2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2003
7 Copyright (C) Andrew Bartlett 2002-2007
8 Copyright (C) Volker Lendecke 2009
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "winbind_client.h"
26 #include "libwbclient/wbclient.h"
27 #include "../libcli/auth/libcli_auth.h"
28 #include "lib/cmdline/popt_common.h"
29 #include "lib/afs/afs_settoken.h"
33 #define DBGC_CLASS DBGC_WINBIND
36 static struct wbcInterfaceDetails
*init_interface_details(void)
38 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
39 static struct wbcInterfaceDetails
*details
;
45 wbc_status
= wbcInterfaceDetails(&details
);
46 if (!WBC_ERROR_IS_OK(wbc_status
)) {
47 d_fprintf(stderr
, "could not obtain winbind interface "
48 "details: %s\n", wbcErrorString(wbc_status
));
54 static char winbind_separator(void)
56 struct wbcInterfaceDetails
*details
;
63 details
= init_interface_details();
66 d_fprintf(stderr
, "could not obtain winbind separator!\n");
70 sep
= details
->winbind_separator
;
74 d_fprintf(stderr
, "winbind separator was NULL!\n");
81 static const char *get_winbind_domain(void)
83 static struct wbcInterfaceDetails
*details
;
85 details
= init_interface_details();
88 d_fprintf(stderr
, "could not obtain winbind domain name!\n");
92 return details
->netbios_domain
;
95 static const char *get_winbind_netbios_name(void)
97 static struct wbcInterfaceDetails
*details
;
99 details
= init_interface_details();
102 d_fprintf(stderr
, "could not obtain winbind netbios name!\n");
106 return details
->netbios_name
;
109 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
110 form DOMAIN/user into a domain and a user */
112 static bool parse_wbinfo_domain_user(const char *domuser
, fstring domain
,
116 char *p
= strchr(domuser
,winbind_separator());
119 /* Maybe it was a UPN? */
120 p
= strchr(domuser
, '@');
123 fstrcpy(user
, domuser
);
127 fstrcpy(user
, domuser
);
128 fstrcpy(domain
, get_winbind_domain());
133 fstrcpy(domain
, domuser
);
134 domain
[PTR_DIFF(p
, domuser
)] = 0;
139 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
140 * Return true if input was valid, false otherwise. */
141 static bool parse_mapping_arg(char *arg
, int *id
, char **sid
)
149 tmp
= strtok(arg
, ",");
150 *sid
= strtok(NULL
, ",");
152 if (!tmp
|| !*tmp
|| !*sid
|| !**sid
)
155 /* Because atoi() can return 0 on invalid input, which would be a valid
156 * UID/GID we must use strtoul() and do error checking */
157 *id
= smb_strtoul(tmp
, NULL
, 10, &error
, SMB_STR_FULL_STR_CONV
);
164 /* pull pwent info for a given user */
166 static bool wbinfo_get_userinfo(char *user
)
168 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
169 struct passwd
*pwd
= NULL
;
171 wbc_status
= wbcGetpwnam(user
, &pwd
);
172 if (!WBC_ERROR_IS_OK(wbc_status
)) {
173 d_fprintf(stderr
, "failed to call wbcGetpwnam: %s\n",
174 wbcErrorString(wbc_status
));
178 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
181 (unsigned int)pwd
->pw_uid
,
182 (unsigned int)pwd
->pw_gid
,
192 /* pull pwent info for a given uid */
193 static bool wbinfo_get_uidinfo(int uid
)
195 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
196 struct passwd
*pwd
= NULL
;
198 wbc_status
= wbcGetpwuid(uid
, &pwd
);
199 if (!WBC_ERROR_IS_OK(wbc_status
)) {
200 d_fprintf(stderr
, "failed to call wbcGetpwuid: %s\n",
201 wbcErrorString(wbc_status
));
205 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
208 (unsigned int)pwd
->pw_uid
,
209 (unsigned int)pwd
->pw_gid
,
219 static bool wbinfo_get_user_sidinfo(const char *sid_str
)
221 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
222 struct passwd
*pwd
= NULL
;
223 struct wbcDomainSid sid
;
225 wbc_status
= wbcStringToSid(sid_str
, &sid
);
226 wbc_status
= wbcGetpwsid(&sid
, &pwd
);
227 if (!WBC_ERROR_IS_OK(wbc_status
)) {
228 d_fprintf(stderr
, "failed to call wbcGetpwsid: %s\n",
229 wbcErrorString(wbc_status
));
233 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
236 (unsigned int)pwd
->pw_uid
,
237 (unsigned int)pwd
->pw_gid
,
248 /* pull grent for a given group */
249 static bool wbinfo_get_groupinfo(const char *group
)
251 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
255 wbc_status
= wbcGetgrnam(group
, &grp
);
256 if (!WBC_ERROR_IS_OK(wbc_status
)) {
257 d_fprintf(stderr
, "failed to call wbcGetgrnam: %s\n",
258 wbcErrorString(wbc_status
));
262 d_printf("%s:%s:%u:",
265 (unsigned int)grp
->gr_gid
);
268 while (*mem
!= NULL
) {
269 d_printf("%s%s", *mem
, *(mem
+1) != NULL
? "," : "");
279 /* pull grent for a given gid */
280 static bool wbinfo_get_gidinfo(int gid
)
282 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
286 wbc_status
= wbcGetgrgid(gid
, &grp
);
287 if (!WBC_ERROR_IS_OK(wbc_status
)) {
288 d_fprintf(stderr
, "failed to call wbcGetgrgid: %s\n",
289 wbcErrorString(wbc_status
));
293 d_printf("%s:%s:%u:",
296 (unsigned int)grp
->gr_gid
);
299 while (*mem
!= NULL
) {
300 d_printf("%s%s", *mem
, *(mem
+1) != NULL
? "," : "");
310 /* List groups a user is a member of */
312 static bool wbinfo_get_usergroups(const char *user
)
314 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
317 gid_t
*groups
= NULL
;
321 wbc_status
= wbcGetGroups(user
, &num_groups
, &groups
);
322 if (!WBC_ERROR_IS_OK(wbc_status
)) {
323 d_fprintf(stderr
, "failed to call wbcGetGroups: %s\n",
324 wbcErrorString(wbc_status
));
328 for (i
= 0; i
< num_groups
; i
++) {
329 d_printf("%d\n", (int)groups
[i
]);
332 wbcFreeMemory(groups
);
338 /* List group SIDs a user SID is a member of */
339 static bool wbinfo_get_usersids(const char *user_sid_str
)
341 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
344 struct wbcDomainSid user_sid
, *sids
= NULL
;
348 wbc_status
= wbcStringToSid(user_sid_str
, &user_sid
);
349 if (!WBC_ERROR_IS_OK(wbc_status
)) {
350 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
351 wbcErrorString(wbc_status
));
355 wbc_status
= wbcLookupUserSids(&user_sid
, false, &num_sids
, &sids
);
356 if (!WBC_ERROR_IS_OK(wbc_status
)) {
357 d_fprintf(stderr
, "failed to call wbcLookupUserSids: %s\n",
358 wbcErrorString(wbc_status
));
362 for (i
= 0; i
< num_sids
; i
++) {
363 char str
[WBC_SID_STRING_BUFLEN
];
364 wbcSidToStringBuf(&sids
[i
], str
, sizeof(str
));
365 d_printf("%s\n", str
);
373 static bool wbinfo_get_userdomgroups(const char *user_sid_str
)
375 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
378 struct wbcDomainSid user_sid
, *sids
= NULL
;
382 wbc_status
= wbcStringToSid(user_sid_str
, &user_sid
);
383 if (!WBC_ERROR_IS_OK(wbc_status
)) {
384 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
385 wbcErrorString(wbc_status
));
389 wbc_status
= wbcLookupUserSids(&user_sid
, true, &num_sids
, &sids
);
390 if (!WBC_ERROR_IS_OK(wbc_status
)) {
391 d_fprintf(stderr
, "failed to call wbcLookupUserSids: %s\n",
392 wbcErrorString(wbc_status
));
396 for (i
= 0; i
< num_sids
; i
++) {
397 char str
[WBC_SID_STRING_BUFLEN
];
398 wbcSidToStringBuf(&sids
[i
], str
, sizeof(str
));
399 d_printf("%s\n", str
);
407 static bool wbinfo_get_sidaliases(const char *domain
,
408 const char *user_sid_str
)
410 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
411 struct wbcDomainInfo
*dinfo
= NULL
;
413 struct wbcDomainSid user_sid
;
414 uint32_t *alias_rids
= NULL
;
415 uint32_t num_alias_rids
;
416 char domain_sid_str
[WBC_SID_STRING_BUFLEN
];
419 if ((domain
== NULL
) || (strequal(domain
, ".")) ||
420 (domain
[0] == '\0')) {
421 domain
= get_winbind_domain();
426 wbc_status
= wbcDomainInfo(domain
, &dinfo
);
427 if (!WBC_ERROR_IS_OK(wbc_status
)) {
428 d_fprintf(stderr
, "wbcDomainInfo(%s) failed: %s\n", domain
,
429 wbcErrorString(wbc_status
));
432 wbc_status
= wbcStringToSid(user_sid_str
, &user_sid
);
433 if (!WBC_ERROR_IS_OK(wbc_status
)) {
437 wbc_status
= wbcGetSidAliases(&dinfo
->sid
, &user_sid
, 1,
438 &alias_rids
, &num_alias_rids
);
439 if (!WBC_ERROR_IS_OK(wbc_status
)) {
443 wbcSidToStringBuf(&dinfo
->sid
, domain_sid_str
, sizeof(domain_sid_str
));
445 for (i
= 0; i
< num_alias_rids
; i
++) {
446 d_printf("%s-%d\n", domain_sid_str
, alias_rids
[i
]);
449 wbcFreeMemory(alias_rids
);
452 wbcFreeMemory(dinfo
);
453 return (WBC_ERR_SUCCESS
== wbc_status
);
457 /* Convert NetBIOS name to IP */
459 static bool wbinfo_wins_byname(const char *name
)
461 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
464 wbc_status
= wbcResolveWinsByName(name
, &ip
);
465 if (!WBC_ERROR_IS_OK(wbc_status
)) {
466 d_fprintf(stderr
, "failed to call wbcResolveWinsByName: %s\n",
467 wbcErrorString(wbc_status
));
471 /* Display response */
473 d_printf("%s\n", ip
);
480 /* Convert IP to NetBIOS name */
482 static bool wbinfo_wins_byip(const char *ip
)
484 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
487 wbc_status
= wbcResolveWinsByIP(ip
, &name
);
488 if (!WBC_ERROR_IS_OK(wbc_status
)) {
489 d_fprintf(stderr
, "failed to call wbcResolveWinsByIP: %s\n",
490 wbcErrorString(wbc_status
));
494 /* Display response */
496 d_printf("%s\n", name
);
503 /* List all/trusted domains */
505 static bool wbinfo_list_domains(bool list_all_domains
, bool verbose
)
507 struct wbcDomainInfo
*domain_list
= NULL
;
509 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
510 bool print_all
= !list_all_domains
&& verbose
;
513 wbc_status
= wbcListTrusts(&domain_list
, &num_domains
);
514 if (!WBC_ERROR_IS_OK(wbc_status
)) {
515 d_fprintf(stderr
, "failed to call wbcListTrusts: %s\n",
516 wbcErrorString(wbc_status
));
521 d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
522 "Domain Name", "DNS Domain", "Trust Type",
523 "Transitive", "In", "Out");
526 for (i
=0; i
<num_domains
; i
++) {
528 d_printf("%-16s", domain_list
[i
].short_name
);
530 d_printf("%s", domain_list
[i
].short_name
);
535 d_printf("%-65s", domain_list
[i
].dns_name
);
537 switch(domain_list
[i
].trust_type
) {
538 case WBC_DOMINFO_TRUSTTYPE_NONE
:
539 if (domain_list
[i
].trust_routing
!= NULL
) {
540 d_printf("%s\n", domain_list
[i
].trust_routing
);
545 case WBC_DOMINFO_TRUSTTYPE_LOCAL
:
548 case WBC_DOMINFO_TRUSTTYPE_RWDC
:
551 case WBC_DOMINFO_TRUSTTYPE_RODC
:
554 case WBC_DOMINFO_TRUSTTYPE_PDC
:
557 case WBC_DOMINFO_TRUSTTYPE_WKSTA
:
558 d_printf("Workstation ");
560 case WBC_DOMINFO_TRUSTTYPE_FOREST
:
563 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL
:
564 d_printf("External ");
566 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST
:
567 d_printf("In-Forest ");
571 if (domain_list
[i
].trust_flags
& WBC_DOMINFO_TRUST_TRANSITIVE
) {
577 if (domain_list
[i
].trust_flags
& WBC_DOMINFO_TRUST_INCOMING
) {
583 if (domain_list
[i
].trust_flags
& WBC_DOMINFO_TRUST_OUTGOING
) {
592 wbcFreeMemory(domain_list
);
597 /* List own domain */
599 static bool wbinfo_list_own_domain(void)
601 d_printf("%s\n", get_winbind_domain());
606 /* show sequence numbers */
607 static bool wbinfo_show_sequence(const char *domain
)
609 d_printf("This command has been deprecated. Please use the "
610 "--online-status option instead.\n");
614 /* show sequence numbers */
615 static bool wbinfo_show_onlinestatus(const char *domain
)
617 struct wbcDomainInfo
*domain_list
= NULL
;
619 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
622 wbc_status
= wbcListTrusts(&domain_list
, &num_domains
);
623 if (!WBC_ERROR_IS_OK(wbc_status
)) {
624 d_fprintf(stderr
, "failed to call wbcListTrusts: %s\n",
625 wbcErrorString(wbc_status
));
629 for (i
=0; i
<num_domains
; i
++) {
633 if (!strequal(domain_list
[i
].short_name
, domain
)) {
638 is_offline
= (domain_list
[i
].domain_flags
&
639 WBC_DOMINFO_DOMAIN_OFFLINE
);
641 d_printf("%s : %s\n",
642 domain_list
[i
].short_name
,
643 is_offline
? "no active connection" : "active connection" );
646 wbcFreeMemory(domain_list
);
652 /* Show domain info */
654 static bool wbinfo_domain_info(const char *domain
)
656 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
657 struct wbcDomainInfo
*dinfo
= NULL
;
658 char sid_str
[WBC_SID_STRING_BUFLEN
];
660 if ((domain
== NULL
) || (strequal(domain
, ".")) || (domain
[0] == '\0')){
661 domain
= get_winbind_domain();
666 wbc_status
= wbcDomainInfo(domain
, &dinfo
);
667 if (!WBC_ERROR_IS_OK(wbc_status
)) {
668 d_fprintf(stderr
, "failed to call wbcDomainInfo: %s\n",
669 wbcErrorString(wbc_status
));
673 wbcSidToStringBuf(&dinfo
->sid
, sid_str
, sizeof(sid_str
));
675 /* Display response */
677 d_printf("Name : %s\n", dinfo
->short_name
);
678 d_printf("Alt_Name : %s\n", dinfo
->dns_name
);
680 d_printf("SID : %s\n", sid_str
);
682 d_printf("Active Directory : %s\n",
683 (dinfo
->domain_flags
& WBC_DOMINFO_DOMAIN_AD
) ? "Yes" : "No");
684 d_printf("Native : %s\n",
685 (dinfo
->domain_flags
& WBC_DOMINFO_DOMAIN_NATIVE
) ?
688 d_printf("Primary : %s\n",
689 (dinfo
->domain_flags
& WBC_DOMINFO_DOMAIN_PRIMARY
) ?
692 wbcFreeMemory(dinfo
);
697 /* Get a foreign DC's name */
698 static bool wbinfo_getdcname(const char *domain_name
)
700 struct winbindd_request request
;
701 struct winbindd_response response
;
703 ZERO_STRUCT(request
);
704 ZERO_STRUCT(response
);
706 fstrcpy(request
.domain_name
, domain_name
);
710 if (winbindd_request_response(NULL
, WINBINDD_GETDCNAME
, &request
,
711 &response
) != NSS_STATUS_SUCCESS
) {
712 d_fprintf(stderr
, "Could not get dc name for %s\n",domain_name
);
716 /* Display response */
718 d_printf("%s\n", response
.data
.dc_name
);
724 static bool wbinfo_dsgetdcname(const char *domain_name
, uint32_t flags
)
726 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
727 struct wbcDomainControllerInfoEx
*dc_info
;
730 wbc_status
= wbcLookupDomainControllerEx(domain_name
, NULL
, NULL
,
731 flags
| DS_DIRECTORY_SERVICE_REQUIRED
,
733 if (!WBC_ERROR_IS_OK(wbc_status
)) {
734 printf("Could not find dc for %s\n", domain_name
);
738 wbcGuidToString(dc_info
->domain_guid
, &str
);
740 d_printf("%s\n", dc_info
->dc_unc
);
741 d_printf("%s\n", dc_info
->dc_address
);
742 d_printf("%d\n", dc_info
->dc_address_type
);
743 d_printf("%s\n", str
);
744 d_printf("%s\n", dc_info
->domain_name
);
745 d_printf("%s\n", dc_info
->forest_name
);
746 d_printf("0x%08x\n", dc_info
->dc_flags
);
747 d_printf("%s\n", dc_info
->dc_site_name
);
748 d_printf("%s\n", dc_info
->client_site_name
);
751 wbcFreeMemory(dc_info
);
756 /* Check trust account password */
758 static bool wbinfo_check_secret(const char *domain
)
760 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
761 struct wbcAuthErrorInfo
*error
= NULL
;
762 const char *domain_name
;
765 domain_name
= domain
;
767 domain_name
= get_winbind_domain();
770 wbc_status
= wbcCheckTrustCredentials(domain_name
, &error
);
772 d_printf("checking the trust secret for domain %s via RPC calls %s\n",
774 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
776 if (wbc_status
== WBC_ERR_AUTH_ERROR
) {
777 d_fprintf(stderr
, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
778 domain_name
, error
->nt_string
, error
->nt_status
);
779 wbcFreeMemory(error
);
781 if (!WBC_ERROR_IS_OK(wbc_status
)) {
782 d_fprintf(stderr
, "failed to call wbcCheckTrustCredentials: "
783 "%s\n", wbcErrorString(wbc_status
));
790 /* Find the currently connected DCs */
792 static bool wbinfo_dc_info(const char *domain_name
)
794 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
796 const char **dc_names
, **dc_ips
;
798 wbc_status
= wbcDcInfo(domain_name
, &num_dcs
,
800 if (!WBC_ERROR_IS_OK(wbc_status
)) {
801 printf("Could not find dc info %s\n",
802 domain_name
? domain_name
: "our domain");
806 for (i
=0; i
<num_dcs
; i
++) {
807 printf("%s (%s)\n", dc_names
[i
], dc_ips
[i
]);
809 wbcFreeMemory(dc_names
);
810 wbcFreeMemory(dc_ips
);
815 /* Change trust account password */
817 static bool wbinfo_change_secret(const char *domain
)
819 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
820 struct wbcAuthErrorInfo
*error
= NULL
;
821 const char *domain_name
;
824 domain_name
= domain
;
826 domain_name
= get_winbind_domain();
829 wbc_status
= wbcChangeTrustCredentials(domain_name
, &error
);
831 d_printf("changing the trust secret for domain %s via RPC calls %s\n",
833 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
835 if (wbc_status
== WBC_ERR_AUTH_ERROR
) {
836 d_fprintf(stderr
, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
837 domain_name
, error
->nt_string
, error
->nt_status
);
838 wbcFreeMemory(error
);
840 if (!WBC_ERROR_IS_OK(wbc_status
)) {
841 d_fprintf(stderr
, "failed to call wbcChangeTrustCredentials: "
842 "%s\n", wbcErrorString(wbc_status
));
849 /* Check DC connection */
851 static bool wbinfo_ping_dc(const char *domain
)
853 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
854 struct wbcAuthErrorInfo
*error
= NULL
;
857 const char *domain_name
;
860 domain_name
= domain
;
862 domain_name
= get_winbind_domain();
865 wbc_status
= wbcPingDc2(domain_name
, &error
, &dcname
);
867 d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
868 domain_name
? domain_name
: "",
869 dcname
? dcname
: "",
870 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
872 wbcFreeMemory(dcname
);
873 if (wbc_status
== WBC_ERR_AUTH_ERROR
) {
874 d_fprintf(stderr
, "wbcPingDc2(%s): error code was %s (0x%x)\n",
875 domain_name
, error
->nt_string
, error
->nt_status
);
876 wbcFreeMemory(error
);
879 if (!WBC_ERROR_IS_OK(wbc_status
)) {
880 d_fprintf(stderr
, "failed to call wbcPingDc: %s\n",
881 wbcErrorString(wbc_status
));
888 /* Convert uid to sid */
890 static bool wbinfo_uid_to_sid(uid_t uid
)
892 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
893 struct wbcDomainSid sid
;
894 char sid_str
[WBC_SID_STRING_BUFLEN
];
898 wbc_status
= wbcUidToSid(uid
, &sid
);
899 if (!WBC_ERROR_IS_OK(wbc_status
)) {
900 d_fprintf(stderr
, "failed to call wbcUidToSid: %s\n",
901 wbcErrorString(wbc_status
));
905 wbcSidToStringBuf(&sid
, sid_str
, sizeof(sid_str
));
907 /* Display response */
909 d_printf("%s\n", sid_str
);
914 /* Convert gid to sid */
916 static bool wbinfo_gid_to_sid(gid_t gid
)
918 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
919 struct wbcDomainSid sid
;
920 char sid_str
[WBC_SID_STRING_BUFLEN
];
924 wbc_status
= wbcGidToSid(gid
, &sid
);
925 if (!WBC_ERROR_IS_OK(wbc_status
)) {
926 d_fprintf(stderr
, "failed to call wbcGidToSid: %s\n",
927 wbcErrorString(wbc_status
));
931 wbcSidToStringBuf(&sid
, sid_str
, sizeof(sid_str
));
933 /* Display response */
935 d_printf("%s\n", sid_str
);
940 /* Convert sid to uid */
942 static bool wbinfo_sid_to_uid(const char *sid_str
)
944 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
945 struct wbcDomainSid sid
;
950 wbc_status
= wbcStringToSid(sid_str
, &sid
);
951 if (!WBC_ERROR_IS_OK(wbc_status
)) {
952 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
953 wbcErrorString(wbc_status
));
957 wbc_status
= wbcSidToUid(&sid
, &uid
);
958 if (!WBC_ERROR_IS_OK(wbc_status
)) {
959 d_fprintf(stderr
, "failed to call wbcSidToUid: %s\n",
960 wbcErrorString(wbc_status
));
964 /* Display response */
966 d_printf("%d\n", (int)uid
);
971 static bool wbinfo_sid_to_gid(const char *sid_str
)
973 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
974 struct wbcDomainSid sid
;
979 wbc_status
= wbcStringToSid(sid_str
, &sid
);
980 if (!WBC_ERROR_IS_OK(wbc_status
)) {
981 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
982 wbcErrorString(wbc_status
));
986 wbc_status
= wbcSidToGid(&sid
, &gid
);
987 if (!WBC_ERROR_IS_OK(wbc_status
)) {
988 d_fprintf(stderr
, "failed to call wbcSidToGid: %s\n",
989 wbcErrorString(wbc_status
));
993 /* Display response */
995 d_printf("%d\n", (int)gid
);
1000 static bool wbinfo_sids_to_unix_ids(const char *arg
)
1002 char sidstr
[WBC_SID_STRING_BUFLEN
];
1003 struct wbcDomainSid
*sids
;
1004 struct wbcUnixId
*unix_ids
;
1014 while (next_token(&p
, sidstr
, LIST_SEP
, sizeof(sidstr
))) {
1015 sids
= talloc_realloc(talloc_tos(), sids
, struct wbcDomainSid
,
1018 d_fprintf(stderr
, "talloc failed\n");
1021 wbc_status
= wbcStringToSid(sidstr
, &sids
[num_sids
]);
1022 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1023 d_fprintf(stderr
, "wbcSidToString(%s) failed: %s\n",
1024 sidstr
, wbcErrorString(wbc_status
));
1031 unix_ids
= talloc_array(talloc_tos(), struct wbcUnixId
, num_sids
);
1032 if (unix_ids
== NULL
) {
1037 wbc_status
= wbcSidsToUnixIds(sids
, num_sids
, unix_ids
);
1038 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1039 d_fprintf(stderr
, "wbcSidsToUnixIds failed: %s\n",
1040 wbcErrorString(wbc_status
));
1045 for (i
=0; i
<num_sids
; i
++) {
1047 wbcSidToStringBuf(&sids
[i
], sidstr
, sizeof(sidstr
));
1049 switch(unix_ids
[i
].type
) {
1050 case WBC_ID_TYPE_UID
:
1051 d_printf("%s -> uid %d\n", sidstr
, unix_ids
[i
].id
.uid
);
1053 case WBC_ID_TYPE_GID
:
1054 d_printf("%s -> gid %d\n", sidstr
, unix_ids
[i
].id
.gid
);
1056 case WBC_ID_TYPE_BOTH
:
1057 d_printf("%s -> uid/gid %d\n", sidstr
, unix_ids
[i
].id
.uid
);
1060 d_printf("%s -> unmapped\n", sidstr
);
1066 TALLOC_FREE(unix_ids
);
1071 static bool wbinfo_xids_to_sids(const char *arg
)
1074 struct wbcUnixId
*xids
= NULL
;
1075 struct wbcDomainSid
*sids
;
1083 while (next_token(&p
, idstr
, LIST_SEP
, sizeof(idstr
))) {
1084 xids
= talloc_realloc(talloc_tos(), xids
, struct wbcUnixId
,
1087 d_fprintf(stderr
, "talloc failed\n");
1093 xids
[num_xids
] = (struct wbcUnixId
) {
1094 .type
= WBC_ID_TYPE_UID
,
1095 .id
.uid
= atoi(&idstr
[1])
1099 xids
[num_xids
] = (struct wbcUnixId
) {
1100 .type
= WBC_ID_TYPE_GID
,
1101 .id
.gid
= atoi(&idstr
[1])
1105 d_fprintf(stderr
, "%s is an invalid id\n", idstr
);
1112 sids
= talloc_array(talloc_tos(), struct wbcDomainSid
, num_xids
);
1114 d_fprintf(stderr
, "talloc failed\n");
1119 wbc_status
= wbcUnixIdsToSids(xids
, num_xids
, sids
);
1120 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1121 d_fprintf(stderr
, "wbcUnixIdsToSids failed: %s\n",
1122 wbcErrorString(wbc_status
));
1128 for (i
=0; i
<num_xids
; i
++) {
1129 char str
[WBC_SID_STRING_BUFLEN
];
1130 struct wbcDomainSid null_sid
= { 0 };
1132 if (memcmp(&null_sid
, &sids
[i
], sizeof(struct wbcDomainSid
)) == 0) {
1133 d_printf("NOT MAPPED\n");
1136 wbcSidToStringBuf(&sids
[i
], str
, sizeof(str
));
1137 d_printf("%s\n", str
);
1143 static bool wbinfo_allocate_uid(void)
1145 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1150 wbc_status
= wbcAllocateUid(&uid
);
1151 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1152 d_fprintf(stderr
, "failed to call wbcAllocateUid: %s\n",
1153 wbcErrorString(wbc_status
));
1157 /* Display response */
1159 d_printf("New uid: %u\n", (unsigned int)uid
);
1164 static bool wbinfo_allocate_gid(void)
1166 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1171 wbc_status
= wbcAllocateGid(&gid
);
1172 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1173 d_fprintf(stderr
, "failed to call wbcAllocateGid: %s\n",
1174 wbcErrorString(wbc_status
));
1178 /* Display response */
1180 d_printf("New gid: %u\n", (unsigned int)gid
);
1185 static bool wbinfo_set_uid_mapping(uid_t uid
, const char *sid_str
)
1187 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1188 struct wbcDomainSid sid
;
1192 wbc_status
= wbcStringToSid(sid_str
, &sid
);
1193 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1194 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
1195 wbcErrorString(wbc_status
));
1199 wbc_status
= wbcSetUidMapping(uid
, &sid
);
1200 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1201 d_fprintf(stderr
, "failed to call wbcSetUidMapping: %s\n",
1202 wbcErrorString(wbc_status
));
1206 /* Display response */
1208 d_printf("uid %u now mapped to sid %s\n",
1209 (unsigned int)uid
, sid_str
);
1214 static bool wbinfo_set_gid_mapping(gid_t gid
, const char *sid_str
)
1216 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1217 struct wbcDomainSid sid
;
1221 wbc_status
= wbcStringToSid(sid_str
, &sid
);
1222 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1223 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
1224 wbcErrorString(wbc_status
));
1228 wbc_status
= wbcSetGidMapping(gid
, &sid
);
1229 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1230 d_fprintf(stderr
, "failed to call wbcSetGidMapping: %s\n",
1231 wbcErrorString(wbc_status
));
1235 /* Display response */
1237 d_printf("gid %u now mapped to sid %s\n",
1238 (unsigned int)gid
, sid_str
);
1243 static bool wbinfo_remove_uid_mapping(uid_t uid
, const char *sid_str
)
1245 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1246 struct wbcDomainSid sid
;
1250 wbc_status
= wbcStringToSid(sid_str
, &sid
);
1251 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1252 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
1253 wbcErrorString(wbc_status
));
1257 wbc_status
= wbcRemoveUidMapping(uid
, &sid
);
1258 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1259 d_fprintf(stderr
, "failed to call wbcRemoveUidMapping: %s\n",
1260 wbcErrorString(wbc_status
));
1264 /* Display response */
1266 d_printf("Removed uid %u to sid %s mapping\n",
1267 (unsigned int)uid
, sid_str
);
1272 static bool wbinfo_remove_gid_mapping(gid_t gid
, const char *sid_str
)
1274 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1275 struct wbcDomainSid sid
;
1279 wbc_status
= wbcStringToSid(sid_str
, &sid
);
1280 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1281 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
1282 wbcErrorString(wbc_status
));
1286 wbc_status
= wbcRemoveGidMapping(gid
, &sid
);
1287 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1288 d_fprintf(stderr
, "failed to call wbcRemoveGidMapping: %s\n",
1289 wbcErrorString(wbc_status
));
1293 /* Display response */
1295 d_printf("Removed gid %u to sid %s mapping\n",
1296 (unsigned int)gid
, sid_str
);
1301 /* Convert sid to string */
1303 static bool wbinfo_lookupsid(const char *sid_str
)
1305 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1306 struct wbcDomainSid sid
;
1309 enum wbcSidType type
;
1311 /* Send off request */
1313 wbc_status
= wbcStringToSid(sid_str
, &sid
);
1314 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1315 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
1316 wbcErrorString(wbc_status
));
1320 wbc_status
= wbcLookupSid(&sid
, &domain
, &name
, &type
);
1321 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1322 d_fprintf(stderr
, "failed to call wbcLookupSid: %s\n",
1323 wbcErrorString(wbc_status
));
1327 /* Display response */
1329 if (type
== WBC_SID_NAME_DOMAIN
) {
1330 d_printf("%s %d\n", domain
, type
);
1332 d_printf("%s%c%s %d\n",
1333 domain
, winbind_separator(), name
, type
);
1336 wbcFreeMemory(domain
);
1337 wbcFreeMemory(name
);
1342 /* Convert sid to fullname */
1344 static bool wbinfo_lookupsid_fullname(const char *sid_str
)
1346 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1347 struct wbcDomainSid sid
;
1350 enum wbcSidType type
;
1352 /* Send off request */
1354 wbc_status
= wbcStringToSid(sid_str
, &sid
);
1355 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1356 d_fprintf(stderr
, "failed to call wbcStringToSid: %s\n",
1357 wbcErrorString(wbc_status
));
1361 wbc_status
= wbcGetDisplayName(&sid
, &domain
, &name
, &type
);
1362 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1363 d_fprintf(stderr
, "failed to call wbcGetDisplayName: %s\n",
1364 wbcErrorString(wbc_status
));
1368 /* Display response */
1370 d_printf("%s%c%s %d\n",
1371 domain
, winbind_separator(), name
, type
);
1373 wbcFreeMemory(domain
);
1374 wbcFreeMemory(name
);
1379 /* Lookup a list of RIDs */
1381 static bool wbinfo_lookuprids(const char *domain
, const char *arg
)
1383 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1384 struct wbcDomainInfo
*dinfo
= NULL
;
1385 char *domain_name
= NULL
;
1386 const char **names
= NULL
;
1387 enum wbcSidType
*types
= NULL
;
1390 uint32_t *rids
= NULL
;
1393 TALLOC_CTX
*mem_ctx
= NULL
;
1396 if ((domain
== NULL
) || (strequal(domain
, ".")) || (domain
[0] == '\0')){
1397 domain
= get_winbind_domain();
1402 wbc_status
= wbcDomainInfo(domain
, &dinfo
);
1403 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1404 d_printf("wbcDomainInfo(%s) failed: %s\n", domain
,
1405 wbcErrorString(wbc_status
));
1409 mem_ctx
= talloc_new(NULL
);
1410 if (mem_ctx
== NULL
) {
1411 d_printf("talloc_new failed\n");
1419 while (next_token_talloc(mem_ctx
, &p
, &ridstr
, " ,\n")) {
1423 rid
= smb_strtoul(ridstr
, NULL
, 10, &error
, SMB_STR_STANDARD
);
1425 d_printf("failed to convert rid\n");
1428 rids
= talloc_realloc(mem_ctx
, rids
, uint32_t, num_rids
+ 1);
1430 d_printf("talloc_realloc failed\n");
1432 rids
[num_rids
] = rid
;
1437 d_printf("no rids\n");
1441 wbc_status
= wbcLookupRids(&dinfo
->sid
, num_rids
, rids
,
1442 &p
, &names
, &types
);
1443 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1444 d_printf("winbind_lookup_rids failed: %s\n",
1445 wbcErrorString(wbc_status
));
1449 domain_name
= discard_const_p(char, p
);
1450 d_printf("Domain: %s\n", domain_name
);
1452 for (i
=0; i
<num_rids
; i
++) {
1453 d_printf("%8d: %s (%s)\n", rids
[i
], names
[i
],
1454 wbcSidTypeString(types
[i
]));
1459 wbcFreeMemory(dinfo
);
1460 wbcFreeMemory(domain_name
);
1461 wbcFreeMemory(names
);
1462 wbcFreeMemory(types
);
1463 TALLOC_FREE(mem_ctx
);
1467 static bool wbinfo_lookup_sids(const char *arg
)
1469 char sidstr
[WBC_SID_STRING_BUFLEN
];
1470 struct wbcDomainSid
*sids
;
1471 struct wbcDomainInfo
*domains
;
1472 struct wbcTranslatedName
*names
;
1483 while (next_token(&p
, sidstr
, LIST_SEP
, sizeof(sidstr
))) {
1484 sids
= talloc_realloc(talloc_tos(), sids
, struct wbcDomainSid
,
1487 d_fprintf(stderr
, "talloc failed\n");
1490 wbc_status
= wbcStringToSid(sidstr
, &sids
[num_sids
]);
1491 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1492 d_fprintf(stderr
, "wbcSidToString(%s) failed: %s\n",
1493 sidstr
, wbcErrorString(wbc_status
));
1500 wbc_status
= wbcLookupSids(sids
, num_sids
, &domains
, &num_domains
,
1502 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1503 d_fprintf(stderr
, "wbcLookupSids failed: %s\n",
1504 wbcErrorString(wbc_status
));
1509 for (i
=0; i
<num_sids
; i
++) {
1510 const char *domain
= NULL
;
1512 wbcSidToStringBuf(&sids
[i
], sidstr
, sizeof(sidstr
));
1514 if (names
[i
].domain_index
>= num_domains
) {
1516 } else if (names
[i
].domain_index
< 0) {
1519 domain
= domains
[names
[i
].domain_index
].short_name
;
1522 if (names
[i
].type
== WBC_SID_NAME_DOMAIN
) {
1523 d_printf("%s -> %s %d\n", sidstr
,
1527 d_printf("%s -> %s%c%s %d\n", sidstr
,
1529 winbind_separator(),
1530 names
[i
].name
, names
[i
].type
);
1533 wbcFreeMemory(names
);
1534 wbcFreeMemory(domains
);
1538 /* Convert string to sid */
1540 static bool wbinfo_lookupname(const char *full_name
)
1542 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1543 struct wbcDomainSid sid
;
1544 char sid_str
[WBC_SID_STRING_BUFLEN
];
1545 enum wbcSidType type
;
1546 fstring domain_name
;
1547 fstring account_name
;
1549 /* Send off request */
1551 parse_wbinfo_domain_user(full_name
, domain_name
,
1554 wbc_status
= wbcLookupName(domain_name
, account_name
,
1556 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1557 d_fprintf(stderr
, "failed to call wbcLookupName: %s\n",
1558 wbcErrorString(wbc_status
));
1562 wbcSidToStringBuf(&sid
, sid_str
, sizeof(sid_str
));
1564 /* Display response */
1566 d_printf("%s %s (%d)\n", sid_str
, wbcSidTypeString(type
), type
);
1571 static char *wbinfo_prompt_pass(TALLOC_CTX
*mem_ctx
,
1573 const char *username
)
1576 char buf
[1024] = {0};
1579 prompt
= talloc_asprintf(mem_ctx
, "Enter %s's ", username
);
1584 prompt
= talloc_asprintf_append(prompt
, "%s ", prefix
);
1589 prompt
= talloc_asprintf_append(prompt
, "password: ");
1594 rc
= samba_getpass(prompt
, buf
, sizeof(buf
), false, false);
1595 TALLOC_FREE(prompt
);
1600 return talloc_strdup(mem_ctx
, buf
);
1603 /* Authenticate a user with a plaintext password */
1605 static bool wbinfo_auth_krb5(char *username
, const char *cctype
, uint32_t flags
)
1607 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1610 char *password
= NULL
;
1612 char *local_cctype
= NULL
;
1614 struct wbcLogonUserParams params
;
1615 struct wbcLogonUserInfo
*info
;
1616 struct wbcAuthErrorInfo
*error
;
1617 struct wbcUserPasswordPolicyInfo
*policy
;
1618 TALLOC_CTX
*frame
= talloc_tos();
1620 if ((s
= talloc_strdup(frame
, username
)) == NULL
) {
1624 if ((p
= strchr(s
, '%')) != NULL
) {
1627 password
= talloc_strdup(frame
, p
);
1629 password
= wbinfo_prompt_pass(frame
, NULL
, username
);
1632 local_cctype
= talloc_strdup(frame
, cctype
);
1638 params
.username
= name
;
1639 params
.password
= password
;
1640 params
.num_blobs
= 0;
1641 params
.blobs
= NULL
;
1643 wbc_status
= wbcAddNamedBlob(¶ms
.num_blobs
,
1649 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1650 d_fprintf(stderr
, "failed to call wbcAddNamedBlob: %s\n",
1651 wbcErrorString(wbc_status
));
1655 wbc_status
= wbcAddNamedBlob(¶ms
.num_blobs
,
1661 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1662 d_fprintf(stderr
, "failed to call wbcAddNamedBlob: %s\n",
1663 wbcErrorString(wbc_status
));
1667 wbc_status
= wbcAddNamedBlob(¶ms
.num_blobs
,
1671 (uint8_t *)local_cctype
,
1673 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1674 d_fprintf(stderr
, "failed to call wbcAddNamedBlob: %s\n",
1675 wbcErrorString(wbc_status
));
1679 wbc_status
= wbcLogonUser(¶ms
, &info
, &error
, &policy
);
1681 d_printf("plaintext kerberos password authentication for [%s] %s "
1682 "(requesting cctype: %s)\n",
1683 name
, WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed",
1688 "wbcLogonUser(%s): error code was %s (0x%x)\n"
1689 "error message was: %s\n",
1690 params
.username
, error
->nt_string
,
1692 error
->display_string
);
1695 if (WBC_ERROR_IS_OK(wbc_status
)) {
1696 if (flags
& WBFLAG_PAM_INFO3_TEXT
) {
1697 if (info
&& info
->info
&& info
->info
->user_flags
&
1698 NETLOGON_CACHED_ACCOUNT
) {
1699 d_printf("user_flgs: "
1700 "NETLOGON_CACHED_ACCOUNT\n");
1706 for (i
=0; i
< info
->num_blobs
; i
++) {
1707 if (strequal(info
->blobs
[i
].name
,
1709 d_printf("credentials were put "
1712 info
->blobs
[i
].blob
.data
);
1717 d_printf("no credentials cached\n");
1722 wbcFreeMemory(params
.blobs
);
1724 return WBC_ERROR_IS_OK(wbc_status
);
1727 /* Authenticate a user with a plaintext password */
1729 static bool wbinfo_auth(char *username
)
1731 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1734 char *password
= NULL
;
1736 TALLOC_CTX
*frame
= talloc_tos();
1738 if ((s
= talloc_strdup(frame
, username
)) == NULL
) {
1742 if ((p
= strchr(s
, '%')) != NULL
) {
1745 password
= talloc_strdup(frame
, p
);
1747 password
= wbinfo_prompt_pass(frame
, NULL
, username
);
1752 wbc_status
= wbcAuthenticateUser(name
, password
);
1754 d_printf("plaintext password authentication %s\n",
1755 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1758 if (response
.data
.auth
.nt_status
)
1760 "error code was %s (0x%x)\nerror message was: %s\n",
1761 response
.data
.auth
.nt_status_string
,
1762 response
.data
.auth
.nt_status
,
1763 response
.data
.auth
.error_string
);
1766 return WBC_ERROR_IS_OK(wbc_status
);
1769 /* Authenticate a user with a challenge/response */
1771 static bool wbinfo_auth_crap(char *username
, bool use_ntlmv2
, bool use_lanman
)
1773 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1774 struct wbcAuthUserParams params
;
1775 struct wbcAuthUserInfo
*info
= NULL
;
1776 struct wbcAuthErrorInfo
*err
= NULL
;
1777 DATA_BLOB lm
= data_blob_null
;
1778 DATA_BLOB nt
= data_blob_null
;
1780 fstring name_domain
;
1783 TALLOC_CTX
*frame
= talloc_tos();
1785 p
= strchr(username
, '%');
1789 pass
= talloc_strdup(frame
, p
+ 1);
1791 pass
= wbinfo_prompt_pass(frame
, NULL
, username
);
1794 parse_wbinfo_domain_user(username
, name_domain
, name_user
);
1796 params
.account_name
= name_user
;
1797 params
.domain_name
= name_domain
;
1798 params
.workstation_name
= NULL
;
1801 params
.parameter_control
= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
|
1802 WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
;
1804 params
.level
= WBC_AUTH_USER_LEVEL_RESPONSE
;
1806 generate_random_buffer(params
.password
.response
.challenge
, 8);
1809 DATA_BLOB server_chal
;
1810 DATA_BLOB names_blob
;
1811 const char *netbios_name
= NULL
;
1812 const char *domain
= NULL
;
1814 netbios_name
= get_winbind_netbios_name(),
1815 domain
= get_winbind_domain();
1816 if (domain
== NULL
) {
1817 d_fprintf(stderr
, "Failed to get domain from winbindd\n");
1821 server_chal
= data_blob(params
.password
.response
.challenge
, 8);
1823 /* Pretend this is a login to 'us', for blob purposes */
1824 names_blob
= NTLMv2_generate_names_blob(NULL
,
1829 !SMBNTLMv2encrypt(NULL
, name_user
, name_domain
, pass
,
1832 &lm
, &nt
, NULL
, NULL
)) {
1833 data_blob_free(&names_blob
);
1834 data_blob_free(&server_chal
);
1838 data_blob_free(&names_blob
);
1839 data_blob_free(&server_chal
);
1844 lm
= data_blob(NULL
, 24);
1845 ok
= SMBencrypt(pass
,
1846 params
.password
.response
.challenge
,
1849 data_blob_free(&lm
);
1852 nt
= data_blob(NULL
, 24);
1853 SMBNTencrypt(pass
, params
.password
.response
.challenge
,
1857 params
.password
.response
.nt_length
= nt
.length
;
1858 params
.password
.response
.nt_data
= nt
.data
;
1859 params
.password
.response
.lm_length
= lm
.length
;
1860 params
.password
.response
.lm_data
= lm
.data
;
1862 wbc_status
= wbcAuthenticateUserEx(¶ms
, &info
, &err
);
1864 /* Display response */
1866 d_printf("challenge/response password authentication %s\n",
1867 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1869 if (wbc_status
== WBC_ERR_AUTH_ERROR
) {
1871 "wbcAuthenticateUserEx(%s%c%s): error code was "
1872 "%s (0x%x, authoritative=%"PRIu8
")\n"
1873 "error message was: %s\n",
1875 winbind_separator(),
1880 err
->display_string
);
1882 } else if (WBC_ERROR_IS_OK(wbc_status
)) {
1883 wbcFreeMemory(info
);
1886 data_blob_free(&nt
);
1887 data_blob_free(&lm
);
1889 return WBC_ERROR_IS_OK(wbc_status
);
1892 /* Authenticate a user with a plaintext password */
1894 static bool wbinfo_pam_logon(char *username
, bool verbose
)
1896 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
1897 struct wbcLogonUserParams params
;
1898 struct wbcLogonUserInfo
*info
= NULL
;
1899 struct wbcAuthErrorInfo
*error
= NULL
;
1902 TALLOC_CTX
*frame
= talloc_tos();
1906 ZERO_STRUCT(params
);
1908 if ((s
= talloc_strdup(frame
, username
)) == NULL
) {
1912 if ((p
= strchr(s
, '%')) != NULL
) {
1915 params
.password
= talloc_strdup(frame
, p
);
1917 params
.password
= wbinfo_prompt_pass(frame
, NULL
, username
);
1919 params
.username
= s
;
1921 flags
= WBFLAG_PAM_CACHED_LOGIN
;
1923 wbc_status
= wbcAddNamedBlob(¶ms
.num_blobs
, ¶ms
.blobs
,
1925 (uint8_t *)&flags
, sizeof(flags
));
1926 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1927 d_printf("wbcAddNamedBlob failed: %s\n",
1928 wbcErrorString(wbc_status
));
1934 wbc_status
= wbcAddNamedBlob(¶ms
.num_blobs
, ¶ms
.blobs
,
1936 (uint8_t *)&uid
, sizeof(uid
));
1937 if (!WBC_ERROR_IS_OK(wbc_status
)) {
1938 d_printf("wbcAddNamedBlob failed: %s\n",
1939 wbcErrorString(wbc_status
));
1943 wbc_status
= wbcLogonUser(¶ms
, &info
, &error
, NULL
);
1945 if (verbose
&& (info
!= NULL
)) {
1946 struct wbcAuthUserInfo
*i
= info
->info
;
1949 if (i
->account_name
!= NULL
) {
1950 d_printf("account_name: %s\n", i
->account_name
);
1952 if (i
->user_principal
!= NULL
) {
1953 d_printf("user_principal: %s\n", i
->user_principal
);
1955 if (i
->full_name
!= NULL
) {
1956 d_printf("full_name: %s\n", i
->full_name
);
1958 if (i
->domain_name
!= NULL
) {
1959 d_printf("domain_name: %s\n", i
->domain_name
);
1961 if (i
->dns_domain_name
!= NULL
) {
1962 d_printf("dns_domain_name: %s\n", i
->dns_domain_name
);
1964 if (i
->logon_server
!= NULL
) {
1965 d_printf("logon_server: %s\n", i
->logon_server
);
1967 if (i
->logon_script
!= NULL
) {
1968 d_printf("logon_script: %s\n", i
->logon_script
);
1970 if (i
->profile_path
!= NULL
) {
1971 d_printf("profile_path: %s\n", i
->profile_path
);
1973 if (i
->home_directory
!= NULL
) {
1974 d_printf("home_directory: %s\n", i
->home_directory
);
1976 if (i
->home_drive
!= NULL
) {
1977 d_printf("home_drive: %s\n", i
->home_drive
);
1982 for (j
=0; j
<i
->num_sids
; j
++) {
1983 char buf
[WBC_SID_STRING_BUFLEN
];
1984 wbcSidToStringBuf(&i
->sids
[j
].sid
, buf
, sizeof(buf
));
1985 d_printf(" %s", buf
);
1989 wbcFreeMemory(info
);
1993 wbcFreeMemory(params
.blobs
);
1995 d_printf("plaintext password authentication %s\n",
1996 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
1998 if (!WBC_ERROR_IS_OK(wbc_status
) && (error
!= NULL
)) {
2000 "wbcLogonUser(%s): error code was %s (0x%x)\n"
2001 "error message was: %s\n",
2004 (int)error
->nt_status
,
2005 error
->display_string
);
2006 wbcFreeMemory(error
);
2008 return WBC_ERROR_IS_OK(wbc_status
);
2011 /* Save creds with winbind */
2013 static bool wbinfo_ccache_save(char *username
)
2015 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
2018 char *password
= NULL
;
2020 TALLOC_CTX
*frame
= talloc_stackframe();
2022 s
= talloc_strdup(frame
, username
);
2031 password
= talloc_strdup(frame
, p
);
2033 password
= wbinfo_prompt_pass(frame
, NULL
, username
);
2038 wbc_status
= wbcCredentialSave(name
, password
);
2040 d_printf("saving creds %s\n",
2041 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
2045 return WBC_ERROR_IS_OK(wbc_status
);
2048 #ifdef WITH_FAKE_KASERVER
2049 /* Authenticate a user with a plaintext password and set a token */
2051 static bool wbinfo_klog(char *username
)
2053 struct winbindd_request request
;
2054 struct winbindd_response response
;
2058 /* Send off request */
2060 ZERO_STRUCT(request
);
2061 ZERO_STRUCT(response
);
2063 p
= strchr(username
, '%');
2067 fstrcpy(request
.data
.auth
.user
, username
);
2068 fstrcpy(request
.data
.auth
.pass
, p
+ 1);
2071 fstrcpy(request
.data
.auth
.user
, username
);
2072 (void) samba_getpass("Password: ",
2073 request
.data
.auth
.pass
,
2074 sizeof(request
.data
.auth
.pass
),
2078 request
.flags
|= WBFLAG_PAM_AFS_TOKEN
;
2080 result
= winbindd_request_response(NULL
, WINBINDD_PAM_AUTH
, &request
,
2083 /* Display response */
2085 d_printf("plaintext password authentication %s\n",
2086 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
2088 if (response
.data
.auth
.nt_status
)
2090 "error code was %s (0x%x)\nerror message was: %s\n",
2091 response
.data
.auth
.nt_status_string
,
2092 response
.data
.auth
.nt_status
,
2093 response
.data
.auth
.error_string
);
2095 if (result
!= NSS_STATUS_SUCCESS
)
2098 if (response
.extra_data
.data
== NULL
) {
2099 d_fprintf(stderr
, "Did not get token data\n");
2103 if (!afs_settoken_str((char *)response
.extra_data
.data
)) {
2104 d_fprintf(stderr
, "Could not set token\n");
2108 d_printf("Successfully created AFS token\n");
2112 static bool wbinfo_klog(char *username
)
2114 d_fprintf(stderr
, "No AFS support compiled in.\n");
2119 /* Print domain users */
2121 static bool print_domain_users(const char *domain
)
2123 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
2125 uint32_t num_users
= 0;
2126 const char **users
= NULL
;
2128 /* Send request to winbind daemon */
2130 if (domain
== NULL
) {
2131 domain
= get_winbind_domain();
2133 /* '.' is the special sign for our own domain */
2134 if ((domain
[0] == '\0') || strcmp(domain
, ".") == 0) {
2135 domain
= get_winbind_domain();
2136 /* '*' is the special sign for all domains */
2137 } else if (strcmp(domain
, "*") == 0) {
2142 wbc_status
= wbcListUsers(domain
, &num_users
, &users
);
2143 if (!WBC_ERROR_IS_OK(wbc_status
)) {
2147 for (i
=0; i
< num_users
; i
++) {
2148 d_printf("%s\n", users
[i
]);
2151 wbcFreeMemory(users
);
2156 /* Print domain groups */
2158 static bool print_domain_groups(const char *domain
)
2160 wbcErr wbc_status
= WBC_ERR_UNKNOWN_FAILURE
;
2162 uint32_t num_groups
= 0;
2163 const char **groups
= NULL
;
2165 /* Send request to winbind daemon */
2167 if (domain
== NULL
) {
2168 domain
= get_winbind_domain();
2170 /* '.' is the special sign for our own domain */
2171 if ((domain
[0] == '\0') || strcmp(domain
, ".") == 0) {
2172 domain
= get_winbind_domain();
2173 /* '*' is the special sign for all domains */
2174 } else if (strcmp(domain
, "*") == 0) {
2179 wbc_status
= wbcListGroups(domain
, &num_groups
, &groups
);
2180 if (!WBC_ERROR_IS_OK(wbc_status
)) {
2181 d_fprintf(stderr
, "failed to call wbcListGroups: %s\n",
2182 wbcErrorString(wbc_status
));
2186 for (i
=0; i
< num_groups
; i
++) {
2187 d_printf("%s\n", groups
[i
]);
2190 wbcFreeMemory(groups
);
2195 /* Set the authorised user for winbindd access in secrets.tdb */
2197 static bool wbinfo_set_auth_user(char *username
)
2199 d_fprintf(stderr
, "This functionality was moved to the 'net' utility.\n"
2200 "See 'net help setauthuser' for details.\n");
2204 static void wbinfo_get_auth_user(void)
2206 d_fprintf(stderr
, "This functionality was moved to the 'net' utility.\n"
2207 "See 'net help getauthuser' for details.\n");
2210 static bool wbinfo_ping(void)
2214 wbc_status
= wbcPing();
2216 /* Display response */
2218 d_printf("Ping to winbindd %s\n",
2219 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
2221 return WBC_ERROR_IS_OK(wbc_status
);
2224 static bool wbinfo_change_user_password(const char *username
)
2227 char *old_password
= NULL
;
2228 char *new_password
= NULL
;
2229 TALLOC_CTX
*frame
= talloc_tos();
2231 old_password
= wbinfo_prompt_pass(frame
, "old", username
);
2232 new_password
= wbinfo_prompt_pass(frame
, "new", username
);
2234 wbc_status
= wbcChangeUserPassword(username
, old_password
,new_password
);
2236 /* Display response */
2238 d_printf("Password change for user %s %s\n", username
,
2239 WBC_ERROR_IS_OK(wbc_status
) ? "succeeded" : "failed");
2241 return WBC_ERROR_IS_OK(wbc_status
);
2247 OPT_SET_AUTH_USER
= 1000,
2260 OPT_SET_UID_MAPPING
,
2261 OPT_SET_GID_MAPPING
,
2262 OPT_REMOVE_UID_MAPPING
,
2263 OPT_REMOVE_GID_MAPPING
,
2267 OPT_LIST_ALL_DOMAINS
,
2268 OPT_LIST_OWN_DOMAIN
,
2275 OPT_CHANGE_USER_PASSWORD
,
2277 OPT_SID_TO_FULLNAME
,
2288 int main(int argc
, const char **argv
, char **envp
)
2291 TALLOC_CTX
*frame
= talloc_stackframe();
2293 static char *string_arg
;
2294 char *string_subarg
= NULL
;
2295 static char *opt_domain_name
;
2297 int int_subarg
= -1;
2299 bool verbose
= false;
2300 bool use_ntlmv2
= true;
2301 bool use_lanman
= false;
2302 char *logoff_user
= getenv("USER");
2303 int logoff_uid
= geteuid();
2304 const char *opt_krb5ccname
= "FILE";
2306 struct poptOption long_options
[] = {
2309 /* longName, shortName, argInfo, argPtr, value, descrip,
2313 .longName
= "domain-users",
2315 .argInfo
= POPT_ARG_NONE
,
2317 .descrip
= "Lists all domain users",
2318 .argDescrip
= "domain"
2321 .longName
= "domain-groups",
2323 .argInfo
= POPT_ARG_NONE
,
2325 .descrip
= "Lists all domain groups",
2326 .argDescrip
= "domain"
2329 .longName
= "WINS-by-name",
2331 .argInfo
= POPT_ARG_STRING
,
2334 .descrip
= "Converts NetBIOS name to IP",
2335 .argDescrip
= "NETBIOS-NAME"
2338 .longName
= "WINS-by-ip",
2340 .argInfo
= POPT_ARG_STRING
,
2343 .descrip
= "Converts IP address to NetBIOS name",
2347 .longName
= "name-to-sid",
2349 .argInfo
= POPT_ARG_STRING
,
2352 .descrip
= "Converts name to sid",
2353 .argDescrip
= "NAME"
2356 .longName
= "sid-to-name",
2358 .argInfo
= POPT_ARG_STRING
,
2361 .descrip
= "Converts sid to name",
2365 .longName
= "sid-to-fullname",
2366 .argInfo
= POPT_ARG_STRING
,
2368 .val
= OPT_SID_TO_FULLNAME
,
2369 .descrip
= "Converts sid to fullname",
2373 .longName
= "lookup-rids",
2375 .argInfo
= POPT_ARG_STRING
,
2378 .descrip
= "Converts RIDs to names",
2379 .argDescrip
= "RIDs"
2382 .longName
= "lookup-sids",
2383 .argInfo
= POPT_ARG_STRING
,
2385 .val
= OPT_LOOKUP_SIDS
,
2386 .descrip
= "Converts SIDs to types and names",
2387 .argDescrip
= "Sid-List"
2390 .longName
= "uid-to-sid",
2392 .argInfo
= POPT_ARG_INT
,
2395 .descrip
= "Converts uid to sid",
2399 .longName
= "gid-to-sid",
2401 .argInfo
= POPT_ARG_INT
,
2404 .descrip
= "Converts gid to sid",
2408 .longName
= "sid-to-uid",
2410 .argInfo
= POPT_ARG_STRING
,
2413 .descrip
= "Converts sid to uid",
2417 .longName
= "sid-to-gid",
2419 .argInfo
= POPT_ARG_STRING
,
2422 .descrip
= "Converts sid to gid",
2426 .longName
= "allocate-uid",
2427 .argInfo
= POPT_ARG_NONE
,
2428 .val
= OPT_ALLOCATE_UID
,
2429 .descrip
= "Get a new UID out of idmap"
2432 .longName
= "allocate-gid",
2433 .argInfo
= POPT_ARG_NONE
,
2434 .val
= OPT_ALLOCATE_GID
,
2435 .descrip
= "Get a new GID out of idmap"
2438 .longName
= "set-uid-mapping",
2439 .argInfo
= POPT_ARG_STRING
,
2441 .val
= OPT_SET_UID_MAPPING
,
2442 .descrip
= "Create or modify uid to sid mapping in "
2444 .argDescrip
= "UID,SID"
2447 .longName
= "set-gid-mapping",
2448 .argInfo
= POPT_ARG_STRING
,
2450 .val
= OPT_SET_GID_MAPPING
,
2451 .descrip
= "Create or modify gid to sid mapping in "
2453 .argDescrip
= "GID,SID"
2456 .longName
= "remove-uid-mapping",
2457 .argInfo
= POPT_ARG_STRING
,
2459 .val
= OPT_REMOVE_UID_MAPPING
,
2460 .descrip
= "Remove uid to sid mapping in idmap",
2461 .argDescrip
= "UID,SID"
2464 .longName
= "remove-gid-mapping",
2465 .argInfo
= POPT_ARG_STRING
,
2467 .val
= OPT_REMOVE_GID_MAPPING
,
2468 .descrip
= "Remove gid to sid mapping in idmap",
2469 .argDescrip
= "GID,SID",
2472 .longName
= "sids-to-unix-ids",
2473 .argInfo
= POPT_ARG_STRING
,
2475 .val
= OPT_SIDS_TO_XIDS
,
2476 .descrip
= "Translate SIDs to Unix IDs",
2477 .argDescrip
= "Sid-List",
2480 .longName
= "unix-ids-to-sids",
2481 .argInfo
= POPT_ARG_STRING
,
2483 .val
= OPT_XIDS_TO_SIDS
,
2484 .descrip
= "Translate Unix IDs to SIDs",
2485 .argDescrip
= "ID-List (u<num> g<num>)",
2488 .longName
= "check-secret",
2490 .argInfo
= POPT_ARG_NONE
,
2492 .descrip
= "Check shared secret",
2495 .longName
= "change-secret",
2497 .argInfo
= POPT_ARG_NONE
,
2499 .descrip
= "Change shared secret",
2502 .longName
= "ping-dc",
2504 .argInfo
= POPT_ARG_NONE
,
2506 .descrip
= "Check the NETLOGON connection",
2509 .longName
= "trusted-domains",
2511 .argInfo
= POPT_ARG_NONE
,
2513 .descrip
= "List trusted domains",
2516 .longName
= "all-domains",
2517 .argInfo
= POPT_ARG_NONE
,
2518 .val
= OPT_LIST_ALL_DOMAINS
,
2519 .descrip
= "List all domains (trusted and own "
2523 .longName
= "own-domain",
2524 .argInfo
= POPT_ARG_NONE
,
2525 .val
= OPT_LIST_OWN_DOMAIN
,
2526 .descrip
= "List own domain",
2529 .longName
= "sequence",
2530 .argInfo
= POPT_ARG_NONE
,
2531 .val
= OPT_SEQUENCE
,
2532 .descrip
= "Deprecated command, see --online-status",
2535 .longName
= "online-status",
2536 .argInfo
= POPT_ARG_NONE
,
2537 .val
= OPT_ONLINESTATUS
,
2538 .descrip
= "Show whether domains maintain an active "
2542 .longName
= "domain-info",
2544 .argInfo
= POPT_ARG_STRING
,
2547 .descrip
= "Show most of the info we have about the "
2551 .longName
= "user-info",
2553 .argInfo
= POPT_ARG_STRING
,
2556 .descrip
= "Get user info",
2557 .argDescrip
= "USER",
2560 .longName
= "uid-info",
2561 .argInfo
= POPT_ARG_INT
,
2563 .val
= OPT_UID_INFO
,
2564 .descrip
= "Get user info from uid",
2565 .argDescrip
= "UID",
2568 .longName
= "group-info",
2569 .argInfo
= POPT_ARG_STRING
,
2571 .val
= OPT_GROUP_INFO
,
2572 .descrip
= "Get group info",
2573 .argDescrip
= "GROUP",
2576 .longName
= "user-sidinfo",
2577 .argInfo
= POPT_ARG_STRING
,
2579 .val
= OPT_USER_SIDINFO
,
2580 .descrip
= "Get user info from sid",
2581 .argDescrip
= "SID",
2584 .longName
= "gid-info",
2585 .argInfo
= POPT_ARG_INT
,
2587 .val
= OPT_GID_INFO
,
2588 .descrip
= "Get group info from gid",
2589 .argDescrip
= "GID",
2592 .longName
= "user-groups",
2594 .argInfo
= POPT_ARG_STRING
,
2597 .descrip
= "Get user groups",
2598 .argDescrip
= "USER",
2601 .longName
= "user-domgroups",
2602 .argInfo
= POPT_ARG_STRING
,
2604 .val
= OPT_USERDOMGROUPS
,
2605 .descrip
= "Get user domain groups",
2606 .argDescrip
= "SID",
2609 .longName
= "sid-aliases",
2610 .argInfo
= POPT_ARG_STRING
,
2612 .val
= OPT_SIDALIASES
,
2613 .descrip
= "Get sid aliases",
2614 .argDescrip
= "SID",
2617 .longName
= "user-sids",
2618 .argInfo
= POPT_ARG_STRING
,
2620 .val
= OPT_USERSIDS
,
2621 .descrip
= "Get user group sids for user SID",
2622 .argDescrip
= "SID",
2625 .longName
= "authenticate",
2627 .argInfo
= POPT_ARG_STRING
,
2630 .descrip
= "authenticate user",
2631 .argDescrip
= "user%password",
2634 .longName
= "pam-logon",
2635 .argInfo
= POPT_ARG_STRING
,
2637 .val
= OPT_PAM_LOGON
,
2638 .descrip
= "do a pam logon equivalent",
2639 .argDescrip
= "user%password",
2642 .longName
= "logoff",
2643 .argInfo
= POPT_ARG_NONE
,
2645 .descrip
= "log off user",
2646 .argDescrip
= "uid",
2649 .longName
= "logoff-user",
2650 .argInfo
= POPT_ARG_STRING
,
2651 .arg
= &logoff_user
,
2652 .val
= OPT_LOGOFF_USER
,
2653 .descrip
= "username to log off"
2656 .longName
= "logoff-uid",
2657 .argInfo
= POPT_ARG_INT
,
2659 .val
= OPT_LOGOFF_UID
,
2660 .descrip
= "uid to log off",
2663 .longName
= "set-auth-user",
2664 .argInfo
= POPT_ARG_STRING
,
2666 .val
= OPT_SET_AUTH_USER
,
2667 .descrip
= "Store user and password used by "
2668 "winbindd (root only)",
2669 .argDescrip
= "user%password",
2672 .longName
= "ccache-save",
2674 .argInfo
= POPT_ARG_STRING
,
2676 .val
= OPT_CCACHE_SAVE
,
2677 .descrip
= "Store user and password for ccache "
2679 .argDescrip
= "user%password",
2682 .longName
= "getdcname",
2683 .argInfo
= POPT_ARG_STRING
,
2685 .val
= OPT_GETDCNAME
,
2686 .descrip
= "Get a DC name for a foreign domain",
2687 .argDescrip
= "domainname",
2690 .longName
= "dsgetdcname",
2691 .argInfo
= POPT_ARG_STRING
,
2693 .val
= OPT_DSGETDCNAME
,
2694 .descrip
= "Find a DC for a domain",
2695 .argDescrip
= "domainname",
2698 .longName
= "dc-info",
2699 .argInfo
= POPT_ARG_STRING
,
2702 .descrip
= "Find the currently known DCs",
2703 .argDescrip
= "domainname",
2706 .longName
= "get-auth-user",
2707 .argInfo
= POPT_ARG_NONE
,
2708 .val
= OPT_GET_AUTH_USER
,
2709 .descrip
= "Retrieve user and password used by "
2710 "winbindd (root only)",
2715 .argInfo
= POPT_ARG_NONE
,
2718 .descrip
= "Ping winbindd to see if it is alive",
2721 .longName
= "domain",
2723 .argInfo
= POPT_ARG_STRING
,
2724 .arg
= &opt_domain_name
,
2725 .val
= OPT_DOMAIN_NAME
,
2726 .descrip
= "Define to the domain to restrict "
2728 .argDescrip
= "domain",
2730 #ifdef WITH_FAKE_KASERVER
2734 .argInfo
= POPT_ARG_STRING
,
2737 .descrip
= "set an AFS token from winbind",
2738 .argDescrip
= "user%password",
2743 .longName
= "krb5auth",
2745 .argInfo
= POPT_ARG_STRING
,
2748 .descrip
= "authenticate user using Kerberos",
2749 .argDescrip
= "user%password",
2751 /* destroys wbinfo --help output */
2752 /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
2755 .longName
= "krb5ccname",
2756 .argInfo
= POPT_ARG_STRING
,
2757 .arg
= &opt_krb5ccname
,
2758 .val
= OPT_KRB5CCNAME
,
2759 .descrip
= "authenticate user using Kerberos and "
2760 "specific credential cache type",
2761 .argDescrip
= "krb5ccname",
2765 .longName
= "separator",
2766 .argInfo
= POPT_ARG_NONE
,
2767 .val
= OPT_SEPARATOR
,
2768 .descrip
= "Get the active winbind separator",
2771 .longName
= "verbose",
2772 .argInfo
= POPT_ARG_NONE
,
2774 .descrip
= "Print additional information per command",
2777 .longName
= "change-user-password",
2778 .argInfo
= POPT_ARG_STRING
,
2780 .val
= OPT_CHANGE_USER_PASSWORD
,
2781 .descrip
= "Change the password for a user",
2784 .longName
= "ntlmv1",
2785 .argInfo
= POPT_ARG_NONE
,
2787 .descrip
= "Use NTLMv1 cryptography for user authentication",
2790 .longName
= "ntlmv2",
2791 .argInfo
= POPT_ARG_NONE
,
2793 .descrip
= "Use NTLMv2 cryptography for user authentication",
2796 .longName
= "lanman",
2797 .argInfo
= POPT_ARG_NONE
,
2799 .descrip
= "Use lanman cryptography for user authentication",
2805 /* Samba client initialisation */
2811 pc
= poptGetContext("wbinfo", argc
, argv
,
2814 /* Parse command line options */
2817 poptPrintHelp(pc
, stderr
, 0);
2821 while((opt
= poptGetNextOpt(pc
)) != -1) {
2822 /* get the generic configuration parameters like --domain */
2836 poptFreeContext(pc
);
2838 pc
= poptGetContext(NULL
, argc
, (const char **)argv
, long_options
,
2839 POPT_CONTEXT_KEEP_FIRST
);
2841 while((opt
= poptGetNextOpt(pc
)) != -1) {
2844 if (!print_domain_users(opt_domain_name
)) {
2846 "Error looking up domain users\n");
2851 if (!print_domain_groups(opt_domain_name
)) {
2853 "Error looking up domain groups\n");
2858 if (!wbinfo_lookupsid(string_arg
)) {
2860 "Could not lookup sid %s\n",
2865 case OPT_SID_TO_FULLNAME
:
2866 if (!wbinfo_lookupsid_fullname(string_arg
)) {
2867 d_fprintf(stderr
, "Could not lookup sid %s\n",
2873 if (!wbinfo_lookuprids(opt_domain_name
, string_arg
)) {
2874 d_fprintf(stderr
, "Could not lookup RIDs %s\n",
2879 case OPT_LOOKUP_SIDS
:
2880 if (!wbinfo_lookup_sids(string_arg
)) {
2881 d_fprintf(stderr
, "Could not lookup SIDs %s\n",
2887 if (!wbinfo_lookupname(string_arg
)) {
2888 d_fprintf(stderr
, "Could not lookup name %s\n",
2894 if (!wbinfo_wins_byname(string_arg
)) {
2896 "Could not lookup WINS by name %s\n",
2902 if (!wbinfo_wins_byip(string_arg
)) {
2904 "Could not lookup WINS by IP %s\n",
2910 if (!wbinfo_uid_to_sid(int_arg
)) {
2912 "Could not convert uid %d to sid\n",
2918 if (!wbinfo_gid_to_sid(int_arg
)) {
2920 "Could not convert gid %d to sid\n",
2926 if (!wbinfo_sid_to_uid(string_arg
)) {
2928 "Could not convert sid %s to uid\n",
2934 if (!wbinfo_sid_to_gid(string_arg
)) {
2936 "Could not convert sid %s to gid\n",
2941 case OPT_ALLOCATE_UID
:
2942 if (!wbinfo_allocate_uid()) {
2943 d_fprintf(stderr
, "Could not allocate a uid\n");
2947 case OPT_ALLOCATE_GID
:
2948 if (!wbinfo_allocate_gid()) {
2949 d_fprintf(stderr
, "Could not allocate a gid\n");
2953 case OPT_SET_UID_MAPPING
:
2954 if (!parse_mapping_arg(string_arg
, &int_subarg
,
2956 !wbinfo_set_uid_mapping(int_subarg
, string_subarg
))
2958 d_fprintf(stderr
, "Could not create or modify "
2959 "uid to sid mapping\n");
2963 case OPT_SET_GID_MAPPING
:
2964 if (!parse_mapping_arg(string_arg
, &int_subarg
,
2966 !wbinfo_set_gid_mapping(int_subarg
, string_subarg
))
2968 d_fprintf(stderr
, "Could not create or modify "
2969 "gid to sid mapping\n");
2973 case OPT_REMOVE_UID_MAPPING
:
2974 if (!parse_mapping_arg(string_arg
, &int_subarg
,
2976 !wbinfo_remove_uid_mapping(int_subarg
,
2979 d_fprintf(stderr
, "Could not remove uid to sid "
2984 case OPT_REMOVE_GID_MAPPING
:
2985 if (!parse_mapping_arg(string_arg
, &int_subarg
,
2987 !wbinfo_remove_gid_mapping(int_subarg
,
2990 d_fprintf(stderr
, "Could not remove gid to sid "
2995 case OPT_SIDS_TO_XIDS
:
2996 if (!wbinfo_sids_to_unix_ids(string_arg
)) {
2997 d_fprintf(stderr
, "wbinfo_sids_to_unix_ids "
3002 case OPT_XIDS_TO_SIDS
:
3003 if (!wbinfo_xids_to_sids(string_arg
)) {
3004 d_fprintf(stderr
, "wbinfo_xids_to_sids "
3010 if (!wbinfo_check_secret(opt_domain_name
)) {
3011 d_fprintf(stderr
, "Could not check secret\n");
3016 if (!wbinfo_change_secret(opt_domain_name
)) {
3017 d_fprintf(stderr
, "Could not change secret\n");
3022 if (!wbinfo_ping_dc(opt_domain_name
)) {
3027 if (!wbinfo_list_domains(false, verbose
)) {
3029 "Could not list trusted domains\n");
3034 if (!wbinfo_show_sequence(opt_domain_name
)) {
3036 "Could not show sequence numbers\n");
3040 case OPT_ONLINESTATUS
:
3041 if (!wbinfo_show_onlinestatus(opt_domain_name
)) {
3043 "Could not show online-status\n");
3048 if (!wbinfo_domain_info(string_arg
)) {
3050 "Could not get domain info\n");
3055 if (!wbinfo_get_userinfo(string_arg
)) {
3057 "Could not get info for user %s\n",
3062 case OPT_USER_SIDINFO
:
3063 if ( !wbinfo_get_user_sidinfo(string_arg
)) {
3065 "Could not get info for user "
3066 "sid %s\n", string_arg
);
3071 if ( !wbinfo_get_uidinfo(int_arg
)) {
3072 d_fprintf(stderr
, "Could not get info for uid "
3077 case OPT_GROUP_INFO
:
3078 if ( !wbinfo_get_groupinfo(string_arg
)) {
3079 d_fprintf(stderr
, "Could not get info for "
3080 "group %s\n", string_arg
);
3085 if ( !wbinfo_get_gidinfo(int_arg
)) {
3086 d_fprintf(stderr
, "Could not get info for gid "
3092 if (!wbinfo_get_usergroups(string_arg
)) {
3094 "Could not get groups for user %s\n",
3100 if (!wbinfo_get_usersids(string_arg
)) {
3101 d_fprintf(stderr
, "Could not get group SIDs "
3102 "for user SID %s\n",
3107 case OPT_USERDOMGROUPS
:
3108 if (!wbinfo_get_userdomgroups(string_arg
)) {
3109 d_fprintf(stderr
, "Could not get user's domain "
3110 "groups for user SID %s\n",
3115 case OPT_SIDALIASES
:
3116 if (!wbinfo_get_sidaliases(opt_domain_name
,
3118 d_fprintf(stderr
, "Could not get sid aliases "
3119 "for user SID %s\n", string_arg
);
3124 bool got_error
= false;
3126 if (!wbinfo_auth(string_arg
)) {
3128 "Could not authenticate user "
3129 "%s with plaintext "
3130 "password\n", string_arg
);
3134 if (!wbinfo_auth_crap(string_arg
, use_ntlmv2
,
3137 "Could not authenticate user "
3138 "%s with challenge/response\n",
3148 if (!wbinfo_pam_logon(string_arg
, verbose
)) {
3149 d_fprintf(stderr
, "pam_logon failed for %s\n",
3158 wbc_status
= wbcLogoffUser(logoff_user
, logoff_uid
,
3160 d_printf("Logoff %s (%d): %s\n", logoff_user
,
3161 logoff_uid
, wbcErrorString(wbc_status
));
3165 uint32_t flags
= WBFLAG_PAM_KRB5
|
3166 WBFLAG_PAM_CACHED_LOGIN
|
3167 WBFLAG_PAM_FALLBACK_AFTER_KRB5
|
3168 WBFLAG_PAM_INFO3_TEXT
|
3169 WBFLAG_PAM_CONTACT_TRUSTDOM
;
3171 if (!wbinfo_auth_krb5(string_arg
, opt_krb5ccname
,
3174 "Could not authenticate user "
3175 "[%s] with Kerberos "
3176 "(ccache: %s)\n", string_arg
,
3183 if (!wbinfo_klog(string_arg
)) {
3184 d_fprintf(stderr
, "Could not klog user\n");
3189 if (!wbinfo_ping()) {
3190 d_fprintf(stderr
, "could not ping winbindd!\n");
3194 case OPT_SET_AUTH_USER
:
3195 if (!wbinfo_set_auth_user(string_arg
)) {
3199 case OPT_GET_AUTH_USER
:
3200 wbinfo_get_auth_user();
3203 case OPT_CCACHE_SAVE
:
3204 if (!wbinfo_ccache_save(string_arg
)) {
3209 if (!wbinfo_getdcname(string_arg
)) {
3213 case OPT_DSGETDCNAME
:
3214 if (!wbinfo_dsgetdcname(string_arg
, 0)) {
3219 if (!wbinfo_dc_info(string_arg
)) {
3223 case OPT_SEPARATOR
: {
3224 const char sep
= winbind_separator();
3228 d_printf("%c\n", sep
);
3231 case OPT_LIST_ALL_DOMAINS
:
3232 if (!wbinfo_list_domains(true, verbose
)) {
3236 case OPT_LIST_OWN_DOMAIN
:
3237 if (!wbinfo_list_own_domain()) {
3241 case OPT_CHANGE_USER_PASSWORD
:
3242 if (!wbinfo_change_user_password(string_arg
)) {
3244 "Could not change user password "
3245 "for user %s\n", string_arg
);
3250 /* generic configuration options */
3251 case OPT_DOMAIN_NAME
:
3256 case OPT_LOGOFF_USER
:
3257 case OPT_LOGOFF_UID
:
3258 case OPT_KRB5CCNAME
:
3261 d_fprintf(stderr
, "Invalid option\n");
3262 poptPrintHelp(pc
, stderr
, 0);
3274 poptFreeContext(pc
);