2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2003
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "winbind_client.h"
25 #include "libwbclient/wbclient.h"
28 #define DBGC_CLASS DBGC_WINBIND
30 static struct wbcInterfaceDetails
*init_interface_details(void)
32 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
33 static struct wbcInterfaceDetails
*details
;
39 wbc_status
= wbcInterfaceDetails(&details
);
40 if (!WBC_ERROR_IS_OK(wbc_status
)) {
41 d_fprintf(stderr
, "could not obtain winbind interface details!\n");
47 static char winbind_separator_int(bool strict
)
49 struct wbcInterfaceDetails
*details
;
56 details
= init_interface_details();
59 d_fprintf(stderr
, "could not obtain winbind separator!\n");
63 /* HACK: (this module should not call lp_ funtions) */
64 return *lp_winbind_separator();
67 sep
= details
->winbind_separator
;
71 d_fprintf(stderr
, "winbind separator was NULL!\n");
75 /* HACK: (this module should not call lp_ funtions) */
76 sep
= *lp_winbind_separator();
82 static char winbind_separator(void)
84 return winbind_separator_int(false);
87 static const char *get_winbind_domain(void)
89 static struct wbcInterfaceDetails
*details
;
91 details
= init_interface_details();
94 d_fprintf(stderr
, "could not obtain winbind domain name!\n");
96 /* HACK: (this module should not call lp_ functions) */
97 return lp_workgroup();
100 return details
->netbios_domain
;
103 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
104 form DOMAIN/user into a domain and a user */
106 static bool parse_wbinfo_domain_user(const char *domuser
, fstring domain
,
110 char *p
= strchr(domuser
,winbind_separator());
113 /* Maybe it was a UPN? */
114 if ((p
= strchr(domuser
, '@')) != NULL
) {
116 fstrcpy(user
, domuser
);
120 fstrcpy(user
, domuser
);
121 fstrcpy(domain
, get_winbind_domain());
126 fstrcpy(domain
, domuser
);
127 domain
[PTR_DIFF(p
, domuser
)] = 0;
133 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
134 * Return true if input was valid, false otherwise. */
135 static bool parse_mapping_arg(char *arg
, int *id
, char **sid
)
142 tmp
= strtok(arg
, ",");
143 *sid
= strtok(NULL
, ",");
145 if (!tmp
|| !*tmp
|| !*sid
|| !**sid
)
148 /* Because atoi() can return 0 on invalid input, which would be a valid
149 * UID/GID we must use strtol() and do error checking */
150 *id
= strtol(tmp
, &endptr
, 10);
152 if (endptr
[0] != '\0')
158 /* pull pwent info for a given user */
160 static bool wbinfo_get_userinfo(char *user
)
162 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
163 struct passwd
*pwd
= NULL
;
165 wbc_status
= wbcGetpwnam(user
, &pwd
);
166 if (!WBC_ERROR_IS_OK(wbc_status
)) {
170 d_printf("%s:%s:%d:%d:%s:%s:%s\n",
182 /* pull pwent info for a given uid */
183 static bool wbinfo_get_uidinfo(int uid
)
185 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
186 struct passwd
*pwd
= NULL
;
188 wbc_status
= wbcGetpwuid(uid
, &pwd
);
189 if (!WBC_ERROR_IS_OK(wbc_status
)) {
193 d_printf("%s:%s:%d:%d:%s:%s:%s\n",
205 /* pull grent for a given group */
206 static bool wbinfo_get_groupinfo(const char *group
)
208 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
211 wbc_status
= wbcGetgrnam(group
, &grp
);
212 if (!WBC_ERROR_IS_OK(wbc_status
)) {
216 d_printf("%s:%s:%d\n",
226 /* List groups a user is a member of */
228 static bool wbinfo_get_usergroups(const char *user
)
230 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
233 gid_t
*groups
= NULL
;
237 wbc_status
= wbcGetGroups(user
, &num_groups
, &groups
);
238 if (!WBC_ERROR_IS_OK(wbc_status
)) {
242 for (i
= 0; i
< num_groups
; i
++) {
243 d_printf("%d\n", (int)groups
[i
]);
246 wbcFreeMemory(groups
);
252 /* List group SIDs a user SID is a member of */
253 static bool wbinfo_get_usersids(const char *user_sid_str
)
255 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
258 struct wbcDomainSid user_sid
, *sids
= NULL
;
262 wbc_status
= wbcStringToSid(user_sid_str
, &user_sid
);
263 if (!WBC_ERROR_IS_OK(wbc_status
)) {
267 wbc_status
= wbcLookupUserSids(&user_sid
, false, &num_sids
, &sids
);
268 if (!WBC_ERROR_IS_OK(wbc_status
)) {
272 for (i
= 0; i
< num_sids
; i
++) {
274 wbc_status
= wbcSidToString(&sids
[i
], &str
);
275 if (!WBC_ERROR_IS_OK(wbc_status
)) {
279 d_printf("%s\n", str
);
288 static bool wbinfo_get_userdomgroups(const char *user_sid_str
)
290 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
293 struct wbcDomainSid user_sid
, *sids
= NULL
;
297 wbc_status
= wbcStringToSid(user_sid_str
, &user_sid
);
298 if (!WBC_ERROR_IS_OK(wbc_status
)) {
302 wbc_status
= wbcLookupUserSids(&user_sid
, true, &num_sids
, &sids
);
303 if (!WBC_ERROR_IS_OK(wbc_status
)) {
307 for (i
= 0; i
< num_sids
; i
++) {
309 wbc_status
= wbcSidToString(&sids
[i
], &str
);
310 if (!WBC_ERROR_IS_OK(wbc_status
)) {
314 d_printf("%s\n", str
);
323 /* Convert NetBIOS name to IP */
325 static bool wbinfo_wins_byname(const char *name
)
327 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
330 wbc_status
= wbcResolveWinsByName(name
, &ip
);
331 if (!WBC_ERROR_IS_OK(wbc_status
)) {
335 /* Display response */
337 d_printf("%s\n", ip
);
344 /* Convert IP to NetBIOS name */
346 static bool wbinfo_wins_byip(const char *ip
)
348 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
351 wbc_status
= wbcResolveWinsByIP(ip
, &name
);
352 if (!WBC_ERROR_IS_OK(wbc_status
)) {
356 /* Display response */
358 d_printf("%s\n", name
);
365 /* List all/trusted domains */
367 static bool wbinfo_list_domains(bool list_all_domains
, bool verbose
)
369 struct wbcDomainInfo
*domain_list
= NULL
;
371 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
372 bool print_all
= !list_all_domains
&& verbose
;
375 wbc_status
= wbcListTrusts(&domain_list
, &num_domains
);
376 if (!WBC_ERROR_IS_OK(wbc_status
)) {
381 d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
382 "Domain Name", "DNS Domain", "Trust Type",
383 "Transitive", "In", "Out");
386 for (i
=0; i
<num_domains
; i
++) {
388 d_printf("%-16s", domain_list
[i
].short_name
);
390 d_printf("%s", domain_list
[i
].short_name
);
395 d_printf("%-24s", domain_list
[i
].dns_name
);
397 switch(domain_list
[i
].trust_type
) {
398 case WBC_DOMINFO_TRUSTTYPE_NONE
:
401 case WBC_DOMINFO_TRUSTTYPE_FOREST
:
404 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL
:
405 d_printf("External ");
407 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST
:
408 d_printf("In-Forest ");
412 if (domain_list
[i
].trust_flags
& WBC_DOMINFO_TRUST_TRANSITIVE
) {
418 if (domain_list
[i
].trust_flags
& WBC_DOMINFO_TRUST_INCOMING
) {
424 if (domain_list
[i
].trust_flags
& WBC_DOMINFO_TRUST_OUTGOING
) {
436 /* List own domain */
438 static bool wbinfo_list_own_domain(void)
440 d_printf("%s\n", get_winbind_domain());
445 /* show sequence numbers */
446 static bool wbinfo_show_sequence(const char *domain
)
448 d_printf("This command has been deprecated. Please use the --online-status option instead.\n");
452 /* show sequence numbers */
453 static bool wbinfo_show_onlinestatus(const char *domain
)
455 struct wbcDomainInfo
*domain_list
= NULL
;
457 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
460 wbc_status
= wbcListTrusts(&domain_list
, &num_domains
);
461 if (!WBC_ERROR_IS_OK(wbc_status
)) {
465 for (i
=0; i
<num_domains
; i
++) {
469 if (!strequal(domain_list
[i
].short_name
, domain
)) {
474 is_offline
= (domain_list
[i
].domain_flags
& WBC_DOMINFO_DOMAIN_OFFLINE
);
476 d_printf("%s : %s\n",
477 domain_list
[i
].short_name
,
478 is_offline
? "offline" : "online" );
485 /* Show domain info */
487 static bool wbinfo_domain_info(const char *domain
)
489 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
490 struct wbcDomainInfo
*dinfo
= NULL
;
491 char *sid_str
= NULL
;
493 if ((domain
== NULL
) || (strequal(domain
, ".")) || (domain
[0] == '\0')) {
494 domain
= get_winbind_domain();
499 wbc_status
= wbcDomainInfo(domain
, &dinfo
);
500 if (!WBC_ERROR_IS_OK(wbc_status
)) {
504 wbc_status
= wbcSidToString(&dinfo
->sid
, &sid_str
);
505 if (!WBC_ERROR_IS_OK(wbc_status
)) {
506 wbcFreeMemory(dinfo
);
510 /* Display response */
512 d_printf("Name : %s\n", dinfo
->short_name
);
513 d_printf("Alt_Name : %s\n", dinfo
->dns_name
);
515 d_printf("SID : %s\n", sid_str
);
517 d_printf("Active Directory : %s\n",
518 (dinfo
->domain_flags
& WBC_DOMINFO_DOMAIN_AD
) ? "Yes" : "No");
519 d_printf("Native : %s\n",
520 (dinfo
->domain_flags
& WBC_DOMINFO_DOMAIN_NATIVE
) ? "Yes" : "No");
522 d_printf("Primary : %s\n",
523 (dinfo
->domain_flags
& WBC_DOMINFO_DOMAIN_PRIMARY
) ? "Yes" : "No");
525 wbcFreeMemory(sid_str
);
526 wbcFreeMemory(dinfo
);
531 /* Get a foreign DC's name */
532 static bool wbinfo_getdcname(const char *domain_name
)
534 struct winbindd_request request
;
535 struct winbindd_response response
;
537 ZERO_STRUCT(request
);
538 ZERO_STRUCT(response
);
540 fstrcpy(request
.domain_name
, domain_name
);
544 if (winbindd_request_response(WINBINDD_GETDCNAME
, &request
, &response
) !=
545 NSS_STATUS_SUCCESS
) {
546 d_fprintf(stderr
, "Could not get dc name for %s\n", domain_name
);
550 /* Display response */
552 d_printf("%s\n", response
.data
.dc_name
);
558 static bool wbinfo_dsgetdcname(const char *domain_name
, uint32_t flags
)
560 struct winbindd_request request
;
561 struct winbindd_response response
;
563 ZERO_STRUCT(request
);
564 ZERO_STRUCT(response
);
566 fstrcpy(request
.data
.dsgetdcname
.domain_name
, domain_name
);
567 request
.data
.dsgetdcname
.flags
= flags
;
569 request
.flags
|= DS_DIRECTORY_SERVICE_REQUIRED
;
573 if (winbindd_request_response(WINBINDD_DSGETDCNAME
, &request
, &response
) !=
574 NSS_STATUS_SUCCESS
) {
575 d_fprintf(stderr
, "Could not find dc for %s\n", domain_name
);
579 /* Display response */
581 d_printf("%s\n", response
.data
.dsgetdcname
.dc_unc
);
582 d_printf("%s\n", response
.data
.dsgetdcname
.dc_address
);
583 d_printf("%d\n", response
.data
.dsgetdcname
.dc_address_type
);
584 d_printf("%s\n", response
.data
.dsgetdcname
.domain_guid
);
585 d_printf("%s\n", response
.data
.dsgetdcname
.domain_name
);
586 d_printf("%s\n", response
.data
.dsgetdcname
.forest_name
);
587 d_printf("0x%08x\n", response
.data
.dsgetdcname
.dc_flags
);
588 d_printf("%s\n", response
.data
.dsgetdcname
.dc_site_name
);
589 d_printf("%s\n", response
.data
.dsgetdcname
.client_site_name
);
594 /* Check trust account password */
596 static bool wbinfo_check_secret(void)
598 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
599 struct wbcAuthErrorInfo
*error
= NULL
;
601 wbc_status
= wbcCheckTrustCredentials(NULL
, &error
);
603 d_printf("checking the trust secret via RPC calls %s\n",
604 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
606 if (wbc_status
== WBC_ERR_AUTH_ERROR
) {
607 d_fprintf(stderr
, "error code was %s (0x%x)\n",
608 error
->nt_string
, error
->nt_status
);
609 wbcFreeMemory(error
);
611 if (!WBC_ERROR_IS_OK(wbc_status
)) {
618 /* Convert uid to sid */
620 static bool wbinfo_uid_to_sid(uid_t uid
)
622 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
623 struct wbcDomainSid sid
;
624 char *sid_str
= NULL
;
628 wbc_status
= wbcUidToSid(uid
, &sid
);
629 if (!WBC_ERROR_IS_OK(wbc_status
)) {
633 wbc_status
= wbcSidToString(&sid
, &sid_str
);
634 if (!WBC_ERROR_IS_OK(wbc_status
)) {
638 /* Display response */
640 d_printf("%s\n", sid_str
);
642 wbcFreeMemory(sid_str
);
647 /* Convert gid to sid */
649 static bool wbinfo_gid_to_sid(gid_t gid
)
651 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
652 struct wbcDomainSid sid
;
653 char *sid_str
= NULL
;
657 wbc_status
= wbcGidToSid(gid
, &sid
);
658 if (!WBC_ERROR_IS_OK(wbc_status
)) {
662 wbc_status
= wbcSidToString(&sid
, &sid_str
);
663 if (!WBC_ERROR_IS_OK(wbc_status
)) {
667 /* Display response */
669 d_printf("%s\n", sid_str
);
671 wbcFreeMemory(sid_str
);
676 /* Convert sid to uid */
678 static bool wbinfo_sid_to_uid(const char *sid_str
)
680 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
681 struct wbcDomainSid sid
;
686 wbc_status
= wbcStringToSid(sid_str
, &sid
);
687 if (!WBC_ERROR_IS_OK(wbc_status
)) {
691 wbc_status
= wbcSidToUid(&sid
, &uid
);
692 if (!WBC_ERROR_IS_OK(wbc_status
)) {
696 /* Display response */
698 d_printf("%d\n", (int)uid
);
703 static bool wbinfo_sid_to_gid(const char *sid_str
)
705 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
706 struct wbcDomainSid sid
;
711 wbc_status
= wbcStringToSid(sid_str
, &sid
);
712 if (!WBC_ERROR_IS_OK(wbc_status
)) {
716 wbc_status
= wbcSidToGid(&sid
, &gid
);
717 if (!WBC_ERROR_IS_OK(wbc_status
)) {
721 /* Display response */
723 d_printf("%d\n", (int)gid
);
728 static bool wbinfo_allocate_uid(void)
730 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
735 wbc_status
= wbcAllocateUid(&uid
);
736 if (!WBC_ERROR_IS_OK(wbc_status
)) {
740 /* Display response */
742 d_printf("New uid: %d\n", uid
);
747 static bool wbinfo_allocate_gid(void)
749 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
754 wbc_status
= wbcAllocateGid(&gid
);
755 if (!WBC_ERROR_IS_OK(wbc_status
)) {
759 /* Display response */
761 d_printf("New gid: %d\n", gid
);
766 static bool wbinfo_set_uid_mapping(uid_t uid
, const char *sid_str
)
768 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
769 struct wbcDomainSid sid
;
773 wbc_status
= wbcStringToSid(sid_str
, &sid
);
774 if (!WBC_ERROR_IS_OK(wbc_status
)) {
778 wbc_status
= wbcSetUidMapping(uid
, &sid
);
779 if (!WBC_ERROR_IS_OK(wbc_status
)) {
783 /* Display response */
785 d_printf("uid %d now mapped to sid %s\n", uid
, sid_str
);
790 static bool wbinfo_set_gid_mapping(gid_t gid
, const char *sid_str
)
792 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
793 struct wbcDomainSid sid
;
797 wbc_status
= wbcStringToSid(sid_str
, &sid
);
798 if (!WBC_ERROR_IS_OK(wbc_status
)) {
802 wbc_status
= wbcSetGidMapping(gid
, &sid
);
803 if (!WBC_ERROR_IS_OK(wbc_status
)) {
807 /* Display response */
809 d_printf("gid %d now mapped to sid %s\n", gid
, sid_str
);
814 /* Convert sid to string */
816 static bool wbinfo_lookupsid(const char *sid_str
)
818 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
819 struct wbcDomainSid sid
;
822 enum wbcSidType type
;
824 /* Send off request */
826 wbc_status
= wbcStringToSid(sid_str
, &sid
);
827 if (!WBC_ERROR_IS_OK(wbc_status
)) {
831 wbc_status
= wbcLookupSid(&sid
, &domain
, &name
, &type
);
832 if (!WBC_ERROR_IS_OK(wbc_status
)) {
836 /* Display response */
838 d_printf("%s%c%s %d\n",
839 domain
, winbind_separator(), name
, type
);
844 /* Convert sid to fullname */
846 static bool wbinfo_lookupsid_fullname(const char *sid_str
)
848 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
849 struct wbcDomainSid sid
;
852 enum wbcSidType type
;
854 /* Send off request */
856 wbc_status
= wbcStringToSid(sid_str
, &sid
);
857 if (!WBC_ERROR_IS_OK(wbc_status
)) {
861 wbc_status
= wbcGetDisplayName(&sid
, &domain
, &name
, &type
);
862 if (!WBC_ERROR_IS_OK(wbc_status
)) {
866 /* Display response */
868 d_printf("%s%c%s %d\n",
869 domain
, winbind_separator(), name
, type
);
874 /* Lookup a list of RIDs */
876 static bool wbinfo_lookuprids(const char *domain
, const char *arg
)
878 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
879 struct wbcDomainInfo
*dinfo
= NULL
;
880 char *domain_name
= NULL
;
881 const char **names
= NULL
;
882 enum wbcSidType
*types
= NULL
;
888 TALLOC_CTX
*mem_ctx
= NULL
;
891 if ((domain
== NULL
) || (strequal(domain
, ".")) || (domain
[0] == '\0')) {
892 domain
= get_winbind_domain();
897 wbc_status
= wbcDomainInfo(domain
, &dinfo
);
898 if (!WBC_ERROR_IS_OK(wbc_status
)) {
899 d_printf("wbcDomainInfo(%s) failed: %s\n", domain
,
900 wbcErrorString(wbc_status
));
904 mem_ctx
= talloc_new(NULL
);
905 if (mem_ctx
== NULL
) {
906 d_printf("talloc_new failed\n");
914 while (next_token_talloc(mem_ctx
, &p
, &ridstr
, " ,\n")) {
915 uint32 rid
= strtoul(ridstr
, NULL
, 10);
916 ADD_TO_ARRAY(mem_ctx
, uint32
, rid
, &rids
, &num_rids
);
920 d_printf("no rids\n");
924 wbc_status
= wbcLookupRids(&dinfo
->sid
, num_rids
, rids
,
925 (const char **)&domain_name
, &names
, &types
);
926 if (!WBC_ERROR_IS_OK(wbc_status
)) {
927 d_printf("winbind_lookup_rids failed: %s\n",
928 wbcErrorString(wbc_status
));
932 d_printf("Domain: %s\n", domain_name
);
934 for (i
=0; i
<num_rids
; i
++) {
935 d_printf("%8d: %s (%s)\n", rids
[i
], names
[i
],
936 sid_type_lookup(types
[i
]));
942 wbcFreeMemory(dinfo
);
945 wbcFreeMemory(domain_name
);
948 wbcFreeMemory(names
);
951 wbcFreeMemory(types
);
953 TALLOC_FREE(mem_ctx
);
957 /* Convert string to sid */
959 static bool wbinfo_lookupname(const char *full_name
)
961 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
962 struct wbcDomainSid sid
;
964 enum wbcSidType type
;
966 fstring account_name
;
968 /* Send off request */
970 parse_wbinfo_domain_user(full_name
, domain_name
,
973 wbc_status
= wbcLookupName(domain_name
, account_name
,
975 if (!WBC_ERROR_IS_OK(wbc_status
)) {
979 wbc_status
= wbcSidToString(&sid
, &sid_str
);
980 if (!WBC_ERROR_IS_OK(wbc_status
)) {
984 /* Display response */
986 d_printf("%s %s (%d)\n", sid_str
, sid_type_lookup(type
), type
);
988 wbcFreeMemory(sid_str
);
993 static char *wbinfo_prompt_pass(const char *prefix
,
994 const char *username
)
997 const char *ret
= NULL
;
999 prompt
= talloc_asprintf(talloc_tos(), "Enter %s's ", username
);
1004 prompt
= talloc_asprintf_append(prompt
, "%s ", prefix
);
1009 prompt
= talloc_asprintf_append(prompt
, "password: ");
1014 ret
= getpass(prompt
);
1015 TALLOC_FREE(prompt
);
1017 return SMB_STRDUP(ret
);
1020 /* Authenticate a user with a plaintext password */
1022 static bool wbinfo_auth_krb5(char *username
, const char *cctype
, uint32 flags
)
1024 struct winbindd_request request
;
1025 struct winbindd_response response
;
1030 /* Send off request */
1032 ZERO_STRUCT(request
);
1033 ZERO_STRUCT(response
);
1035 p
= strchr(username
, '%');
1039 fstrcpy(request
.data
.auth
.user
, username
);
1040 fstrcpy(request
.data
.auth
.pass
, p
+ 1);
1043 fstrcpy(request
.data
.auth
.user
, username
);
1044 password
= wbinfo_prompt_pass(NULL
, username
);
1045 fstrcpy(request
.data
.auth
.pass
, password
);
1046 SAFE_FREE(password
);
1049 request
.flags
= flags
;
1051 fstrcpy(request
.data
.auth
.krb5_cc_type
, cctype
);
1053 request
.data
.auth
.uid
= geteuid();
1055 result
= winbindd_request_response(WINBINDD_PAM_AUTH
, &request
, &response
);
1057 /* Display response */
1059 d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
1060 username
, (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed", cctype
);
1062 if (response
.data
.auth
.nt_status
)
1063 d_fprintf(stderr
, "error code was %s (0x%x)\nerror messsage was: %s\n",
1064 response
.data
.auth
.nt_status_string
,
1065 response
.data
.auth
.nt_status
,
1066 response
.data
.auth
.error_string
);
1068 if (result
== NSS_STATUS_SUCCESS
) {
1070 if (request
.flags
& WBFLAG_PAM_INFO3_TEXT
) {
1071 if (response
.data
.auth
.info3
.user_flgs
& NETLOGON_CACHED_ACCOUNT
) {
1072 d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
1076 if (response
.data
.auth
.krb5ccname
[0] != '\0') {
1077 d_printf("credentials were put in: %s\n", response
.data
.auth
.krb5ccname
);
1079 d_printf("no credentials cached\n");
1083 return result
== NSS_STATUS_SUCCESS
;
1086 /* Authenticate a user with a plaintext password */
1088 static bool wbinfo_auth(char *username
)
1090 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1093 char *password
= NULL
;
1096 if ((s
= SMB_STRDUP(username
)) == NULL
) {
1100 if ((p
= strchr(s
, '%')) != NULL
) {
1103 password
= SMB_STRDUP(p
);
1105 password
= wbinfo_prompt_pass(NULL
, username
);
1110 wbc_status
= wbcAuthenticateUser(name
, password
);
1112 d_printf("plaintext password authentication %s\n",
1113 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1116 if (response
.data
.auth
.nt_status
)
1117 d_fprintf(stderr
, "error code was %s (0x%x)\nerror messsage was: %s\n",
1118 response
.data
.auth
.nt_status_string
,
1119 response
.data
.auth
.nt_status
,
1120 response
.data
.auth
.error_string
);
1124 SAFE_FREE(password
);
1126 return WBC_ERROR_IS_OK(wbc_status
);
1129 /* Authenticate a user with a challenge/response */
1131 static bool wbinfo_auth_crap(char *username
)
1133 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1134 struct wbcAuthUserParams params
;
1135 struct wbcAuthUserInfo
*info
= NULL
;
1136 struct wbcAuthErrorInfo
*err
= NULL
;
1137 DATA_BLOB lm
= data_blob_null
;
1138 DATA_BLOB nt
= data_blob_null
;
1140 fstring name_domain
;
1144 p
= strchr(username
, '%');
1148 pass
= SMB_STRDUP(p
+ 1);
1150 pass
= wbinfo_prompt_pass(NULL
, username
);
1153 parse_wbinfo_domain_user(username
, name_domain
, name_user
);
1155 params
.account_name
= name_user
;
1156 params
.domain_name
= name_domain
;
1157 params
.workstation_name
= NULL
;
1160 params
.parameter_control
= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
|
1161 WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
;
1163 params
.level
= WBC_AUTH_USER_LEVEL_RESPONSE
;
1165 generate_random_buffer(params
.password
.response
.challenge
, 8);
1167 if (lp_client_ntlmv2_auth()) {
1168 DATA_BLOB server_chal
;
1169 DATA_BLOB names_blob
;
1171 server_chal
= data_blob(params
.password
.response
.challenge
, 8);
1173 /* Pretend this is a login to 'us', for blob purposes */
1174 names_blob
= NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
1176 if (!SMBNTLMv2encrypt(name_user
, name_domain
, pass
, &server_chal
,
1179 data_blob_free(&names_blob
);
1180 data_blob_free(&server_chal
);
1184 data_blob_free(&names_blob
);
1185 data_blob_free(&server_chal
);
1188 if (lp_client_lanman_auth()) {
1190 lm
= data_blob(NULL
, 24);
1191 ok
= SMBencrypt(pass
, params
.password
.response
.challenge
,
1194 data_blob_free(&lm
);
1197 nt
= data_blob(NULL
, 24);
1198 SMBNTencrypt(pass
, params
.password
.response
.challenge
,
1202 params
.password
.response
.nt_length
= nt
.length
;
1203 params
.password
.response
.nt_data
= nt
.data
;
1204 params
.password
.response
.lm_length
= lm
.length
;
1205 params
.password
.response
.lm_data
= lm
.data
;
1207 wbc_status
= wbcAuthenticateUserEx(¶ms
, &info
, &err
);
1209 /* Display response */
1211 d_printf("challenge/response password authentication %s\n",
1212 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1214 if (wbc_status
== WBC_ERR_AUTH_ERROR
) {
1215 d_fprintf(stderr
, "error code was %s (0x%x)\nerror messsage was: %s\n",
1218 err
->display_string
);
1220 } else if (WBC_ERROR_IS_OK(wbc_status
)) {
1221 wbcFreeMemory(info
);
1224 data_blob_free(&nt
);
1225 data_blob_free(&lm
);
1228 return WBC_ERROR_IS_OK(wbc_status
);
1231 /* Authenticate a user with a plaintext password and set a token */
1233 static bool wbinfo_klog(char *username
)
1235 struct winbindd_request request
;
1236 struct winbindd_response response
;
1240 /* Send off request */
1242 ZERO_STRUCT(request
);
1243 ZERO_STRUCT(response
);
1245 p
= strchr(username
, '%');
1249 fstrcpy(request
.data
.auth
.user
, username
);
1250 fstrcpy(request
.data
.auth
.pass
, p
+ 1);
1253 fstrcpy(request
.data
.auth
.user
, username
);
1254 fstrcpy(request
.data
.auth
.pass
, getpass("Password: "));
1257 request
.flags
|= WBFLAG_PAM_AFS_TOKEN
;
1259 result
= winbindd_request_response(WINBINDD_PAM_AUTH
, &request
, &response
);
1261 /* Display response */
1263 d_printf("plaintext password authentication %s\n",
1264 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
1266 if (response
.data
.auth
.nt_status
)
1267 d_fprintf(stderr
, "error code was %s (0x%x)\nerror messsage was: %s\n",
1268 response
.data
.auth
.nt_status_string
,
1269 response
.data
.auth
.nt_status
,
1270 response
.data
.auth
.error_string
);
1272 if (result
!= NSS_STATUS_SUCCESS
)
1275 if (response
.extra_data
.data
== NULL
) {
1276 d_fprintf(stderr
, "Did not get token data\n");
1280 if (!afs_settoken_str((char *)response
.extra_data
.data
)) {
1281 d_fprintf(stderr
, "Could not set token\n");
1285 d_printf("Successfully created AFS token\n");
1289 /* Print domain users */
1291 static bool print_domain_users(const char *domain
)
1293 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1295 uint32_t num_users
= 0;
1296 const char **users
= NULL
;
1298 /* Send request to winbind daemon */
1300 /* '.' is the special sign for our own domain */
1301 if (domain
&& strcmp(domain
, ".") == 0) {
1302 domain
= get_winbind_domain();
1305 wbc_status
= wbcListUsers(domain
, &num_users
, &users
);
1306 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1310 for (i
=0; i
< num_users
; i
++) {
1311 d_printf("%s\n", users
[i
]);
1314 wbcFreeMemory(users
);
1319 /* Print domain groups */
1321 static bool print_domain_groups(const char *domain
)
1323 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1325 uint32_t num_groups
= 0;
1326 const char **groups
= NULL
;
1328 /* Send request to winbind daemon */
1330 /* '.' is the special sign for our own domain */
1331 if (domain
&& strcmp(domain
, ".") == 0) {
1332 domain
= get_winbind_domain();
1335 wbc_status
= wbcListGroups(domain
, &num_groups
, &groups
);
1336 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1340 for (i
=0; i
< num_groups
; i
++) {
1341 d_printf("%s\n", groups
[i
]);
1344 wbcFreeMemory(groups
);
1349 /* Set the authorised user for winbindd access in secrets.tdb */
1351 static bool wbinfo_set_auth_user(char *username
)
1353 const char *password
;
1355 fstring user
, domain
;
1357 /* Separate into user and password */
1359 parse_wbinfo_domain_user(username
, domain
, user
);
1361 p
= strchr(user
, '%');
1367 char *thepass
= getpass("Password: ");
1374 /* Store or remove DOMAIN\username%password in secrets.tdb */
1380 if (!secrets_store(SECRETS_AUTH_USER
, user
,
1381 strlen(user
) + 1)) {
1382 d_fprintf(stderr
, "error storing username\n");
1386 /* We always have a domain name added by the
1387 parse_wbinfo_domain_user() function. */
1389 if (!secrets_store(SECRETS_AUTH_DOMAIN
, domain
,
1390 strlen(domain
) + 1)) {
1391 d_fprintf(stderr
, "error storing domain name\n");
1396 secrets_delete(SECRETS_AUTH_USER
);
1397 secrets_delete(SECRETS_AUTH_DOMAIN
);
1402 if (!secrets_store(SECRETS_AUTH_PASSWORD
, password
,
1403 strlen(password
) + 1)) {
1404 d_fprintf(stderr
, "error storing password\n");
1409 secrets_delete(SECRETS_AUTH_PASSWORD
);
1414 static void wbinfo_get_auth_user(void)
1416 char *user
, *domain
, *password
;
1418 /* Lift data from secrets file */
1420 secrets_fetch_ipc_userpass(&user
, &domain
, &password
);
1422 if ((!user
|| !*user
) && (!domain
|| !*domain
) && (!password
|| !*password
)){
1426 SAFE_FREE(password
);
1427 d_printf("No authorised user configured\n");
1431 /* Pretty print authorised user info */
1433 d_printf("%s%s%s%s%s\n", domain
? domain
: "", domain
? lp_winbind_separator(): "",
1434 user
, password
? "%" : "", password
? password
: "");
1438 SAFE_FREE(password
);
1441 static bool wbinfo_ping(void)
1445 wbc_status
= wbcPing();
1447 /* Display response */
1449 d_printf("Ping to winbindd %s\n",
1450 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1452 return WBC_ERROR_IS_OK(wbc_status
);
1455 static bool wbinfo_change_user_password(const char *username
)
1458 char *old_password
= NULL
;
1459 char *new_password
= NULL
;
1461 old_password
= wbinfo_prompt_pass("old", username
);
1462 new_password
= wbinfo_prompt_pass("new", username
);
1464 wbc_status
= wbcChangeUserPassword(username
, old_password
, new_password
);
1466 /* Display response */
1468 d_printf("Password change for user %s %s\n", username
,
1469 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1471 SAFE_FREE(old_password
);
1472 SAFE_FREE(new_password
);
1474 return WBC_ERROR_IS_OK(wbc_status
);
1480 OPT_SET_AUTH_USER
= 1000,
1490 OPT_SET_UID_MAPPING
,
1491 OPT_SET_GID_MAPPING
,
1493 OPT_LIST_ALL_DOMAINS
,
1494 OPT_LIST_OWN_DOMAIN
,
1499 OPT_CHANGE_USER_PASSWORD
,
1503 int main(int argc
, char **argv
, char **envp
)
1506 TALLOC_CTX
*frame
= talloc_stackframe();
1508 static char *string_arg
;
1509 char *string_subarg
= NULL
;
1510 static char *opt_domain_name
;
1512 int int_subarg
= -1;
1514 bool verbose
= false;
1516 struct poptOption long_options
[] = {
1519 /* longName, shortName, argInfo, argPtr, value, descrip,
1522 { "domain-users", 'u', POPT_ARG_NONE
, 0, 'u', "Lists all domain users", "domain"},
1523 { "domain-groups", 'g', POPT_ARG_NONE
, 0, 'g', "Lists all domain groups", "domain" },
1524 { "WINS-by-name", 'N', POPT_ARG_STRING
, &string_arg
, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1525 { "WINS-by-ip", 'I', POPT_ARG_STRING
, &string_arg
, 'I', "Converts IP address to NetBIOS name", "IP" },
1526 { "name-to-sid", 'n', POPT_ARG_STRING
, &string_arg
, 'n', "Converts name to sid", "NAME" },
1527 { "sid-to-name", 's', POPT_ARG_STRING
, &string_arg
, 's', "Converts sid to name", "SID" },
1528 { "sid-to-fullname", 0, POPT_ARG_STRING
, &string_arg
,
1529 OPT_SID_TO_FULLNAME
, "Converts sid to fullname", "SID" },
1530 { "lookup-rids", 'R', POPT_ARG_STRING
, &string_arg
, 'R', "Converts RIDs to names", "RIDs" },
1531 { "uid-to-sid", 'U', POPT_ARG_INT
, &int_arg
, 'U', "Converts uid to sid" , "UID" },
1532 { "gid-to-sid", 'G', POPT_ARG_INT
, &int_arg
, 'G', "Converts gid to sid", "GID" },
1533 { "sid-to-uid", 'S', POPT_ARG_STRING
, &string_arg
, 'S', "Converts sid to uid", "SID" },
1534 { "sid-to-gid", 'Y', POPT_ARG_STRING
, &string_arg
, 'Y', "Converts sid to gid", "SID" },
1535 { "allocate-uid", 0, POPT_ARG_NONE
, 0, OPT_ALLOCATE_UID
,
1536 "Get a new UID out of idmap" },
1537 { "allocate-gid", 0, POPT_ARG_NONE
, 0, OPT_ALLOCATE_GID
,
1538 "Get a new GID out of idmap" },
1539 { "set-uid-mapping", 0, POPT_ARG_STRING
, &string_arg
, OPT_SET_UID_MAPPING
, "Create or modify uid to sid mapping in idmap", "UID,SID" },
1540 { "set-gid-mapping", 0, POPT_ARG_STRING
, &string_arg
, OPT_SET_GID_MAPPING
, "Create or modify gid to sid mapping in idmap", "GID,SID" },
1541 { "check-secret", 't', POPT_ARG_NONE
, 0, 't', "Check shared secret" },
1542 { "trusted-domains", 'm', POPT_ARG_NONE
, 0, 'm', "List trusted domains" },
1543 { "all-domains", 0, POPT_ARG_NONE
, 0, OPT_LIST_ALL_DOMAINS
, "List all domains (trusted and own domain)" },
1544 { "own-domain", 0, POPT_ARG_NONE
, 0, OPT_LIST_OWN_DOMAIN
, "List own domain" },
1545 { "sequence", 0, POPT_ARG_NONE
, 0, OPT_SEQUENCE
, "Show sequence numbers of all domains" },
1546 { "online-status", 0, POPT_ARG_NONE
, 0, OPT_ONLINESTATUS
, "Show whether domains are marked as online or offline"},
1547 { "domain-info", 'D', POPT_ARG_STRING
, &string_arg
, 'D', "Show most of the info we have about the domain" },
1548 { "user-info", 'i', POPT_ARG_STRING
, &string_arg
, 'i', "Get user info", "USER" },
1549 { "uid-info", 0, POPT_ARG_INT
, &int_arg
, OPT_UID_INFO
, "Get user info from uid", "UID" },
1550 { "group-info", 0, POPT_ARG_STRING
, &string_arg
, OPT_GROUP_INFO
, "Get group info", "GROUP" },
1551 { "user-groups", 'r', POPT_ARG_STRING
, &string_arg
, 'r', "Get user groups", "USER" },
1552 { "user-domgroups", 0, POPT_ARG_STRING
, &string_arg
,
1553 OPT_USERDOMGROUPS
, "Get user domain groups", "SID" },
1554 { "user-sids", 0, POPT_ARG_STRING
, &string_arg
, OPT_USERSIDS
, "Get user group sids for user SID", "SID" },
1555 { "authenticate", 'a', POPT_ARG_STRING
, &string_arg
, 'a', "authenticate user", "user%password" },
1556 { "set-auth-user", 0, POPT_ARG_STRING
, &string_arg
, OPT_SET_AUTH_USER
, "Store user and password used by winbindd (root only)", "user%password" },
1557 { "getdcname", 0, POPT_ARG_STRING
, &string_arg
, OPT_GETDCNAME
,
1558 "Get a DC name for a foreign domain", "domainname" },
1559 { "dsgetdcname", 0, POPT_ARG_STRING
, &string_arg
, OPT_DSGETDCNAME
, "Find a DC for a domain", "domainname" },
1560 { "get-auth-user", 0, POPT_ARG_NONE
, NULL
, OPT_GET_AUTH_USER
, "Retrieve user and password used by winbindd (root only)", NULL
},
1561 { "ping", 'p', POPT_ARG_NONE
, 0, 'p', "Ping winbindd to see if it is alive" },
1562 { "domain", 0, POPT_ARG_STRING
, &opt_domain_name
, OPT_DOMAIN_NAME
, "Define to the domain to restrict operation", "domain" },
1563 #ifdef WITH_FAKE_KASERVER
1564 { "klog", 'k', POPT_ARG_STRING
, &string_arg
, 'k', "set an AFS token from winbind", "user%password" },
1567 { "krb5auth", 'K', POPT_ARG_STRING
, &string_arg
, 'K', "authenticate user using Kerberos", "user%password" },
1568 /* destroys wbinfo --help output */
1569 /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1571 { "separator", 0, POPT_ARG_NONE
, 0, OPT_SEPARATOR
, "Get the active winbind separator", NULL
},
1572 { "verbose", 0, POPT_ARG_NONE
, 0, OPT_VERBOSE
, "Print additional information per command", NULL
},
1573 { "change-user-password", 0, POPT_ARG_STRING
, &string_arg
, OPT_CHANGE_USER_PASSWORD
, "Change the password for a user", NULL
},
1574 POPT_COMMON_CONFIGFILE
1579 /* Samba client initialisation */
1585 pc
= poptGetContext("wbinfo", argc
, (const char **)argv
, long_options
, 0);
1587 /* Parse command line options */
1590 poptPrintHelp(pc
, stderr
, 0);
1594 while((opt
= poptGetNextOpt(pc
)) != -1) {
1595 /* get the generic configuration parameters like --domain */
1603 poptFreeContext(pc
);
1605 if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
1606 d_fprintf(stderr
, "wbinfo: error opening config file %s. Error was %s\n",
1607 get_dyn_CONFIGFILE(), strerror(errno
));
1616 pc
= poptGetContext(NULL
, argc
, (const char **)argv
, long_options
,
1617 POPT_CONTEXT_KEEP_FIRST
);
1619 while((opt
= poptGetNextOpt(pc
)) != -1) {
1622 if (!print_domain_users(opt_domain_name
)) {
1623 d_fprintf(stderr
, "Error looking up domain users\n");
1628 if (!print_domain_groups(opt_domain_name
)) {
1629 d_fprintf(stderr
, "Error looking up domain groups\n");
1634 if (!wbinfo_lookupsid(string_arg
)) {
1635 d_fprintf(stderr
, "Could not lookup sid %s\n", string_arg
);
1639 case OPT_SID_TO_FULLNAME
:
1640 if (!wbinfo_lookupsid_fullname(string_arg
)) {
1641 d_fprintf(stderr
, "Could not lookup sid %s\n",
1647 if (!wbinfo_lookuprids(opt_domain_name
, string_arg
)) {
1648 d_fprintf(stderr
, "Could not lookup RIDs %s\n", string_arg
);
1653 if (!wbinfo_lookupname(string_arg
)) {
1654 d_fprintf(stderr
, "Could not lookup name %s\n", string_arg
);
1659 if (!wbinfo_wins_byname(string_arg
)) {
1660 d_fprintf(stderr
, "Could not lookup WINS by name %s\n", string_arg
);
1665 if (!wbinfo_wins_byip(string_arg
)) {
1666 d_fprintf(stderr
, "Could not lookup WINS by IP %s\n", string_arg
);
1671 if (!wbinfo_uid_to_sid(int_arg
)) {
1672 d_fprintf(stderr
, "Could not convert uid %d to sid\n", int_arg
);
1677 if (!wbinfo_gid_to_sid(int_arg
)) {
1678 d_fprintf(stderr
, "Could not convert gid %d to sid\n",
1684 if (!wbinfo_sid_to_uid(string_arg
)) {
1685 d_fprintf(stderr
, "Could not convert sid %s to uid\n",
1691 if (!wbinfo_sid_to_gid(string_arg
)) {
1692 d_fprintf(stderr
, "Could not convert sid %s to gid\n",
1697 case OPT_ALLOCATE_UID
:
1698 if (!wbinfo_allocate_uid()) {
1699 d_fprintf(stderr
, "Could not allocate a uid\n");
1703 case OPT_ALLOCATE_GID
:
1704 if (!wbinfo_allocate_gid()) {
1705 d_fprintf(stderr
, "Could not allocate a gid\n");
1709 case OPT_SET_UID_MAPPING
:
1710 if (!parse_mapping_arg(string_arg
, &int_subarg
,
1712 !wbinfo_set_uid_mapping(int_subarg
, string_subarg
))
1714 d_fprintf(stderr
, "Could not create or modify "
1715 "uid to sid mapping\n");
1719 case OPT_SET_GID_MAPPING
:
1720 if (!parse_mapping_arg(string_arg
, &int_subarg
,
1722 !wbinfo_set_gid_mapping(int_subarg
, string_subarg
))
1724 d_fprintf(stderr
, "Could not create or modify "
1725 "gid to sid mapping\n");
1730 if (!wbinfo_check_secret()) {
1731 d_fprintf(stderr
, "Could not check secret\n");
1736 if (!wbinfo_list_domains(false, verbose
)) {
1737 d_fprintf(stderr
, "Could not list trusted domains\n");
1742 if (!wbinfo_show_sequence(opt_domain_name
)) {
1743 d_fprintf(stderr
, "Could not show sequence numbers\n");
1747 case OPT_ONLINESTATUS
:
1748 if (!wbinfo_show_onlinestatus(opt_domain_name
)) {
1749 d_fprintf(stderr
, "Could not show online-status\n");
1754 if (!wbinfo_domain_info(string_arg
)) {
1755 d_fprintf(stderr
, "Could not get domain info\n");
1760 if (!wbinfo_get_userinfo(string_arg
)) {
1761 d_fprintf(stderr
, "Could not get info for user %s\n",
1767 if ( !wbinfo_get_uidinfo(int_arg
)) {
1768 d_fprintf(stderr
, "Could not get info for uid "
1773 case OPT_GROUP_INFO
:
1774 if ( !wbinfo_get_groupinfo(string_arg
)) {
1775 d_fprintf(stderr
, "Could not get info for "
1776 "group %s\n", string_arg
);
1781 if (!wbinfo_get_usergroups(string_arg
)) {
1782 d_fprintf(stderr
, "Could not get groups for user %s\n",
1788 if (!wbinfo_get_usersids(string_arg
)) {
1789 d_fprintf(stderr
, "Could not get group SIDs for user SID %s\n",
1794 case OPT_USERDOMGROUPS
:
1795 if (!wbinfo_get_userdomgroups(string_arg
)) {
1796 d_fprintf(stderr
, "Could not get user's domain groups "
1797 "for user SID %s\n", string_arg
);
1802 bool got_error
= false;
1804 if (!wbinfo_auth(string_arg
)) {
1805 d_fprintf(stderr
, "Could not authenticate user %s with "
1806 "plaintext password\n", string_arg
);
1810 if (!wbinfo_auth_crap(string_arg
)) {
1811 d_fprintf(stderr
, "Could not authenticate user %s with "
1812 "challenge/response\n", string_arg
);
1821 uint32 flags
= WBFLAG_PAM_KRB5
|
1822 WBFLAG_PAM_CACHED_LOGIN
|
1823 WBFLAG_PAM_FALLBACK_AFTER_KRB5
|
1824 WBFLAG_PAM_INFO3_TEXT
;
1826 if (!wbinfo_auth_krb5(string_arg
, "FILE", flags
)) {
1827 d_fprintf(stderr
, "Could not authenticate user [%s] with "
1828 "Kerberos (ccache: %s)\n", string_arg
, "FILE");
1834 if (!wbinfo_klog(string_arg
)) {
1835 d_fprintf(stderr
, "Could not klog user\n");
1840 if (!wbinfo_ping()) {
1841 d_fprintf(stderr
, "could not ping winbindd!\n");
1845 case OPT_SET_AUTH_USER
:
1846 if (!wbinfo_set_auth_user(string_arg
)) {
1850 case OPT_GET_AUTH_USER
:
1851 wbinfo_get_auth_user();
1854 if (!wbinfo_getdcname(string_arg
)) {
1858 case OPT_DSGETDCNAME
:
1859 if (!wbinfo_dsgetdcname(string_arg
, 0)) {
1863 case OPT_SEPARATOR
: {
1864 const char sep
= winbind_separator_int(true);
1868 d_printf("%c\n", sep
);
1871 case OPT_LIST_ALL_DOMAINS
:
1872 if (!wbinfo_list_domains(true, verbose
)) {
1876 case OPT_LIST_OWN_DOMAIN
:
1877 if (!wbinfo_list_own_domain()) {
1881 case OPT_CHANGE_USER_PASSWORD
:
1882 if (!wbinfo_change_user_password(string_arg
)) {
1883 d_fprintf(stderr
, "Could not change user password "
1884 "for user %s\n", string_arg
);
1889 /* generic configuration options */
1890 case OPT_DOMAIN_NAME
:
1895 d_fprintf(stderr
, "Invalid option\n");
1896 poptPrintHelp(pc
, stderr
, 0);
1906 talloc_destroy(frame
);
1908 poptFreeContext(pc
);