2 Unix SMB/Netbios implementation.
5 Winbind status program.
7 Copyright (C) Tim Potter 2000
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 /* Prototypes from common.h */
30 NSS_STATUS
winbindd_request(int req_type
,
31 struct winbindd_request
*request
,
32 struct winbindd_response
*response
);
34 /* List groups a user is a member of */
36 static BOOL
wbinfo_get_usergroups(char *user
)
38 struct winbindd_request request
;
39 struct winbindd_response response
;
43 ZERO_STRUCT(response
);
47 fstrcpy(request
.data
.username
, user
);
49 result
= winbindd_request(WINBINDD_GETGROUPS
, &request
, &response
);
51 if (result
!= NSS_STATUS_SUCCESS
) {
55 for (i
= 0; i
< response
.data
.num_entries
; i
++) {
56 printf("%d\n", (int)((gid_t
*)response
.extra_data
)[i
]);
62 /* Convert NetBIOS name to IP */
64 static BOOL
wbinfo_wins_byname(char *name
)
66 struct winbindd_request request
;
67 struct winbindd_response response
;
70 ZERO_STRUCT(response
);
74 fstrcpy(request
.data
.name
, name
);
75 if (winbindd_request(WINBINDD_WINS_BYNAME
, &request
, &response
) !=
80 /* Display response */
82 printf("%s\n", response
.data
.name
.name
);
87 /* Convert IP to NetBIOS name */
89 static BOOL
wbinfo_wins_byip(char *ip
)
91 struct winbindd_request request
;
92 struct winbindd_response response
;
95 ZERO_STRUCT(response
);
99 fstrcpy(request
.data
.name
, ip
);
100 if (winbindd_request(WINBINDD_WINS_BYIP
, &request
, &response
) !=
101 NSS_STATUS_SUCCESS
) {
105 /* Display response */
107 printf("%s\n", response
.data
.name
.name
);
112 /* List trusted domains */
114 static BOOL
wbinfo_list_domains(void)
116 struct winbindd_response response
;
119 ZERO_STRUCT(response
);
123 if (winbindd_request(WINBINDD_LIST_TRUSTDOM
, NULL
, &response
) !=
124 NSS_STATUS_SUCCESS
) {
128 /* Display response */
130 if (response
.extra_data
) {
131 while(next_token((char **)&response
.extra_data
, name
, ",",
133 printf("%s\n", name
);
140 /* Check trust account password */
142 static BOOL
wbinfo_check_secret(void)
144 struct winbindd_response response
;
147 ZERO_STRUCT(response
);
149 result
= winbindd_request(WINBINDD_CHECK_MACHACC
, NULL
, &response
) ==
154 if (response
.data
.num_entries
== 0) {
155 printf("Secret is good\n");
157 printf("Secret is bad\n0x%08x\n",
158 response
.data
.num_entries
);
167 /* Convert uid to sid */
169 static BOOL
wbinfo_uid_to_sid(uid_t uid
)
171 struct winbindd_request request
;
172 struct winbindd_response response
;
174 ZERO_STRUCT(request
);
175 ZERO_STRUCT(response
);
179 request
.data
.uid
= uid
;
180 if (winbindd_request(WINBINDD_UID_TO_SID
, &request
, &response
) !=
181 NSS_STATUS_SUCCESS
) {
185 /* Display response */
187 printf("%s\n", response
.data
.sid
.sid
);
192 /* Convert gid to sid */
194 static BOOL
wbinfo_gid_to_sid(gid_t gid
)
196 struct winbindd_request request
;
197 struct winbindd_response response
;
199 ZERO_STRUCT(request
);
200 ZERO_STRUCT(response
);
204 request
.data
.gid
= gid
;
205 if (winbindd_request(WINBINDD_GID_TO_SID
, &request
, &response
) !=
206 NSS_STATUS_SUCCESS
) {
210 /* Display response */
212 printf("%s\n", response
.data
.sid
.sid
);
217 /* Convert sid to uid */
219 static BOOL
wbinfo_sid_to_uid(char *sid
)
221 struct winbindd_request request
;
222 struct winbindd_response response
;
224 ZERO_STRUCT(request
);
225 ZERO_STRUCT(response
);
229 fstrcpy(request
.data
.sid
, sid
);
230 if (winbindd_request(WINBINDD_SID_TO_UID
, &request
, &response
) !=
231 NSS_STATUS_SUCCESS
) {
235 /* Display response */
237 printf("%d\n", (int)response
.data
.uid
);
242 static BOOL
wbinfo_sid_to_gid(char *sid
)
244 struct winbindd_request request
;
245 struct winbindd_response response
;
247 ZERO_STRUCT(request
);
248 ZERO_STRUCT(response
);
252 fstrcpy(request
.data
.sid
, sid
);
253 if (winbindd_request(WINBINDD_SID_TO_GID
, &request
, &response
) !=
254 NSS_STATUS_SUCCESS
) {
258 /* Display response */
260 printf("%d\n", (int)response
.data
.gid
);
265 /* Convert sid to string */
267 static BOOL
wbinfo_lookupsid(char *sid
)
269 struct winbindd_request request
;
270 struct winbindd_response response
;
272 ZERO_STRUCT(request
);
273 ZERO_STRUCT(response
);
275 /* Send off request */
277 fstrcpy(request
.data
.sid
, sid
);
278 if (winbindd_request(WINBINDD_LOOKUPSID
, &request
, &response
) !=
279 NSS_STATUS_SUCCESS
) {
283 /* Display response */
285 printf("%s %d\n", response
.data
.name
.name
, response
.data
.name
.type
);
290 /* Convert string to sid */
292 static BOOL
wbinfo_lookupname(char *name
)
294 struct winbindd_request request
;
295 struct winbindd_response response
;
298 * Don't do the lookup if the name has no separator.
301 if (!strchr(name
, *lp_winbind_separator()))
304 /* Send off request */
306 ZERO_STRUCT(request
);
307 ZERO_STRUCT(response
);
309 fstrcpy(request
.data
.name
, name
);
310 if (winbindd_request(WINBINDD_LOOKUPNAME
, &request
, &response
) !=
311 NSS_STATUS_SUCCESS
) {
315 /* Display response */
317 printf("%s %d\n", response
.data
.sid
.sid
, response
.data
.sid
.type
);
322 /* Authenticate a user with a plaintext password */
324 static BOOL
wbinfo_auth(char *username
)
326 struct winbindd_request request
;
327 struct winbindd_response response
;
332 * Don't do the lookup if the name has no separator.
335 if (!strchr(username
, *lp_winbind_separator()))
338 /* Send off request */
340 ZERO_STRUCT(request
);
341 ZERO_STRUCT(response
);
343 p
= strchr(username
, '%');
347 fstrcpy(request
.data
.auth
.user
, username
);
348 fstrcpy(request
.data
.auth
.pass
, p
+ 1);
351 fstrcpy(request
.data
.auth
.user
, username
);
353 result
= winbindd_request(WINBINDD_PAM_AUTH
, &request
, &response
);
355 /* Display response */
357 printf("plaintext password authentication %s\n",
358 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
360 return result
== NSS_STATUS_SUCCESS
;
363 /* Authenticate a user with a challenge/response */
365 static BOOL
wbinfo_auth_crap(char *username
)
367 struct winbindd_request request
;
368 struct winbindd_response response
;
374 * Don't do the lookup if the name has no separator.
377 if (!strchr(username
, *lp_winbind_separator()))
380 /* Send off request */
382 ZERO_STRUCT(request
);
383 ZERO_STRUCT(response
);
385 p
= strchr(username
, '%');
389 fstrcpy(request
.data
.auth_crap
.user
, username
);
390 fstrcpy(pass
, p
+ 1);
393 fstrcpy(request
.data
.auth_crap
.user
, username
);
395 generate_random_buffer(request
.data
.auth_crap
.chal
, 8, False
);
397 SMBencrypt((uchar
*)pass
, request
.data
.auth_crap
.chal
,
398 (uchar
*)request
.data
.auth_crap
.lm_resp
);
399 SMBNTencrypt((uchar
*)pass
, request
.data
.auth_crap
.chal
,
400 (uchar
*)request
.data
.auth_crap
.nt_resp
);
402 request
.data
.auth_crap
.lm_resp_len
= 24;
403 request
.data
.auth_crap
.nt_resp_len
= 24;
405 result
= winbindd_request(WINBINDD_PAM_AUTH_CRAP
, &request
, &response
);
407 /* Display response */
409 printf("challenge/response password authentication %s\n",
410 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
412 return result
== NSS_STATUS_SUCCESS
;
415 /* Print domain users */
417 static BOOL
print_domain_users(void)
419 struct winbindd_response response
;
422 /* Send request to winbind daemon */
424 ZERO_STRUCT(response
);
426 if (winbindd_request(WINBINDD_LIST_USERS
, NULL
, &response
) !=
427 NSS_STATUS_SUCCESS
) {
431 /* Look through extra data */
433 if (!response
.extra_data
) {
437 while(next_token((char **)&response
.extra_data
, name
, ",",
439 printf("%s\n", name
);
445 /* Print domain groups */
447 static BOOL
print_domain_groups(void)
449 struct winbindd_response response
;
452 ZERO_STRUCT(response
);
454 if (winbindd_request(WINBINDD_LIST_GROUPS
, NULL
, &response
) !=
455 NSS_STATUS_SUCCESS
) {
459 /* Look through extra data */
461 if (!response
.extra_data
) {
465 while(next_token((char **)&response
.extra_data
, name
, ",",
467 printf("%s\n", name
);
473 /* Set the authorised user for winbindd access in secrets.tdb */
475 static BOOL
wbinfo_set_auth_user(char *username
)
479 /* Separate into user and password */
481 password
= strchr(username
, '%');
489 /* Store in secrets.tdb */
491 if (!secrets_init() ||
492 !secrets_store(SECRETS_AUTH_USER
, username
, strlen(username
) + 1) ||
493 !secrets_store(SECRETS_AUTH_PASSWORD
, password
, strlen(password
) + 1)) {
494 fprintf(stderr
, "error storing authenticated user info\n");
501 /* Print program usage */
503 static void usage(void)
505 printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm "
506 "| -aA user%%password\n");
507 printf("\t-u\t\t\tlists all domain users\n");
508 printf("\t-g\t\t\tlists all domain groups\n");
509 printf("\t-h name\t\t\tconverts NetBIOS hostname to IP\n");
510 printf("\t-i ip\t\t\tconverts IP address to NetBIOS name\n");
511 printf("\t-n name\t\t\tconverts name to sid\n");
512 printf("\t-s sid\t\t\tconverts sid to name\n");
513 printf("\t-U uid\t\t\tconverts uid to sid\n");
514 printf("\t-G gid\t\t\tconverts gid to sid\n");
515 printf("\t-S sid\t\t\tconverts sid to uid\n");
516 printf("\t-Y sid\t\t\tconverts sid to gid\n");
517 printf("\t-t\t\t\tcheck shared secret\n");
518 printf("\t-m\t\t\tlist trusted domains\n");
519 printf("\t-r user\t\t\tget user groups\n");
520 printf("\t-a user%%password\tauthenticate user\n");
521 printf("\t-A user%%password\tstore session setup auth password\n");
526 int main(int argc
, char **argv
)
528 extern pstring global_myname
;
531 /* Samba client initialisation */
533 if (!*global_myname
) {
536 fstrcpy(global_myname
, myhostname());
537 p
= strchr(global_myname
, '.');
545 codepage_initialise(lp_client_code_page());
546 charset_initialise();
548 if (!lp_load(CONFIGFILE
, True
, False
, False
)) {
549 fprintf(stderr
, "wbinfo: error opening config file %s. Error was %s\n",
550 CONFIGFILE
, strerror(errno
));
556 /* Parse command line options */
563 while ((opt
= getopt(argc
, argv
, "h:i:ugs:n:U:G:S:Y:tmr:a:A:")) != EOF
) {
566 if (!print_domain_users()) {
567 printf("Error looking up domain users\n");
572 if (!print_domain_groups()) {
573 printf("Error looking up domain groups\n");
578 if (!wbinfo_wins_byname(optarg
)) {
579 printf("Could not lookup WINS by hostname %s\n", optarg
);
584 if (!wbinfo_wins_byip(optarg
)) {
585 printf("Could not lookup WINS by IP %s\n", optarg
);
590 if (!wbinfo_lookupsid(optarg
)) {
591 printf("Could not lookup sid %s\n", optarg
);
596 if (!wbinfo_lookupname(optarg
)) {
597 printf("Could not lookup name %s\n", optarg
);
602 if (!wbinfo_uid_to_sid(atoi(optarg
))) {
603 printf("Could not convert uid %s to sid\n",
609 if (!wbinfo_gid_to_sid(atoi(optarg
))) {
610 printf("Could not convert gid %s to sid\n",
616 if (!wbinfo_sid_to_uid(optarg
)) {
617 printf("Could not convert sid %s to uid\n",
623 if (!wbinfo_sid_to_gid(optarg
)) {
624 printf("Could not convert sid %s to gid\n",
630 if (!wbinfo_check_secret()) {
631 printf("Could not check secret\n");
636 if (!wbinfo_list_domains()) {
637 printf("Could not list trusted domains\n");
642 if (!wbinfo_get_usergroups(optarg
)) {
643 printf("Could not get groups for user %s\n",
649 BOOL got_error
= False
;
651 if (!wbinfo_auth(optarg
)) {
652 printf("Could not authenticate user %s with "
653 "plaintext password\n", optarg
);
657 if (!wbinfo_auth_crap(optarg
)) {
658 printf("Could not authenticate user %s with "
659 "challenge/response\n", optarg
);
669 if (!(wbinfo_set_auth_user(optarg
))) {