python: Restore SDDL abbreviations for SIDs
[Samba.git] / nsswitch / wbinfo.c
blob55b9e268c395807e34378d4a9163c615e81479cd
1 /*
2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2003
7 Copyright (C) Andrew Bartlett 2002-2007
8 Copyright (C) Volker Lendecke 2009
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "includes.h"
25 #include "libwbclient/wbclient.h"
26 #include "winbind_struct_protocol.h"
27 #include "libwbclient/wbclient_internal.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "lib/cmdline/cmdline.h"
30 #include "lib/afs/afs_settoken.h"
31 #include "lib/util/smb_strtox.h"
32 #include "lib/util/string_wrappers.h"
34 #ifdef DBGC_CLASS
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_WINBIND
37 #endif
39 static struct wbcInterfaceDetails *init_interface_details(void)
41 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42 static struct wbcInterfaceDetails *details;
44 if (details) {
45 return details;
48 wbc_status = wbcInterfaceDetails(&details);
49 if (!WBC_ERROR_IS_OK(wbc_status)) {
50 d_fprintf(stderr, "could not obtain winbind interface "
51 "details: %s\n", wbcErrorString(wbc_status));
54 return details;
57 static char winbind_separator(void)
59 struct wbcInterfaceDetails *details;
60 static bool got_sep;
61 static char sep;
63 if (got_sep)
64 return sep;
66 details = init_interface_details();
68 if (!details) {
69 d_fprintf(stderr, "could not obtain winbind separator!\n");
70 return 0;
73 sep = details->winbind_separator;
74 got_sep = true;
76 if (!sep) {
77 d_fprintf(stderr, "winbind separator was NULL!\n");
78 return 0;
81 return sep;
84 static const char *get_winbind_domain(void)
86 static struct wbcInterfaceDetails *details;
88 details = init_interface_details();
90 if (!details) {
91 d_fprintf(stderr, "could not obtain winbind domain name!\n");
92 return 0;
95 return details->netbios_domain;
98 static const char *get_winbind_netbios_name(void)
100 static struct wbcInterfaceDetails *details;
102 details = init_interface_details();
104 if (!details) {
105 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106 return 0;
109 return details->netbios_name;
112 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
113 form DOMAIN/user into a domain and a user */
115 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116 fstring user)
119 char *p = strchr(domuser,winbind_separator());
121 if (!p) {
122 /* Maybe it was a UPN? */
123 p = strchr(domuser, '@');
124 if (p != NULL) {
125 fstrcpy(domain, "");
126 fstrcpy(user, domuser);
127 return true;
130 fstrcpy(user, domuser);
131 fstrcpy(domain, get_winbind_domain());
132 return true;
135 fstrcpy(user, p+1);
136 fstrcpy(domain, domuser);
137 domain[PTR_DIFF(p, domuser)] = 0;
139 return true;
142 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143 * Return true if input was valid, false otherwise. */
144 static bool parse_mapping_arg(char *arg, int *id, char **sid)
146 char *tmp;
147 int error = 0;
149 if (!arg || !*arg)
150 return false;
152 tmp = strtok(arg, ",");
153 *sid = strtok(NULL, ",");
155 if (!tmp || !*tmp || !*sid || !**sid)
156 return false;
158 /* Because atoi() can return 0 on invalid input, which would be a valid
159 * UID/GID we must use strtoul() and do error checking */
160 *id = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
161 if (error != 0)
162 return false;
164 return true;
167 /* pull pwent info for a given user */
169 static bool wbinfo_get_userinfo(char *user)
171 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172 struct passwd *pwd = NULL;
174 wbc_status = wbcGetpwnam(user, &pwd);
175 if (!WBC_ERROR_IS_OK(wbc_status)) {
176 d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177 wbcErrorString(wbc_status));
178 return false;
181 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182 pwd->pw_name,
183 pwd->pw_passwd,
184 (unsigned int)pwd->pw_uid,
185 (unsigned int)pwd->pw_gid,
186 pwd->pw_gecos,
187 pwd->pw_dir,
188 pwd->pw_shell);
190 wbcFreeMemory(pwd);
192 return true;
195 /* pull pwent info for a given uid */
196 static bool wbinfo_get_uidinfo(int uid)
198 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
199 struct passwd *pwd = NULL;
201 wbc_status = wbcGetpwuid(uid, &pwd);
202 if (!WBC_ERROR_IS_OK(wbc_status)) {
203 d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
204 wbcErrorString(wbc_status));
205 return false;
208 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
209 pwd->pw_name,
210 pwd->pw_passwd,
211 (unsigned int)pwd->pw_uid,
212 (unsigned int)pwd->pw_gid,
213 pwd->pw_gecos,
214 pwd->pw_dir,
215 pwd->pw_shell);
217 wbcFreeMemory(pwd);
219 return true;
222 static bool wbinfo_get_user_sidinfo(const char *sid_str)
224 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
225 struct passwd *pwd = NULL;
226 struct wbcDomainSid sid;
228 wbc_status = wbcStringToSid(sid_str, &sid);
229 wbc_status = wbcGetpwsid(&sid, &pwd);
230 if (!WBC_ERROR_IS_OK(wbc_status)) {
231 d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
232 wbcErrorString(wbc_status));
233 return false;
236 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
237 pwd->pw_name,
238 pwd->pw_passwd,
239 (unsigned int)pwd->pw_uid,
240 (unsigned int)pwd->pw_gid,
241 pwd->pw_gecos,
242 pwd->pw_dir,
243 pwd->pw_shell);
245 wbcFreeMemory(pwd);
247 return true;
251 /* pull grent for a given group */
252 static bool wbinfo_get_groupinfo(const char *group)
254 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
255 struct group *grp;
256 char **mem;
258 wbc_status = wbcGetgrnam(group, &grp);
259 if (!WBC_ERROR_IS_OK(wbc_status)) {
260 d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
261 wbcErrorString(wbc_status));
262 return false;
265 d_printf("%s:%s:%u:",
266 grp->gr_name,
267 grp->gr_passwd,
268 (unsigned int)grp->gr_gid);
270 mem = grp->gr_mem;
271 while (*mem != NULL) {
272 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
273 mem += 1;
275 d_printf("\n");
277 wbcFreeMemory(grp);
279 return true;
282 /* pull grent for a given gid */
283 static bool wbinfo_get_gidinfo(int gid)
285 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
286 struct group *grp;
287 char **mem;
289 wbc_status = wbcGetgrgid(gid, &grp);
290 if (!WBC_ERROR_IS_OK(wbc_status)) {
291 d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
292 wbcErrorString(wbc_status));
293 return false;
296 d_printf("%s:%s:%u:",
297 grp->gr_name,
298 grp->gr_passwd,
299 (unsigned int)grp->gr_gid);
301 mem = grp->gr_mem;
302 while (*mem != NULL) {
303 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
304 mem += 1;
306 d_printf("\n");
308 wbcFreeMemory(grp);
310 return true;
313 /* List groups a user is a member of */
315 static bool wbinfo_get_usergroups(const char *user)
317 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
318 uint32_t num_groups;
319 uint32_t i;
320 gid_t *groups = NULL;
322 /* Send request */
324 wbc_status = wbcGetGroups(user, &num_groups, &groups);
325 if (!WBC_ERROR_IS_OK(wbc_status)) {
326 d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
327 wbcErrorString(wbc_status));
328 return false;
331 for (i = 0; i < num_groups; i++) {
332 d_printf("%d\n", (int)groups[i]);
335 wbcFreeMemory(groups);
337 return true;
341 /* List group SIDs a user SID is a member of */
342 static bool wbinfo_get_usersids(const char *user_sid_str)
344 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
345 uint32_t num_sids;
346 uint32_t i;
347 struct wbcDomainSid user_sid, *sids = NULL;
349 /* Send request */
351 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
352 if (!WBC_ERROR_IS_OK(wbc_status)) {
353 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
354 wbcErrorString(wbc_status));
355 return false;
358 wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
359 if (!WBC_ERROR_IS_OK(wbc_status)) {
360 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
361 wbcErrorString(wbc_status));
362 return false;
365 for (i = 0; i < num_sids; i++) {
366 char str[WBC_SID_STRING_BUFLEN];
367 wbcSidToStringBuf(&sids[i], str, sizeof(str));
368 d_printf("%s\n", str);
371 wbcFreeMemory(sids);
373 return true;
376 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
378 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
379 uint32_t num_sids;
380 uint32_t i;
381 struct wbcDomainSid user_sid, *sids = NULL;
383 /* Send request */
385 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
386 if (!WBC_ERROR_IS_OK(wbc_status)) {
387 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
388 wbcErrorString(wbc_status));
389 return false;
392 wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
393 if (!WBC_ERROR_IS_OK(wbc_status)) {
394 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
395 wbcErrorString(wbc_status));
396 return false;
399 for (i = 0; i < num_sids; i++) {
400 char str[WBC_SID_STRING_BUFLEN];
401 wbcSidToStringBuf(&sids[i], str, sizeof(str));
402 d_printf("%s\n", str);
405 wbcFreeMemory(sids);
407 return true;
410 static bool wbinfo_get_sidaliases(const char *domain,
411 const char *user_sid_str)
413 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
414 struct wbcDomainInfo *dinfo = NULL;
415 uint32_t i;
416 struct wbcDomainSid user_sid;
417 uint32_t *alias_rids = NULL;
418 uint32_t num_alias_rids;
419 char domain_sid_str[WBC_SID_STRING_BUFLEN];
421 /* Send request */
422 if ((domain == NULL) || (strequal(domain, ".")) ||
423 (domain[0] == '\0')) {
424 domain = get_winbind_domain();
427 /* Send request */
429 wbc_status = wbcDomainInfo(domain, &dinfo);
430 if (!WBC_ERROR_IS_OK(wbc_status)) {
431 d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
432 wbcErrorString(wbc_status));
433 goto done;
435 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
436 if (!WBC_ERROR_IS_OK(wbc_status)) {
437 goto done;
440 wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
441 &alias_rids, &num_alias_rids);
442 if (!WBC_ERROR_IS_OK(wbc_status)) {
443 goto done;
446 wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
448 for (i = 0; i < num_alias_rids; i++) {
449 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
452 wbcFreeMemory(alias_rids);
454 done:
455 wbcFreeMemory(dinfo);
456 return (WBC_ERR_SUCCESS == wbc_status);
460 /* Convert NetBIOS name to IP */
462 static bool wbinfo_wins_byname(const char *name)
464 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
465 char *ip = NULL;
467 wbc_status = wbcResolveWinsByName(name, &ip);
468 if (!WBC_ERROR_IS_OK(wbc_status)) {
469 d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
470 wbcErrorString(wbc_status));
471 return false;
474 /* Display response */
476 d_printf("%s\n", ip);
478 wbcFreeMemory(ip);
480 return true;
483 /* Convert IP to NetBIOS name */
485 static bool wbinfo_wins_byip(const char *ip)
487 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
488 char *name = NULL;
490 wbc_status = wbcResolveWinsByIP(ip, &name);
491 if (!WBC_ERROR_IS_OK(wbc_status)) {
492 d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
493 wbcErrorString(wbc_status));
494 return false;
497 /* Display response */
499 d_printf("%s\n", name);
501 wbcFreeMemory(name);
503 return true;
506 /* List all/trusted domains */
508 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
510 struct wbcDomainInfo *domain_list = NULL;
511 size_t i, num_domains;
512 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
513 bool print_all = !list_all_domains && verbose;
515 wbc_status = wbcListTrusts(&domain_list, &num_domains);
516 if (!WBC_ERROR_IS_OK(wbc_status)) {
517 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
518 wbcErrorString(wbc_status));
519 return false;
522 if (print_all) {
523 d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
524 "Domain Name", "DNS Domain", "Trust Type",
525 "Transitive", "In", "Out");
528 for (i=0; i<num_domains; i++) {
529 if (print_all) {
530 d_printf("%-16s", domain_list[i].short_name);
531 } else {
532 d_printf("%s", domain_list[i].short_name);
533 d_printf("\n");
534 continue;
537 d_printf("%-65s", domain_list[i].dns_name);
539 switch(domain_list[i].trust_type) {
540 case WBC_DOMINFO_TRUSTTYPE_NONE:
541 if (domain_list[i].trust_routing != NULL) {
542 d_printf("%s\n", domain_list[i].trust_routing);
543 } else {
544 d_printf("None\n");
546 continue;
547 case WBC_DOMINFO_TRUSTTYPE_LOCAL:
548 d_printf("Local\n");
549 continue;
550 case WBC_DOMINFO_TRUSTTYPE_RWDC:
551 d_printf("RWDC\n");
552 continue;
553 case WBC_DOMINFO_TRUSTTYPE_RODC:
554 d_printf("RODC\n");
555 continue;
556 case WBC_DOMINFO_TRUSTTYPE_PDC:
557 d_printf("PDC\n");
558 continue;
559 case WBC_DOMINFO_TRUSTTYPE_WKSTA:
560 d_printf("Workstation ");
561 break;
562 case WBC_DOMINFO_TRUSTTYPE_FOREST:
563 d_printf("Forest ");
564 break;
565 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
566 d_printf("External ");
567 break;
568 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
569 d_printf("In-Forest ");
570 break;
573 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
574 d_printf("Yes ");
575 } else {
576 d_printf("No ");
579 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
580 d_printf("Yes ");
581 } else {
582 d_printf("No ");
585 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
586 d_printf("Yes ");
587 } else {
588 d_printf("No ");
591 d_printf("\n");
594 wbcFreeMemory(domain_list);
596 return true;
599 /* List own domain */
601 static bool wbinfo_list_own_domain(void)
603 d_printf("%s\n", get_winbind_domain());
605 return true;
608 /* show sequence numbers */
609 static bool wbinfo_show_sequence(const char *domain)
611 d_printf("This command has been deprecated. Please use the "
612 "--online-status option instead.\n");
613 return false;
616 /* show sequence numbers */
617 static bool wbinfo_show_onlinestatus(const char *domain)
619 struct wbcDomainInfo *domain_list = NULL;
620 size_t i, num_domains;
621 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
623 wbc_status = wbcListTrusts(&domain_list, &num_domains);
624 if (!WBC_ERROR_IS_OK(wbc_status)) {
625 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
626 wbcErrorString(wbc_status));
627 return false;
630 for (i=0; i<num_domains; i++) {
631 bool is_offline;
633 if (domain) {
634 if (!strequal(domain_list[i].short_name, domain)) {
635 continue;
639 is_offline = (domain_list[i].domain_flags &
640 WBC_DOMINFO_DOMAIN_OFFLINE);
642 d_printf("%s : %s\n",
643 domain_list[i].short_name,
644 is_offline ? "no active connection" : "active connection" );
647 wbcFreeMemory(domain_list);
649 return true;
653 /* Show domain info */
655 static bool wbinfo_domain_info(const char *domain)
657 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
658 struct wbcDomainInfo *dinfo = NULL;
659 char sid_str[WBC_SID_STRING_BUFLEN];
661 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
662 domain = get_winbind_domain();
665 /* Send request */
667 wbc_status = wbcDomainInfo(domain, &dinfo);
668 if (!WBC_ERROR_IS_OK(wbc_status)) {
669 d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
670 wbcErrorString(wbc_status));
671 return false;
674 wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
676 /* Display response */
678 d_printf("Name : %s\n", dinfo->short_name);
679 d_printf("Alt_Name : %s\n", dinfo->dns_name);
681 d_printf("SID : %s\n", sid_str);
683 d_printf("Active Directory : %s\n",
684 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
685 d_printf("Native : %s\n",
686 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
687 "Yes" : "No");
689 d_printf("Primary : %s\n",
690 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
691 "Yes" : "No");
693 wbcFreeMemory(dinfo);
695 return true;
698 /* Get a foreign DC's name */
699 static bool wbinfo_getdcname(const char *domain_name)
701 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
702 struct winbindd_request request;
703 struct winbindd_response response;
705 ZERO_STRUCT(request);
706 ZERO_STRUCT(response);
708 fstrcpy(request.domain_name, domain_name);
710 /* Send request */
712 wbc_status = wbcRequestResponse(NULL, WINBINDD_GETDCNAME,
713 &request, &response);
714 if (!WBC_ERROR_IS_OK(wbc_status)) {
715 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
716 return false;
719 /* Display response */
721 d_printf("%s\n", response.data.dc_name);
723 return true;
726 /* Find a DC */
727 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
729 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
730 struct wbcDomainControllerInfoEx *dc_info;
731 char *str = NULL;
733 wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
734 flags | DS_DIRECTORY_SERVICE_REQUIRED,
735 &dc_info);
736 if (!WBC_ERROR_IS_OK(wbc_status)) {
737 printf("Could not find dc for %s\n", domain_name);
738 return false;
741 wbcGuidToString(dc_info->domain_guid, &str);
743 d_printf("%s\n", dc_info->dc_unc);
744 d_printf("%s\n", dc_info->dc_address);
745 d_printf("%d\n", dc_info->dc_address_type);
746 d_printf("%s\n", str);
747 d_printf("%s\n", dc_info->domain_name);
748 d_printf("%s\n", dc_info->forest_name);
749 d_printf("0x%08x\n", dc_info->dc_flags);
750 d_printf("%s\n", dc_info->dc_site_name);
751 d_printf("%s\n", dc_info->client_site_name);
753 wbcFreeMemory(str);
754 wbcFreeMemory(dc_info);
756 return true;
759 /* Check trust account password */
761 static bool wbinfo_check_secret(const char *domain)
763 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
764 struct wbcAuthErrorInfo *error = NULL;
765 const char *domain_name;
767 if (domain) {
768 domain_name = domain;
769 } else {
770 domain_name = get_winbind_domain();
773 wbc_status = wbcCheckTrustCredentials(domain_name, &error);
775 d_printf("checking the trust secret for domain %s via RPC calls %s\n",
776 domain_name,
777 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
779 if (wbc_status == WBC_ERR_AUTH_ERROR) {
780 d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
781 domain_name, error->nt_string, error->nt_status);
782 wbcFreeMemory(error);
784 if (!WBC_ERROR_IS_OK(wbc_status)) {
785 d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
786 "%s\n", wbcErrorString(wbc_status));
787 return false;
790 return true;
793 /* Find the currently connected DCs */
795 static bool wbinfo_dc_info(const char *domain_name)
797 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
798 size_t i, num_dcs;
799 const char **dc_names, **dc_ips;
801 wbc_status = wbcDcInfo(domain_name, &num_dcs,
802 &dc_names, &dc_ips);
803 if (!WBC_ERROR_IS_OK(wbc_status)) {
804 printf("Could not find dc info %s\n",
805 domain_name ? domain_name : "our domain");
806 return false;
809 for (i=0; i<num_dcs; i++) {
810 printf("%s (%s)\n", dc_names[i], dc_ips[i]);
812 wbcFreeMemory(dc_names);
813 wbcFreeMemory(dc_ips);
815 return true;
818 /* Change trust account password */
820 static bool wbinfo_change_secret(const char *domain)
822 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
823 struct wbcAuthErrorInfo *error = NULL;
824 const char *domain_name;
826 if (domain) {
827 domain_name = domain;
828 } else {
829 domain_name = get_winbind_domain();
832 wbc_status = wbcChangeTrustCredentials(domain_name, &error);
834 d_printf("changing the trust secret for domain %s via RPC calls %s\n",
835 domain_name,
836 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
838 if (wbc_status == WBC_ERR_AUTH_ERROR) {
839 d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
840 domain_name, error->nt_string, error->nt_status);
841 wbcFreeMemory(error);
843 if (!WBC_ERROR_IS_OK(wbc_status)) {
844 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
845 "%s\n", wbcErrorString(wbc_status));
846 return false;
849 return true;
852 /* Check DC connection */
854 static bool wbinfo_ping_dc(const char *domain)
856 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
857 struct wbcAuthErrorInfo *error = NULL;
858 char *dcname = NULL;
860 const char *domain_name;
862 if (domain) {
863 domain_name = domain;
864 } else {
865 domain_name = get_winbind_domain();
868 wbc_status = wbcPingDc2(domain_name, &error, &dcname);
870 d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
871 domain_name ? domain_name : "",
872 dcname ? dcname : "",
873 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
875 wbcFreeMemory(dcname);
876 if (wbc_status == WBC_ERR_AUTH_ERROR) {
877 d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
878 domain_name, error->nt_string, error->nt_status);
879 wbcFreeMemory(error);
880 return false;
882 if (!WBC_ERROR_IS_OK(wbc_status)) {
883 d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
884 wbcErrorString(wbc_status));
885 return false;
888 return true;
891 /* Convert uid to sid */
893 static bool wbinfo_uid_to_sid(uid_t uid)
895 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
896 struct wbcDomainSid sid;
897 char sid_str[WBC_SID_STRING_BUFLEN];
899 /* Send request */
901 wbc_status = wbcUidToSid(uid, &sid);
902 if (!WBC_ERROR_IS_OK(wbc_status)) {
903 d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
904 wbcErrorString(wbc_status));
905 return false;
908 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
910 /* Display response */
912 d_printf("%s\n", sid_str);
914 return true;
917 /* Convert gid to sid */
919 static bool wbinfo_gid_to_sid(gid_t gid)
921 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
922 struct wbcDomainSid sid;
923 char sid_str[WBC_SID_STRING_BUFLEN];
925 /* Send request */
927 wbc_status = wbcGidToSid(gid, &sid);
928 if (!WBC_ERROR_IS_OK(wbc_status)) {
929 d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
930 wbcErrorString(wbc_status));
931 return false;
934 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
936 /* Display response */
938 d_printf("%s\n", sid_str);
940 return true;
943 /* Convert sid to uid */
945 static bool wbinfo_sid_to_uid(const char *sid_str)
947 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
948 struct wbcDomainSid sid;
949 uid_t uid;
951 /* Send request */
953 wbc_status = wbcStringToSid(sid_str, &sid);
954 if (!WBC_ERROR_IS_OK(wbc_status)) {
955 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
956 wbcErrorString(wbc_status));
957 return false;
960 wbc_status = wbcSidToUid(&sid, &uid);
961 if (!WBC_ERROR_IS_OK(wbc_status)) {
962 d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
963 wbcErrorString(wbc_status));
964 return false;
967 /* Display response */
969 d_printf("%d\n", (int)uid);
971 return true;
974 static bool wbinfo_sid_to_gid(const char *sid_str)
976 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
977 struct wbcDomainSid sid;
978 gid_t gid;
980 /* Send request */
982 wbc_status = wbcStringToSid(sid_str, &sid);
983 if (!WBC_ERROR_IS_OK(wbc_status)) {
984 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
985 wbcErrorString(wbc_status));
986 return false;
989 wbc_status = wbcSidToGid(&sid, &gid);
990 if (!WBC_ERROR_IS_OK(wbc_status)) {
991 d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
992 wbcErrorString(wbc_status));
993 return false;
996 /* Display response */
998 d_printf("%d\n", (int)gid);
1000 return true;
1003 static bool wbinfo_sids_to_unix_ids(const char *arg)
1005 char sidstr[WBC_SID_STRING_BUFLEN];
1006 struct wbcDomainSid *sids;
1007 struct wbcUnixId *unix_ids;
1008 int i, num_sids;
1009 const char *p;
1010 wbcErr wbc_status;
1013 num_sids = 0;
1014 sids = NULL;
1015 p = arg;
1017 while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1018 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1019 num_sids+1);
1020 if (sids == NULL) {
1021 d_fprintf(stderr, "talloc failed\n");
1022 return false;
1024 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1025 if (!WBC_ERROR_IS_OK(wbc_status)) {
1026 d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1027 sidstr, wbcErrorString(wbc_status));
1028 TALLOC_FREE(sids);
1029 return false;
1031 num_sids += 1;
1034 unix_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_sids);
1035 if (unix_ids == NULL) {
1036 TALLOC_FREE(sids);
1037 return false;
1040 wbc_status = wbcSidsToUnixIds(sids, num_sids, unix_ids);
1041 if (!WBC_ERROR_IS_OK(wbc_status)) {
1042 d_fprintf(stderr, "wbcSidsToUnixIds failed: %s\n",
1043 wbcErrorString(wbc_status));
1044 TALLOC_FREE(sids);
1045 return false;
1048 for (i=0; i<num_sids; i++) {
1050 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1052 switch(unix_ids[i].type) {
1053 case WBC_ID_TYPE_UID:
1054 d_printf("%s -> uid %d\n", sidstr, unix_ids[i].id.uid);
1055 break;
1056 case WBC_ID_TYPE_GID:
1057 d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
1058 break;
1059 case WBC_ID_TYPE_BOTH:
1060 d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
1061 break;
1062 default:
1063 d_printf("%s -> unmapped\n", sidstr);
1064 break;
1068 TALLOC_FREE(sids);
1069 TALLOC_FREE(unix_ids);
1071 return true;
1074 static bool wbinfo_xids_to_sids(const char *arg)
1076 fstring idstr;
1077 struct wbcUnixId *xids = NULL;
1078 struct wbcDomainSid *sids;
1079 wbcErr wbc_status;
1080 int num_xids = 0;
1081 const char *p;
1082 int i;
1084 p = arg;
1086 while (next_token(&p, idstr, LIST_SEP, sizeof(idstr))) {
1087 xids = talloc_realloc(talloc_tos(), xids, struct wbcUnixId,
1088 num_xids+1);
1089 if (xids == NULL) {
1090 d_fprintf(stderr, "talloc failed\n");
1091 return false;
1094 switch (idstr[0]) {
1095 case 'u':
1096 xids[num_xids] = (struct wbcUnixId) {
1097 .type = WBC_ID_TYPE_UID,
1098 .id.uid = atoi(&idstr[1])
1100 break;
1101 case 'g':
1102 xids[num_xids] = (struct wbcUnixId) {
1103 .type = WBC_ID_TYPE_GID,
1104 .id.gid = atoi(&idstr[1])
1106 break;
1107 default:
1108 d_fprintf(stderr, "%s is an invalid id\n", idstr);
1109 TALLOC_FREE(xids);
1110 return false;
1112 num_xids += 1;
1115 sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_xids);
1116 if (sids == NULL) {
1117 d_fprintf(stderr, "talloc failed\n");
1118 TALLOC_FREE(xids);
1119 return false;
1122 wbc_status = wbcUnixIdsToSids(xids, num_xids, sids);
1123 if (!WBC_ERROR_IS_OK(wbc_status)) {
1124 d_fprintf(stderr, "wbcUnixIdsToSids failed: %s\n",
1125 wbcErrorString(wbc_status));
1126 TALLOC_FREE(sids);
1127 TALLOC_FREE(xids);
1128 return false;
1131 for (i=0; i<num_xids; i++) {
1132 char str[WBC_SID_STRING_BUFLEN];
1133 struct wbcDomainSid null_sid = { 0 };
1135 if (memcmp(&null_sid, &sids[i], sizeof(struct wbcDomainSid)) == 0) {
1136 d_printf("NOT MAPPED\n");
1137 continue;
1139 wbcSidToStringBuf(&sids[i], str, sizeof(str));
1140 d_printf("%s\n", str);
1143 return true;
1146 static bool wbinfo_allocate_uid(void)
1148 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1149 uid_t uid;
1151 /* Send request */
1153 wbc_status = wbcAllocateUid(&uid);
1154 if (!WBC_ERROR_IS_OK(wbc_status)) {
1155 d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
1156 wbcErrorString(wbc_status));
1157 return false;
1160 /* Display response */
1162 d_printf("New uid: %u\n", (unsigned int)uid);
1164 return true;
1167 static bool wbinfo_allocate_gid(void)
1169 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1170 gid_t gid;
1172 /* Send request */
1174 wbc_status = wbcAllocateGid(&gid);
1175 if (!WBC_ERROR_IS_OK(wbc_status)) {
1176 d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
1177 wbcErrorString(wbc_status));
1178 return false;
1181 /* Display response */
1183 d_printf("New gid: %u\n", (unsigned int)gid);
1185 return true;
1188 static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
1190 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1191 struct wbcDomainSid sid;
1193 /* Send request */
1195 wbc_status = wbcStringToSid(sid_str, &sid);
1196 if (!WBC_ERROR_IS_OK(wbc_status)) {
1197 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1198 wbcErrorString(wbc_status));
1199 return false;
1202 wbc_status = wbcSetUidMapping(uid, &sid);
1203 if (!WBC_ERROR_IS_OK(wbc_status)) {
1204 d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
1205 wbcErrorString(wbc_status));
1206 return false;
1209 /* Display response */
1211 d_printf("uid %u now mapped to sid %s\n",
1212 (unsigned int)uid, sid_str);
1214 return true;
1217 static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
1219 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1220 struct wbcDomainSid sid;
1222 /* Send request */
1224 wbc_status = wbcStringToSid(sid_str, &sid);
1225 if (!WBC_ERROR_IS_OK(wbc_status)) {
1226 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1227 wbcErrorString(wbc_status));
1228 return false;
1231 wbc_status = wbcSetGidMapping(gid, &sid);
1232 if (!WBC_ERROR_IS_OK(wbc_status)) {
1233 d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
1234 wbcErrorString(wbc_status));
1235 return false;
1238 /* Display response */
1240 d_printf("gid %u now mapped to sid %s\n",
1241 (unsigned int)gid, sid_str);
1243 return true;
1246 static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1248 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1249 struct wbcDomainSid sid;
1251 /* Send request */
1253 wbc_status = wbcStringToSid(sid_str, &sid);
1254 if (!WBC_ERROR_IS_OK(wbc_status)) {
1255 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1256 wbcErrorString(wbc_status));
1257 return false;
1260 wbc_status = wbcRemoveUidMapping(uid, &sid);
1261 if (!WBC_ERROR_IS_OK(wbc_status)) {
1262 d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
1263 wbcErrorString(wbc_status));
1264 return false;
1267 /* Display response */
1269 d_printf("Removed uid %u to sid %s mapping\n",
1270 (unsigned int)uid, sid_str);
1272 return true;
1275 static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1277 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1278 struct wbcDomainSid sid;
1280 /* Send request */
1282 wbc_status = wbcStringToSid(sid_str, &sid);
1283 if (!WBC_ERROR_IS_OK(wbc_status)) {
1284 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1285 wbcErrorString(wbc_status));
1286 return false;
1289 wbc_status = wbcRemoveGidMapping(gid, &sid);
1290 if (!WBC_ERROR_IS_OK(wbc_status)) {
1291 d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
1292 wbcErrorString(wbc_status));
1293 return false;
1296 /* Display response */
1298 d_printf("Removed gid %u to sid %s mapping\n",
1299 (unsigned int)gid, sid_str);
1301 return true;
1304 /* Convert sid to string */
1306 static bool wbinfo_lookupsid(const char *sid_str)
1308 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1309 struct wbcDomainSid sid;
1310 char *domain;
1311 char *name;
1312 enum wbcSidType type;
1314 /* Send off request */
1316 wbc_status = wbcStringToSid(sid_str, &sid);
1317 if (!WBC_ERROR_IS_OK(wbc_status)) {
1318 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1319 wbcErrorString(wbc_status));
1320 return false;
1323 wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1324 if (!WBC_ERROR_IS_OK(wbc_status)) {
1325 d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1326 wbcErrorString(wbc_status));
1327 return false;
1330 /* Display response */
1332 if (type == WBC_SID_NAME_DOMAIN) {
1333 d_printf("%s %d\n", domain, type);
1334 } else {
1335 d_printf("%s%c%s %d\n",
1336 domain, winbind_separator(), name, type);
1339 wbcFreeMemory(domain);
1340 wbcFreeMemory(name);
1342 return true;
1345 /* Convert sid to fullname */
1347 static bool wbinfo_lookupsid_fullname(const char *sid_str)
1349 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1350 struct wbcDomainSid sid;
1351 char *domain;
1352 char *name;
1353 enum wbcSidType type;
1355 /* Send off request */
1357 wbc_status = wbcStringToSid(sid_str, &sid);
1358 if (!WBC_ERROR_IS_OK(wbc_status)) {
1359 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1360 wbcErrorString(wbc_status));
1361 return false;
1364 wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1365 if (!WBC_ERROR_IS_OK(wbc_status)) {
1366 d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1367 wbcErrorString(wbc_status));
1368 return false;
1371 /* Display response */
1373 d_printf("%s%c%s %d\n",
1374 domain, winbind_separator(), name, type);
1376 wbcFreeMemory(domain);
1377 wbcFreeMemory(name);
1379 return true;
1382 /* Lookup a list of RIDs */
1384 static bool wbinfo_lookuprids(const char *domain, const char *arg)
1386 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1387 struct wbcDomainSid dsid;
1388 char *domain_name = NULL;
1389 const char **names = NULL;
1390 enum wbcSidType *types = NULL;
1391 size_t i, num_rids;
1392 uint32_t *rids = NULL;
1393 const char *p;
1394 char *ridstr;
1395 TALLOC_CTX *mem_ctx = NULL;
1396 bool ret = false;
1398 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1399 domain = get_winbind_domain();
1402 wbc_status = wbcStringToSid(domain, &dsid);
1403 if (!WBC_ERROR_IS_OK(wbc_status)) {
1404 struct wbcDomainInfo *dinfo = NULL;
1406 wbc_status = wbcDomainInfo(domain, &dinfo);
1407 if (!WBC_ERROR_IS_OK(wbc_status)) {
1408 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1409 wbcErrorString(wbc_status));
1410 goto done;
1413 dsid = dinfo->sid;
1414 wbcFreeMemory(dinfo);
1417 mem_ctx = talloc_new(NULL);
1418 if (mem_ctx == NULL) {
1419 d_printf("talloc_new failed\n");
1420 goto done;
1423 num_rids = 0;
1424 rids = NULL;
1425 p = arg;
1427 while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1428 int error = 0;
1429 uint32_t rid;
1431 rid = smb_strtoul(ridstr, NULL, 10, &error, SMB_STR_STANDARD);
1432 if (error != 0) {
1433 d_printf("failed to convert rid\n");
1434 goto done;
1436 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1437 if (rids == NULL) {
1438 d_printf("talloc_realloc failed\n");
1440 rids[num_rids] = rid;
1441 num_rids += 1;
1444 if (rids == NULL) {
1445 d_printf("no rids\n");
1446 goto done;
1449 wbc_status = wbcLookupRids(
1450 &dsid, num_rids, rids, &p, &names, &types);
1451 if (!WBC_ERROR_IS_OK(wbc_status)) {
1452 d_printf("winbind_lookup_rids failed: %s\n",
1453 wbcErrorString(wbc_status));
1454 goto done;
1457 domain_name = discard_const_p(char, p);
1458 d_printf("Domain: %s\n", domain_name);
1460 for (i=0; i<num_rids; i++) {
1461 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1462 wbcSidTypeString(types[i]));
1465 ret = true;
1466 done:
1467 wbcFreeMemory(domain_name);
1468 wbcFreeMemory(names);
1469 wbcFreeMemory(types);
1470 TALLOC_FREE(mem_ctx);
1471 return ret;
1474 static bool wbinfo_lookup_sids(const char *arg)
1476 char sidstr[WBC_SID_STRING_BUFLEN];
1477 struct wbcDomainSid *sids;
1478 struct wbcDomainInfo *domains;
1479 struct wbcTranslatedName *names;
1480 int num_domains;
1481 int i, num_sids;
1482 const char *p;
1483 wbcErr wbc_status;
1486 num_sids = 0;
1487 sids = NULL;
1488 p = arg;
1490 while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1491 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1492 num_sids+1);
1493 if (sids == NULL) {
1494 d_fprintf(stderr, "talloc failed\n");
1495 return false;
1497 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1498 if (!WBC_ERROR_IS_OK(wbc_status)) {
1499 d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1500 sidstr, wbcErrorString(wbc_status));
1501 TALLOC_FREE(sids);
1502 return false;
1504 num_sids += 1;
1507 wbc_status = wbcLookupSids(sids, num_sids, &domains, &num_domains,
1508 &names);
1509 if (!WBC_ERROR_IS_OK(wbc_status)) {
1510 d_fprintf(stderr, "wbcLookupSids failed: %s\n",
1511 wbcErrorString(wbc_status));
1512 TALLOC_FREE(sids);
1513 return false;
1516 for (i=0; i<num_sids; i++) {
1517 const char *domain = NULL;
1519 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1521 if (names[i].domain_index >= num_domains) {
1522 domain = "<none>";
1523 } else if (names[i].domain_index < 0) {
1524 domain = "<none>";
1525 } else {
1526 domain = domains[names[i].domain_index].short_name;
1529 if (names[i].type == WBC_SID_NAME_DOMAIN) {
1530 d_printf("%s -> %s %d\n", sidstr,
1531 domain,
1532 names[i].type);
1533 } else {
1534 d_printf("%s -> %s%c%s %d\n", sidstr,
1535 domain,
1536 winbind_separator(),
1537 names[i].name, names[i].type);
1540 wbcFreeMemory(names);
1541 wbcFreeMemory(domains);
1542 return true;
1545 /* Convert string to sid */
1547 static bool wbinfo_lookupname(const char *full_name)
1549 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1550 struct wbcDomainSid sid;
1551 char sid_str[WBC_SID_STRING_BUFLEN];
1552 enum wbcSidType type;
1553 fstring domain_name;
1554 fstring account_name;
1556 /* Send off request */
1558 parse_wbinfo_domain_user(full_name, domain_name,
1559 account_name);
1561 wbc_status = wbcLookupName(domain_name, account_name,
1562 &sid, &type);
1563 if (!WBC_ERROR_IS_OK(wbc_status)) {
1564 d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1565 wbcErrorString(wbc_status));
1566 return false;
1569 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
1571 /* Display response */
1573 d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1575 return true;
1578 static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1579 const char *prefix,
1580 const char *username)
1582 char *prompt;
1583 char buf[1024] = {0};
1584 int rc;
1586 prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1587 if (!prompt) {
1588 return NULL;
1590 if (prefix) {
1591 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1592 if (!prompt) {
1593 return NULL;
1596 prompt = talloc_asprintf_append(prompt, "password: ");
1597 if (!prompt) {
1598 return NULL;
1601 rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
1602 TALLOC_FREE(prompt);
1603 if (rc < 0) {
1604 return NULL;
1607 return talloc_strdup(mem_ctx, buf);
1610 /* Authenticate a user with a plaintext password */
1612 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1614 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1615 char *s = NULL;
1616 char *p = NULL;
1617 char *password = NULL;
1618 char *name = NULL;
1619 char *local_cctype = NULL;
1620 uid_t uid;
1621 struct wbcLogonUserParams params;
1622 struct wbcLogonUserInfo *info;
1623 struct wbcAuthErrorInfo *error;
1624 struct wbcUserPasswordPolicyInfo *policy;
1625 TALLOC_CTX *frame = talloc_tos();
1627 if ((s = talloc_strdup(frame, username)) == NULL) {
1628 return false;
1631 if ((p = strchr(s, '%')) != NULL) {
1632 *p = 0;
1633 p++;
1634 password = talloc_strdup(frame, p);
1635 } else {
1636 password = wbinfo_prompt_pass(frame, NULL, username);
1639 local_cctype = talloc_strdup(frame, cctype);
1641 name = s;
1643 uid = geteuid();
1645 params.username = name;
1646 params.password = password;
1647 params.num_blobs = 0;
1648 params.blobs = NULL;
1650 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1651 &params.blobs,
1652 "flags",
1654 (uint8_t *)&flags,
1655 sizeof(flags));
1656 if (!WBC_ERROR_IS_OK(wbc_status)) {
1657 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1658 wbcErrorString(wbc_status));
1659 goto done;
1662 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1663 &params.blobs,
1664 "user_uid",
1666 (uint8_t *)&uid,
1667 sizeof(uid));
1668 if (!WBC_ERROR_IS_OK(wbc_status)) {
1669 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1670 wbcErrorString(wbc_status));
1671 goto done;
1674 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1675 &params.blobs,
1676 "krb5_cc_type",
1678 (uint8_t *)local_cctype,
1679 strlen(cctype)+1);
1680 if (!WBC_ERROR_IS_OK(wbc_status)) {
1681 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1682 wbcErrorString(wbc_status));
1683 goto done;
1686 wbc_status = wbcLogonUser(&params, &info, &error, &policy);
1688 d_printf("plaintext kerberos password authentication for [%s] %s "
1689 "(requesting cctype: %s)\n",
1690 name, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1691 cctype);
1693 if (error) {
1694 d_fprintf(stderr,
1695 "wbcLogonUser(%s): error code was %s (0x%x)\n"
1696 "error message was: %s\n",
1697 params.username, error->nt_string,
1698 error->nt_status,
1699 error->display_string);
1702 if (WBC_ERROR_IS_OK(wbc_status)) {
1703 if (flags & WBFLAG_PAM_INFO3_TEXT) {
1704 if (info && info->info && info->info->user_flags &
1705 NETLOGON_CACHED_ACCOUNT) {
1706 d_printf("user_flgs: "
1707 "NETLOGON_CACHED_ACCOUNT\n");
1711 if (info) {
1712 size_t i;
1713 for (i=0; i < info->num_blobs; i++) {
1714 if (strequal(info->blobs[i].name,
1715 "krb5ccname")) {
1716 d_printf("credentials were put "
1717 "in: %s\n",
1718 (const char *)
1719 info->blobs[i].blob.data);
1720 break;
1723 } else {
1724 d_printf("no credentials cached\n");
1727 done:
1729 wbcFreeMemory(params.blobs);
1731 return WBC_ERROR_IS_OK(wbc_status);
1734 /* Authenticate a user with a plaintext password */
1736 static bool wbinfo_auth(char *username)
1738 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1739 char *s = NULL;
1740 char *p = NULL;
1741 char *password = NULL;
1742 char *name = NULL;
1743 TALLOC_CTX *frame = talloc_tos();
1745 if ((s = talloc_strdup(frame, username)) == NULL) {
1746 return false;
1749 if ((p = strchr(s, '%')) != NULL) {
1750 *p = 0;
1751 p++;
1752 password = talloc_strdup(frame, p);
1753 } else {
1754 password = wbinfo_prompt_pass(frame, NULL, username);
1757 name = s;
1759 wbc_status = wbcAuthenticateUser(name, password);
1761 d_printf("plaintext password authentication %s\n",
1762 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1764 #if 0
1765 if (response.data.auth.nt_status)
1766 d_fprintf(stderr,
1767 "error code was %s (0x%x)\nerror message was: %s\n",
1768 response.data.auth.nt_status_string,
1769 response.data.auth.nt_status,
1770 response.data.auth.error_string);
1771 #endif
1773 return WBC_ERROR_IS_OK(wbc_status);
1776 /* Authenticate a user with a challenge/response */
1778 static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1780 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1781 struct wbcAuthUserParams params;
1782 struct wbcAuthUserInfo *info = NULL;
1783 struct wbcAuthErrorInfo *err = NULL;
1784 DATA_BLOB lm = data_blob_null;
1785 DATA_BLOB nt = data_blob_null;
1786 fstring name_user;
1787 fstring name_domain;
1788 char *pass;
1789 char *p;
1790 TALLOC_CTX *frame = talloc_tos();
1792 p = strchr(username, '%');
1794 if (p) {
1795 *p = 0;
1796 pass = talloc_strdup(frame, p + 1);
1797 } else {
1798 pass = wbinfo_prompt_pass(frame, NULL, username);
1801 parse_wbinfo_domain_user(username, name_domain, name_user);
1803 params.account_name = name_user;
1804 params.domain_name = name_domain;
1805 params.workstation_name = NULL;
1807 params.flags = 0;
1808 params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1809 WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1811 params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1813 generate_random_buffer(params.password.response.challenge, 8);
1815 if (use_ntlmv2) {
1816 DATA_BLOB server_chal;
1817 DATA_BLOB names_blob;
1818 const char *netbios_name = NULL;
1819 const char *domain = NULL;
1821 netbios_name = get_winbind_netbios_name(),
1822 domain = get_winbind_domain();
1823 if (domain == NULL) {
1824 d_fprintf(stderr, "Failed to get domain from winbindd\n");
1825 return false;
1828 server_chal = data_blob(params.password.response.challenge, 8);
1830 /* Pretend this is a login to 'us', for blob purposes */
1831 names_blob = NTLMv2_generate_names_blob(NULL,
1832 netbios_name,
1833 domain);
1835 if (pass != NULL &&
1836 !SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1837 &server_chal,
1838 &names_blob,
1839 &lm, &nt, NULL, NULL)) {
1840 data_blob_free(&names_blob);
1841 data_blob_free(&server_chal);
1842 TALLOC_FREE(pass);
1843 return false;
1845 data_blob_free(&names_blob);
1846 data_blob_free(&server_chal);
1848 } else {
1849 if (use_lanman) {
1850 bool ok;
1851 lm = data_blob(NULL, 24);
1852 ok = SMBencrypt(pass,
1853 params.password.response.challenge,
1854 lm.data);
1855 if (!ok) {
1856 data_blob_free(&lm);
1859 nt = data_blob(NULL, 24);
1860 SMBNTencrypt(pass, params.password.response.challenge,
1861 nt.data);
1864 params.password.response.nt_length = nt.length;
1865 params.password.response.nt_data = nt.data;
1866 params.password.response.lm_length = lm.length;
1867 params.password.response.lm_data = lm.data;
1869 wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1871 /* Display response */
1873 d_printf("challenge/response password authentication %s\n",
1874 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1876 if (wbc_status == WBC_ERR_AUTH_ERROR) {
1877 d_fprintf(stderr,
1878 "wbcAuthenticateUserEx(%s%c%s): error code was "
1879 "%s (0x%x, authoritative=%"PRIu8")\n"
1880 "error message was: %s\n",
1881 name_domain,
1882 winbind_separator(),
1883 name_user,
1884 err->nt_string,
1885 err->nt_status,
1886 err->authoritative,
1887 err->display_string);
1888 wbcFreeMemory(err);
1889 } else if (WBC_ERROR_IS_OK(wbc_status)) {
1890 wbcFreeMemory(info);
1893 data_blob_free(&nt);
1894 data_blob_free(&lm);
1896 return WBC_ERROR_IS_OK(wbc_status);
1899 /* Authenticate a user with a plaintext password */
1901 static bool wbinfo_pam_logon(char *username, bool verbose)
1903 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1904 struct wbcLogonUserParams params;
1905 struct wbcLogonUserInfo *info = NULL;
1906 struct wbcAuthErrorInfo *error = NULL;
1907 char *s = NULL;
1908 char *p = NULL;
1909 TALLOC_CTX *frame = talloc_tos();
1910 uint32_t flags;
1911 uint32_t uid;
1913 ZERO_STRUCT(params);
1915 if ((s = talloc_strdup(frame, username)) == NULL) {
1916 return false;
1919 if ((p = strchr(s, '%')) != NULL) {
1920 *p = 0;
1921 p++;
1922 params.password = talloc_strdup(frame, p);
1923 } else {
1924 params.password = wbinfo_prompt_pass(frame, NULL, username);
1926 params.username = s;
1928 flags = WBFLAG_PAM_CACHED_LOGIN;
1930 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1931 "flags", 0,
1932 (uint8_t *)&flags, sizeof(flags));
1933 if (!WBC_ERROR_IS_OK(wbc_status)) {
1934 d_printf("wbcAddNamedBlob failed: %s\n",
1935 wbcErrorString(wbc_status));
1936 return false;
1939 uid = getuid();
1941 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1942 "user_uid", 0,
1943 (uint8_t *)&uid, sizeof(uid));
1944 if (!WBC_ERROR_IS_OK(wbc_status)) {
1945 d_printf("wbcAddNamedBlob failed: %s\n",
1946 wbcErrorString(wbc_status));
1947 return false;
1950 wbc_status = wbcLogonUser(&params, &info, &error, NULL);
1952 if (verbose && (info != NULL)) {
1953 struct wbcAuthUserInfo *i = info->info;
1954 uint32_t j;
1956 if (i->account_name != NULL) {
1957 d_printf("account_name: %s\n", i->account_name);
1959 if (i->user_principal != NULL) {
1960 d_printf("user_principal: %s\n", i->user_principal);
1962 if (i->full_name != NULL) {
1963 d_printf("full_name: %s\n", i->full_name);
1965 if (i->domain_name != NULL) {
1966 d_printf("domain_name: %s\n", i->domain_name);
1968 if (i->dns_domain_name != NULL) {
1969 d_printf("dns_domain_name: %s\n", i->dns_domain_name);
1971 if (i->logon_server != NULL) {
1972 d_printf("logon_server: %s\n", i->logon_server);
1974 if (i->logon_script != NULL) {
1975 d_printf("logon_script: %s\n", i->logon_script);
1977 if (i->profile_path != NULL) {
1978 d_printf("profile_path: %s\n", i->profile_path);
1980 if (i->home_directory != NULL) {
1981 d_printf("home_directory: %s\n", i->home_directory);
1983 if (i->home_drive != NULL) {
1984 d_printf("home_drive: %s\n", i->home_drive);
1987 d_printf("sids:");
1989 for (j=0; j<i->num_sids; j++) {
1990 char buf[WBC_SID_STRING_BUFLEN];
1991 wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
1992 d_printf(" %s", buf);
1994 d_printf("\n");
1996 wbcFreeMemory(info);
1997 info = NULL;
2000 wbcFreeMemory(params.blobs);
2002 d_printf("plaintext password authentication %s\n",
2003 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2005 if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
2006 d_fprintf(stderr,
2007 "wbcLogonUser(%s): error code was %s (0x%x)\n"
2008 "error message was: %s\n",
2009 params.username,
2010 error->nt_string,
2011 (int)error->nt_status,
2012 error->display_string);
2013 wbcFreeMemory(error);
2015 return WBC_ERROR_IS_OK(wbc_status);
2018 /* Save creds with winbind */
2020 static bool wbinfo_ccache_save(char *username)
2022 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2023 char *s = NULL;
2024 char *p = NULL;
2025 char *password = NULL;
2026 char *name = NULL;
2027 TALLOC_CTX *frame = talloc_stackframe();
2029 s = talloc_strdup(frame, username);
2030 if (s == NULL) {
2031 return false;
2034 p = strchr(s, '%');
2035 if (p != NULL) {
2036 *p = 0;
2037 p++;
2038 password = talloc_strdup(frame, p);
2039 } else {
2040 password = wbinfo_prompt_pass(frame, NULL, username);
2043 name = s;
2045 wbc_status = wbcCredentialSave(name, password);
2047 d_printf("saving creds %s\n",
2048 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2050 TALLOC_FREE(frame);
2052 return WBC_ERROR_IS_OK(wbc_status);
2055 #ifdef WITH_FAKE_KASERVER
2056 /* Authenticate a user with a plaintext password and set a token */
2058 static bool wbinfo_klog(char *username)
2060 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2061 struct winbindd_request request;
2062 struct winbindd_response response;
2063 char *p;
2065 /* Send off request */
2067 ZERO_STRUCT(request);
2068 ZERO_STRUCT(response);
2070 p = strchr(username, '%');
2072 if (p) {
2073 *p = 0;
2074 fstrcpy(request.data.auth.user, username);
2075 fstrcpy(request.data.auth.pass, p + 1);
2076 *p = '%';
2077 } else {
2078 fstrcpy(request.data.auth.user, username);
2079 (void) samba_getpass("Password: ",
2080 request.data.auth.pass,
2081 sizeof(request.data.auth.pass),
2082 false, false);
2085 request.flags |= WBFLAG_PAM_AFS_TOKEN;
2087 wbc_status = wbcRequestResponse(NULL, WINBINDD_PAM_AUTH,
2088 &request, &response);
2090 /* Display response */
2092 d_printf("plaintext password authentication %s\n",
2093 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2095 if (response.data.auth.nt_status)
2096 d_fprintf(stderr,
2097 "error code was %s (0x%x)\nerror message was: %s\n",
2098 response.data.auth.nt_status_string,
2099 response.data.auth.nt_status,
2100 response.data.auth.error_string);
2102 if (!WBC_ERROR_IS_OK(wbc_status))
2103 return false;
2105 if (response.extra_data.data == NULL) {
2106 d_fprintf(stderr, "Did not get token data\n");
2107 return false;
2110 if (!afs_settoken_str((char *)response.extra_data.data)) {
2111 winbindd_free_response(&response);
2112 d_fprintf(stderr, "Could not set token\n");
2113 return false;
2116 winbindd_free_response(&response);
2117 d_printf("Successfully created AFS token\n");
2118 return true;
2120 #else
2121 static bool wbinfo_klog(char *username)
2123 d_fprintf(stderr, "No AFS support compiled in.\n");
2124 return false;
2126 #endif
2128 /* Print domain users */
2130 static bool print_domain_users(const char *domain)
2132 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2133 uint32_t i;
2134 uint32_t num_users = 0;
2135 const char **users = NULL;
2137 /* Send request to winbind daemon */
2139 if (domain == NULL) {
2140 domain = get_winbind_domain();
2141 } else {
2142 /* '.' is the special sign for our own domain */
2143 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2144 domain = get_winbind_domain();
2145 /* '*' is the special sign for all domains */
2146 } else if (strcmp(domain, "*") == 0) {
2147 domain = NULL;
2151 wbc_status = wbcListUsers(domain, &num_users, &users);
2152 if (!WBC_ERROR_IS_OK(wbc_status)) {
2153 return false;
2156 for (i=0; i < num_users; i++) {
2157 d_printf("%s\n", users[i]);
2160 wbcFreeMemory(users);
2162 return true;
2165 /* Print domain groups */
2167 static bool print_domain_groups(const char *domain)
2169 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2170 uint32_t i;
2171 uint32_t num_groups = 0;
2172 const char **groups = NULL;
2174 /* Send request to winbind daemon */
2176 if (domain == NULL) {
2177 domain = get_winbind_domain();
2178 } else {
2179 /* '.' is the special sign for our own domain */
2180 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2181 domain = get_winbind_domain();
2182 /* '*' is the special sign for all domains */
2183 } else if (strcmp(domain, "*") == 0) {
2184 domain = NULL;
2188 wbc_status = wbcListGroups(domain, &num_groups, &groups);
2189 if (!WBC_ERROR_IS_OK(wbc_status)) {
2190 d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
2191 wbcErrorString(wbc_status));
2192 return false;
2195 for (i=0; i < num_groups; i++) {
2196 d_printf("%s\n", groups[i]);
2199 wbcFreeMemory(groups);
2201 return true;
2204 /* Set the authorised user for winbindd access in secrets.tdb */
2206 static bool wbinfo_set_auth_user(char *username)
2208 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2209 "See 'net help setauthuser' for details.\n");
2210 return false;
2213 static void wbinfo_get_auth_user(void)
2215 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2216 "See 'net help getauthuser' for details.\n");
2219 static bool wbinfo_ping(void)
2221 wbcErr wbc_status;
2223 wbc_status = wbcPing();
2225 /* Display response */
2227 d_printf("Ping to winbindd %s\n",
2228 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2230 return WBC_ERROR_IS_OK(wbc_status);
2233 static bool wbinfo_change_user_password(const char *username)
2235 wbcErr wbc_status;
2236 char *old_password = NULL;
2237 char *new_password = NULL;
2238 TALLOC_CTX *frame = talloc_tos();
2240 old_password = wbinfo_prompt_pass(frame, "old", username);
2241 new_password = wbinfo_prompt_pass(frame, "new", username);
2243 wbc_status = wbcChangeUserPassword(username, old_password,new_password);
2245 /* Display response */
2247 d_printf("Password change for user %s %s\n", username,
2248 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2250 return WBC_ERROR_IS_OK(wbc_status);
2253 /* Main program */
2255 enum {
2256 OPT_SET_AUTH_USER = 1000,
2257 OPT_GET_AUTH_USER,
2258 OPT_DOMAIN_NAME,
2259 OPT_SEQUENCE,
2260 OPT_GETDCNAME,
2261 OPT_DSGETDCNAME,
2262 OPT_DC_INFO,
2263 OPT_USERDOMGROUPS,
2264 OPT_SIDALIASES,
2265 OPT_USERSIDS,
2266 OPT_LOOKUP_SIDS,
2267 OPT_ALLOCATE_UID,
2268 OPT_ALLOCATE_GID,
2269 OPT_SET_UID_MAPPING,
2270 OPT_SET_GID_MAPPING,
2271 OPT_REMOVE_UID_MAPPING,
2272 OPT_REMOVE_GID_MAPPING,
2273 OPT_SIDS_TO_XIDS,
2274 OPT_XIDS_TO_SIDS,
2275 OPT_SEPARATOR,
2276 OPT_LIST_ALL_DOMAINS,
2277 OPT_LIST_OWN_DOMAIN,
2278 OPT_UID_INFO,
2279 OPT_USER_SIDINFO,
2280 OPT_GROUP_INFO,
2281 OPT_GID_INFO,
2282 OPT_VERBOSE,
2283 OPT_ONLINESTATUS,
2284 OPT_CHANGE_USER_PASSWORD,
2285 OPT_CCACHE_SAVE,
2286 OPT_SID_TO_FULLNAME,
2287 OPT_NTLMV1,
2288 OPT_NTLMV2,
2289 OPT_PAM_LOGON,
2290 OPT_LOGOFF,
2291 OPT_LOGOFF_USER,
2292 OPT_LOGOFF_UID,
2293 OPT_LANMAN,
2294 OPT_KRB5CCNAME
2297 int main(int argc, const char **argv, char **envp)
2299 int opt;
2300 TALLOC_CTX *frame = talloc_stackframe();
2301 poptContext pc;
2302 static char *string_arg;
2303 char *string_subarg = NULL;
2304 static char *opt_domain_name;
2305 static int int_arg;
2306 int int_subarg = -1;
2307 int result = 1;
2308 bool verbose = false;
2309 bool use_ntlmv2 = true;
2310 bool use_lanman = false;
2311 char *logoff_user = getenv("USER");
2312 int logoff_uid = geteuid();
2313 const char *opt_krb5ccname = "FILE";
2315 struct poptOption long_options[] = {
2316 POPT_AUTOHELP
2318 /* longName, shortName, argInfo, argPtr, value, descrip,
2319 argDesc */
2322 .longName = "domain-users",
2323 .shortName = 'u',
2324 .argInfo = POPT_ARG_NONE,
2325 .val = 'u',
2326 .descrip = "Lists all domain users",
2327 .argDescrip = "domain"
2330 .longName = "domain-groups",
2331 .shortName = 'g',
2332 .argInfo = POPT_ARG_NONE,
2333 .val = 'g',
2334 .descrip = "Lists all domain groups",
2335 .argDescrip = "domain"
2338 .longName = "WINS-by-name",
2339 .shortName = 'N',
2340 .argInfo = POPT_ARG_STRING,
2341 .arg = &string_arg,
2342 .val = 'N',
2343 .descrip = "Converts NetBIOS name to IP",
2344 .argDescrip = "NETBIOS-NAME"
2347 .longName = "WINS-by-ip",
2348 .shortName = 'I',
2349 .argInfo = POPT_ARG_STRING,
2350 .arg = &string_arg,
2351 .val = 'I',
2352 .descrip = "Converts IP address to NetBIOS name",
2353 .argDescrip = "IP"
2356 .longName = "name-to-sid",
2357 .shortName = 'n',
2358 .argInfo = POPT_ARG_STRING,
2359 .arg = &string_arg,
2360 .val = 'n',
2361 .descrip = "Converts name to sid",
2362 .argDescrip = "NAME"
2365 .longName = "sid-to-name",
2366 .shortName = 's',
2367 .argInfo = POPT_ARG_STRING,
2368 .arg = &string_arg,
2369 .val = 's',
2370 .descrip = "Converts sid to name",
2371 .argDescrip = "SID"
2374 .longName = "sid-to-fullname",
2375 .argInfo = POPT_ARG_STRING,
2376 .arg = &string_arg,
2377 .val = OPT_SID_TO_FULLNAME,
2378 .descrip = "Converts sid to fullname",
2379 .argDescrip = "SID"
2382 .longName = "lookup-rids",
2383 .shortName = 'R',
2384 .argInfo = POPT_ARG_STRING,
2385 .arg = &string_arg,
2386 .val = 'R',
2387 .descrip = "Converts RIDs to names",
2388 .argDescrip = "RIDs"
2391 .longName = "lookup-sids",
2392 .argInfo = POPT_ARG_STRING,
2393 .arg = &string_arg,
2394 .val = OPT_LOOKUP_SIDS,
2395 .descrip = "Converts SIDs to types and names",
2396 .argDescrip = "Sid-List"
2399 .longName = "uid-to-sid",
2400 .shortName = 'U',
2401 .argInfo = POPT_ARG_INT,
2402 .arg = &int_arg,
2403 .val = 'U',
2404 .descrip = "Converts uid to sid",
2405 .argDescrip = "UID"
2408 .longName = "gid-to-sid",
2409 .shortName = 'G',
2410 .argInfo = POPT_ARG_INT,
2411 .arg = &int_arg,
2412 .val = 'G',
2413 .descrip = "Converts gid to sid",
2414 .argDescrip = "GID"
2417 .longName = "sid-to-uid",
2418 .shortName = 'S',
2419 .argInfo = POPT_ARG_STRING,
2420 .arg = &string_arg,
2421 .val = 'S',
2422 .descrip = "Converts sid to uid",
2423 .argDescrip = "SID"
2426 .longName = "sid-to-gid",
2427 .shortName = 'Y',
2428 .argInfo = POPT_ARG_STRING,
2429 .arg = &string_arg,
2430 .val = 'Y',
2431 .descrip = "Converts sid to gid",
2432 .argDescrip = "SID"
2435 .longName = "allocate-uid",
2436 .argInfo = POPT_ARG_NONE,
2437 .val = OPT_ALLOCATE_UID,
2438 .descrip = "Get a new UID out of idmap"
2441 .longName = "allocate-gid",
2442 .argInfo = POPT_ARG_NONE,
2443 .val = OPT_ALLOCATE_GID,
2444 .descrip = "Get a new GID out of idmap"
2447 .longName = "set-uid-mapping",
2448 .argInfo = POPT_ARG_STRING,
2449 .arg = &string_arg,
2450 .val = OPT_SET_UID_MAPPING,
2451 .descrip = "Create or modify uid to sid mapping in "
2452 "idmap",
2453 .argDescrip = "UID,SID"
2456 .longName = "set-gid-mapping",
2457 .argInfo = POPT_ARG_STRING,
2458 .arg = &string_arg,
2459 .val = OPT_SET_GID_MAPPING,
2460 .descrip = "Create or modify gid to sid mapping in "
2461 "idmap",
2462 .argDescrip = "GID,SID"
2465 .longName = "remove-uid-mapping",
2466 .argInfo = POPT_ARG_STRING,
2467 .arg = &string_arg,
2468 .val = OPT_REMOVE_UID_MAPPING,
2469 .descrip = "Remove uid to sid mapping in idmap",
2470 .argDescrip = "UID,SID"
2473 .longName = "remove-gid-mapping",
2474 .argInfo = POPT_ARG_STRING,
2475 .arg = &string_arg,
2476 .val = OPT_REMOVE_GID_MAPPING,
2477 .descrip = "Remove gid to sid mapping in idmap",
2478 .argDescrip = "GID,SID",
2481 .longName = "sids-to-unix-ids",
2482 .argInfo = POPT_ARG_STRING,
2483 .arg = &string_arg,
2484 .val = OPT_SIDS_TO_XIDS,
2485 .descrip = "Translate SIDs to Unix IDs",
2486 .argDescrip = "Sid-List",
2489 .longName = "unix-ids-to-sids",
2490 .argInfo = POPT_ARG_STRING,
2491 .arg = &string_arg,
2492 .val = OPT_XIDS_TO_SIDS,
2493 .descrip = "Translate Unix IDs to SIDs",
2494 .argDescrip = "ID-List (u<num> g<num>)",
2497 .longName = "check-secret",
2498 .shortName = 't',
2499 .argInfo = POPT_ARG_NONE,
2500 .val = 't',
2501 .descrip = "Check shared secret",
2504 .longName = "change-secret",
2505 .shortName = 'c',
2506 .argInfo = POPT_ARG_NONE,
2507 .val = 'c',
2508 .descrip = "Change shared secret",
2511 .longName = "ping-dc",
2512 .shortName = 'P',
2513 .argInfo = POPT_ARG_NONE,
2514 .val = 'P',
2515 .descrip = "Check the NETLOGON connection",
2518 .longName = "trusted-domains",
2519 .shortName = 'm',
2520 .argInfo = POPT_ARG_NONE,
2521 .val = 'm',
2522 .descrip = "List trusted domains",
2525 .longName = "all-domains",
2526 .argInfo = POPT_ARG_NONE,
2527 .val = OPT_LIST_ALL_DOMAINS,
2528 .descrip = "List all domains (trusted and own "
2529 "domain)",
2532 .longName = "own-domain",
2533 .argInfo = POPT_ARG_NONE,
2534 .val = OPT_LIST_OWN_DOMAIN,
2535 .descrip = "List own domain",
2538 .longName = "sequence",
2539 .argInfo = POPT_ARG_NONE,
2540 .val = OPT_SEQUENCE,
2541 .descrip = "Deprecated command, see --online-status",
2544 .longName = "online-status",
2545 .argInfo = POPT_ARG_NONE,
2546 .val = OPT_ONLINESTATUS,
2547 .descrip = "Show whether domains maintain an active "
2548 "connection",
2551 .longName = "domain-info",
2552 .shortName = 'D',
2553 .argInfo = POPT_ARG_STRING,
2554 .arg = &string_arg,
2555 .val = 'D',
2556 .descrip = "Show most of the info we have about the "
2557 "domain",
2560 .longName = "user-info",
2561 .shortName = 'i',
2562 .argInfo = POPT_ARG_STRING,
2563 .arg = &string_arg,
2564 .val = 'i',
2565 .descrip = "Get user info",
2566 .argDescrip = "USER",
2569 .longName = "uid-info",
2570 .argInfo = POPT_ARG_INT,
2571 .arg = &int_arg,
2572 .val = OPT_UID_INFO,
2573 .descrip = "Get user info from uid",
2574 .argDescrip = "UID",
2577 .longName = "group-info",
2578 .argInfo = POPT_ARG_STRING,
2579 .arg = &string_arg,
2580 .val = OPT_GROUP_INFO,
2581 .descrip = "Get group info",
2582 .argDescrip = "GROUP",
2585 .longName = "user-sidinfo",
2586 .argInfo = POPT_ARG_STRING,
2587 .arg = &string_arg,
2588 .val = OPT_USER_SIDINFO,
2589 .descrip = "Get user info from sid",
2590 .argDescrip = "SID",
2593 .longName = "gid-info",
2594 .argInfo = POPT_ARG_INT,
2595 .arg = &int_arg,
2596 .val = OPT_GID_INFO,
2597 .descrip = "Get group info from gid",
2598 .argDescrip = "GID",
2601 .longName = "user-groups",
2602 .shortName = 'r',
2603 .argInfo = POPT_ARG_STRING,
2604 .arg = &string_arg,
2605 .val = 'r',
2606 .descrip = "Get user groups",
2607 .argDescrip = "USER",
2610 .longName = "user-domgroups",
2611 .argInfo = POPT_ARG_STRING,
2612 .arg = &string_arg,
2613 .val = OPT_USERDOMGROUPS,
2614 .descrip = "Get user domain groups",
2615 .argDescrip = "SID",
2618 .longName = "sid-aliases",
2619 .argInfo = POPT_ARG_STRING,
2620 .arg = &string_arg,
2621 .val = OPT_SIDALIASES,
2622 .descrip = "Get sid aliases",
2623 .argDescrip = "SID",
2626 .longName = "user-sids",
2627 .argInfo = POPT_ARG_STRING,
2628 .arg = &string_arg,
2629 .val = OPT_USERSIDS,
2630 .descrip = "Get user group sids for user SID",
2631 .argDescrip = "SID",
2634 .longName = "authenticate",
2635 .shortName = 'a',
2636 .argInfo = POPT_ARG_STRING,
2637 .arg = &string_arg,
2638 .val = 'a',
2639 .descrip = "authenticate user",
2640 .argDescrip = "user%password",
2643 .longName = "pam-logon",
2644 .argInfo = POPT_ARG_STRING,
2645 .arg = &string_arg,
2646 .val = OPT_PAM_LOGON,
2647 .descrip = "do a pam logon equivalent",
2648 .argDescrip = "user%password",
2651 .longName = "logoff",
2652 .argInfo = POPT_ARG_NONE,
2653 .val = OPT_LOGOFF,
2654 .descrip = "log off user",
2655 .argDescrip = "uid",
2658 .longName = "logoff-user",
2659 .argInfo = POPT_ARG_STRING,
2660 .arg = &logoff_user,
2661 .val = OPT_LOGOFF_USER,
2662 .descrip = "username to log off"
2665 .longName = "logoff-uid",
2666 .argInfo = POPT_ARG_INT,
2667 .arg = &logoff_uid,
2668 .val = OPT_LOGOFF_UID,
2669 .descrip = "uid to log off",
2672 .longName = "set-auth-user",
2673 .argInfo = POPT_ARG_STRING,
2674 .arg = &string_arg,
2675 .val = OPT_SET_AUTH_USER,
2676 .descrip = "Store user and password used by "
2677 "winbindd (root only)",
2678 .argDescrip = "user%password",
2681 .longName = "ccache-save",
2682 .shortName = 0,
2683 .argInfo = POPT_ARG_STRING,
2684 .arg = &string_arg,
2685 .val = OPT_CCACHE_SAVE,
2686 .descrip = "Store user and password for ccache "
2687 "operation",
2688 .argDescrip = "user%password",
2691 .longName = "getdcname",
2692 .argInfo = POPT_ARG_STRING,
2693 .arg = &string_arg,
2694 .val = OPT_GETDCNAME,
2695 .descrip = "Get a DC name for a foreign domain",
2696 .argDescrip = "domainname",
2699 .longName = "dsgetdcname",
2700 .argInfo = POPT_ARG_STRING,
2701 .arg = &string_arg,
2702 .val = OPT_DSGETDCNAME,
2703 .descrip = "Find a DC for a domain",
2704 .argDescrip = "domainname",
2707 .longName = "dc-info",
2708 .argInfo = POPT_ARG_STRING,
2709 .arg = &string_arg,
2710 .val = OPT_DC_INFO,
2711 .descrip = "Find the currently known DCs",
2712 .argDescrip = "domainname",
2715 .longName = "get-auth-user",
2716 .argInfo = POPT_ARG_NONE,
2717 .val = OPT_GET_AUTH_USER,
2718 .descrip = "Retrieve user and password used by "
2719 "winbindd (root only)",
2722 .longName = "ping",
2723 .shortName = 'p',
2724 .argInfo = POPT_ARG_NONE,
2725 .arg = 0,
2726 .val = 'p',
2727 .descrip = "Ping winbindd to see if it is alive",
2730 .longName = "domain",
2731 .shortName = 0,
2732 .argInfo = POPT_ARG_STRING,
2733 .arg = &opt_domain_name,
2734 .val = OPT_DOMAIN_NAME,
2735 .descrip = "Define to the domain to restrict "
2736 "operation",
2737 .argDescrip = "domain",
2739 #ifdef WITH_FAKE_KASERVER
2741 .longName = "klog",
2742 .shortName = 'k',
2743 .argInfo = POPT_ARG_STRING,
2744 .arg = &string_arg,
2745 .val = 'k',
2746 .descrip = "set an AFS token from winbind",
2747 .argDescrip = "user%password",
2749 #endif
2750 #ifdef HAVE_KRB5
2752 .longName = "krb5auth",
2753 .shortName = 'K',
2754 .argInfo = POPT_ARG_STRING,
2755 .arg = &string_arg,
2756 .val = 'K',
2757 .descrip = "authenticate user using Kerberos",
2758 .argDescrip = "user%password",
2760 /* destroys wbinfo --help output */
2761 /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
2764 .longName = "krb5ccname",
2765 .argInfo = POPT_ARG_STRING,
2766 .arg = &opt_krb5ccname,
2767 .val = OPT_KRB5CCNAME,
2768 .descrip = "authenticate user using Kerberos and "
2769 "specific credential cache type",
2770 .argDescrip = "krb5ccname",
2772 #endif
2774 .longName = "separator",
2775 .argInfo = POPT_ARG_NONE,
2776 .val = OPT_SEPARATOR,
2777 .descrip = "Get the active winbind separator",
2780 .longName = "verbose",
2781 .argInfo = POPT_ARG_NONE,
2782 .val = OPT_VERBOSE,
2783 .descrip = "Print additional information per command",
2786 .longName = "change-user-password",
2787 .argInfo = POPT_ARG_STRING,
2788 .arg = &string_arg,
2789 .val = OPT_CHANGE_USER_PASSWORD,
2790 .descrip = "Change the password for a user",
2793 .longName = "ntlmv1",
2794 .argInfo = POPT_ARG_NONE,
2795 .val = OPT_NTLMV1,
2796 .descrip = "Use NTLMv1 cryptography for user authentication",
2799 .longName = "ntlmv2",
2800 .argInfo = POPT_ARG_NONE,
2801 .val = OPT_NTLMV2,
2802 .descrip = "Use NTLMv2 cryptography for user authentication",
2805 .longName = "lanman",
2806 .argInfo = POPT_ARG_NONE,
2807 .val = OPT_LANMAN,
2808 .descrip = "Use lanman cryptography for user authentication",
2810 POPT_COMMON_VERSION
2811 POPT_TABLEEND
2814 /* Samba client initialisation */
2815 smb_init_locale();
2818 /* Parse options */
2820 pc = samba_popt_get_context(getprogname(),
2821 argc,
2822 argv,
2823 long_options,
2825 if (pc == NULL) {
2826 DBG_ERR("Failed to setup popt context!\n");
2827 exit(1);
2830 /* Parse command line options */
2832 if (argc == 1) {
2833 poptPrintHelp(pc, stderr, 0);
2834 return 1;
2837 while((opt = poptGetNextOpt(pc)) != -1) {
2838 /* get the generic configuration parameters like --domain */
2839 switch (opt) {
2840 case OPT_VERBOSE:
2841 verbose = true;
2842 break;
2843 case OPT_NTLMV1:
2844 use_ntlmv2 = false;
2845 break;
2846 case OPT_LANMAN:
2847 use_lanman = true;
2848 break;
2852 poptFreeContext(pc);
2854 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
2855 POPT_CONTEXT_KEEP_FIRST);
2857 while((opt = poptGetNextOpt(pc)) != -1) {
2858 switch (opt) {
2859 case 'u':
2860 if (!print_domain_users(opt_domain_name)) {
2861 d_fprintf(stderr,
2862 "Error looking up domain users\n");
2863 goto done;
2865 break;
2866 case 'g':
2867 if (!print_domain_groups(opt_domain_name)) {
2868 d_fprintf(stderr,
2869 "Error looking up domain groups\n");
2870 goto done;
2872 break;
2873 case 's':
2874 if (!wbinfo_lookupsid(string_arg)) {
2875 d_fprintf(stderr,
2876 "Could not lookup sid %s\n",
2877 string_arg);
2878 goto done;
2880 break;
2881 case OPT_SID_TO_FULLNAME:
2882 if (!wbinfo_lookupsid_fullname(string_arg)) {
2883 d_fprintf(stderr, "Could not lookup sid %s\n",
2884 string_arg);
2885 goto done;
2887 break;
2888 case 'R':
2889 if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2890 d_fprintf(stderr, "Could not lookup RIDs %s\n",
2891 string_arg);
2892 goto done;
2894 break;
2895 case OPT_LOOKUP_SIDS:
2896 if (!wbinfo_lookup_sids(string_arg)) {
2897 d_fprintf(stderr, "Could not lookup SIDs %s\n",
2898 string_arg);
2899 goto done;
2901 break;
2902 case 'n':
2903 if (!wbinfo_lookupname(string_arg)) {
2904 d_fprintf(stderr, "Could not lookup name %s\n",
2905 string_arg);
2906 goto done;
2908 break;
2909 case 'N':
2910 if (!wbinfo_wins_byname(string_arg)) {
2911 d_fprintf(stderr,
2912 "Could not lookup WINS by name %s\n",
2913 string_arg);
2914 goto done;
2916 break;
2917 case 'I':
2918 if (!wbinfo_wins_byip(string_arg)) {
2919 d_fprintf(stderr,
2920 "Could not lookup WINS by IP %s\n",
2921 string_arg);
2922 goto done;
2924 break;
2925 case 'U':
2926 if (!wbinfo_uid_to_sid(int_arg)) {
2927 d_fprintf(stderr,
2928 "Could not convert uid %d to sid\n",
2929 int_arg);
2930 goto done;
2932 break;
2933 case 'G':
2934 if (!wbinfo_gid_to_sid(int_arg)) {
2935 d_fprintf(stderr,
2936 "Could not convert gid %d to sid\n",
2937 int_arg);
2938 goto done;
2940 break;
2941 case 'S':
2942 if (!wbinfo_sid_to_uid(string_arg)) {
2943 d_fprintf(stderr,
2944 "Could not convert sid %s to uid\n",
2945 string_arg);
2946 goto done;
2948 break;
2949 case 'Y':
2950 if (!wbinfo_sid_to_gid(string_arg)) {
2951 d_fprintf(stderr,
2952 "Could not convert sid %s to gid\n",
2953 string_arg);
2954 goto done;
2956 break;
2957 case OPT_ALLOCATE_UID:
2958 if (!wbinfo_allocate_uid()) {
2959 d_fprintf(stderr, "Could not allocate a uid\n");
2960 goto done;
2962 break;
2963 case OPT_ALLOCATE_GID:
2964 if (!wbinfo_allocate_gid()) {
2965 d_fprintf(stderr, "Could not allocate a gid\n");
2966 goto done;
2968 break;
2969 case OPT_SET_UID_MAPPING:
2970 if (!parse_mapping_arg(string_arg, &int_subarg,
2971 &string_subarg) ||
2972 !wbinfo_set_uid_mapping(int_subarg, string_subarg))
2974 d_fprintf(stderr, "Could not create or modify "
2975 "uid to sid mapping\n");
2976 goto done;
2978 break;
2979 case OPT_SET_GID_MAPPING:
2980 if (!parse_mapping_arg(string_arg, &int_subarg,
2981 &string_subarg) ||
2982 !wbinfo_set_gid_mapping(int_subarg, string_subarg))
2984 d_fprintf(stderr, "Could not create or modify "
2985 "gid to sid mapping\n");
2986 goto done;
2988 break;
2989 case OPT_REMOVE_UID_MAPPING:
2990 if (!parse_mapping_arg(string_arg, &int_subarg,
2991 &string_subarg) ||
2992 !wbinfo_remove_uid_mapping(int_subarg,
2993 string_subarg))
2995 d_fprintf(stderr, "Could not remove uid to sid "
2996 "mapping\n");
2997 goto done;
2999 break;
3000 case OPT_REMOVE_GID_MAPPING:
3001 if (!parse_mapping_arg(string_arg, &int_subarg,
3002 &string_subarg) ||
3003 !wbinfo_remove_gid_mapping(int_subarg,
3004 string_subarg))
3006 d_fprintf(stderr, "Could not remove gid to sid "
3007 "mapping\n");
3008 goto done;
3010 break;
3011 case OPT_SIDS_TO_XIDS:
3012 if (!wbinfo_sids_to_unix_ids(string_arg)) {
3013 d_fprintf(stderr, "wbinfo_sids_to_unix_ids "
3014 "failed\n");
3015 goto done;
3017 break;
3018 case OPT_XIDS_TO_SIDS:
3019 if (!wbinfo_xids_to_sids(string_arg)) {
3020 d_fprintf(stderr, "wbinfo_xids_to_sids "
3021 "failed\n");
3022 goto done;
3024 break;
3025 case 't':
3026 if (!wbinfo_check_secret(opt_domain_name)) {
3027 d_fprintf(stderr, "Could not check secret\n");
3028 goto done;
3030 break;
3031 case 'c':
3032 if (!wbinfo_change_secret(opt_domain_name)) {
3033 d_fprintf(stderr, "Could not change secret\n");
3034 goto done;
3036 break;
3037 case 'P':
3038 if (!wbinfo_ping_dc(opt_domain_name)) {
3039 goto done;
3041 break;
3042 case 'm':
3043 if (!wbinfo_list_domains(false, verbose)) {
3044 d_fprintf(stderr,
3045 "Could not list trusted domains\n");
3046 goto done;
3048 break;
3049 case OPT_SEQUENCE:
3050 if (!wbinfo_show_sequence(opt_domain_name)) {
3051 d_fprintf(stderr,
3052 "Could not show sequence numbers\n");
3053 goto done;
3055 break;
3056 case OPT_ONLINESTATUS:
3057 if (!wbinfo_show_onlinestatus(opt_domain_name)) {
3058 d_fprintf(stderr,
3059 "Could not show online-status\n");
3060 goto done;
3062 break;
3063 case 'D':
3064 if (!wbinfo_domain_info(string_arg)) {
3065 d_fprintf(stderr,
3066 "Could not get domain info\n");
3067 goto done;
3069 break;
3070 case 'i':
3071 if (!wbinfo_get_userinfo(string_arg)) {
3072 d_fprintf(stderr,
3073 "Could not get info for user %s\n",
3074 string_arg);
3075 goto done;
3077 break;
3078 case OPT_USER_SIDINFO:
3079 if ( !wbinfo_get_user_sidinfo(string_arg)) {
3080 d_fprintf(stderr,
3081 "Could not get info for user "
3082 "sid %s\n", string_arg);
3083 goto done;
3085 break;
3086 case OPT_UID_INFO:
3087 if ( !wbinfo_get_uidinfo(int_arg)) {
3088 d_fprintf(stderr, "Could not get info for uid "
3089 "%d\n", int_arg);
3090 goto done;
3092 break;
3093 case OPT_GROUP_INFO:
3094 if ( !wbinfo_get_groupinfo(string_arg)) {
3095 d_fprintf(stderr, "Could not get info for "
3096 "group %s\n", string_arg);
3097 goto done;
3099 break;
3100 case OPT_GID_INFO:
3101 if ( !wbinfo_get_gidinfo(int_arg)) {
3102 d_fprintf(stderr, "Could not get info for gid "
3103 "%d\n", int_arg);
3104 goto done;
3106 break;
3107 case 'r':
3108 if (!wbinfo_get_usergroups(string_arg)) {
3109 d_fprintf(stderr,
3110 "Could not get groups for user %s\n",
3111 string_arg);
3112 goto done;
3114 break;
3115 case OPT_USERSIDS:
3116 if (!wbinfo_get_usersids(string_arg)) {
3117 d_fprintf(stderr, "Could not get group SIDs "
3118 "for user SID %s\n",
3119 string_arg);
3120 goto done;
3122 break;
3123 case OPT_USERDOMGROUPS:
3124 if (!wbinfo_get_userdomgroups(string_arg)) {
3125 d_fprintf(stderr, "Could not get user's domain "
3126 "groups for user SID %s\n",
3127 string_arg);
3128 goto done;
3130 break;
3131 case OPT_SIDALIASES:
3132 if (!wbinfo_get_sidaliases(opt_domain_name,
3133 string_arg)) {
3134 d_fprintf(stderr, "Could not get sid aliases "
3135 "for user SID %s\n", string_arg);
3136 goto done;
3138 break;
3139 case 'a': {
3140 bool got_error = false;
3142 if (!wbinfo_auth(string_arg)) {
3143 d_fprintf(stderr,
3144 "Could not authenticate user "
3145 "%s with plaintext "
3146 "password\n", string_arg);
3147 got_error = true;
3150 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
3151 use_lanman)) {
3152 d_fprintf(stderr,
3153 "Could not authenticate user "
3154 "%s with challenge/response\n",
3155 string_arg);
3156 got_error = true;
3159 if (got_error)
3160 goto done;
3161 break;
3163 case OPT_PAM_LOGON:
3164 if (!wbinfo_pam_logon(string_arg, verbose)) {
3165 d_fprintf(stderr, "pam_logon failed for %s\n",
3166 string_arg);
3167 goto done;
3169 break;
3170 case OPT_LOGOFF:
3172 wbcErr wbc_status;
3174 wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
3175 "");
3176 d_printf("Logoff %s (%d): %s\n", logoff_user,
3177 logoff_uid, wbcErrorString(wbc_status));
3178 break;
3180 case 'K': {
3181 uint32_t flags = WBFLAG_PAM_KRB5 |
3182 WBFLAG_PAM_CACHED_LOGIN |
3183 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
3184 WBFLAG_PAM_INFO3_TEXT |
3185 WBFLAG_PAM_CONTACT_TRUSTDOM;
3187 if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
3188 flags)) {
3189 d_fprintf(stderr,
3190 "Could not authenticate user "
3191 "[%s] with Kerberos "
3192 "(ccache: %s)\n", string_arg,
3193 opt_krb5ccname);
3194 goto done;
3196 break;
3198 case 'k':
3199 if (!wbinfo_klog(string_arg)) {
3200 d_fprintf(stderr, "Could not klog user\n");
3201 goto done;
3203 break;
3204 case 'p':
3205 if (!wbinfo_ping()) {
3206 d_fprintf(stderr, "could not ping winbindd!\n");
3207 goto done;
3209 break;
3210 case OPT_SET_AUTH_USER:
3211 if (!wbinfo_set_auth_user(string_arg)) {
3212 goto done;
3214 break;
3215 case OPT_GET_AUTH_USER:
3216 wbinfo_get_auth_user();
3217 goto done;
3218 break;
3219 case OPT_CCACHE_SAVE:
3220 if (!wbinfo_ccache_save(string_arg)) {
3221 goto done;
3223 break;
3224 case OPT_GETDCNAME:
3225 if (!wbinfo_getdcname(string_arg)) {
3226 goto done;
3228 break;
3229 case OPT_DSGETDCNAME:
3230 if (!wbinfo_dsgetdcname(string_arg, 0)) {
3231 goto done;
3233 break;
3234 case OPT_DC_INFO:
3235 if (!wbinfo_dc_info(string_arg)) {
3236 goto done;
3238 break;
3239 case OPT_SEPARATOR: {
3240 const char sep = winbind_separator();
3241 if ( !sep ) {
3242 goto done;
3244 d_printf("%c\n", sep);
3245 break;
3247 case OPT_LIST_ALL_DOMAINS:
3248 if (!wbinfo_list_domains(true, verbose)) {
3249 goto done;
3251 break;
3252 case OPT_LIST_OWN_DOMAIN:
3253 if (!wbinfo_list_own_domain()) {
3254 goto done;
3256 break;
3257 case OPT_CHANGE_USER_PASSWORD:
3258 if (!wbinfo_change_user_password(string_arg)) {
3259 d_fprintf(stderr,
3260 "Could not change user password "
3261 "for user %s\n", string_arg);
3262 goto done;
3264 break;
3266 /* generic configuration options */
3267 case OPT_DOMAIN_NAME:
3268 case OPT_VERBOSE:
3269 case OPT_NTLMV1:
3270 case OPT_NTLMV2:
3271 case OPT_LANMAN:
3272 case OPT_LOGOFF_USER:
3273 case OPT_LOGOFF_UID:
3274 case OPT_KRB5CCNAME:
3275 break;
3276 default:
3277 d_fprintf(stderr, "Invalid option\n");
3278 poptPrintHelp(pc, stderr, 0);
3279 goto done;
3283 result = 0;
3285 /* Exit code */
3287 done:
3288 talloc_free(frame);
3290 poptFreeContext(pc);
3291 return result;