2768 .descrip = "authenticate user using Kerberos and "
2769 "specific credential cache type",
2770 .argDescrip = "krb5ccname",
2771 },
2772 #endif
2773 {
2774 .longName = "separator",
2775 .argInfo = POPT_ARG_NONE,
2776 .val = OPT_SEPARATOR,
2777 .descrip = "Get the active winbind separator",
2778 },
2779 {
2780 .longName = "verbose",
2781 .argInfo = POPT_ARG_NONE,
2782 .val = OPT_VERBOSE,
2783 .descrip = "Print additional information per command",
2784 },
2785 {
2786 .longName = "change-user-password",
2787 .argInfo = POPT_ARG_STRING,
2788 .arg = &string_arg,
2789 .val = OPT_CHANGE_USER_PASSWORD,
2790 .descrip = "Change the password for a user",
2791 },
2792 {
2793 .longName = "ntlmv1",
2794 .argInfo = POPT_ARG_NONE,
2795 .val = OPT_NTLMV1,
2796 .descrip = "Use NTLMv1 cryptography for user authentication",
2797 },
2798 {
2799 .longName = "ntlmv2",
2800 .argInfo = POPT_ARG_NONE,
2801 .val = OPT_NTLMV2,
2802 .descrip = "Use NTLMv2 cryptography for user authentication",
2803 },
2804 {
2805 .longName = "lanman",
2806 .argInfo = POPT_ARG_NONE,
2807 .val = OPT_LANMAN,
2808 .descrip = "Use lanman cryptography for user authentication",
2809 },
2810 POPT_COMMON_VERSION
2811 POPT_TABLEEND
2812 };
2813
2814 /* Samba client initialisation */
2815 smb_init_locale();
2816
2817
2818 /* Parse options */
2819
2820 pc = samba_popt_get_context(getprogname(),
2821 argc,
2822 argv,
2823 long_options,
2824 0);
2825 if (pc == NULL) {
2826 DBG_ERR("Failed to setup popt context!\n");
2827 exit(1);
2828 }
2829
2830 /* Parse command line options */
2831
2832 if (argc == 1) {
2833 poptPrintHelp(pc, stderr, 0);
2834 return 1;
2835 }
2836
2837 while((opt = poptGetNextOpt(pc)) != -1) {
2838 /* get the generic configuration parameters like --domain */
2839 switch (opt) {
2840 case OPT_VERBOSE:
2841 verbose = true;
2842 break;
2843 case OPT_NTLMV1:
2844 use_ntlmv2 = false;
2845 break;
2846 case OPT_LANMAN:
2847 use_lanman = true;
2848 break;
2849 }
2850 }
2851
2852 poptFreeContext(pc);
2853
2854 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
2855 POPT_CONTEXT_KEEP_FIRST);
2856
2857 while((opt = poptGetNextOpt(pc)) != -1) {
2858 switch (opt) {
2859 case 'u':
2860 if (!print_domain_users(opt_domain_name)) {
2861 d_fprintf(stderr,
2862 "Error looking up domain users\n");
2863 goto done;
2864 }
2865 break;
2866 case 'g':
2867 if (!print_domain_groups(opt_domain_name)) {
2868 d_fprintf(stderr,
2869 "Error looking up domain groups\n");
2870 goto done;
2871 }
2872 break;
2873 case 's':
2874 if (!wbinfo_lookupsid(string_arg)) {
2875 d_fprintf(stderr,
2876 "Could not lookup sid %s\n",
2877 string_arg);
2878 goto done;
2879 }
2880 break;
2881 case OPT_SID_TO_FULLNAME:
2882 if (!wbinfo_lookupsid_fullname(string_arg)) {
2883 d_fprintf(stderr, "Could not lookup sid %s\n",
2884 string_arg);
2885 goto done;
2886 }
2887 break;
2888 case 'R':
2889 if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2890 d_fprintf(stderr, "Could not lookup RIDs %s\n",
2891 string_arg);
2892 goto done;
2893 }
2894 break;
2895 case OPT_LOOKUP_SIDS:
2896 if (!wbinfo_lookup_sids(string_arg)) {
2897 d_fprintf(stderr, "Could not lookup SIDs %s\n",
2898 string_arg);
2899 goto done;
2900 }
2901 break;
2902 case 'n':
2903 if (!wbinfo_lookupname(string_arg)) {
2904 d_fprintf(stderr, "Could not lookup name %s\n",
2905 string_arg);
2906 goto done;
2907 }
2908 break;
2909 case 'N':
2910 if (!wbinfo_wins_byname(string_arg)) {
2911 d_fprintf(stderr,
2912 "Could not lookup WINS by name %s\n",
2913 string_arg);
2914 goto done;
2915 }
2916 break;
2917 case 'I':
2918 if (!wbinfo_wins_byip(string_arg)) {
2919 d_fprintf(stderr,
2920 "Could not lookup WINS by IP %s\n",
2921 string_arg);
2922 goto done;
2923 }
2924 break;
2925 case 'U':
2926 if (!wbinfo_uid_to_sid(int_arg)) {
2927 d_fprintf(stderr,
2928 "Could not convert uid %d to sid\n",
2929 int_arg);
2930 goto done;
2931 }
2932 break;
2933 case 'G':
2934 if (!wbinfo_gid_to_sid(int_arg)) {
2935 d_fprintf(stderr,
2936 "Could not convert gid %d to sid\n",
2937 int_arg);
2938 goto done;
2939 }
2940 break;
2941 case 'S':
2942 if (!wbinfo_sid_to_uid(string_arg)) {
2943 d_fprintf(stderr,
2944 "Could not convert sid %s to uid\n",
2945 string_arg);
2946 goto done;
2947 }
2948 break;
2949 case 'Y':
2950 if (!wbinfo_sid_to_gid(string_arg)) {
2951 d_fprintf(stderr,
2952 "Could not convert sid %s to gid\n",
2953 string_arg);
2954 goto done;
2955 }
2956 break;
2957 case OPT_ALLOCATE_UID:
2958 if (!wbinfo_allocate_uid()) {
2959 d_fprintf(stderr, "Could not allocate a uid\n");
2960 goto done;
2961 }
2962 break;
2963 case OPT_ALLOCATE_GID:
2964 if (!wbinfo_allocate_gid()) {
2965 d_fprintf(stderr, "Could not allocate a gid\n");
2966 goto done;
2967 }
2968 break;
2969 case OPT_SET_UID_MAPPING:
2970 if (!parse_mapping_arg(string_arg, &int_subarg,
2971 &string_subarg) ||
2972 !wbinfo_set_uid_mapping(int_subarg, string_subarg))
2973 {
2974 d_fprintf(stderr, "Could not create or modify "
2975 "uid to sid mapping\n");
2976 goto done;
2977 }
2978 break;
2979 case OPT_SET_GID_MAPPING:
2980 if (!parse_mapping_arg(string_arg, &int_subarg,
2981 &string_subarg) ||
2982 !wbinfo_set_gid_mapping(int_subarg, string_subarg))
2983 {
2984 d_fprintf(stderr, "Could not create or modify "
2985 "gid to sid mapping\n");
2986 goto done;
2987 }
2988 break;
2989 case OPT_REMOVE_UID_MAPPING:
2990 if (!parse_mapping_arg(string_arg, &int_subarg,
2991 &string_subarg) ||
2992 !wbinfo_remove_uid_mapping(int_subarg,
2993 string_subarg))
2994 {
2995 d_fprintf(stderr, "Could not remove uid to sid "
2996 "mapping\n");
2997 goto done;
2998 }
2999 break;
3000 case OPT_REMOVE_GID_MAPPING:
3001 if (!parse_mapping_arg(string_arg, &int_subarg,
3002 &string_subarg) ||
3003 !wbinfo_remove_gid_mapping(int_subarg,
3004 string_subarg))
3005 {
3006 d_fprintf(stderr, "Could not remove gid to sid "
3007 "mapping\n");
3008 goto done;
3009 }
3010 break;
3011 case OPT_SIDS_TO_XIDS:
3012 if (!wbinfo_sids_to_unix_ids(string_arg)) {
3013 d_fprintf(stderr, "wbinfo_sids_to_unix_ids "
3014 "failed\n");
3015 goto done;
3016 }
3017 break;
3018 case OPT_XIDS_TO_SIDS:
3019 if (!wbinfo_xids_to_sids(string_arg)) {
3020 d_fprintf(stderr, "wbinfo_xids_to_sids "
3021 "failed\n");
3022 goto done;
3023 }
3024 break;
3025 case 't':
3026 if (!wbinfo_check_secret(opt_domain_name)) {
3027 d_fprintf(stderr, "Could not check secret\n");
3028 goto done;
3029 }
3030 break;
3031 case 'c':
3032 if (!wbinfo_change_secret(opt_domain_name)) {
3033 d_fprintf(stderr, "Could not change secret\n");
3034 goto done;
3035 }
3036 break;
3037 case 'P':
3038 if (!wbinfo_ping_dc(opt_domain_name)) {
3039 goto done;
3040 }
3041 break;
3042 case 'm':
3043 if (!wbinfo_list_domains(false, verbose)) {
3044 d_fprintf(stderr,
3045 "Could not list trusted domains\n");
3046 goto done;
3047 }
3048 break;
3049 case OPT_SEQUENCE:
3050 if (!wbinfo_show_sequence(opt_domain_name)) {
3051 d_fprintf(stderr,
3052 "Could not show sequence numbers\n");
3053 goto done;
3054 }
3055 break;
3056 case OPT_ONLINESTATUS:
3057 if (!wbinfo_show_onlinestatus(opt_domain_name)) {
3058 d_fprintf(stderr,
3059 "Could not show online-status\n");
3060 goto done;
3061 }
3062 break;
3063 case 'D':
3064 if (!wbinfo_domain_info(string_arg)) {
3065 d_fprintf(stderr,
3066 "Could not get domain info\n");
3067 goto done;
3068 }
3069 break;
3070 case 'i':
3071 if (!wbinfo_get_userinfo(string_arg)) {
3072 d_fprintf(stderr,
3073 "Could not get info for user %s\n",
3074 string_arg);
3075 goto done;
3076 }
3077 break;
3078 case OPT_USER_SIDINFO:
3079 if ( !wbinfo_get_user_sidinfo(string_arg)) {
3080 d_fprintf(stderr,
3081 "Could not get info for user "
3082 "sid %s\n", string_arg);
3083 goto done;
3084 }
3085 break;
3086 case OPT_UID_INFO:
3087 if ( !wbinfo_get_uidinfo(int_arg)) {
3088 d_fprintf(stderr, "Could not get info for uid "
3089 "%d\n", int_arg);
3090 goto done;
3091 }
3092 break;
3093 case OPT_GROUP_INFO:
3094 if ( !wbinfo_get_groupinfo(string_arg)) {
3095 d_fprintf(stderr, "Could not get info for "
3096 "group %s\n", string_arg);
3097 goto done;
3098 }
3099 break;
3100 case OPT_GID_INFO:
3101 if ( !wbinfo_get_gidinfo(int_arg)) {
3102 d_fprintf(stderr, "Could not get info for gid "
3103 "%d\n", int_arg);
3104 goto done;
3105 }
3106 break;
3107 case 'r':
3108 if (!wbinfo_get_usergroups(string_arg)) {
3109 d_fprintf(stderr,
3110 "Could not get groups for user %s\n",
3111 string_arg);
3112 goto done;
3113 }
3114 break;
3115 case OPT_USERSIDS:
3116 if (!wbinfo_get_usersids(string_arg)) {
3117 d_fprintf(stderr, "Could not get group SIDs "
3118 "for user SID %s\n",
3119 string_arg);
3120 goto done;
3121 }
3122 break;
3123 case OPT_USERDOMGROUPS:
3124 if (!wbinfo_get_userdomgroups(string_arg)) {
3125 d_fprintf(stderr, "Could not get user's domain "
3126 "groups for user SID %s\n",
3127 string_arg);
3128 goto done;
3129 }
3130 break;
3131 case OPT_SIDALIASES:
3132 if (!wbinfo_get_sidaliases(opt_domain_name,
3133 string_arg)) {
3134 d_fprintf(stderr, "Could not get sid aliases "
3135 "for user SID %s\n", string_arg);
3136 goto done;
3137 }
3138 break;
3139 case 'a': {
3140 bool got_error = false;
3141
3142 if (!wbinfo_auth(string_arg)) {
3143 d_fprintf(stderr,
3144 "Could not authenticate user "
3145 "%s with plaintext "
3146 "password\n", string_arg);
3147 got_error = true;
3148 }
3149
3150 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
3151 use_lanman)) {
3152 d_fprintf(stderr,
3153 "Could not authenticate user "
3154 "%s with challenge/response\n",
3155 string_arg);
3156 got_error = true;
3157 }
3158
3159 if (got_error)
3160 goto done;
3161 break;
3162 }
3163 case OPT_PAM_LOGON:
3164 if (!wbinfo_pam_logon(string_arg, verbose)) {
3165 d_fprintf(stderr, "pam_logon failed for %s\n",
3166 string_arg);
3167 goto done;
3168 }
3169 break;
3170 case OPT_LOGOFF:
3171 {
3172 wbcErr wbc_status;
3173
3174 wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
3175 "");
3176 d_printf("Logoff %s (%d): %s\n", logoff_user,
3177 logoff_uid, wbcErrorString(wbc_status));
3178 break;
3179 }
3180 case 'K': {
3181 uint32_t flags = WBFLAG_PAM_KRB5 |
3182 WBFLAG_PAM_CACHED_LOGIN |
3183 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
3184 WBFLAG_PAM_INFO3_TEXT |
3185 WBFLAG_PAM_CONTACT_TRUSTDOM;
3186
3187 if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
3188 flags)) {
3189 d_fprintf(stderr,
3190 "Could not authenticate user "
3191 "[%s] with Kerberos "
3192 "(ccache: %s)\n", string_arg,
3193 opt_krb5ccname);
3194 goto done;
3195 }
3196 break;
3197 }
3198 case 'k':
3199 if (!wbinfo_klog(string_arg)) {
3200 d_fprintf(stderr, "Could not klog user\n");
3201 goto done;
3202 }
3203 break;
3204 case 'p':
3205 if (!wbinfo_ping()) {
3206 d_fprintf(stderr, "could not ping winbindd!\n");
3207 goto done;
3208 }
3209 break;
3210 case OPT_SET_AUTH_USER:
3211 if (!wbinfo_set_auth_user(string_arg)) {
3212 goto done;
3213 }
3214 break;
3215 case OPT_GET_AUTH_USER:
3216 wbinfo_get_auth_user();
3217 goto done;
3218 break;
3219 case OPT_CCACHE_SAVE:
3220 if (!wbinfo_ccache_save(string_arg)) {
3221 goto done;
3222 }
3223 break;
3224 case OPT_GETDCNAME:
3225 if (!wbinfo_getdcname(string_arg)) {
3226 goto done;
3227 }
3228 break;
3229 case OPT_DSGETDCNAME:
3230 if (!wbinfo_dsgetdcname(string_arg, 0)) {
3231 goto done;
3232 }
3233 break;
3234 case OPT_DC_INFO:
3235 if (!wbinfo_dc_info(string_arg)) {
3236 goto done;
3237 }
3238 break;
3239 case OPT_SEPARATOR: {
3240 const char sep = winbind_separator();
3241 if ( !sep ) {
3242 goto done;
3243 }
3244 d_printf("%c\n", sep);
3245 break;
3246 }
3247 case OPT_LIST_ALL_DOMAINS:
3248 if (!wbinfo_list_domains(true, verbose)) {
3249 goto done;
3250 }
3251 break;
3252 case OPT_LIST_OWN_DOMAIN:
3253 if (!wbinfo_list_own_domain()) {
3254 goto done;
3255 }
3256 break;
3257 case OPT_CHANGE_USER_PASSWORD:
3258 if (!wbinfo_change_user_password(string_arg)) {
3259 d_fprintf(stderr,
3260 "Could not change user password "
3261 "for user %s\n", string_arg);
3262 goto done;
3263 }
3264 break;
3265
3266 /* generic configuration options */
3267 case OPT_DOMAIN_NAME:
3268 case OPT_VERBOSE:
3269 case OPT_NTLMV1:
3270 case OPT_NTLMV2:
3271 case OPT_LANMAN:
3272 case OPT_LOGOFF_USER:
3273 case OPT_LOGOFF_UID:
3274 case OPT_KRB5CCNAME:
3275 break;
3276 default:
3277 d_fprintf(stderr, "Invalid option\n");
3278 poptPrintHelp(pc, stderr, 0);
3279 goto done;
3280 }
3281 }
3282
3283 result = 0;
3284
3285 /* Exit code */
3286
3287 done:
3288 talloc_free(frame);
3289
3290 poptFreeContext(pc);
3291 return result;
3292 }
Samba GIT mirror