search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Fix Coverity ID 2222: RESOURCE_LEAK
[Samba.git] / nsswitch / wbinfo.c
blob9efd40b56a0842a8976b9ce908e86c1c8a54be6e
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind status program.
5
6 Copyright (C) Tim Potter 2000-2003
7 Copyright (C) Andrew Bartlett 2002-2007
8 Copyright (C) Volker Lendecke 2009
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "popt_common.h"
26 #include "winbind_client.h"
27 #include "libwbclient/wbclient.h"
28 #include "lib/popt/popt.h"
29 #include "../libcli/auth/libcli_auth.h"
30 #if (_SAMBA_BUILD_) >= 4
31 #include "lib/cmdline/popt_common.h"
32 #endif
33
34 #ifdef DBGC_CLASS
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_WINBIND
37 #endif
38
39 static struct wbcInterfaceDetails *init_interface_details(void)
40 {
41 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42 static struct wbcInterfaceDetails *details;
43
44 if (details) {
45 return details;
46 }
47
48 wbc_status = wbcInterfaceDetails(&details);
49 if (!WBC_ERROR_IS_OK(wbc_status)) {
50 d_fprintf(stderr, "could not obtain winbind interface "
51 "details: %s\n", wbcErrorString(wbc_status));
52 }
53
54 return details;
55 }
56
57 static char winbind_separator(void)
58 {
59 struct wbcInterfaceDetails *details;
60 static bool got_sep;
61 static char sep;
62
63 if (got_sep)
64 return sep;
65
66 details = init_interface_details();
67
68 if (!details) {
69 d_fprintf(stderr, "could not obtain winbind separator!\n");
70 return 0;
71 }
72
73 sep = details->winbind_separator;
74 got_sep = true;
75
76 if (!sep) {
77 d_fprintf(stderr, "winbind separator was NULL!\n");
78 return 0;
79 }
80
81 return sep;
82 }
83
84 static const char *get_winbind_domain(void)
85 {
86 static struct wbcInterfaceDetails *details;
87
88 details = init_interface_details();
89
90 if (!details) {
91 d_fprintf(stderr, "could not obtain winbind domain name!\n");
92 return 0;
93 }
94
95 return details->netbios_domain;
96 }
97
98 static const char *get_winbind_netbios_name(void)
99 {
100 static struct wbcInterfaceDetails *details;
101
102 details = init_interface_details();
103
104 if (!details) {
105 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106 return 0;
107 }
108
109 return details->netbios_name;
110 }
111
112 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
113 form DOMAIN/user into a domain and a user */
114
115 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116 fstring user)
117 {
118
119 char *p = strchr(domuser,winbind_separator());
120
121 if (!p) {
122 /* Maybe it was a UPN? */
123 if ((p = strchr(domuser, '@')) != NULL) {
124 fstrcpy(domain, "");
125 fstrcpy(user, domuser);
126 return true;
127 }
128
129 fstrcpy(user, domuser);
130 fstrcpy(domain, get_winbind_domain());
131 return true;
132 }
133
134 fstrcpy(user, p+1);
135 fstrcpy(domain, domuser);
136 domain[PTR_DIFF(p, domuser)] = 0;
137 strupper_m(domain);
138
139 return true;
140 }
141
142 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143 * Return true if input was valid, false otherwise. */
144 static bool parse_mapping_arg(char *arg, int *id, char **sid)
145 {
146 char *tmp, *endptr;
147
148 if (!arg || !*arg)
149 return false;
150
151 tmp = strtok(arg, ",");
152 *sid = strtok(NULL, ",");
153
154 if (!tmp || !*tmp || !*sid || !**sid)
155 return false;
156
157 /* Because atoi() can return 0 on invalid input, which would be a valid
158 * UID/GID we must use strtoul() and do error checking */
159 *id = strtoul(tmp, &endptr, 10);
160
161 if (endptr[0] != '\0')
162 return false;
163
164 return true;
165 }
166
167 /* pull pwent info for a given user */
168
169 static bool wbinfo_get_userinfo(char *user)
170 {
171 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172 struct passwd *pwd = NULL;
173
174 wbc_status = wbcGetpwnam(user, &pwd);
175 if (!WBC_ERROR_IS_OK(wbc_status)) {
176 d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177 wbcErrorString(wbc_status));
178 return false;
179 }
180
181 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182 pwd->pw_name,
183 pwd->pw_passwd,
184 (unsigned int)pwd->pw_uid,
185 (unsigned int)pwd->pw_gid,
186 pwd->pw_gecos,
187 pwd->pw_dir,
188 pwd->pw_shell);
189
190 return true;
191 }
192
193 /* pull pwent info for a given uid */
194 static bool wbinfo_get_uidinfo(int uid)
195 {
196 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
197 struct passwd *pwd = NULL;
198
199 wbc_status = wbcGetpwuid(uid, &pwd);
200 if (!WBC_ERROR_IS_OK(wbc_status)) {
201 d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
202 wbcErrorString(wbc_status));
203 return false;
204 }
205
206 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
207 pwd->pw_name,
208 pwd->pw_passwd,
209 (unsigned int)pwd->pw_uid,
210 (unsigned int)pwd->pw_gid,
211 pwd->pw_gecos,
212 pwd->pw_dir,
213 pwd->pw_shell);
214
215 return true;
216 }
217
218 static bool wbinfo_get_user_sidinfo(const char *sid_str)
219 {
220 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
221 struct passwd *pwd = NULL;
222 struct wbcDomainSid sid;
223
224 wbc_status = wbcStringToSid(sid_str, &sid);
225 wbc_status = wbcGetpwsid(&sid, &pwd);
226 if (!WBC_ERROR_IS_OK(wbc_status)) {
227 d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
228 wbcErrorString(wbc_status));
229 return false;
230 }
231
232 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
233 pwd->pw_name,
234 pwd->pw_passwd,
235 (unsigned int)pwd->pw_uid,
236 (unsigned int)pwd->pw_gid,
237 pwd->pw_gecos,
238 pwd->pw_dir,
239 pwd->pw_shell);
240
241 return true;
242 }
243
244
245 /* pull grent for a given group */
246 static bool wbinfo_get_groupinfo(const char *group)
247 {
248 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
249 struct group *grp;
250 char **mem;
251
252 wbc_status = wbcGetgrnam(group, &grp);
253 if (!WBC_ERROR_IS_OK(wbc_status)) {
254 d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
255 wbcErrorString(wbc_status));
256 return false;
257 }
258
259 d_printf("%s:%s:%u:",
260 grp->gr_name,
261 grp->gr_passwd,
262 (unsigned int)grp->gr_gid);
263
264 mem = grp->gr_mem;
265 while (*mem != NULL) {
266 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
267 mem += 1;
268 }
269 d_printf("\n");
270
271 wbcFreeMemory(grp);
272
273 return true;
274 }
275
276 /* pull grent for a given gid */
277 static bool wbinfo_get_gidinfo(int gid)
278 {
279 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
280 struct group *grp;
281 char **mem;
282
283 wbc_status = wbcGetgrgid(gid, &grp);
284 if (!WBC_ERROR_IS_OK(wbc_status)) {
285 d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
286 wbcErrorString(wbc_status));
287 return false;
288 }
289
290 d_printf("%s:%s:%u:",
291 grp->gr_name,
292 grp->gr_passwd,
293 (unsigned int)grp->gr_gid);
294
295 mem = grp->gr_mem;
296 while (*mem != NULL) {
297 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
298 mem += 1;
299 }
300 d_printf("\n");
301
302 wbcFreeMemory(grp);
303
304 return true;
305 }
306
307 /* List groups a user is a member of */
308
309 static bool wbinfo_get_usergroups(const char *user)
310 {
311 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
312 uint32_t num_groups;
313 uint32_t i;
314 gid_t *groups = NULL;
315
316 /* Send request */
317
318 wbc_status = wbcGetGroups(user, &num_groups, &groups);
319 if (!WBC_ERROR_IS_OK(wbc_status)) {
320 d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
321 wbcErrorString(wbc_status));
322 return false;
323 }
324
325 for (i = 0; i < num_groups; i++) {
326 d_printf("%d\n", (int)groups[i]);
327 }
328
329 wbcFreeMemory(groups);
330
331 return true;
332 }
333
334
335 /* List group SIDs a user SID is a member of */
336 static bool wbinfo_get_usersids(const char *user_sid_str)
337 {
338 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
339 uint32_t num_sids;
340 uint32_t i;
341 struct wbcDomainSid user_sid, *sids = NULL;
342
343 /* Send request */
344
345 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
346 if (!WBC_ERROR_IS_OK(wbc_status)) {
347 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
348 wbcErrorString(wbc_status));
349 return false;
350 }
351
352 wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
353 if (!WBC_ERROR_IS_OK(wbc_status)) {
354 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
355 wbcErrorString(wbc_status));
356 return false;
357 }
358
359 for (i = 0; i < num_sids; i++) {
360 char str[WBC_SID_STRING_BUFLEN];
361 wbcSidToStringBuf(&sids[i], str, sizeof(str));
362 d_printf("%s\n", str);
363 }
364
365 wbcFreeMemory(sids);
366
367 return true;
368 }
369
370 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
371 {
372 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
373 uint32_t num_sids;
374 uint32_t i;
375 struct wbcDomainSid user_sid, *sids = NULL;
376
377 /* Send request */
378
379 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
380 if (!WBC_ERROR_IS_OK(wbc_status)) {
381 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
382 wbcErrorString(wbc_status));
383 return false;
384 }
385
386 wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
387 if (!WBC_ERROR_IS_OK(wbc_status)) {
388 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
389 wbcErrorString(wbc_status));
390 return false;
391 }
392
393 for (i = 0; i < num_sids; i++) {
394 char str[WBC_SID_STRING_BUFLEN];
395 wbcSidToStringBuf(&sids[i], str, sizeof(str));
396 d_printf("%s\n", str);
397 }
398
399 wbcFreeMemory(sids);
400
401 return true;
402 }
403
404 static bool wbinfo_get_sidaliases(const char *domain,
405 const char *user_sid_str)
406 {
407 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
408 struct wbcDomainInfo *dinfo = NULL;
409 uint32_t i;
410 struct wbcDomainSid user_sid;
411 uint32_t *alias_rids = NULL;
412 uint32_t num_alias_rids;
413 char domain_sid_str[WBC_SID_STRING_BUFLEN];
414
415 /* Send request */
416 if ((domain == NULL) || (strequal(domain, ".")) ||
417 (domain[0] == '\0')) {
418 domain = get_winbind_domain();
419 }
420
421 /* Send request */
422
423 wbc_status = wbcDomainInfo(domain, &dinfo);
424 if (!WBC_ERROR_IS_OK(wbc_status)) {
425 d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
426 wbcErrorString(wbc_status));
427 goto done;
428 }
429 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
430 if (!WBC_ERROR_IS_OK(wbc_status)) {
431 goto done;
432 }
433
434 wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
435 &alias_rids, &num_alias_rids);
436 if (!WBC_ERROR_IS_OK(wbc_status)) {
437 goto done;
438 }
439
440 wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
441
442 for (i = 0; i < num_alias_rids; i++) {
443 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
444 }
445
446 wbcFreeMemory(alias_rids);
447
448 done:
449 wbcFreeMemory(dinfo);
450 return (WBC_ERR_SUCCESS == wbc_status);
451 }
452
453
454 /* Convert NetBIOS name to IP */
455
456 static bool wbinfo_wins_byname(const char *name)
457 {
458 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
459 char *ip = NULL;
460
461 wbc_status = wbcResolveWinsByName(name, &ip);
462 if (!WBC_ERROR_IS_OK(wbc_status)) {
463 d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
464 wbcErrorString(wbc_status));
465 return false;
466 }
467
468 /* Display response */
469
470 d_printf("%s\n", ip);
471
472 wbcFreeMemory(ip);
473
474 return true;
475 }
476
477 /* Convert IP to NetBIOS name */
478
479 static bool wbinfo_wins_byip(const char *ip)
480 {
481 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
482 char *name = NULL;
483
484 wbc_status = wbcResolveWinsByIP(ip, &name);
485 if (!WBC_ERROR_IS_OK(wbc_status)) {
486 d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
487 wbcErrorString(wbc_status));
488 return false;
489 }
490
491 /* Display response */
492
493 d_printf("%s\n", name);
494
495 wbcFreeMemory(name);
496
497 return true;
498 }
499
500 /* List all/trusted domains */
501
502 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
503 {
504 struct wbcDomainInfo *domain_list = NULL;
505 size_t num_domains;
506 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
507 bool print_all = !list_all_domains && verbose;
508 int i;
509
510 wbc_status = wbcListTrusts(&domain_list, &num_domains);
511 if (!WBC_ERROR_IS_OK(wbc_status)) {
512 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
513 wbcErrorString(wbc_status));
514 return false;
515 }
516
517 if (print_all) {
518 d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
519 "Domain Name", "DNS Domain", "Trust Type",
520 "Transitive", "In", "Out");
521 }
522
523 for (i=0; i<num_domains; i++) {
524 if (print_all) {
525 d_printf("%-16s", domain_list[i].short_name);
526 } else {
527 d_printf("%s", domain_list[i].short_name);
528 d_printf("\n");
529 continue;
530 }
531
532 d_printf("%-24s", domain_list[i].dns_name);
533
534 switch(domain_list[i].trust_type) {
535 case WBC_DOMINFO_TRUSTTYPE_NONE:
536 d_printf("None ");
537 break;
538 case WBC_DOMINFO_TRUSTTYPE_FOREST:
539 d_printf("Forest ");
540 break;
541 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
542 d_printf("External ");
543 break;
544 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
545 d_printf("In-Forest ");
546 break;
547 }
548
549 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
550 d_printf("Yes ");
551 } else {
552 d_printf("No ");
553 }
554
555 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
556 d_printf("Yes ");
557 } else {
558 d_printf("No ");
559 }
560
561 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
562 d_printf("Yes ");
563 } else {
564 d_printf("No ");
565 }
566
567 d_printf("\n");
568 }
569
570 wbcFreeMemory(domain_list);
571
572 return true;
573 }
574
575 /* List own domain */
576
577 static bool wbinfo_list_own_domain(void)
578 {
579 d_printf("%s\n", get_winbind_domain());
580
581 return true;
582 }
583
584 /* show sequence numbers */
585 static bool wbinfo_show_sequence(const char *domain)
586 {
587 d_printf("This command has been deprecated. Please use the "
588 "--online-status option instead.\n");
589 return false;
590 }
591
592 /* show sequence numbers */
593 static bool wbinfo_show_onlinestatus(const char *domain)
594 {
595 struct wbcDomainInfo *domain_list = NULL;
596 size_t num_domains;
597 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
598 int i;
599
600 wbc_status = wbcListTrusts(&domain_list, &num_domains);
601 if (!WBC_ERROR_IS_OK(wbc_status)) {
602 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
603 wbcErrorString(wbc_status));
604 return false;
605 }
606
607 for (i=0; i<num_domains; i++) {
608 bool is_offline;
609
610 if (domain) {
611 if (!strequal(domain_list[i].short_name, domain)) {
612 continue;
613 }
614 }
615
616 is_offline = (domain_list[i].domain_flags &
617 WBC_DOMINFO_DOMAIN_OFFLINE);
618
619 d_printf("%s : %s\n",
620 domain_list[i].short_name,
621 is_offline ? "offline" : "online" );
622 }
623
624 wbcFreeMemory(domain_list);
625
626 return true;
627 }
628
629
630 /* Show domain info */
631
632 static bool wbinfo_domain_info(const char *domain)
633 {
634 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
635 struct wbcDomainInfo *dinfo = NULL;
636 char sid_str[WBC_SID_STRING_BUFLEN];
637
638 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
639 domain = get_winbind_domain();
640 }
641
642 /* Send request */
643
644 wbc_status = wbcDomainInfo(domain, &dinfo);
645 if (!WBC_ERROR_IS_OK(wbc_status)) {
646 d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
647 wbcErrorString(wbc_status));
648 return false;
649 }
650
651 wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
652
653 /* Display response */
654
655 d_printf("Name : %s\n", dinfo->short_name);
656 d_printf("Alt_Name : %s\n", dinfo->dns_name);
657
658 d_printf("SID : %s\n", sid_str);
659
660 d_printf("Active Directory : %s\n",
661 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
662 d_printf("Native : %s\n",
663 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
664 "Yes" : "No");
665
666 d_printf("Primary : %s\n",
667 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
668 "Yes" : "No");
669
670 wbcFreeMemory(dinfo);
671
672 return true;
673 }
674
675 /* Get a foreign DC's name */
676 static bool wbinfo_getdcname(const char *domain_name)
677 {
678 struct winbindd_request request;
679 struct winbindd_response response;
680
681 ZERO_STRUCT(request);
682 ZERO_STRUCT(response);
683
684 fstrcpy(request.domain_name, domain_name);
685
686 /* Send request */
687
688 if (winbindd_request_response(WINBINDD_GETDCNAME, &request,
689 &response) != NSS_STATUS_SUCCESS) {
690 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
691 return false;
692 }
693
694 /* Display response */
695
696 d_printf("%s\n", response.data.dc_name);
697
698 return true;
699 }
700
701 /* Find a DC */
702 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
703 {
704 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
705 struct wbcDomainControllerInfoEx *dc_info;
706 char *str = NULL;
707
708 wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
709 flags | DS_DIRECTORY_SERVICE_REQUIRED,
710 &dc_info);
711 if (!WBC_ERROR_IS_OK(wbc_status)) {
712 printf("Could not find dc for %s\n", domain_name);
713 return false;
714 }
715
716 wbcGuidToString(dc_info->domain_guid, &str);
717
718 d_printf("%s\n", dc_info->dc_unc);
719 d_printf("%s\n", dc_info->dc_address);
720 d_printf("%d\n", dc_info->dc_address_type);
721 d_printf("%s\n", str);
722 d_printf("%s\n", dc_info->domain_name);
723 d_printf("%s\n", dc_info->forest_name);
724 d_printf("0x%08x\n", dc_info->dc_flags);
725 d_printf("%s\n", dc_info->dc_site_name);
726 d_printf("%s\n", dc_info->client_site_name);
727
728 return true;
729 }
730
731 /* Check trust account password */
732
733 static bool wbinfo_check_secret(const char *domain)
734 {
735 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
736 struct wbcAuthErrorInfo *error = NULL;
737 const char *domain_name;
738
739 if (domain) {
740 domain_name = domain;
741 } else {
742 domain_name = get_winbind_domain();
743 }
744
745 wbc_status = wbcCheckTrustCredentials(domain_name, &error);
746
747 d_printf("checking the trust secret for domain %s via RPC calls %s\n",
748 domain_name,
749 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
750
751 if (wbc_status == WBC_ERR_AUTH_ERROR) {
752 d_fprintf(stderr, "error code was %s (0x%x)\n",
753 error->nt_string, error->nt_status);
754 wbcFreeMemory(error);
755 }
756 if (!WBC_ERROR_IS_OK(wbc_status)) {
757 d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
758 "%s\n", wbcErrorString(wbc_status));
759 return false;
760 }
761
762 return true;
763 }
764
765 /* Find the currently connected DCs */
766
767 static bool wbinfo_dc_info(const char *domain_name)
768 {
769 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
770 size_t i, num_dcs;
771 const char **dc_names, **dc_ips;
772
773 wbc_status = wbcDcInfo(domain_name, &num_dcs,
774 &dc_names, &dc_ips);
775 if (!WBC_ERROR_IS_OK(wbc_status)) {
776 printf("Could not find dc info %s\n",
777 domain_name ? domain_name : "our domain");
778 return false;
779 }
780
781 for (i=0; i<num_dcs; i++) {
782 printf("%s (%s)\n", dc_names[i], dc_ips[i]);
783 }
784 wbcFreeMemory(dc_names);
785 wbcFreeMemory(dc_ips);
786
787 return true;
788 }
789
790 /* Change trust account password */
791
792 static bool wbinfo_change_secret(const char *domain)
793 {
794 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
795 struct wbcAuthErrorInfo *error = NULL;
796 const char *domain_name;
797
798 if (domain) {
799 domain_name = domain;
800 } else {
801 domain_name = get_winbind_domain();
802 }
803
804 wbc_status = wbcChangeTrustCredentials(domain_name, &error);
805
806 d_printf("changing the trust secret for domain %s via RPC calls %s\n",
807 domain_name,
808 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
809
810 if (wbc_status == WBC_ERR_AUTH_ERROR) {
811 d_fprintf(stderr, "error code was %s (0x%x)\n",
812 error->nt_string, error->nt_status);
813 wbcFreeMemory(error);
814 }
815 if (!WBC_ERROR_IS_OK(wbc_status)) {
816 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
817 "%s\n", wbcErrorString(wbc_status));
818 return false;
819 }
820
821 return true;
822 }
823
824 /* Check DC connection */
825
826 static bool wbinfo_ping_dc(void)
827 {
828 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
829 struct wbcAuthErrorInfo *error = NULL;
830
831 wbc_status = wbcPingDc(NULL, &error);
832
833 d_printf("checking the NETLOGON dc connection %s\n",
834 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
835
836 if (wbc_status == WBC_ERR_AUTH_ERROR) {
837 d_fprintf(stderr, "error code was %s (0x%x)\n",
838 error->nt_string, error->nt_status);
839 wbcFreeMemory(error);
840 }
841 if (!WBC_ERROR_IS_OK(wbc_status)) {
842 d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
843 wbcErrorString(wbc_status));
844 return false;
845 }
846
847 return true;
848 }
849
850 /* Convert uid to sid */
851
852 static bool wbinfo_uid_to_sid(uid_t uid)
853 {
854 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
855 struct wbcDomainSid sid;
856 char sid_str[WBC_SID_STRING_BUFLEN];
857
858 /* Send request */
859
860 wbc_status = wbcUidToSid(uid, &sid);
861 if (!WBC_ERROR_IS_OK(wbc_status)) {
862 d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
863 wbcErrorString(wbc_status));
864 return false;
865 }
866
867 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
868
869 /* Display response */
870
871 d_printf("%s\n", sid_str);
872
873 return true;
874 }
875
876 /* Convert gid to sid */
877
878 static bool wbinfo_gid_to_sid(gid_t gid)
879 {
880 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
881 struct wbcDomainSid sid;
882 char sid_str[WBC_SID_STRING_BUFLEN];
883
884 /* Send request */
885
886 wbc_status = wbcGidToSid(gid, &sid);
887 if (!WBC_ERROR_IS_OK(wbc_status)) {
888 d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
889 wbcErrorString(wbc_status));
890 return false;
891 }
892
893 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
894
895 /* Display response */
896
897 d_printf("%s\n", sid_str);
898
899 return true;
900 }
901
902 /* Convert sid to uid */
903
904 static bool wbinfo_sid_to_uid(const char *sid_str)
905 {
906 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
907 struct wbcDomainSid sid;
908 uid_t uid;
909
910 /* Send request */
911
912 wbc_status = wbcStringToSid(sid_str, &sid);
913 if (!WBC_ERROR_IS_OK(wbc_status)) {
914 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
915 wbcErrorString(wbc_status));
916 return false;
917 }
918
919 wbc_status = wbcSidToUid(&sid, &uid);
920 if (!WBC_ERROR_IS_OK(wbc_status)) {
921 d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
922 wbcErrorString(wbc_status));
923 return false;
924 }
925
926 /* Display response */
927
928 d_printf("%d\n", (int)uid);
929
930 return true;
931 }
932
933 static bool wbinfo_sid_to_gid(const char *sid_str)
934 {
935 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
936 struct wbcDomainSid sid;
937 gid_t gid;
938
939 /* Send request */
940
941 wbc_status = wbcStringToSid(sid_str, &sid);
942 if (!WBC_ERROR_IS_OK(wbc_status)) {
943 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
944 wbcErrorString(wbc_status));
945 return false;
946 }
947
948 wbc_status = wbcSidToGid(&sid, &gid);
949 if (!WBC_ERROR_IS_OK(wbc_status)) {
950 d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
951 wbcErrorString(wbc_status));
952 return false;
953 }
954
955 /* Display response */
956
957 d_printf("%d\n", (int)gid);
958
959 return true;
960 }
961
962 static bool wbinfo_allocate_uid(void)
963 {
964 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
965 uid_t uid;
966
967 /* Send request */
968
969 wbc_status = wbcAllocateUid(&uid);
970 if (!WBC_ERROR_IS_OK(wbc_status)) {
971 d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
972 wbcErrorString(wbc_status));
973 return false;
974 }
975
976 /* Display response */
977
978 d_printf("New uid: %u\n", (unsigned int)uid);
979
980 return true;
981 }
982
983 static bool wbinfo_allocate_gid(void)
984 {
985 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
986 gid_t gid;
987
988 /* Send request */
989
990 wbc_status = wbcAllocateGid(&gid);
991 if (!WBC_ERROR_IS_OK(wbc_status)) {
992 d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
993 wbcErrorString(wbc_status));
994 return false;
995 }
996
997 /* Display response */
998
999 d_printf("New gid: %u\n", (unsigned int)gid);
1000
1001 return true;
1002 }
1003
1004 static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
1005 {
1006 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1007 struct wbcDomainSid sid;
1008
1009 /* Send request */
1010
1011 wbc_status = wbcStringToSid(sid_str, &sid);
1012 if (!WBC_ERROR_IS_OK(wbc_status)) {
1013 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1014 wbcErrorString(wbc_status));
1015 return false;
1016 }
1017
1018 wbc_status = wbcSetUidMapping(uid, &sid);
1019 if (!WBC_ERROR_IS_OK(wbc_status)) {
1020 d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
1021 wbcErrorString(wbc_status));
1022 return false;
1023 }
1024
1025 /* Display response */
1026
1027 d_printf("uid %u now mapped to sid %s\n",
1028 (unsigned int)uid, sid_str);
1029
1030 return true;
1031 }
1032
1033 static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
1034 {
1035 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1036 struct wbcDomainSid sid;
1037
1038 /* Send request */
1039
1040 wbc_status = wbcStringToSid(sid_str, &sid);
1041 if (!WBC_ERROR_IS_OK(wbc_status)) {
1042 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1043 wbcErrorString(wbc_status));
1044 return false;
1045 }
1046
1047 wbc_status = wbcSetGidMapping(gid, &sid);
1048 if (!WBC_ERROR_IS_OK(wbc_status)) {
1049 d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
1050 wbcErrorString(wbc_status));
1051 return false;
1052 }
1053
1054 /* Display response */
1055
1056 d_printf("gid %u now mapped to sid %s\n",
1057 (unsigned int)gid, sid_str);
1058
1059 return true;
1060 }
1061
1062 static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1063 {
1064 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1065 struct wbcDomainSid sid;
1066
1067 /* Send request */
1068
1069 wbc_status = wbcStringToSid(sid_str, &sid);
1070 if (!WBC_ERROR_IS_OK(wbc_status)) {
1071 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1072 wbcErrorString(wbc_status));
1073 return false;
1074 }
1075
1076 wbc_status = wbcRemoveUidMapping(uid, &sid);
1077 if (!WBC_ERROR_IS_OK(wbc_status)) {
1078 d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
1079 wbcErrorString(wbc_status));
1080 return false;
1081 }
1082
1083 /* Display response */
1084
1085 d_printf("Removed uid %u to sid %s mapping\n",
1086 (unsigned int)uid, sid_str);
1087
1088 return true;
1089 }
1090
1091 static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1092 {
1093 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1094 struct wbcDomainSid sid;
1095
1096 /* Send request */
1097
1098 wbc_status = wbcStringToSid(sid_str, &sid);
1099 if (!WBC_ERROR_IS_OK(wbc_status)) {
1100 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1101 wbcErrorString(wbc_status));
1102 return false;
1103 }
1104
1105 wbc_status = wbcRemoveGidMapping(gid, &sid);
1106 if (!WBC_ERROR_IS_OK(wbc_status)) {
1107 d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
1108 wbcErrorString(wbc_status));
1109 return false;
1110 }
1111
1112 /* Display response */
1113
1114 d_printf("Removed gid %u to sid %s mapping\n",
1115 (unsigned int)gid, sid_str);
1116
1117 return true;
1118 }
1119
1120 /* Convert sid to string */
1121
1122 static bool wbinfo_lookupsid(const char *sid_str)
1123 {
1124 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1125 struct wbcDomainSid sid;
1126 char *domain;
1127 char *name;
1128 enum wbcSidType type;
1129
1130 /* Send off request */
1131
1132 wbc_status = wbcStringToSid(sid_str, &sid);
1133 if (!WBC_ERROR_IS_OK(wbc_status)) {
1134 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1135 wbcErrorString(wbc_status));
1136 return false;
1137 }
1138
1139 wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1140 if (!WBC_ERROR_IS_OK(wbc_status)) {
1141 d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1142 wbcErrorString(wbc_status));
1143 return false;
1144 }
1145
1146 /* Display response */
1147
1148 d_printf("%s%c%s %d\n",
1149 domain, winbind_separator(), name, type);
1150
1151 return true;
1152 }
1153
1154 /* Convert sid to fullname */
1155
1156 static bool wbinfo_lookupsid_fullname(const char *sid_str)
1157 {
1158 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1159 struct wbcDomainSid sid;
1160 char *domain;
1161 char *name;
1162 enum wbcSidType type;
1163
1164 /* Send off request */
1165
1166 wbc_status = wbcStringToSid(sid_str, &sid);
1167 if (!WBC_ERROR_IS_OK(wbc_status)) {
1168 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1169 wbcErrorString(wbc_status));
1170 return false;
1171 }
1172
1173 wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1174 if (!WBC_ERROR_IS_OK(wbc_status)) {
1175 d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1176 wbcErrorString(wbc_status));
1177 return false;
1178 }
1179
1180 /* Display response */
1181
1182 d_printf("%s%c%s %d\n",
1183 domain, winbind_separator(), name, type);
1184
1185 return true;
1186 }
1187
1188 /* Lookup a list of RIDs */
1189
1190 static bool wbinfo_lookuprids(const char *domain, const char *arg)
1191 {
1192 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1193 struct wbcDomainInfo *dinfo = NULL;
1194 char *domain_name = NULL;
1195 const char **names = NULL;
1196 enum wbcSidType *types = NULL;
1197 size_t i;
1198 int num_rids;
1199 uint32_t *rids = NULL;
1200 const char *p;
1201 char *ridstr;
1202 TALLOC_CTX *mem_ctx = NULL;
1203 bool ret = false;
1204
1205 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1206 domain = get_winbind_domain();
1207 }
1208
1209 /* Send request */
1210
1211 wbc_status = wbcDomainInfo(domain, &dinfo);
1212 if (!WBC_ERROR_IS_OK(wbc_status)) {
1213 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1214 wbcErrorString(wbc_status));
1215 goto done;
1216 }
1217
1218 mem_ctx = talloc_new(NULL);
1219 if (mem_ctx == NULL) {
1220 d_printf("talloc_new failed\n");
1221 goto done;
1222 }
1223
1224 num_rids = 0;
1225 rids = NULL;
1226 p = arg;
1227
1228 while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1229 uint32_t rid = strtoul(ridstr, NULL, 10);
1230 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1231 if (rids == NULL) {
1232 d_printf("talloc_realloc failed\n");
1233 }
1234 rids[num_rids] = rid;
1235 num_rids += 1;
1236 }
1237
1238 if (rids == NULL) {
1239 d_printf("no rids\n");
1240 goto done;
1241 }
1242
1243 wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
1244 (const char **)&domain_name, &names, &types);
1245 if (!WBC_ERROR_IS_OK(wbc_status)) {
1246 d_printf("winbind_lookup_rids failed: %s\n",
1247 wbcErrorString(wbc_status));
1248 goto done;
1249 }
1250
1251 d_printf("Domain: %s\n", domain_name);
1252
1253 for (i=0; i<num_rids; i++) {
1254 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1255 wbcSidTypeString(types[i]));
1256 }
1257
1258 ret = true;
1259 done:
1260 wbcFreeMemory(dinfo);
1261 wbcFreeMemory(domain_name);
1262 wbcFreeMemory(names);
1263 wbcFreeMemory(types);
1264 TALLOC_FREE(mem_ctx);
1265 return ret;
1266 }
1267
1268 /* Convert string to sid */
1269
1270 static bool wbinfo_lookupname(const char *full_name)
1271 {
1272 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1273 struct wbcDomainSid sid;
1274 char sid_str[WBC_SID_STRING_BUFLEN];
1275 enum wbcSidType type;
1276 fstring domain_name;
1277 fstring account_name;
1278
1279 /* Send off request */
1280
1281 parse_wbinfo_domain_user(full_name, domain_name,
1282 account_name);
1283
1284 wbc_status = wbcLookupName(domain_name, account_name,
1285 &sid, &type);
1286 if (!WBC_ERROR_IS_OK(wbc_status)) {
1287 d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1288 wbcErrorString(wbc_status));
1289 return false;
1290 }
1291
1292 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
1293
1294 /* Display response */
1295
1296 d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1297
1298 return true;
1299 }
1300
1301 static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1302 const char *prefix,
1303 const char *username)
1304 {
1305 char *prompt;
1306 const char *ret = NULL;
1307
1308 prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1309 if (!prompt) {
1310 return NULL;
1311 }
1312 if (prefix) {
1313 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1314 if (!prompt) {
1315 return NULL;
1316 }
1317 }
1318 prompt = talloc_asprintf_append(prompt, "password: ");
1319 if (!prompt) {
1320 return NULL;
1321 }
1322
1323 ret = getpass(prompt);
1324 TALLOC_FREE(prompt);
1325
1326 return talloc_strdup(mem_ctx, ret);
1327 }
1328
1329 /* Authenticate a user with a plaintext password */
1330
1331 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1332 {
1333 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1334 char *s = NULL;
1335 char *p = NULL;
1336 char *password = NULL;
1337 char *name = NULL;
1338 char *local_cctype = NULL;
1339 uid_t uid;
1340 struct wbcLogonUserParams params;
1341 struct wbcLogonUserInfo *info;
1342 struct wbcAuthErrorInfo *error;
1343 struct wbcUserPasswordPolicyInfo *policy;
1344 TALLOC_CTX *frame = talloc_tos();
1345
1346 if ((s = talloc_strdup(frame, username)) == NULL) {
1347 return false;
1348 }
1349
1350 if ((p = strchr(s, '%')) != NULL) {
1351 *p = 0;
1352 p++;
1353 password = talloc_strdup(frame, p);
1354 } else {
1355 password = wbinfo_prompt_pass(frame, NULL, username);
1356 }
1357
1358 local_cctype = talloc_strdup(frame, cctype);
1359
1360 name = s;
1361
1362 uid = geteuid();
1363
1364 params.username = name;
1365 params.password = password;
1366 params.num_blobs = 0;
1367 params.blobs = NULL;
1368
1369 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1370 &params.blobs,
1371 "flags",
1372 0,
1373 (uint8_t *)&flags,
1374 sizeof(flags));
1375 if (!WBC_ERROR_IS_OK(wbc_status)) {
1376 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1377 wbcErrorString(wbc_status));
1378 goto done;
1379 }
1380
1381 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1382 &params.blobs,
1383 "user_uid",
1384 0,
1385 (uint8_t *)&uid,
1386 sizeof(uid));
1387 if (!WBC_ERROR_IS_OK(wbc_status)) {
1388 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1389 wbcErrorString(wbc_status));
1390 goto done;
1391 }
1392
1393 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1394 &params.blobs,
1395 "krb5_cc_type",
1396 0,
1397 (uint8_t *)local_cctype,
1398 strlen(cctype)+1);
1399 if (!WBC_ERROR_IS_OK(wbc_status)) {
1400 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1401 wbcErrorString(wbc_status));
1402 goto done;
1403 }
1404
1405 wbc_status = wbcLogonUser(&params, &info, &error, &policy);
1406
1407 d_printf("plaintext kerberos password authentication for [%s] %s "
1408 "(requesting cctype: %s)\n",
1409 username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1410 cctype);
1411
1412 if (error) {
1413 d_fprintf(stderr,
1414 "error code was %s (0x%x)\nerror message was: %s\n",
1415 error->nt_string,
1416 error->nt_status,
1417 error->display_string);
1418 }
1419
1420 if (WBC_ERROR_IS_OK(wbc_status)) {
1421 if (flags & WBFLAG_PAM_INFO3_TEXT) {
1422 if (info && info->info && info->info->user_flags &
1423 NETLOGON_CACHED_ACCOUNT) {
1424 d_printf("user_flgs: "
1425 "NETLOGON_CACHED_ACCOUNT\n");
1426 }
1427 }
1428
1429 if (info) {
1430 int i;
1431 for (i=0; i < info->num_blobs; i++) {
1432 if (strequal(info->blobs[i].name,
1433 "krb5ccname")) {
1434 d_printf("credentials were put "
1435 "in: %s\n",
1436 (const char *)
1437 info->blobs[i].blob.data);
1438 break;
1439 }
1440 }
1441 } else {
1442 d_printf("no credentials cached\n");
1443 }
1444 }
1445 done:
1446
1447 wbcFreeMemory(params.blobs);
1448
1449 return WBC_ERROR_IS_OK(wbc_status);
1450 }
1451
1452 /* Authenticate a user with a plaintext password */
1453
1454 static bool wbinfo_auth(char *username)
1455 {
1456 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1457 char *s = NULL;
1458 char *p = NULL;
1459 char *password = NULL;
1460 char *name = NULL;
1461 TALLOC_CTX *frame = talloc_tos();
1462
1463 if ((s = talloc_strdup(frame, username)) == NULL) {
1464 return false;
1465 }
1466
1467 if ((p = strchr(s, '%')) != NULL) {
1468 *p = 0;
1469 p++;
1470 password = talloc_strdup(frame, p);
1471 } else {
1472 password = wbinfo_prompt_pass(frame, NULL, username);
1473 }
1474
1475 name = s;
1476
1477 wbc_status = wbcAuthenticateUser(name, password);
1478
1479 d_printf("plaintext password authentication %s\n",
1480 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1481
1482 #if 0
1483 if (response.data.auth.nt_status)
1484 d_fprintf(stderr,
1485 "error code was %s (0x%x)\nerror message was: %s\n",
1486 response.data.auth.nt_status_string,
1487 response.data.auth.nt_status,
1488 response.data.auth.error_string);
1489 #endif
1490
1491 return WBC_ERROR_IS_OK(wbc_status);
1492 }
1493
1494 /* Authenticate a user with a challenge/response */
1495
1496 static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1497 {
1498 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1499 struct wbcAuthUserParams params;
1500 struct wbcAuthUserInfo *info = NULL;
1501 struct wbcAuthErrorInfo *err = NULL;
1502 DATA_BLOB lm = data_blob_null;
1503 DATA_BLOB nt = data_blob_null;
1504 fstring name_user;
1505 fstring name_domain;
1506 char *pass;
1507 char *p;
1508 TALLOC_CTX *frame = talloc_tos();
1509
1510 p = strchr(username, '%');
1511
1512 if (p) {
1513 *p = 0;
1514 pass = talloc_strdup(frame, p + 1);
1515 } else {
1516 pass = wbinfo_prompt_pass(frame, NULL, username);
1517 }
1518
1519 parse_wbinfo_domain_user(username, name_domain, name_user);
1520
1521 params.account_name = name_user;
1522 params.domain_name = name_domain;
1523 params.workstation_name = NULL;
1524
1525 params.flags = 0;
1526 params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1527 WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1528
1529 params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1530
1531 generate_random_buffer(params.password.response.challenge, 8);
1532
1533 if (use_ntlmv2) {
1534 DATA_BLOB server_chal;
1535 DATA_BLOB names_blob;
1536
1537 server_chal = data_blob(params.password.response.challenge, 8);
1538
1539 /* Pretend this is a login to 'us', for blob purposes */
1540 names_blob = NTLMv2_generate_names_blob(NULL,
1541 get_winbind_netbios_name(),
1542 get_winbind_domain());
1543
1544 if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1545 &server_chal,
1546 &names_blob,
1547 &lm, &nt, NULL, NULL)) {
1548 data_blob_free(&names_blob);
1549 data_blob_free(&server_chal);
1550 TALLOC_FREE(pass);
1551 return false;
1552 }
1553 data_blob_free(&names_blob);
1554 data_blob_free(&server_chal);
1555
1556 } else {
1557 if (use_lanman) {
1558 bool ok;
1559 lm = data_blob(NULL, 24);
1560 ok = SMBencrypt(pass,
1561 params.password.response.challenge,
1562 lm.data);
1563 if (!ok) {
1564 data_blob_free(&lm);
1565 }
1566 }
1567 nt = data_blob(NULL, 24);
1568 SMBNTencrypt(pass, params.password.response.challenge,
1569 nt.data);
1570 }
1571
1572 params.password.response.nt_length = nt.length;
1573 params.password.response.nt_data = nt.data;
1574 params.password.response.lm_length = lm.length;
1575 params.password.response.lm_data = lm.data;
1576
1577 wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1578
1579 /* Display response */
1580
1581 d_printf("challenge/response password authentication %s\n",
1582 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1583
1584 if (wbc_status == WBC_ERR_AUTH_ERROR) {
1585 d_fprintf(stderr,
1586 "error code was %s (0x%x)\nerror message was: %s\n",
1587 err->nt_string,
1588 err->nt_status,
1589 err->display_string);
1590 wbcFreeMemory(err);
1591 } else if (WBC_ERROR_IS_OK(wbc_status)) {
1592 wbcFreeMemory(info);
1593 }
1594
1595 data_blob_free(&nt);
1596 data_blob_free(&lm);
1597
1598 return WBC_ERROR_IS_OK(wbc_status);
1599 }
1600
1601 /* Authenticate a user with a plaintext password */
1602
1603 static bool wbinfo_pam_logon(char *username)
1604 {
1605 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1606 struct wbcLogonUserParams params;
1607 struct wbcAuthErrorInfo *error;
1608 char *s = NULL;
1609 char *p = NULL;
1610 TALLOC_CTX *frame = talloc_tos();
1611 uint32_t flags;
1612 uint32_t uid;
1613
1614 ZERO_STRUCT(params);
1615
1616 if ((s = talloc_strdup(frame, username)) == NULL) {
1617 return false;
1618 }
1619
1620 if ((p = strchr(s, '%')) != NULL) {
1621 *p = 0;
1622 p++;
1623 params.password = talloc_strdup(frame, p);
1624 } else {
1625 params.password = wbinfo_prompt_pass(frame, NULL, username);
1626 }
1627 params.username = s;
1628
1629 flags = WBFLAG_PAM_CACHED_LOGIN;
1630
1631 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1632 "flags", 0,
1633 (uint8_t *)&flags, sizeof(flags));
1634 if (!WBC_ERROR_IS_OK(wbc_status)) {
1635 d_printf("wbcAddNamedBlob failed: %s\n",
1636 wbcErrorString(wbc_status));
1637 return false;
1638 }
1639
1640 uid = getuid();
1641
1642 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1643 "user_uid", 0,
1644 (uint8_t *)&uid, sizeof(uid));
1645 if (!WBC_ERROR_IS_OK(wbc_status)) {
1646 d_printf("wbcAddNamedBlob failed: %s\n",
1647 wbcErrorString(wbc_status));
1648 return false;
1649 }
1650
1651 wbc_status = wbcLogonUser(&params, NULL, &error, NULL);
1652
1653 wbcFreeMemory(params.blobs);
1654
1655 d_printf("plaintext password authentication %s\n",
1656 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1657
1658 if (!WBC_ERROR_IS_OK(wbc_status)) {
1659 d_fprintf(stderr,
1660 "error code was %s (0x%x)\nerror message was: %s\n",
1661 error->nt_string,
1662 (int)error->nt_status,
1663 error->display_string);
1664 wbcFreeMemory(error);
1665 return false;
1666 }
1667 return true;
1668 }
1669
1670 /* Save creds with winbind */
1671
1672 static bool wbinfo_ccache_save(char *username)
1673 {
1674 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1675 char *s = NULL;
1676 char *p = NULL;
1677 char *password = NULL;
1678 char *name = NULL;
1679 TALLOC_CTX *frame = talloc_stackframe();
1680
1681 s = talloc_strdup(frame, username);
1682 if (s == NULL) {
1683 return false;
1684 }
1685
1686 p = strchr(s, '%');
1687 if (p != NULL) {
1688 *p = 0;
1689 p++;
1690 password = talloc_strdup(frame, p);
1691 } else {
1692 password = wbinfo_prompt_pass(frame, NULL, username);
1693 }
1694
1695 name = s;
1696
1697 wbc_status = wbcCredentialSave(name, password);
1698
1699 d_printf("saving creds %s\n",
1700 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1701
1702 TALLOC_FREE(frame);
1703
1704 return WBC_ERROR_IS_OK(wbc_status);
1705 }
1706
1707 #ifdef WITH_FAKE_KASERVER
1708 /* Authenticate a user with a plaintext password and set a token */
1709
1710 static bool wbinfo_klog(char *username)
1711 {
1712 struct winbindd_request request;
1713 struct winbindd_response response;
1714 NSS_STATUS result;
1715 char *p;
1716
1717 /* Send off request */
1718
1719 ZERO_STRUCT(request);
1720 ZERO_STRUCT(response);
1721
1722 p = strchr(username, '%');
1723
1724 if (p) {
1725 *p = 0;
1726 fstrcpy(request.data.auth.user, username);
1727 fstrcpy(request.data.auth.pass, p + 1);
1728 *p = '%';
1729 } else {
1730 fstrcpy(request.data.auth.user, username);
1731 fstrcpy(request.data.auth.pass, getpass("Password: "));
1732 }
1733
1734 request.flags |= WBFLAG_PAM_AFS_TOKEN;
1735
1736 result = winbindd_request_response(WINBINDD_PAM_AUTH, &request,
1737 &response);
1738
1739 /* Display response */
1740
1741 d_printf("plaintext password authentication %s\n",
1742 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1743
1744 if (response.data.auth.nt_status)
1745 d_fprintf(stderr,
1746 "error code was %s (0x%x)\nerror message was: %s\n",
1747 response.data.auth.nt_status_string,
1748 response.data.auth.nt_status,
1749 response.data.auth.error_string);
1750
1751 if (result != NSS_STATUS_SUCCESS)
1752 return false;
1753
1754 if (response.extra_data.data == NULL) {
1755 d_fprintf(stderr, "Did not get token data\n");
1756 return false;
1757 }
1758
1759 if (!afs_settoken_str((char *)response.extra_data.data)) {
1760 d_fprintf(stderr, "Could not set token\n");
1761 return false;
1762 }
1763
1764 d_printf("Successfully created AFS token\n");
1765 return true;
1766 }
1767 #else
1768 static bool wbinfo_klog(char *username)
1769 {
1770 d_fprintf(stderr, "No AFS support compiled in.\n");
1771 return false;
1772 }
1773 #endif
1774
1775 /* Print domain users */
1776
1777 static bool print_domain_users(const char *domain)
1778 {
1779 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1780 uint32_t i;
1781 uint32_t num_users = 0;
1782 const char **users = NULL;
1783
1784 /* Send request to winbind daemon */
1785
1786 /* '.' is the special sign for our own domain */
1787 if (domain && strcmp(domain, ".") == 0) {
1788 domain = get_winbind_domain();
1789 }
1790
1791 wbc_status = wbcListUsers(domain, &num_users, &users);
1792 if (!WBC_ERROR_IS_OK(wbc_status)) {
1793 return false;
1794 }
1795
1796 for (i=0; i < num_users; i++) {
1797 d_printf("%s\n", users[i]);
1798 }
1799
1800 wbcFreeMemory(users);
1801
1802 return true;
1803 }
1804
1805 /* Print domain groups */
1806
1807 static bool print_domain_groups(const char *domain)
1808 {
1809 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1810 uint32_t i;
1811 uint32_t num_groups = 0;
1812 const char **groups = NULL;
1813
1814 /* Send request to winbind daemon */
1815
1816 /* '.' is the special sign for our own domain */
1817 if (domain && strcmp(domain, ".") == 0) {
1818 domain = get_winbind_domain();
1819 }
1820
1821 wbc_status = wbcListGroups(domain, &num_groups, &groups);
1822 if (!WBC_ERROR_IS_OK(wbc_status)) {
1823 d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
1824 wbcErrorString(wbc_status));
1825 return false;
1826 }
1827
1828 for (i=0; i < num_groups; i++) {
1829 d_printf("%s\n", groups[i]);
1830 }
1831
1832 wbcFreeMemory(groups);
1833
1834 return true;
1835 }
1836
1837 /* Set the authorised user for winbindd access in secrets.tdb */
1838
1839 static bool wbinfo_set_auth_user(char *username)
1840 {
1841 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
1842 "See 'net help setauthuser' for details.\n");
1843 return false;
1844 }
1845
1846 static void wbinfo_get_auth_user(void)
1847 {
1848 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
1849 "See 'net help getauthuser' for details.\n");
1850 }
1851
1852 static bool wbinfo_ping(void)
1853 {
1854 wbcErr wbc_status;
1855
1856 wbc_status = wbcPing();
1857
1858 /* Display response */
1859
1860 d_printf("Ping to winbindd %s\n",
1861 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1862
1863 return WBC_ERROR_IS_OK(wbc_status);
1864 }
1865
1866 static bool wbinfo_change_user_password(const char *username)
1867 {
1868 wbcErr wbc_status;
1869 char *old_password = NULL;
1870 char *new_password = NULL;
1871 TALLOC_CTX *frame = talloc_tos();
1872
1873 old_password = wbinfo_prompt_pass(frame, "old", username);
1874 new_password = wbinfo_prompt_pass(frame, "new", username);
1875
1876 wbc_status = wbcChangeUserPassword(username, old_password,new_password);
1877
1878 /* Display response */
1879
1880 d_printf("Password change for user %s %s\n", username,
1881 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1882
1883 return WBC_ERROR_IS_OK(wbc_status);
1884 }
1885
1886 /* Main program */
1887
1888 enum {
1889 OPT_SET_AUTH_USER = 1000,
1890 OPT_GET_AUTH_USER,
1891 OPT_DOMAIN_NAME,
1892 OPT_SEQUENCE,
1893 OPT_GETDCNAME,
1894 OPT_DSGETDCNAME,
1895 OPT_DC_INFO,
1896 OPT_USERDOMGROUPS,
1897 OPT_SIDALIASES,
1898 OPT_USERSIDS,
1899 OPT_ALLOCATE_UID,
1900 OPT_ALLOCATE_GID,
1901 OPT_SET_UID_MAPPING,
1902 OPT_SET_GID_MAPPING,
1903 OPT_REMOVE_UID_MAPPING,
1904 OPT_REMOVE_GID_MAPPING,
1905 OPT_SEPARATOR,
1906 OPT_LIST_ALL_DOMAINS,
1907 OPT_LIST_OWN_DOMAIN,
1908 OPT_UID_INFO,
1909 OPT_USER_SIDINFO,
1910 OPT_GROUP_INFO,
1911 OPT_GID_INFO,
1912 OPT_VERBOSE,
1913 OPT_ONLINESTATUS,
1914 OPT_CHANGE_USER_PASSWORD,
1915 OPT_CCACHE_SAVE,
1916 OPT_SID_TO_FULLNAME,
1917 OPT_NTLMV2,
1918 OPT_PAM_LOGON,
1919 OPT_LOGOFF,
1920 OPT_LOGOFF_USER,
1921 OPT_LOGOFF_UID,
1922 OPT_LANMAN
1923 };
1924
1925 int main(int argc, char **argv, char **envp)
1926 {
1927 int opt;
1928 TALLOC_CTX *frame = talloc_stackframe();
1929 poptContext pc;
1930 static char *string_arg;
1931 char *string_subarg = NULL;
1932 static char *opt_domain_name;
1933 static int int_arg;
1934 int int_subarg = -1;
1935 int result = 1;
1936 bool verbose = false;
1937 bool use_ntlmv2 = false;
1938 bool use_lanman = false;
1939 char *logoff_user = getenv("USER");
1940 int logoff_uid = geteuid();
1941
1942 struct poptOption long_options[] = {
1943 POPT_AUTOHELP
1944
1945 /* longName, shortName, argInfo, argPtr, value, descrip,
1946 argDesc */
1947
1948 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1949 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1950 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1951 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1952 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1953 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1954 { "sid-to-fullname", 0, POPT_ARG_STRING, &string_arg,
1955 OPT_SID_TO_FULLNAME, "Converts sid to fullname", "SID" },
1956 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1957 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1958 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1959 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1960 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1961 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1962 "Get a new UID out of idmap" },
1963 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1964 "Get a new GID out of idmap" },
1965 { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" },
1966 { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" },
1967 { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" },
1968 { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
1969 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1970 { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" },
1971 { "ping-dc", 'P', POPT_ARG_NONE, 0, 'P',
1972 "Check the NETLOGON connection" },
1973 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1974 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1975 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1976 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Deprecated command, see --online-status" },
1977 { "online-status", 0, POPT_ARG_NONE, 0, OPT_ONLINESTATUS, "Show whether domains are marked as online or offline"},
1978 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1979 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1980 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1981 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1982 { "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" },
1983 { "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" },
1984 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1985 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1986 OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1987 { "sid-aliases", 0, POPT_ARG_STRING, &string_arg, OPT_SIDALIASES, "Get sid aliases", "SID" },
1988 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1989 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1990 { "pam-logon", 0, POPT_ARG_STRING, &string_arg, OPT_PAM_LOGON,
1991 "do a pam logon equivalent", "user%password" },
1992 { "logoff", 0, POPT_ARG_NONE, NULL, OPT_LOGOFF,
1993 "log off user", "uid" },
1994 { "logoff-user", 0, POPT_ARG_STRING, &logoff_user,
1995 OPT_LOGOFF_USER, "username to log off" },
1996 { "logoff-uid", 0, POPT_ARG_INT, &logoff_uid,
1997 OPT_LOGOFF_UID, "uid to log off" },
1998 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1999 { "ccache-save", 0, POPT_ARG_STRING, &string_arg,
2000 OPT_CCACHE_SAVE, "Store user and password for ccache "
2001 "operation", "user%password" },
2002 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
2003 "Get a DC name for a foreign domain", "domainname" },
2004 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
2005 { "dc-info", 0, POPT_ARG_STRING, &string_arg, OPT_DC_INFO,
2006 "Find the currently known DCs", "domainname" },
2007 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
2008 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
2009 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
2010 #ifdef WITH_FAKE_KASERVER
2011 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
2012 #endif
2013 #ifdef HAVE_KRB5
2014 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
2015 /* destroys wbinfo --help output */
2016 /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
2017 #endif
2018 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
2019 { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
2020 { "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
2021 { "ntlmv2", 0, POPT_ARG_NONE, 0, OPT_NTLMV2, "Use NTLMv2 cryptography for user authentication", NULL},
2022 { "lanman", 0, POPT_ARG_NONE, 0, OPT_LANMAN, "Use lanman cryptography for user authentication", NULL},
2023 POPT_COMMON_VERSION
2024 POPT_TABLEEND
2025 };
2026
2027 /* Samba client initialisation */
2028 load_case_tables();
2029
2030
2031 /* Parse options */
2032
2033 pc = poptGetContext("wbinfo", argc, (const char **)argv,
2034 long_options, 0);
2035
2036 /* Parse command line options */
2037
2038 if (argc == 1) {
2039 poptPrintHelp(pc, stderr, 0);
2040 return 1;
2041 }
2042
2043 while((opt = poptGetNextOpt(pc)) != -1) {
2044 /* get the generic configuration parameters like --domain */
2045 switch (opt) {
2046 case OPT_VERBOSE:
2047 verbose = true;
2048 break;
2049 case OPT_NTLMV2:
2050 use_ntlmv2 = true;
2051 break;
2052 case OPT_LANMAN:
2053 use_lanman = true;
2054 break;
2055 }
2056 }
2057
2058 poptFreeContext(pc);
2059
2060 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
2061 POPT_CONTEXT_KEEP_FIRST);
2062
2063 while((opt = poptGetNextOpt(pc)) != -1) {
2064 switch (opt) {
2065 case 'u':
2066 if (!print_domain_users(opt_domain_name)) {
2067 d_fprintf(stderr,
2068 "Error looking up domain users\n");
2069 goto done;
2070 }
2071 break;
2072 case 'g':
2073 if (!print_domain_groups(opt_domain_name)) {
2074 d_fprintf(stderr,
2075 "Error looking up domain groups\n");
2076 goto done;
2077 }
2078 break;
2079 case 's':
2080 if (!wbinfo_lookupsid(string_arg)) {
2081 d_fprintf(stderr,
2082 "Could not lookup sid %s\n",
2083 string_arg);
2084 goto done;
2085 }
2086 break;
2087 case OPT_SID_TO_FULLNAME:
2088 if (!wbinfo_lookupsid_fullname(string_arg)) {
2089 d_fprintf(stderr, "Could not lookup sid %s\n",
2090 string_arg);
2091 goto done;
2092 }
2093 break;
2094 case 'R':
2095 if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2096 d_fprintf(stderr, "Could not lookup RIDs %s\n",
2097 string_arg);
2098 goto done;
2099 }
2100 break;
2101 case 'n':
2102 if (!wbinfo_lookupname(string_arg)) {
2103 d_fprintf(stderr, "Could not lookup name %s\n",
2104 string_arg);
2105 goto done;
2106 }
2107 break;
2108 case 'N':
2109 if (!wbinfo_wins_byname(string_arg)) {
2110 d_fprintf(stderr,
2111 "Could not lookup WINS by name %s\n",
2112 string_arg);
2113 goto done;
2114 }
2115 break;
2116 case 'I':
2117 if (!wbinfo_wins_byip(string_arg)) {
2118 d_fprintf(stderr,
2119 "Could not lookup WINS by IP %s\n",
2120 string_arg);
2121 goto done;
2122 }
2123 break;
2124 case 'U':
2125 if (!wbinfo_uid_to_sid(int_arg)) {
2126 d_fprintf(stderr,
2127 "Could not convert uid %d to sid\n",
2128 int_arg);
2129 goto done;
2130 }
2131 break;
2132 case 'G':
2133 if (!wbinfo_gid_to_sid(int_arg)) {
2134 d_fprintf(stderr,
2135 "Could not convert gid %d to sid\n",
2136 int_arg);
2137 goto done;
2138 }
2139 break;
2140 case 'S':
2141 if (!wbinfo_sid_to_uid(string_arg)) {
2142 d_fprintf(stderr,
2143 "Could not convert sid %s to uid\n",
2144 string_arg);
2145 goto done;
2146 }
2147 break;
2148 case 'Y':
2149 if (!wbinfo_sid_to_gid(string_arg)) {
2150 d_fprintf(stderr,
2151 "Could not convert sid %s to gid\n",
2152 string_arg);
2153 goto done;
2154 }
2155 break;
2156 case OPT_ALLOCATE_UID:
2157 if (!wbinfo_allocate_uid()) {
2158 d_fprintf(stderr, "Could not allocate a uid\n");
2159 goto done;
2160 }
2161 break;
2162 case OPT_ALLOCATE_GID:
2163 if (!wbinfo_allocate_gid()) {
2164 d_fprintf(stderr, "Could not allocate a gid\n");
2165 goto done;
2166 }
2167 break;
2168 case OPT_SET_UID_MAPPING:
2169 if (!parse_mapping_arg(string_arg, &int_subarg,
2170 &string_subarg) ||
2171 !wbinfo_set_uid_mapping(int_subarg, string_subarg))
2172 {
2173 d_fprintf(stderr, "Could not create or modify "
2174 "uid to sid mapping\n");
2175 goto done;
2176 }
2177 break;
2178 case OPT_SET_GID_MAPPING:
2179 if (!parse_mapping_arg(string_arg, &int_subarg,
2180 &string_subarg) ||
2181 !wbinfo_set_gid_mapping(int_subarg, string_subarg))
2182 {
2183 d_fprintf(stderr, "Could not create or modify "
2184 "gid to sid mapping\n");
2185 goto done;
2186 }
2187 break;
2188 case OPT_REMOVE_UID_MAPPING:
2189 if (!parse_mapping_arg(string_arg, &int_subarg,
2190 &string_subarg) ||
2191 !wbinfo_remove_uid_mapping(int_subarg,
2192 string_subarg))
2193 {
2194 d_fprintf(stderr, "Could not remove uid to sid "
2195 "mapping\n");
2196 goto done;
2197 }
2198 break;
2199 case OPT_REMOVE_GID_MAPPING:
2200 if (!parse_mapping_arg(string_arg, &int_subarg,
2201 &string_subarg) ||
2202 !wbinfo_remove_gid_mapping(int_subarg,
2203 string_subarg))
2204 {
2205 d_fprintf(stderr, "Could not remove gid to sid "
2206 "mapping\n");
2207 goto done;
2208 }
2209 break;
2210 case 't':
2211 if (!wbinfo_check_secret(opt_domain_name)) {
2212 d_fprintf(stderr, "Could not check secret\n");
2213 goto done;
2214 }
2215 break;
2216 case 'c':
2217 if (!wbinfo_change_secret(opt_domain_name)) {
2218 d_fprintf(stderr, "Could not change secret\n");
2219 goto done;
2220 }
2221 break;
2222 case 'P':
2223 if (!wbinfo_ping_dc()) {
2224 d_fprintf(stderr, "Could not ping our DC\n");
2225 goto done;
2226 }
2227 break;
2228 case 'm':
2229 if (!wbinfo_list_domains(false, verbose)) {
2230 d_fprintf(stderr,
2231 "Could not list trusted domains\n");
2232 goto done;
2233 }
2234 break;
2235 case OPT_SEQUENCE:
2236 if (!wbinfo_show_sequence(opt_domain_name)) {
2237 d_fprintf(stderr,
2238 "Could not show sequence numbers\n");
2239 goto done;
2240 }
2241 break;
2242 case OPT_ONLINESTATUS:
2243 if (!wbinfo_show_onlinestatus(opt_domain_name)) {
2244 d_fprintf(stderr,
2245 "Could not show online-status\n");
2246 goto done;
2247 }
2248 break;
2249 case 'D':
2250 if (!wbinfo_domain_info(string_arg)) {
2251 d_fprintf(stderr,
2252 "Could not get domain info\n");
2253 goto done;
2254 }
2255 break;
2256 case 'i':
2257 if (!wbinfo_get_userinfo(string_arg)) {
2258 d_fprintf(stderr,
2259 "Could not get info for user %s\n",
2260 string_arg);
2261 goto done;
2262 }
2263 break;
2264 case OPT_USER_SIDINFO:
2265 if ( !wbinfo_get_user_sidinfo(string_arg)) {
2266 d_fprintf(stderr,
2267 "Could not get info for user "
2268 "sid %s\n", string_arg);
2269 goto done;
2270 }
2271 break;
2272 case OPT_UID_INFO:
2273 if ( !wbinfo_get_uidinfo(int_arg)) {
2274 d_fprintf(stderr, "Could not get info for uid "
2275 "%d\n", int_arg);
2276 goto done;
2277 }
2278 break;
2279 case OPT_GROUP_INFO:
2280 if ( !wbinfo_get_groupinfo(string_arg)) {
2281 d_fprintf(stderr, "Could not get info for "
2282 "group %s\n", string_arg);
2283 goto done;
2284 }
2285 break;
2286 case OPT_GID_INFO:
2287 if ( !wbinfo_get_gidinfo(int_arg)) {
2288 d_fprintf(stderr, "Could not get info for gid "
2289 "%d\n", int_arg);
2290 goto done;
2291 }
2292 break;
2293 case 'r':
2294 if (!wbinfo_get_usergroups(string_arg)) {
2295 d_fprintf(stderr,
2296 "Could not get groups for user %s\n",
2297 string_arg);
2298 goto done;
2299 }
2300 break;
2301 case OPT_USERSIDS:
2302 if (!wbinfo_get_usersids(string_arg)) {
2303 d_fprintf(stderr, "Could not get group SIDs "
2304 "for user SID %s\n",
2305 string_arg);
2306 goto done;
2307 }
2308 break;
2309 case OPT_USERDOMGROUPS:
2310 if (!wbinfo_get_userdomgroups(string_arg)) {
2311 d_fprintf(stderr, "Could not get user's domain "
2312 "groups for user SID %s\n",
2313 string_arg);
2314 goto done;
2315 }
2316 break;
2317 case OPT_SIDALIASES:
2318 if (!wbinfo_get_sidaliases(opt_domain_name,
2319 string_arg)) {
2320 d_fprintf(stderr, "Could not get sid aliases "
2321 "for user SID %s\n", string_arg);
2322 goto done;
2323 }
2324 break;
2325 case 'a': {
2326 bool got_error = false;
2327
2328 if (!wbinfo_auth(string_arg)) {
2329 d_fprintf(stderr,
2330 "Could not authenticate user "
2331 "%s with plaintext "
2332 "password\n", string_arg);
2333 got_error = true;
2334 }
2335
2336 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
2337 use_lanman)) {
2338 d_fprintf(stderr,
2339 "Could not authenticate user "
2340 "%s with challenge/response\n",
2341 string_arg);
2342 got_error = true;
2343 }
2344
2345 if (got_error)
2346 goto done;
2347 break;
2348 }
2349 case OPT_PAM_LOGON:
2350 if (!wbinfo_pam_logon(string_arg)) {
2351 d_fprintf(stderr, "pam_logon failed for %s\n",
2352 string_arg);
2353 goto done;
2354 }
2355 break;
2356 case OPT_LOGOFF:
2357 {
2358 wbcErr wbc_status;
2359
2360 wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
2361 "");
2362 d_printf("Logoff %s (%d): %s\n", logoff_user,
2363 logoff_uid, wbcErrorString(wbc_status));
2364 break;
2365 }
2366 case 'K': {
2367 uint32_t flags = WBFLAG_PAM_KRB5 |
2368 WBFLAG_PAM_CACHED_LOGIN |
2369 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
2370 WBFLAG_PAM_INFO3_TEXT |
2371 WBFLAG_PAM_CONTACT_TRUSTDOM;
2372
2373 if (!wbinfo_auth_krb5(string_arg, "FILE",
2374 flags)) {
2375 d_fprintf(stderr,
2376 "Could not authenticate user "
2377 "[%s] with Kerberos "
2378 "(ccache: %s)\n", string_arg,
2379 "FILE");
2380 goto done;
2381 }
2382 break;
2383 }
2384 case 'k':
2385 if (!wbinfo_klog(string_arg)) {
2386 d_fprintf(stderr, "Could not klog user\n");
2387 goto done;
2388 }
2389 break;
2390 case 'p':
2391 if (!wbinfo_ping()) {
2392 d_fprintf(stderr, "could not ping winbindd!\n");
2393 goto done;
2394 }
2395 break;
2396 case OPT_SET_AUTH_USER:
2397 if (!wbinfo_set_auth_user(string_arg)) {
2398 goto done;
2399 }
2400 break;
2401 case OPT_GET_AUTH_USER:
2402 wbinfo_get_auth_user();
2403 goto done;
2404 break;
2405 case OPT_CCACHE_SAVE:
2406 if (!wbinfo_ccache_save(string_arg)) {
2407 goto done;
2408 }
2409 break;
2410 case OPT_GETDCNAME:
2411 if (!wbinfo_getdcname(string_arg)) {
2412 goto done;
2413 }
2414 break;
2415 case OPT_DSGETDCNAME:
2416 if (!wbinfo_dsgetdcname(string_arg, 0)) {
2417 goto done;
2418 }
2419 break;
2420 case OPT_DC_INFO:
2421 if (!wbinfo_dc_info(string_arg)) {
2422 goto done;
2423 }
2424 break;
2425 case OPT_SEPARATOR: {
2426 const char sep = winbind_separator();
2427 if ( !sep ) {
2428 goto done;
2429 }
2430 d_printf("%c\n", sep);
2431 break;
2432 }
2433 case OPT_LIST_ALL_DOMAINS:
2434 if (!wbinfo_list_domains(true, verbose)) {
2435 goto done;
2436 }
2437 break;
2438 case OPT_LIST_OWN_DOMAIN:
2439 if (!wbinfo_list_own_domain()) {
2440 goto done;
2441 }
2442 break;
2443 case OPT_CHANGE_USER_PASSWORD:
2444 if (!wbinfo_change_user_password(string_arg)) {
2445 d_fprintf(stderr,
2446 "Could not change user password "
2447 "for user %s\n", string_arg);
2448 goto done;
2449 }
2450 break;
2451
2452 /* generic configuration options */
2453 case OPT_DOMAIN_NAME:
2454 case OPT_VERBOSE:
2455 case OPT_NTLMV2:
2456 case OPT_LANMAN:
2457 case OPT_LOGOFF_USER:
2458 case OPT_LOGOFF_UID:
2459 break;
2460 default:
2461 d_fprintf(stderr, "Invalid option\n");
2462 poptPrintHelp(pc, stderr, 0);
2463 goto done;
2464 }
2465 }
2466
2467 result = 0;
2468
2469 /* Exit code */
2470
2471 done:
2472 talloc_free(frame);
2473
2474 poptFreeContext(pc);
2475 return result;
2476 }
Samba GIT mirror