2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2002
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 extern int winbindd_fd
;
33 static char winbind_separator(void)
35 struct winbindd_response response
;
42 ZERO_STRUCT(response
);
44 /* Send off request */
46 if (winbindd_request(WINBINDD_INFO
, NULL
, &response
) !=
48 d_printf("could not obtain winbind separator!\n");
49 /* HACK: (this module should not call lp_ funtions) */
50 return *lp_winbind_separator();
53 sep
= response
.data
.info
.winbind_separator
;
57 d_printf("winbind separator was NULL!\n");
58 /* HACK: (this module should not call lp_ funtions) */
59 sep
= *lp_winbind_separator();
65 static const char *get_winbind_domain(void)
67 struct winbindd_response response
;
68 static fstring winbind_domain
;
70 ZERO_STRUCT(response
);
72 /* Send off request */
74 if (winbindd_request(WINBINDD_DOMAIN_NAME
, NULL
, &response
) !=
76 d_printf("could not obtain winbind domain name!\n");
78 /* HACK: (this module should not call lp_ funtions) */
79 return lp_workgroup();
82 fstrcpy(winbind_domain
, response
.data
.domain_name
);
84 return winbind_domain
;
88 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
89 form DOMAIN/user into a domain and a user */
91 static BOOL
parse_wbinfo_domain_user(const char *domuser
, fstring domain
,
95 char *p
= strchr(domuser
,winbind_separator());
98 fstrcpy(user
, domuser
);
99 fstrcpy(domain
, get_winbind_domain());
104 fstrcpy(domain
, domuser
);
105 domain
[PTR_DIFF(p
, domuser
)] = 0;
111 /* List groups a user is a member of */
113 static BOOL
wbinfo_get_usergroups(char *user
)
115 struct winbindd_request request
;
116 struct winbindd_response response
;
120 ZERO_STRUCT(response
);
124 fstrcpy(request
.data
.username
, user
);
126 result
= winbindd_request(WINBINDD_GETGROUPS
, &request
, &response
);
128 if (result
!= NSS_STATUS_SUCCESS
)
131 for (i
= 0; i
< response
.data
.num_entries
; i
++)
132 d_printf("%d\n", (int)((gid_t
*)response
.extra_data
)[i
]);
134 SAFE_FREE(response
.extra_data
);
139 /* Convert NetBIOS name to IP */
141 static BOOL
wbinfo_wins_byname(char *name
)
143 struct winbindd_request request
;
144 struct winbindd_response response
;
146 ZERO_STRUCT(request
);
147 ZERO_STRUCT(response
);
151 fstrcpy(request
.data
.winsreq
, name
);
153 if (winbindd_request(WINBINDD_WINS_BYNAME
, &request
, &response
) !=
154 NSS_STATUS_SUCCESS
) {
158 /* Display response */
160 printf("%s\n", response
.data
.winsresp
);
165 /* Convert IP to NetBIOS name */
167 static BOOL
wbinfo_wins_byip(char *ip
)
169 struct winbindd_request request
;
170 struct winbindd_response response
;
172 ZERO_STRUCT(request
);
173 ZERO_STRUCT(response
);
177 fstrcpy(request
.data
.winsreq
, ip
);
179 if (winbindd_request(WINBINDD_WINS_BYIP
, &request
, &response
) !=
180 NSS_STATUS_SUCCESS
) {
184 /* Display response */
186 printf("%s\n", response
.data
.winsresp
);
191 /* List trusted domains */
193 static BOOL
wbinfo_list_domains(void)
195 struct winbindd_response response
;
198 ZERO_STRUCT(response
);
202 if (winbindd_request(WINBINDD_LIST_TRUSTDOM
, NULL
, &response
) !=
206 /* Display response */
208 if (response
.extra_data
) {
209 const char *extra_data
= (char *)response
.extra_data
;
211 while(next_token(&extra_data
, name
, ",", sizeof(fstring
)))
212 d_printf("%s\n", name
);
214 SAFE_FREE(response
.extra_data
);
221 /* show sequence numbers */
222 static BOOL
wbinfo_show_sequence(void)
224 struct winbindd_response response
;
226 ZERO_STRUCT(response
);
230 if (winbindd_request(WINBINDD_SHOW_SEQUENCE
, NULL
, &response
) !=
234 /* Display response */
236 if (response
.extra_data
) {
237 char *extra_data
= (char *)response
.extra_data
;
238 d_printf("%s", extra_data
);
239 SAFE_FREE(response
.extra_data
);
245 /* Check trust account password */
247 static BOOL
wbinfo_check_secret(void)
249 struct winbindd_response response
;
252 ZERO_STRUCT(response
);
254 result
= winbindd_request(WINBINDD_CHECK_MACHACC
, NULL
, &response
);
256 d_printf("checking the trust secret via RPC calls %s\n",
257 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
259 if (result
!= NSS_STATUS_SUCCESS
)
260 d_printf("error code was %s (0x%x)\n",
261 response
.data
.auth
.nt_status_string
,
262 response
.data
.auth
.nt_status
);
264 return result
== NSS_STATUS_SUCCESS
;
267 /* Convert uid to sid */
269 static BOOL
wbinfo_uid_to_sid(uid_t uid
)
271 struct winbindd_request request
;
272 struct winbindd_response response
;
274 ZERO_STRUCT(request
);
275 ZERO_STRUCT(response
);
279 request
.data
.uid
= uid
;
281 if (winbindd_request(WINBINDD_UID_TO_SID
, &request
, &response
) !=
285 /* Display response */
287 d_printf("%s\n", response
.data
.sid
.sid
);
292 /* Convert gid to sid */
294 static BOOL
wbinfo_gid_to_sid(gid_t gid
)
296 struct winbindd_request request
;
297 struct winbindd_response response
;
299 ZERO_STRUCT(request
);
300 ZERO_STRUCT(response
);
304 request
.data
.gid
= gid
;
306 if (winbindd_request(WINBINDD_GID_TO_SID
, &request
, &response
) !=
310 /* Display response */
312 d_printf("%s\n", response
.data
.sid
.sid
);
317 /* Convert sid to uid */
319 static BOOL
wbinfo_sid_to_uid(char *sid
)
321 struct winbindd_request request
;
322 struct winbindd_response response
;
324 ZERO_STRUCT(request
);
325 ZERO_STRUCT(response
);
329 fstrcpy(request
.data
.sid
, sid
);
331 if (winbindd_request(WINBINDD_SID_TO_UID
, &request
, &response
) !=
335 /* Display response */
337 d_printf("%d\n", (int)response
.data
.uid
);
342 static BOOL
wbinfo_sid_to_gid(char *sid
)
344 struct winbindd_request request
;
345 struct winbindd_response response
;
347 ZERO_STRUCT(request
);
348 ZERO_STRUCT(response
);
352 fstrcpy(request
.data
.sid
, sid
);
354 if (winbindd_request(WINBINDD_SID_TO_GID
, &request
, &response
) !=
358 /* Display response */
360 d_printf("%d\n", (int)response
.data
.gid
);
365 /* Convert sid to string */
367 static BOOL
wbinfo_lookupsid(char *sid
)
369 struct winbindd_request request
;
370 struct winbindd_response response
;
372 ZERO_STRUCT(request
);
373 ZERO_STRUCT(response
);
375 /* Send off request */
377 fstrcpy(request
.data
.sid
, sid
);
379 if (winbindd_request(WINBINDD_LOOKUPSID
, &request
, &response
) !=
383 /* Display response */
385 d_printf("%s%c%s %d\n", response
.data
.name
.dom_name
,
386 winbind_separator(), response
.data
.name
.name
,
387 response
.data
.name
.type
);
392 /* Convert string to sid */
394 static BOOL
wbinfo_lookupname(char *name
)
396 struct winbindd_request request
;
397 struct winbindd_response response
;
399 /* Send off request */
401 ZERO_STRUCT(request
);
402 ZERO_STRUCT(response
);
404 parse_wbinfo_domain_user(name
, request
.data
.name
.dom_name
,
405 request
.data
.name
.name
);
407 if (winbindd_request(WINBINDD_LOOKUPNAME
, &request
, &response
) !=
411 /* Display response */
413 d_printf("%s %d\n", response
.data
.sid
.sid
, response
.data
.sid
.type
);
418 /* Authenticate a user with a plaintext password */
420 static BOOL
wbinfo_auth(char *username
)
422 struct winbindd_request request
;
423 struct winbindd_response response
;
427 /* Send off request */
429 ZERO_STRUCT(request
);
430 ZERO_STRUCT(response
);
432 p
= strchr(username
, '%');
436 fstrcpy(request
.data
.auth
.user
, username
);
437 fstrcpy(request
.data
.auth
.pass
, p
+ 1);
440 fstrcpy(request
.data
.auth
.user
, username
);
442 result
= winbindd_request(WINBINDD_PAM_AUTH
, &request
, &response
);
444 /* Display response */
446 d_printf("plaintext password authentication %s\n",
447 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
449 if (response
.data
.auth
.nt_status
)
450 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
451 response
.data
.auth
.nt_status_string
,
452 response
.data
.auth
.nt_status
,
453 response
.data
.auth
.error_string
);
455 return result
== NSS_STATUS_SUCCESS
;
458 /* Authenticate a user with a challenge/response */
460 static BOOL
wbinfo_auth_crap(char *username
)
462 struct winbindd_request request
;
463 struct winbindd_response response
;
470 /* Send off request */
472 ZERO_STRUCT(request
);
473 ZERO_STRUCT(response
);
475 p
= strchr(username
, '%');
479 fstrcpy(pass
, p
+ 1);
482 parse_wbinfo_domain_user(username
, name_domain
, name_user
);
484 fstrcpy(request
.data
.auth_crap
.user
, name_user
);
486 fstrcpy(request
.data
.auth_crap
.domain
, name_domain
);
488 generate_random_buffer(request
.data
.auth_crap
.chal
, 8, False
);
490 SMBencrypt(pass
, request
.data
.auth_crap
.chal
,
491 (uchar
*)request
.data
.auth_crap
.lm_resp
);
492 SMBNTencrypt(pass
, request
.data
.auth_crap
.chal
,
493 (uchar
*)request
.data
.auth_crap
.nt_resp
);
495 request
.data
.auth_crap
.lm_resp_len
= 24;
496 request
.data
.auth_crap
.nt_resp_len
= 24;
498 result
= winbindd_request(WINBINDD_PAM_AUTH_CRAP
, &request
, &response
);
500 /* Display response */
502 d_printf("challenge/response password authentication %s\n",
503 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed");
505 if (response
.data
.auth
.nt_status
)
506 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
507 response
.data
.auth
.nt_status_string
,
508 response
.data
.auth
.nt_status
,
509 response
.data
.auth
.error_string
);
511 return result
== NSS_STATUS_SUCCESS
;
514 /* Print domain users */
516 static BOOL
print_domain_users(void)
518 struct winbindd_response response
;
519 const char *extra_data
;
522 /* Send request to winbind daemon */
524 ZERO_STRUCT(response
);
526 if (winbindd_request(WINBINDD_LIST_USERS
, NULL
, &response
) !=
530 /* Look through extra data */
532 if (!response
.extra_data
)
535 extra_data
= (const char *)response
.extra_data
;
537 while(next_token(&extra_data
, name
, ",", sizeof(fstring
)))
538 d_printf("%s\n", name
);
540 SAFE_FREE(response
.extra_data
);
545 /* Print domain groups */
547 static BOOL
print_domain_groups(void)
549 struct winbindd_response response
;
550 const char *extra_data
;
553 ZERO_STRUCT(response
);
555 if (winbindd_request(WINBINDD_LIST_GROUPS
, NULL
, &response
) !=
559 /* Look through extra data */
561 if (!response
.extra_data
)
564 extra_data
= (const char *)response
.extra_data
;
566 while(next_token(&extra_data
, name
, ",", sizeof(fstring
)))
567 d_printf("%s\n", name
);
569 SAFE_FREE(response
.extra_data
);
574 /* Set the authorised user for winbindd access in secrets.tdb */
576 static BOOL
wbinfo_set_auth_user(char *username
)
579 fstring user
, domain
;
581 /* Separate into user and password */
583 parse_wbinfo_domain_user(username
, domain
, user
);
585 password
= strchr(user
, '%');
593 /* Store or remove DOMAIN\username%password in secrets.tdb */
599 if (!secrets_store(SECRETS_AUTH_USER
, user
,
601 d_fprintf(stderr
, "error storing username\n");
605 /* We always have a domain name added by the
606 parse_wbinfo_domain_user() function. */
608 if (!secrets_store(SECRETS_AUTH_DOMAIN
, domain
,
609 strlen(domain
) + 1)) {
610 d_fprintf(stderr
, "error storing domain name\n");
615 secrets_delete(SECRETS_AUTH_USER
);
616 secrets_delete(SECRETS_AUTH_DOMAIN
);
621 if (!secrets_store(SECRETS_AUTH_PASSWORD
, password
,
622 strlen(password
) + 1)) {
623 d_fprintf(stderr
, "error storing password\n");
628 secrets_delete(SECRETS_AUTH_PASSWORD
);
633 static void wbinfo_get_auth_user(void)
635 char *user
, *domain
, *password
;
637 /* Lift data from secrets file */
641 user
= secrets_fetch(SECRETS_AUTH_USER
, NULL
);
642 domain
= secrets_fetch(SECRETS_AUTH_DOMAIN
, NULL
);
643 password
= secrets_fetch(SECRETS_AUTH_PASSWORD
, NULL
);
645 if (!user
&& !domain
&& !password
) {
646 d_printf("No authorised user configured\n");
650 /* Pretty print authorised user info */
652 d_printf("%s%s%s%s%s\n", domain
? domain
: "", domain
? "\\" : "",
653 user
, password
? "%" : "", password
? password
: "");
660 static BOOL
wbinfo_ping(void)
664 result
= winbindd_request(WINBINDD_PING
, NULL
, NULL
);
666 /* Display response */
668 d_printf("Ping to winbindd %s on fd %d\n",
669 (result
== NSS_STATUS_SUCCESS
) ? "succeeded" : "failed", winbindd_fd
);
671 return result
== NSS_STATUS_SUCCESS
;
677 OPT_SET_AUTH_USER
= 1000,
682 int main(int argc
, char **argv
)
687 static char *string_arg
;
689 BOOL got_command
= False
;
692 struct poptOption long_options
[] = {
695 /* longName, shortName, argInfo, argPtr, value, descrip,
698 { "domain-users", 'u', POPT_ARG_NONE
, 0, 'u', "Lists all domain users"},
699 { "domain-groups", 'g', POPT_ARG_NONE
, 0, 'g', "Lists all domain groups" },
700 { "WINS-by-name", 'N', POPT_ARG_STRING
, &string_arg
, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
701 { "WINS-by-ip", 'I', POPT_ARG_STRING
, &string_arg
, 'I', "Converts IP address to NetBIOS name", "IP" },
702 { "name-to-sid", 'n', POPT_ARG_STRING
, &string_arg
, 'n', "Converts name to sid", "NAME" },
703 { "sid-to-name", 's', POPT_ARG_STRING
, &string_arg
, 's', "Converts sid to name", "SID" },
704 { "uid-to-sid", 'U', POPT_ARG_INT
, &int_arg
, 'U', "Converts uid to sid" , "UID" },
705 { "gid-to-sid", 'G', POPT_ARG_INT
, &int_arg
, 'G', "Converts gid to sid", "GID" },
706 { "sid-to-uid", 'S', POPT_ARG_STRING
, &string_arg
, 'S', "Converts sid to uid", "SID" },
707 { "sid-to-gid", 'Y', POPT_ARG_STRING
, &string_arg
, 'Y', "Converts sid to gid", "SID" },
708 { "check-secret", 't', POPT_ARG_NONE
, 0, 't', "Check shared secret" },
709 { "trusted-domains", 'm', POPT_ARG_NONE
, 0, 'm', "List trusted domains" },
710 { "sequence", 0, POPT_ARG_NONE
, 0, OPT_SEQUENCE
, "Show sequence numbers of all domains" },
711 { "user-groups", 'r', POPT_ARG_STRING
, &string_arg
, 'r', "Get user groups", "USER" },
712 { "authenticate", 'a', POPT_ARG_STRING
, &string_arg
, 'a', "authenticate user", "user%password" },
713 { "set-auth-user", 'A', POPT_ARG_STRING
, &string_arg
, OPT_SET_AUTH_USER
, "Store user and password used by winbindd (root only)", "user%password" },
714 { "get-auth-user", 0, POPT_ARG_NONE
, NULL
, OPT_GET_AUTH_USER
, "Retrieve user and password used by winbindd (root only)", NULL
},
715 { "ping", 'p', POPT_ARG_NONE
, 0, 'p', "Ping winbindd to see if it is alive" },
720 /* Samba client initialisation */
722 if (!lp_load(dyn_CONFIGFILE
, True
, False
, False
)) {
723 d_fprintf(stderr
, "wbinfo: error opening config file %s. Error was %s\n",
724 dyn_CONFIGFILE
, strerror(errno
));
735 pc
= poptGetContext("wbinfo", argc
, (const char **)argv
, long_options
, 0);
737 /* Parse command line options */
740 poptPrintHelp(pc
, stderr
, 0);
744 while((opt
= poptGetNextOpt(pc
)) != -1) {
746 d_fprintf(stderr
, "No more than one command may be specified at once.\n");
754 pc
= poptGetContext(NULL
, argc
, (const char **)argv
, long_options
,
755 POPT_CONTEXT_KEEP_FIRST
);
757 while((opt
= poptGetNextOpt(pc
)) != -1) {
760 if (!print_domain_users()) {
761 d_printf("Error looking up domain users\n");
766 if (!print_domain_groups()) {
767 d_printf("Error looking up domain groups\n");
772 if (!wbinfo_lookupsid(string_arg
)) {
773 d_printf("Could not lookup sid %s\n", string_arg
);
778 if (!wbinfo_lookupname(string_arg
)) {
779 d_printf("Could not lookup name %s\n", string_arg
);
784 if (!wbinfo_wins_byname(string_arg
)) {
785 d_printf("Could not lookup WINS by name %s\n", string_arg
);
790 if (!wbinfo_wins_byip(string_arg
)) {
791 d_printf("Could not lookup WINS by IP %s\n", string_arg
);
796 if (!wbinfo_uid_to_sid(int_arg
)) {
797 d_printf("Could not convert uid %d to sid\n", int_arg
);
802 if (!wbinfo_gid_to_sid(int_arg
)) {
803 d_printf("Could not convert gid %d to sid\n",
809 if (!wbinfo_sid_to_uid(string_arg
)) {
810 d_printf("Could not convert sid %s to uid\n",
816 if (!wbinfo_sid_to_gid(string_arg
)) {
817 d_printf("Could not convert sid %s to gid\n",
823 if (!wbinfo_check_secret()) {
824 d_printf("Could not check secret\n");
829 if (!wbinfo_list_domains()) {
830 d_printf("Could not list trusted domains\n");
835 if (!wbinfo_show_sequence()) {
836 d_printf("Could not show sequence numbers\n");
841 if (!wbinfo_get_usergroups(string_arg
)) {
842 d_printf("Could not get groups for user %s\n",
848 BOOL got_error
= False
;
850 if (!wbinfo_auth(string_arg
)) {
851 d_printf("Could not authenticate user %s with "
852 "plaintext password\n", string_arg
);
856 if (!wbinfo_auth_crap(string_arg
)) {
857 d_printf("Could not authenticate user %s with "
858 "challenge/response\n", string_arg
);
867 if (!wbinfo_ping()) {
868 d_printf("could not ping winbindd!\n");
873 case OPT_SET_AUTH_USER
:
874 wbinfo_set_auth_user(string_arg
);
876 case OPT_GET_AUTH_USER
:
877 wbinfo_get_auth_user();
880 d_fprintf(stderr
, "Invalid option\n");
881 poptPrintHelp(pc
, stderr
, 0);