search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-scripts: Improve update and listing code
[samba4-gss.git] / nsswitch / wbinfo.c
blob87053fac9a7c9c27ff928fee08c5dd585e493191
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind status program.
5
6 Copyright (C) Tim Potter 2000-2003
7 Copyright (C) Andrew Bartlett 2002-2007
8 Copyright (C) Volker Lendecke 2009
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "libwbclient/wbclient.h"
26 #include "winbind_struct_protocol.h"
27 #include "libwbclient/wbclient_internal.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "lib/cmdline/cmdline.h"
30 #include "lib/afs/afs_settoken.h"
31 #include "lib/util/smb_strtox.h"
32 #include "lib/util/string_wrappers.h"
33
34 #ifdef DBGC_CLASS
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_WINBIND
37 #endif
38
39 static struct wbcInterfaceDetails *init_interface_details(void)
40 {
41 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42 static struct wbcInterfaceDetails *details;
43
44 if (details) {
45 return details;
46 }
47
48 wbc_status = wbcInterfaceDetails(&details);
49 if (!WBC_ERROR_IS_OK(wbc_status)) {
50 d_fprintf(stderr, "could not obtain winbind interface "
51 "details: %s\n", wbcErrorString(wbc_status));
52 }
53
54 return details;
55 }
56
57 static char winbind_separator(void)
58 {
59 struct wbcInterfaceDetails *details;
60 static bool got_sep;
61 static char sep;
62
63 if (got_sep)
64 return sep;
65
66 details = init_interface_details();
67
68 if (!details) {
69 d_fprintf(stderr, "could not obtain winbind separator!\n");
70 return 0;
71 }
72
73 sep = details->winbind_separator;
74 got_sep = true;
75
76 if (!sep) {
77 d_fprintf(stderr, "winbind separator was NULL!\n");
78 return 0;
79 }
80
81 return sep;
82 }
83
84 static const char *get_winbind_domain(void)
85 {
86 static struct wbcInterfaceDetails *details;
87
88 details = init_interface_details();
89
90 if (!details) {
91 d_fprintf(stderr, "could not obtain winbind domain name!\n");
92 return 0;
93 }
94
95 return details->netbios_domain;
96 }
97
98 static const char *get_winbind_netbios_name(void)
99 {
100 static struct wbcInterfaceDetails *details;
101
102 details = init_interface_details();
103
104 if (!details) {
105 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106 return 0;
107 }
108
109 return details->netbios_name;
110 }
111
112 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
113 form DOMAIN/user into a domain and a user */
114
115 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116 fstring user)
117 {
118
119 char *p = strchr(domuser,winbind_separator());
120
121 if (!p) {
122 /* Maybe it was a UPN? */
123 p = strchr(domuser, '@');
124 if (p != NULL) {
125 fstrcpy(domain, "");
126 fstrcpy(user, domuser);
127 return true;
128 }
129
130 fstrcpy(user, domuser);
131 fstrcpy(domain, get_winbind_domain());
132 return true;
133 }
134
135 fstrcpy(user, p+1);
136 fstrcpy(domain, domuser);
137 domain[PTR_DIFF(p, domuser)] = 0;
138
139 return true;
140 }
141
142 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143 * Return true if input was valid, false otherwise. */
144 static bool parse_mapping_arg(char *arg, int *id, char **sid)
145 {
146 char *tmp;
147 int error = 0;
148
149 if (!arg || !*arg)
150 return false;
151
152 tmp = strtok(arg, ",");
153 *sid = strtok(NULL, ",");
154
155 if (!tmp || !*tmp || !*sid || !**sid)
156 return false;
157
158 /* Because atoi() can return 0 on invalid input, which would be a valid
159 * UID/GID we must use strtoul() and do error checking */
160 *id = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
161 if (error != 0)
162 return false;
163
164 return true;
165 }
166
167 /* pull pwent info for a given user */
168
169 static bool wbinfo_get_userinfo(char *user)
170 {
171 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172 struct passwd *pwd = NULL;
173
174 wbc_status = wbcGetpwnam(user, &pwd);
175 if (!WBC_ERROR_IS_OK(wbc_status)) {
176 d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177 wbcErrorString(wbc_status));
178 return false;
179 }
180
181 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182 pwd->pw_name,
183 pwd->pw_passwd,
184 (unsigned int)pwd->pw_uid,
185 (unsigned int)pwd->pw_gid,
186 pwd->pw_gecos,
187 pwd->pw_dir,
188 pwd->pw_shell);
189
190 wbcFreeMemory(pwd);
191
192 return true;
193 }
194
195 /* pull pwent info for a given uid */
196 static bool wbinfo_get_uidinfo(int uid)
197 {
198 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
199 struct passwd *pwd = NULL;
200
201 wbc_status = wbcGetpwuid(uid, &pwd);
202 if (!WBC_ERROR_IS_OK(wbc_status)) {
203 d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
204 wbcErrorString(wbc_status));
205 return false;
206 }
207
208 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
209 pwd->pw_name,
210 pwd->pw_passwd,
211 (unsigned int)pwd->pw_uid,
212 (unsigned int)pwd->pw_gid,
213 pwd->pw_gecos,
214 pwd->pw_dir,
215 pwd->pw_shell);
216
217 wbcFreeMemory(pwd);
218
219 return true;
220 }
221
222 static bool wbinfo_get_user_sidinfo(const char *sid_str)
223 {
224 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
225 struct passwd *pwd = NULL;
226 struct wbcDomainSid sid;
227
228 wbc_status = wbcStringToSid(sid_str, &sid);
229 wbc_status = wbcGetpwsid(&sid, &pwd);
230 if (!WBC_ERROR_IS_OK(wbc_status)) {
231 d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
232 wbcErrorString(wbc_status));
233 return false;
234 }
235
236 d_printf("%s:%s:%u:%u:%s:%s:%s\n",
237 pwd->pw_name,
238 pwd->pw_passwd,
239 (unsigned int)pwd->pw_uid,
240 (unsigned int)pwd->pw_gid,
241 pwd->pw_gecos,
242 pwd->pw_dir,
243 pwd->pw_shell);
244
245 wbcFreeMemory(pwd);
246
247 return true;
248 }
249
250
251 /* pull grent for a given group */
252 static bool wbinfo_get_groupinfo(const char *group)
253 {
254 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
255 struct group *grp;
256 char **mem;
257
258 wbc_status = wbcGetgrnam(group, &grp);
259 if (!WBC_ERROR_IS_OK(wbc_status)) {
260 d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
261 wbcErrorString(wbc_status));
262 return false;
263 }
264
265 d_printf("%s:%s:%u:",
266 grp->gr_name,
267 grp->gr_passwd,
268 (unsigned int)grp->gr_gid);
269
270 mem = grp->gr_mem;
271 while (*mem != NULL) {
272 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
273 mem += 1;
274 }
275 d_printf("\n");
276
277 wbcFreeMemory(grp);
278
279 return true;
280 }
281
282 /* pull grent for a given gid */
283 static bool wbinfo_get_gidinfo(int gid)
284 {
285 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
286 struct group *grp;
287 char **mem;
288
289 wbc_status = wbcGetgrgid(gid, &grp);
290 if (!WBC_ERROR_IS_OK(wbc_status)) {
291 d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
292 wbcErrorString(wbc_status));
293 return false;
294 }
295
296 d_printf("%s:%s:%u:",
297 grp->gr_name,
298 grp->gr_passwd,
299 (unsigned int)grp->gr_gid);
300
301 mem = grp->gr_mem;
302 while (*mem != NULL) {
303 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
304 mem += 1;
305 }
306 d_printf("\n");
307
308 wbcFreeMemory(grp);
309
310 return true;
311 }
312
313 /* List groups a user is a member of */
314
315 static bool wbinfo_get_usergroups(const char *user)
316 {
317 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
318 uint32_t num_groups;
319 uint32_t i;
320 gid_t *groups = NULL;
321
322 /* Send request */
323
324 wbc_status = wbcGetGroups(user, &num_groups, &groups);
325 if (!WBC_ERROR_IS_OK(wbc_status)) {
326 d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
327 wbcErrorString(wbc_status));
328 return false;
329 }
330
331 for (i = 0; i < num_groups; i++) {
332 d_printf("%d\n", (int)groups[i]);
333 }
334
335 wbcFreeMemory(groups);
336
337 return true;
338 }
339
340
341 /* List group SIDs a user SID is a member of */
342 static bool wbinfo_get_usersids(const char *user_sid_str)
343 {
344 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
345 uint32_t num_sids;
346 uint32_t i;
347 struct wbcDomainSid user_sid, *sids = NULL;
348
349 /* Send request */
350
351 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
352 if (!WBC_ERROR_IS_OK(wbc_status)) {
353 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
354 wbcErrorString(wbc_status));
355 return false;
356 }
357
358 wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
359 if (!WBC_ERROR_IS_OK(wbc_status)) {
360 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
361 wbcErrorString(wbc_status));
362 return false;
363 }
364
365 for (i = 0; i < num_sids; i++) {
366 char str[WBC_SID_STRING_BUFLEN];
367 wbcSidToStringBuf(&sids[i], str, sizeof(str));
368 d_printf("%s\n", str);
369 }
370
371 wbcFreeMemory(sids);
372
373 return true;
374 }
375
376 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
377 {
378 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
379 uint32_t num_sids;
380 uint32_t i;
381 struct wbcDomainSid user_sid, *sids = NULL;
382
383 /* Send request */
384
385 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
386 if (!WBC_ERROR_IS_OK(wbc_status)) {
387 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
388 wbcErrorString(wbc_status));
389 return false;
390 }
391
392 wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
393 if (!WBC_ERROR_IS_OK(wbc_status)) {
394 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
395 wbcErrorString(wbc_status));
396 return false;
397 }
398
399 for (i = 0; i < num_sids; i++) {
400 char str[WBC_SID_STRING_BUFLEN];
401 wbcSidToStringBuf(&sids[i], str, sizeof(str));
402 d_printf("%s\n", str);
403 }
404
405 wbcFreeMemory(sids);
406
407 return true;
408 }
409
410 static bool wbinfo_get_sidaliases(const char *domain,
411 const char *user_sid_str)
412 {
413 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
414 struct wbcDomainInfo *dinfo = NULL;
415 uint32_t i;
416 struct wbcDomainSid user_sid;
417 uint32_t *alias_rids = NULL;
418 uint32_t num_alias_rids;
419 char domain_sid_str[WBC_SID_STRING_BUFLEN];
420
421 /* Send request */
422 if ((domain == NULL) || (strequal(domain, ".")) ||
423 (domain[0] == '\0')) {
424 domain = get_winbind_domain();
425 }
426
427 /* Send request */
428
429 wbc_status = wbcDomainInfo(domain, &dinfo);
430 if (!WBC_ERROR_IS_OK(wbc_status)) {
431 d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
432 wbcErrorString(wbc_status));
433 goto done;
434 }
435 wbc_status = wbcStringToSid(user_sid_str, &user_sid);
436 if (!WBC_ERROR_IS_OK(wbc_status)) {
437 goto done;
438 }
439
440 wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
441 &alias_rids, &num_alias_rids);
442 if (!WBC_ERROR_IS_OK(wbc_status)) {
443 goto done;
444 }
445
446 wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
447
448 for (i = 0; i < num_alias_rids; i++) {
449 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
450 }
451
452 wbcFreeMemory(alias_rids);
453
454 done:
455 wbcFreeMemory(dinfo);
456 return (WBC_ERR_SUCCESS == wbc_status);
457 }
458
459
460 /* Convert NetBIOS name to IP */
461
462 static bool wbinfo_wins_byname(const char *name)
463 {
464 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
465 char *ip = NULL;
466
467 wbc_status = wbcResolveWinsByName(name, &ip);
468 if (!WBC_ERROR_IS_OK(wbc_status)) {
469 d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
470 wbcErrorString(wbc_status));
471 return false;
472 }
473
474 /* Display response */
475
476 d_printf("%s\n", ip);
477
478 wbcFreeMemory(ip);
479
480 return true;
481 }
482
483 /* Convert IP to NetBIOS name */
484
485 static bool wbinfo_wins_byip(const char *ip)
486 {
487 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
488 char *name = NULL;
489
490 wbc_status = wbcResolveWinsByIP(ip, &name);
491 if (!WBC_ERROR_IS_OK(wbc_status)) {
492 d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
493 wbcErrorString(wbc_status));
494 return false;
495 }
496
497 /* Display response */
498
499 d_printf("%s\n", name);
500
501 wbcFreeMemory(name);
502
503 return true;
504 }
505
506 /* List all/trusted domains */
507
508 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
509 {
510 struct wbcDomainInfo *domain_list = NULL;
511 size_t i, num_domains;
512 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
513 bool print_all = !list_all_domains && verbose;
514
515 wbc_status = wbcListTrusts(&domain_list, &num_domains);
516 if (!WBC_ERROR_IS_OK(wbc_status)) {
517 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
518 wbcErrorString(wbc_status));
519 return false;
520 }
521
522 if (print_all) {
523 d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
524 "Domain Name", "DNS Domain", "Trust Type",
525 "Transitive", "In", "Out");
526 }
527
528 for (i=0; i<num_domains; i++) {
529 if (print_all) {
530 d_printf("%-16s", domain_list[i].short_name);
531 } else {
532 d_printf("%s", domain_list[i].short_name);
533 d_printf("\n");
534 continue;
535 }
536
537 d_printf("%-65s", domain_list[i].dns_name);
538
539 switch(domain_list[i].trust_type) {
540 case WBC_DOMINFO_TRUSTTYPE_NONE:
541 if (domain_list[i].trust_routing != NULL) {
542 d_printf("%s\n", domain_list[i].trust_routing);
543 } else {
544 d_printf("None\n");
545 }
546 continue;
547 case WBC_DOMINFO_TRUSTTYPE_LOCAL:
548 d_printf("Local\n");
549 continue;
550 case WBC_DOMINFO_TRUSTTYPE_RWDC:
551 d_printf("RWDC\n");
552 continue;
553 case WBC_DOMINFO_TRUSTTYPE_RODC:
554 d_printf("RODC\n");
555 continue;
556 case WBC_DOMINFO_TRUSTTYPE_PDC:
557 d_printf("PDC\n");
558 continue;
559 case WBC_DOMINFO_TRUSTTYPE_WKSTA:
560 d_printf("Workstation ");
561 break;
562 case WBC_DOMINFO_TRUSTTYPE_FOREST:
563 d_printf("Forest ");
564 break;
565 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
566 d_printf("External ");
567 break;
568 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
569 d_printf("In-Forest ");
570 break;
571 }
572
573 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
574 d_printf("Yes ");
575 } else {
576 d_printf("No ");
577 }
578
579 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
580 d_printf("Yes ");
581 } else {
582 d_printf("No ");
583 }
584
585 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
586 d_printf("Yes ");
587 } else {
588 d_printf("No ");
589 }
590
591 d_printf("\n");
592 }
593
594 wbcFreeMemory(domain_list);
595
596 return true;
597 }
598
599 /* List own domain */
600
601 static bool wbinfo_list_own_domain(void)
602 {
603 d_printf("%s\n", get_winbind_domain());
604
605 return true;
606 }
607
608 /* show sequence numbers */
609 static bool wbinfo_show_sequence(const char *domain)
610 {
611 d_printf("This command has been deprecated. Please use the "
612 "--online-status option instead.\n");
613 return false;
614 }
615
616 /* show sequence numbers */
617 static bool wbinfo_show_onlinestatus(const char *domain)
618 {
619 struct wbcDomainInfo *domain_list = NULL;
620 size_t i, num_domains;
621 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
622
623 wbc_status = wbcListTrusts(&domain_list, &num_domains);
624 if (!WBC_ERROR_IS_OK(wbc_status)) {
625 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
626 wbcErrorString(wbc_status));
627 return false;
628 }
629
630 for (i=0; i<num_domains; i++) {
631 bool is_offline;
632
633 if (domain) {
634 if (!strequal(domain_list[i].short_name, domain)) {
635 continue;
636 }
637 }
638
639 is_offline = (domain_list[i].domain_flags &
640 WBC_DOMINFO_DOMAIN_OFFLINE);
641
642 d_printf("%s : %s\n",
643 domain_list[i].short_name,
644 is_offline ? "no active connection" : "active connection" );
645 }
646
647 wbcFreeMemory(domain_list);
648
649 return true;
650 }
651
652
653 /* Show domain info */
654
655 static bool wbinfo_domain_info(const char *domain)
656 {
657 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
658 struct wbcDomainInfo *dinfo = NULL;
659 char sid_str[WBC_SID_STRING_BUFLEN];
660
661 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
662 domain = get_winbind_domain();
663 }
664
665 /* Send request */
666
667 wbc_status = wbcDomainInfo(domain, &dinfo);
668 if (!WBC_ERROR_IS_OK(wbc_status)) {
669 d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
670 wbcErrorString(wbc_status));
671 return false;
672 }
673
674 wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
675
676 /* Display response */
677
678 d_printf("Name : %s\n", dinfo->short_name);
679 d_printf("Alt_Name : %s\n", dinfo->dns_name);
680
681 d_printf("SID : %s\n", sid_str);
682
683 d_printf("Active Directory : %s\n",
684 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
685 d_printf("Native : %s\n",
686 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
687 "Yes" : "No");
688
689 d_printf("Primary : %s\n",
690 (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
691 "Yes" : "No");
692
693 wbcFreeMemory(dinfo);
694
695 return true;
696 }
697
698 /* Get a foreign DC's name */
699 static bool wbinfo_getdcname(const char *domain_name)
700 {
701 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
702 struct winbindd_request request;
703 struct winbindd_response response;
704
705 ZERO_STRUCT(request);
706 ZERO_STRUCT(response);
707
708 fstrcpy(request.domain_name, domain_name);
709
710 /* Send request */
711
712 wbc_status = wbcRequestResponse(NULL, WINBINDD_GETDCNAME,
713 &request, &response);
714 if (!WBC_ERROR_IS_OK(wbc_status)) {
715 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
716 return false;
717 }
718
719 /* Display response */
720
721 d_printf("%s\n", response.data.dc_name);
722
723 return true;
724 }
725
726 /* Find a DC */
727 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
728 {
729 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
730 struct wbcDomainControllerInfoEx *dc_info;
731 char *str = NULL;
732
733 wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
734 flags | DS_DIRECTORY_SERVICE_REQUIRED,
735 &dc_info);
736 if (!WBC_ERROR_IS_OK(wbc_status)) {
737 printf("Could not find dc for %s\n", domain_name);
738 return false;
739 }
740
741 wbcGuidToString(dc_info->domain_guid, &str);
742
743 d_printf("%s\n", dc_info->dc_unc);
744 d_printf("%s\n", dc_info->dc_address);
745 d_printf("%d\n", dc_info->dc_address_type);
746 d_printf("%s\n", str);
747 d_printf("%s\n", dc_info->domain_name);
748 d_printf("%s\n", dc_info->forest_name);
749 d_printf("0x%08x\n", dc_info->dc_flags);
750 d_printf("%s\n", dc_info->dc_site_name);
751 d_printf("%s\n", dc_info->client_site_name);
752
753 wbcFreeMemory(str);
754 wbcFreeMemory(dc_info);
755
756 return true;
757 }
758
759 /* Check trust account password */
760
761 static bool wbinfo_check_secret(const char *domain)
762 {
763 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
764 struct wbcAuthErrorInfo *error = NULL;
765 const char *domain_name;
766
767 if (domain) {
768 domain_name = domain;
769 } else {
770 domain_name = get_winbind_domain();
771 }
772
773 wbc_status = wbcCheckTrustCredentials(domain_name, &error);
774
775 d_printf("checking the trust secret for domain %s via RPC calls %s\n",
776 domain_name,
777 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
778
779 if (wbc_status == WBC_ERR_AUTH_ERROR) {
780 d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
781 domain_name, error->nt_string, error->nt_status);
782 wbcFreeMemory(error);
783 }
784 if (!WBC_ERROR_IS_OK(wbc_status)) {
785 d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
786 "%s\n", wbcErrorString(wbc_status));
787 return false;
788 }
789
790 return true;
791 }
792
793 /* Find the currently connected DCs */
794
795 static bool wbinfo_dc_info(const char *domain_name)
796 {
797 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
798 size_t i, num_dcs;
799 const char **dc_names, **dc_ips;
800
801 wbc_status = wbcDcInfo(domain_name, &num_dcs,
802 &dc_names, &dc_ips);
803 if (!WBC_ERROR_IS_OK(wbc_status)) {
804 printf("Could not find dc info %s\n",
805 domain_name ? domain_name : "our domain");
806 return false;
807 }
808
809 for (i=0; i<num_dcs; i++) {
810 printf("%s (%s)\n", dc_names[i], dc_ips[i]);
811 }
812 wbcFreeMemory(dc_names);
813 wbcFreeMemory(dc_ips);
814
815 return true;
816 }
817
818 /* Change trust account password */
819
820 static bool wbinfo_change_secret(const char *domain)
821 {
822 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
823 struct wbcAuthErrorInfo *error = NULL;
824 const char *domain_name;
825
826 if (domain) {
827 domain_name = domain;
828 } else {
829 domain_name = get_winbind_domain();
830 }
831
832 wbc_status = wbcChangeTrustCredentials(domain_name, &error);
833
834 d_printf("changing the trust secret for domain %s via RPC calls %s\n",
835 domain_name,
836 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
837
838 if (wbc_status == WBC_ERR_AUTH_ERROR) {
839 d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
840 domain_name, error->nt_string, error->nt_status);
841 wbcFreeMemory(error);
842 }
843 if (!WBC_ERROR_IS_OK(wbc_status)) {
844 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
845 "%s\n", wbcErrorString(wbc_status));
846 return false;
847 }
848
849 return true;
850 }
851
852 /* Change trust account password chose Domain Controller */
853
854 static bool wbinfo_change_secret_at(const char *domain,
855 const char *domain_controller)
856 {
857 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
858 struct wbcAuthErrorInfo *error = NULL;
859 const char *domain_name;
860
861 if (domain) {
862 domain_name = domain;
863 } else {
864 domain_name = get_winbind_domain();
865 }
866
867 wbc_status = wbcChangeTrustCredentialsAt(
868 domain_name, domain_controller, &error);
869
870 d_printf("changing the trust secret for domain %s via RPC calls %s\n",
871 domain_name,
872 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
873
874 if (wbc_status == WBC_ERR_AUTH_ERROR) {
875 d_fprintf(stderr, "wbcChangeTrustCredentials(%s): "
876 "error code was %s (0x%x)\n",
877 domain_name, error->nt_string, error->nt_status);
878 wbcFreeMemory(error);
879 }
880 if (!WBC_ERROR_IS_OK(wbc_status)) {
881 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
882 "%s\n", wbcErrorString(wbc_status));
883 return false;
884 }
885
886 return true;
887 }
888
889 /* Check DC connection */
890
891 static bool wbinfo_ping_dc(const char *domain)
892 {
893 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
894 struct wbcAuthErrorInfo *error = NULL;
895 char *dcname = NULL;
896
897 const char *domain_name;
898
899 if (domain) {
900 domain_name = domain;
901 } else {
902 domain_name = get_winbind_domain();
903 }
904
905 wbc_status = wbcPingDc2(domain_name, &error, &dcname);
906
907 d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
908 domain_name ? domain_name : "",
909 dcname ? dcname : "",
910 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
911
912 wbcFreeMemory(dcname);
913 if (wbc_status == WBC_ERR_AUTH_ERROR) {
914 d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
915 domain_name, error->nt_string, error->nt_status);
916 wbcFreeMemory(error);
917 return false;
918 }
919 if (!WBC_ERROR_IS_OK(wbc_status)) {
920 d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
921 wbcErrorString(wbc_status));
922 return false;
923 }
924
925 return true;
926 }
927
928 /* Convert uid to sid */
929
930 static bool wbinfo_uid_to_sid(uid_t uid)
931 {
932 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
933 struct wbcDomainSid sid;
934 char sid_str[WBC_SID_STRING_BUFLEN];
935
936 /* Send request */
937
938 wbc_status = wbcUidToSid(uid, &sid);
939 if (!WBC_ERROR_IS_OK(wbc_status)) {
940 d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
941 wbcErrorString(wbc_status));
942 return false;
943 }
944
945 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
946
947 /* Display response */
948
949 d_printf("%s\n", sid_str);
950
951 return true;
952 }
953
954 /* Convert gid to sid */
955
956 static bool wbinfo_gid_to_sid(gid_t gid)
957 {
958 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
959 struct wbcDomainSid sid;
960 char sid_str[WBC_SID_STRING_BUFLEN];
961
962 /* Send request */
963
964 wbc_status = wbcGidToSid(gid, &sid);
965 if (!WBC_ERROR_IS_OK(wbc_status)) {
966 d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
967 wbcErrorString(wbc_status));
968 return false;
969 }
970
971 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
972
973 /* Display response */
974
975 d_printf("%s\n", sid_str);
976
977 return true;
978 }
979
980 /* Convert sid to uid */
981
982 static bool wbinfo_sid_to_uid(const char *sid_str)
983 {
984 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
985 struct wbcDomainSid sid;
986 uid_t uid;
987
988 /* Send request */
989
990 wbc_status = wbcStringToSid(sid_str, &sid);
991 if (!WBC_ERROR_IS_OK(wbc_status)) {
992 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
993 wbcErrorString(wbc_status));
994 return false;
995 }
996
997 wbc_status = wbcSidToUid(&sid, &uid);
998 if (!WBC_ERROR_IS_OK(wbc_status)) {
999 d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
1000 wbcErrorString(wbc_status));
1001 return false;
1002 }
1003
1004 /* Display response */
1005
1006 d_printf("%d\n", (int)uid);
1007
1008 return true;
1009 }
1010
1011 static bool wbinfo_sid_to_gid(const char *sid_str)
1012 {
1013 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1014 struct wbcDomainSid sid;
1015 gid_t gid;
1016
1017 /* Send request */
1018
1019 wbc_status = wbcStringToSid(sid_str, &sid);
1020 if (!WBC_ERROR_IS_OK(wbc_status)) {
1021 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1022 wbcErrorString(wbc_status));
1023 return false;
1024 }
1025
1026 wbc_status = wbcSidToGid(&sid, &gid);
1027 if (!WBC_ERROR_IS_OK(wbc_status)) {
1028 d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
1029 wbcErrorString(wbc_status));
1030 return false;
1031 }
1032
1033 /* Display response */
1034
1035 d_printf("%d\n", (int)gid);
1036
1037 return true;
1038 }
1039
1040 static bool wbinfo_sids_to_unix_ids(const char *arg)
1041 {
1042 char sidstr[WBC_SID_STRING_BUFLEN];
1043 struct wbcDomainSid *sids;
1044 struct wbcUnixId *unix_ids;
1045 int i, num_sids;
1046 const char *p;
1047 wbcErr wbc_status;
1048
1049
1050 num_sids = 0;
1051 sids = NULL;
1052 p = arg;
1053
1054 while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1055 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1056 num_sids+1);
1057 if (sids == NULL) {
1058 d_fprintf(stderr, "talloc failed\n");
1059 return false;
1060 }
1061 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1062 if (!WBC_ERROR_IS_OK(wbc_status)) {
1063 d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1064 sidstr, wbcErrorString(wbc_status));
1065 TALLOC_FREE(sids);
1066 return false;
1067 }
1068 num_sids += 1;
1069 }
1070
1071 unix_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_sids);
1072 if (unix_ids == NULL) {
1073 TALLOC_FREE(sids);
1074 return false;
1075 }
1076
1077 wbc_status = wbcSidsToUnixIds(sids, num_sids, unix_ids);
1078 if (!WBC_ERROR_IS_OK(wbc_status)) {
1079 d_fprintf(stderr, "wbcSidsToUnixIds failed: %s\n",
1080 wbcErrorString(wbc_status));
1081 TALLOC_FREE(sids);
1082 return false;
1083 }
1084
1085 for (i=0; i<num_sids; i++) {
1086
1087 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1088
1089 switch(unix_ids[i].type) {
1090 case WBC_ID_TYPE_UID:
1091 d_printf("%s -> uid %d\n", sidstr, unix_ids[i].id.uid);
1092 break;
1093 case WBC_ID_TYPE_GID:
1094 d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
1095 break;
1096 case WBC_ID_TYPE_BOTH:
1097 d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
1098 break;
1099 default:
1100 d_printf("%s -> unmapped\n", sidstr);
1101 break;
1102 }
1103 }
1104
1105 TALLOC_FREE(sids);
1106 TALLOC_FREE(unix_ids);
1107
1108 return true;
1109 }
1110
1111 static bool wbinfo_xids_to_sids(const char *arg)
1112 {
1113 fstring idstr;
1114 struct wbcUnixId *xids = NULL;
1115 struct wbcDomainSid *sids;
1116 wbcErr wbc_status;
1117 int num_xids = 0;
1118 const char *p;
1119 int i;
1120
1121 p = arg;
1122
1123 while (next_token(&p, idstr, LIST_SEP, sizeof(idstr))) {
1124 xids = talloc_realloc(talloc_tos(), xids, struct wbcUnixId,
1125 num_xids+1);
1126 if (xids == NULL) {
1127 d_fprintf(stderr, "talloc failed\n");
1128 return false;
1129 }
1130
1131 switch (idstr[0]) {
1132 case 'u':
1133 xids[num_xids] = (struct wbcUnixId) {
1134 .type = WBC_ID_TYPE_UID,
1135 .id.uid = atoi(&idstr[1])
1136 };
1137 break;
1138 case 'g':
1139 xids[num_xids] = (struct wbcUnixId) {
1140 .type = WBC_ID_TYPE_GID,
1141 .id.gid = atoi(&idstr[1])
1142 };
1143 break;
1144 default:
1145 d_fprintf(stderr, "%s is an invalid id\n", idstr);
1146 TALLOC_FREE(xids);
1147 return false;
1148 }
1149 num_xids += 1;
1150 }
1151
1152 sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_xids);
1153 if (sids == NULL) {
1154 d_fprintf(stderr, "talloc failed\n");
1155 TALLOC_FREE(xids);
1156 return false;
1157 }
1158
1159 wbc_status = wbcUnixIdsToSids(xids, num_xids, sids);
1160 if (!WBC_ERROR_IS_OK(wbc_status)) {
1161 d_fprintf(stderr, "wbcUnixIdsToSids failed: %s\n",
1162 wbcErrorString(wbc_status));
1163 TALLOC_FREE(sids);
1164 TALLOC_FREE(xids);
1165 return false;
1166 }
1167
1168 for (i=0; i<num_xids; i++) {
1169 char str[WBC_SID_STRING_BUFLEN];
1170 struct wbcDomainSid null_sid = { 0 };
1171
1172 if (memcmp(&null_sid, &sids[i], sizeof(struct wbcDomainSid)) == 0) {
1173 d_printf("NOT MAPPED\n");
1174 continue;
1175 }
1176 wbcSidToStringBuf(&sids[i], str, sizeof(str));
1177 d_printf("%s\n", str);
1178 }
1179
1180 return true;
1181 }
1182
1183 static bool wbinfo_allocate_uid(void)
1184 {
1185 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1186 uid_t uid;
1187
1188 /* Send request */
1189
1190 wbc_status = wbcAllocateUid(&uid);
1191 if (!WBC_ERROR_IS_OK(wbc_status)) {
1192 d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
1193 wbcErrorString(wbc_status));
1194 return false;
1195 }
1196
1197 /* Display response */
1198
1199 d_printf("New uid: %u\n", (unsigned int)uid);
1200
1201 return true;
1202 }
1203
1204 static bool wbinfo_allocate_gid(void)
1205 {
1206 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1207 gid_t gid;
1208
1209 /* Send request */
1210
1211 wbc_status = wbcAllocateGid(&gid);
1212 if (!WBC_ERROR_IS_OK(wbc_status)) {
1213 d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
1214 wbcErrorString(wbc_status));
1215 return false;
1216 }
1217
1218 /* Display response */
1219
1220 d_printf("New gid: %u\n", (unsigned int)gid);
1221
1222 return true;
1223 }
1224
1225 static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
1226 {
1227 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1228 struct wbcDomainSid sid;
1229
1230 /* Send request */
1231
1232 wbc_status = wbcStringToSid(sid_str, &sid);
1233 if (!WBC_ERROR_IS_OK(wbc_status)) {
1234 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1235 wbcErrorString(wbc_status));
1236 return false;
1237 }
1238
1239 wbc_status = wbcSetUidMapping(uid, &sid);
1240 if (!WBC_ERROR_IS_OK(wbc_status)) {
1241 d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
1242 wbcErrorString(wbc_status));
1243 return false;
1244 }
1245
1246 /* Display response */
1247
1248 d_printf("uid %u now mapped to sid %s\n",
1249 (unsigned int)uid, sid_str);
1250
1251 return true;
1252 }
1253
1254 static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
1255 {
1256 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1257 struct wbcDomainSid sid;
1258
1259 /* Send request */
1260
1261 wbc_status = wbcStringToSid(sid_str, &sid);
1262 if (!WBC_ERROR_IS_OK(wbc_status)) {
1263 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1264 wbcErrorString(wbc_status));
1265 return false;
1266 }
1267
1268 wbc_status = wbcSetGidMapping(gid, &sid);
1269 if (!WBC_ERROR_IS_OK(wbc_status)) {
1270 d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
1271 wbcErrorString(wbc_status));
1272 return false;
1273 }
1274
1275 /* Display response */
1276
1277 d_printf("gid %u now mapped to sid %s\n",
1278 (unsigned int)gid, sid_str);
1279
1280 return true;
1281 }
1282
1283 static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1284 {
1285 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1286 struct wbcDomainSid sid;
1287
1288 /* Send request */
1289
1290 wbc_status = wbcStringToSid(sid_str, &sid);
1291 if (!WBC_ERROR_IS_OK(wbc_status)) {
1292 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1293 wbcErrorString(wbc_status));
1294 return false;
1295 }
1296
1297 wbc_status = wbcRemoveUidMapping(uid, &sid);
1298 if (!WBC_ERROR_IS_OK(wbc_status)) {
1299 d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
1300 wbcErrorString(wbc_status));
1301 return false;
1302 }
1303
1304 /* Display response */
1305
1306 d_printf("Removed uid %u to sid %s mapping\n",
1307 (unsigned int)uid, sid_str);
1308
1309 return true;
1310 }
1311
1312 static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1313 {
1314 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1315 struct wbcDomainSid sid;
1316
1317 /* Send request */
1318
1319 wbc_status = wbcStringToSid(sid_str, &sid);
1320 if (!WBC_ERROR_IS_OK(wbc_status)) {
1321 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1322 wbcErrorString(wbc_status));
1323 return false;
1324 }
1325
1326 wbc_status = wbcRemoveGidMapping(gid, &sid);
1327 if (!WBC_ERROR_IS_OK(wbc_status)) {
1328 d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
1329 wbcErrorString(wbc_status));
1330 return false;
1331 }
1332
1333 /* Display response */
1334
1335 d_printf("Removed gid %u to sid %s mapping\n",
1336 (unsigned int)gid, sid_str);
1337
1338 return true;
1339 }
1340
1341 /* Convert sid to string */
1342
1343 static bool wbinfo_lookupsid(const char *sid_str)
1344 {
1345 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1346 struct wbcDomainSid sid;
1347 char *domain;
1348 char *name;
1349 enum wbcSidType type;
1350
1351 /* Send off request */
1352
1353 wbc_status = wbcStringToSid(sid_str, &sid);
1354 if (!WBC_ERROR_IS_OK(wbc_status)) {
1355 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1356 wbcErrorString(wbc_status));
1357 return false;
1358 }
1359
1360 wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1361 if (!WBC_ERROR_IS_OK(wbc_status)) {
1362 d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1363 wbcErrorString(wbc_status));
1364 return false;
1365 }
1366
1367 /* Display response */
1368
1369 if (type == WBC_SID_NAME_DOMAIN) {
1370 d_printf("%s %d\n", domain, type);
1371 } else {
1372 d_printf("%s%c%s %d\n",
1373 domain, winbind_separator(), name, type);
1374 }
1375
1376 wbcFreeMemory(domain);
1377 wbcFreeMemory(name);
1378
1379 return true;
1380 }
1381
1382 /* Convert sid to fullname */
1383
1384 static bool wbinfo_lookupsid_fullname(const char *sid_str)
1385 {
1386 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1387 struct wbcDomainSid sid;
1388 char *domain;
1389 char *name;
1390 enum wbcSidType type;
1391
1392 /* Send off request */
1393
1394 wbc_status = wbcStringToSid(sid_str, &sid);
1395 if (!WBC_ERROR_IS_OK(wbc_status)) {
1396 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1397 wbcErrorString(wbc_status));
1398 return false;
1399 }
1400
1401 wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1402 if (!WBC_ERROR_IS_OK(wbc_status)) {
1403 d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1404 wbcErrorString(wbc_status));
1405 return false;
1406 }
1407
1408 /* Display response */
1409
1410 d_printf("%s%c%s %d\n",
1411 domain, winbind_separator(), name, type);
1412
1413 wbcFreeMemory(domain);
1414 wbcFreeMemory(name);
1415
1416 return true;
1417 }
1418
1419 /* Lookup a list of RIDs */
1420
1421 static bool wbinfo_lookuprids(const char *domain, const char *arg)
1422 {
1423 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1424 struct wbcDomainSid dsid;
1425 char *domain_name = NULL;
1426 const char **names = NULL;
1427 enum wbcSidType *types = NULL;
1428 size_t i, num_rids;
1429 uint32_t *rids = NULL;
1430 const char *p;
1431 char *ridstr;
1432 TALLOC_CTX *mem_ctx = NULL;
1433 bool ret = false;
1434
1435 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1436 domain = get_winbind_domain();
1437 }
1438
1439 wbc_status = wbcStringToSid(domain, &dsid);
1440 if (!WBC_ERROR_IS_OK(wbc_status)) {
1441 struct wbcDomainInfo *dinfo = NULL;
1442
1443 wbc_status = wbcDomainInfo(domain, &dinfo);
1444 if (!WBC_ERROR_IS_OK(wbc_status)) {
1445 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1446 wbcErrorString(wbc_status));
1447 goto done;
1448 }
1449
1450 dsid = dinfo->sid;
1451 wbcFreeMemory(dinfo);
1452 }
1453
1454 mem_ctx = talloc_new(NULL);
1455 if (mem_ctx == NULL) {
1456 d_printf("talloc_new failed\n");
1457 goto done;
1458 }
1459
1460 num_rids = 0;
1461 rids = NULL;
1462 p = arg;
1463
1464 while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1465 int error = 0;
1466 uint32_t rid;
1467
1468 rid = smb_strtoul(ridstr, NULL, 10, &error, SMB_STR_STANDARD);
1469 if (error != 0) {
1470 d_printf("failed to convert rid\n");
1471 goto done;
1472 }
1473 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1474 if (rids == NULL) {
1475 d_printf("talloc_realloc failed\n");
1476 }
1477 rids[num_rids] = rid;
1478 num_rids += 1;
1479 }
1480
1481 if (rids == NULL) {
1482 d_printf("no rids\n");
1483 goto done;
1484 }
1485
1486 wbc_status = wbcLookupRids(
1487 &dsid, num_rids, rids, &p, &names, &types);
1488 if (!WBC_ERROR_IS_OK(wbc_status)) {
1489 d_printf("winbind_lookup_rids failed: %s\n",
1490 wbcErrorString(wbc_status));
1491 goto done;
1492 }
1493
1494 domain_name = discard_const_p(char, p);
1495 d_printf("Domain: %s\n", domain_name);
1496
1497 for (i=0; i<num_rids; i++) {
1498 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1499 wbcSidTypeString(types[i]));
1500 }
1501
1502 ret = true;
1503 done:
1504 wbcFreeMemory(domain_name);
1505 wbcFreeMemory(names);
1506 wbcFreeMemory(types);
1507 TALLOC_FREE(mem_ctx);
1508 return ret;
1509 }
1510
1511 static bool wbinfo_lookup_sids(const char *arg)
1512 {
1513 char sidstr[WBC_SID_STRING_BUFLEN];
1514 struct wbcDomainSid *sids;
1515 struct wbcDomainInfo *domains;
1516 struct wbcTranslatedName *names;
1517 int num_domains;
1518 int i, num_sids;
1519 const char *p;
1520 wbcErr wbc_status;
1521
1522
1523 num_sids = 0;
1524 sids = NULL;
1525 p = arg;
1526
1527 while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1528 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1529 num_sids+1);
1530 if (sids == NULL) {
1531 d_fprintf(stderr, "talloc failed\n");
1532 return false;
1533 }
1534 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1535 if (!WBC_ERROR_IS_OK(wbc_status)) {
1536 d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1537 sidstr, wbcErrorString(wbc_status));
1538 TALLOC_FREE(sids);
1539 return false;
1540 }
1541 num_sids += 1;
1542 }
1543
1544 wbc_status = wbcLookupSids(sids, num_sids, &domains, &num_domains,
1545 &names);
1546 if (!WBC_ERROR_IS_OK(wbc_status)) {
1547 d_fprintf(stderr, "wbcLookupSids failed: %s\n",
1548 wbcErrorString(wbc_status));
1549 TALLOC_FREE(sids);
1550 return false;
1551 }
1552
1553 for (i=0; i<num_sids; i++) {
1554 const char *domain = NULL;
1555
1556 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1557
1558 if (names[i].domain_index >= num_domains) {
1559 domain = "<none>";
1560 } else if (names[i].domain_index < 0) {
1561 domain = "<none>";
1562 } else {
1563 domain = domains[names[i].domain_index].short_name;
1564 }
1565
1566 if (names[i].type == WBC_SID_NAME_DOMAIN) {
1567 d_printf("%s -> %s %d\n", sidstr,
1568 domain,
1569 names[i].type);
1570 } else {
1571 d_printf("%s -> %s%c%s %d\n", sidstr,
1572 domain,
1573 winbind_separator(),
1574 names[i].name, names[i].type);
1575 }
1576 }
1577 wbcFreeMemory(names);
1578 wbcFreeMemory(domains);
1579 return true;
1580 }
1581
1582 /* Convert string to sid */
1583
1584 static bool wbinfo_lookupname(const char *full_name)
1585 {
1586 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1587 struct wbcDomainSid sid;
1588 char sid_str[WBC_SID_STRING_BUFLEN];
1589 enum wbcSidType type;
1590 fstring domain_name;
1591 fstring account_name;
1592
1593 /* Send off request */
1594
1595 parse_wbinfo_domain_user(full_name, domain_name,
1596 account_name);
1597
1598 wbc_status = wbcLookupName(domain_name, account_name,
1599 &sid, &type);
1600 if (!WBC_ERROR_IS_OK(wbc_status)) {
1601 d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1602 wbcErrorString(wbc_status));
1603 return false;
1604 }
1605
1606 wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
1607
1608 /* Display response */
1609
1610 d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1611
1612 return true;
1613 }
1614
1615 static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1616 const char *prefix,
1617 const char *username)
1618 {
1619 char *prompt;
1620 char buf[1024] = {0};
1621 int rc;
1622
1623 prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1624 if (!prompt) {
1625 return NULL;
1626 }
1627 if (prefix) {
1628 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1629 if (!prompt) {
1630 return NULL;
1631 }
1632 }
1633 prompt = talloc_asprintf_append(prompt, "password: ");
1634 if (!prompt) {
1635 return NULL;
1636 }
1637
1638 rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
1639 TALLOC_FREE(prompt);
1640 if (rc < 0) {
1641 return NULL;
1642 }
1643
1644 return talloc_strdup(mem_ctx, buf);
1645 }
1646
1647 /* Authenticate a user with a plaintext password */
1648
1649 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1650 {
1651 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1652 char *s = NULL;
1653 char *p = NULL;
1654 char *password = NULL;
1655 char *name = NULL;
1656 char *local_cctype = NULL;
1657 uid_t uid;
1658 struct wbcLogonUserParams params;
1659 struct wbcLogonUserInfo *info = NULL;
1660 struct wbcAuthErrorInfo *error = NULL;
1661 struct wbcUserPasswordPolicyInfo *policy = NULL;
1662 TALLOC_CTX *frame = talloc_tos();
1663
1664 if ((s = talloc_strdup(frame, username)) == NULL) {
1665 return false;
1666 }
1667
1668 if ((p = strchr(s, '%')) != NULL) {
1669 *p = 0;
1670 p++;
1671 password = talloc_strdup(frame, p);
1672 } else {
1673 password = wbinfo_prompt_pass(frame, NULL, username);
1674 }
1675
1676 local_cctype = talloc_strdup(frame, cctype);
1677
1678 name = s;
1679
1680 uid = geteuid();
1681
1682 params.username = name;
1683 params.password = password;
1684 params.num_blobs = 0;
1685 params.blobs = NULL;
1686
1687 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1688 &params.blobs,
1689 "flags",
1690 0,
1691 (uint8_t *)&flags,
1692 sizeof(flags));
1693 if (!WBC_ERROR_IS_OK(wbc_status)) {
1694 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1695 wbcErrorString(wbc_status));
1696 goto done;
1697 }
1698
1699 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1700 &params.blobs,
1701 "user_uid",
1702 0,
1703 (uint8_t *)&uid,
1704 sizeof(uid));
1705 if (!WBC_ERROR_IS_OK(wbc_status)) {
1706 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1707 wbcErrorString(wbc_status));
1708 goto done;
1709 }
1710
1711 wbc_status = wbcAddNamedBlob(&params.num_blobs,
1712 &params.blobs,
1713 "krb5_cc_type",
1714 0,
1715 (uint8_t *)local_cctype,
1716 strlen(cctype)+1);
1717 if (!WBC_ERROR_IS_OK(wbc_status)) {
1718 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1719 wbcErrorString(wbc_status));
1720 goto done;
1721 }
1722
1723 wbc_status = wbcLogonUser(&params, &info, &error, &policy);
1724
1725 d_printf("plaintext kerberos password authentication for [%s] %s "
1726 "(requesting cctype: %s)\n",
1727 name, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1728 cctype);
1729
1730 if (error) {
1731 d_fprintf(stderr,
1732 "wbcLogonUser(%s): error code was %s (0x%x)\n"
1733 "error message was: %s\n",
1734 params.username, error->nt_string,
1735 error->nt_status,
1736 error->display_string);
1737 }
1738
1739 if (WBC_ERROR_IS_OK(wbc_status)) {
1740 if (flags & WBFLAG_PAM_INFO3_TEXT) {
1741 if (info && info->info && info->info->user_flags &
1742 NETLOGON_CACHED_ACCOUNT) {
1743 d_printf("user_flgs: "
1744 "NETLOGON_CACHED_ACCOUNT\n");
1745 }
1746 }
1747
1748 if (info) {
1749 size_t i;
1750 for (i=0; i < info->num_blobs; i++) {
1751 if (strequal(info->blobs[i].name,
1752 "krb5ccname")) {
1753 d_printf("credentials were put "
1754 "in: %s\n",
1755 (const char *)
1756 info->blobs[i].blob.data);
1757 break;
1758 }
1759 }
1760 } else {
1761 d_printf("no credentials cached\n");
1762 }
1763 }
1764 done:
1765 wbcFreeMemory(error);
1766 wbcFreeMemory(policy);
1767 wbcFreeMemory(info);
1768 wbcFreeMemory(params.blobs);
1769
1770 return WBC_ERROR_IS_OK(wbc_status);
1771 }
1772
1773 /* Authenticate a user with a plaintext password */
1774
1775 static bool wbinfo_auth(char *username)
1776 {
1777 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1778 char *s = NULL;
1779 char *p = NULL;
1780 char *password = NULL;
1781 char *name = NULL;
1782 TALLOC_CTX *frame = talloc_tos();
1783
1784 if ((s = talloc_strdup(frame, username)) == NULL) {
1785 return false;
1786 }
1787
1788 if ((p = strchr(s, '%')) != NULL) {
1789 *p = 0;
1790 p++;
1791 password = talloc_strdup(frame, p);
1792 } else {
1793 password = wbinfo_prompt_pass(frame, NULL, username);
1794 }
1795
1796 name = s;
1797
1798 wbc_status = wbcAuthenticateUser(name, password);
1799
1800 d_printf("plaintext password authentication %s\n",
1801 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1802
1803 #if 0
1804 if (response.data.auth.nt_status)
1805 d_fprintf(stderr,
1806 "error code was %s (0x%x)\nerror message was: %s\n",
1807 response.data.auth.nt_status_string,
1808 response.data.auth.nt_status,
1809 response.data.auth.error_string);
1810 #endif
1811
1812 return WBC_ERROR_IS_OK(wbc_status);
1813 }
1814
1815 /* Authenticate a user with a challenge/response */
1816
1817 static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1818 {
1819 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1820 struct wbcAuthUserParams params;
1821 struct wbcAuthUserInfo *info = NULL;
1822 struct wbcAuthErrorInfo *err = NULL;
1823 DATA_BLOB lm = data_blob_null;
1824 DATA_BLOB nt = data_blob_null;
1825 fstring name_user;
1826 fstring name_domain;
1827 char *pass;
1828 char *p;
1829 TALLOC_CTX *frame = talloc_tos();
1830
1831 p = strchr(username, '%');
1832
1833 if (p) {
1834 *p = 0;
1835 pass = talloc_strdup(frame, p + 1);
1836 } else {
1837 pass = wbinfo_prompt_pass(frame, NULL, username);
1838 }
1839
1840 parse_wbinfo_domain_user(username, name_domain, name_user);
1841
1842 params.account_name = name_user;
1843 params.domain_name = name_domain;
1844 params.workstation_name = NULL;
1845
1846 params.flags = 0;
1847 params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1848 WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1849
1850 params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1851
1852 generate_random_buffer(params.password.response.challenge, 8);
1853
1854 if (use_ntlmv2) {
1855 DATA_BLOB server_chal;
1856 DATA_BLOB names_blob;
1857 const char *netbios_name = NULL;
1858 const char *domain = NULL;
1859
1860 netbios_name = get_winbind_netbios_name(),
1861 domain = get_winbind_domain();
1862 if (domain == NULL) {
1863 d_fprintf(stderr, "Failed to get domain from winbindd\n");
1864 return false;
1865 }
1866
1867 server_chal = data_blob(params.password.response.challenge, 8);
1868
1869 /* Pretend this is a login to 'us', for blob purposes */
1870 names_blob = NTLMv2_generate_names_blob(NULL,
1871 netbios_name,
1872 domain);
1873
1874 if (pass != NULL &&
1875 !SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1876 &server_chal,
1877 &names_blob,
1878 &lm, &nt, NULL, NULL)) {
1879 data_blob_free(&names_blob);
1880 data_blob_free(&server_chal);
1881 TALLOC_FREE(pass);
1882 return false;
1883 }
1884 data_blob_free(&names_blob);
1885 data_blob_free(&server_chal);
1886
1887 } else {
1888 if (use_lanman) {
1889 bool ok;
1890 lm = data_blob(NULL, 24);
1891 ok = SMBencrypt(pass,
1892 params.password.response.challenge,
1893 lm.data);
1894 if (!ok) {
1895 data_blob_free(&lm);
1896 }
1897 }
1898 nt = data_blob(NULL, 24);
1899 SMBNTencrypt(pass, params.password.response.challenge,
1900 nt.data);
1901 }
1902
1903 params.password.response.nt_length = nt.length;
1904 params.password.response.nt_data = nt.data;
1905 params.password.response.lm_length = lm.length;
1906 params.password.response.lm_data = lm.data;
1907
1908 wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1909
1910 /* Display response */
1911
1912 d_printf("challenge/response password authentication %s\n",
1913 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1914
1915 if (wbc_status == WBC_ERR_AUTH_ERROR) {
1916 d_fprintf(stderr,
1917 "wbcAuthenticateUserEx(%s%c%s): error code was "
1918 "%s (0x%x, authoritative=%"PRIu8")\n"
1919 "error message was: %s\n",
1920 name_domain,
1921 winbind_separator(),
1922 name_user,
1923 err->nt_string,
1924 err->nt_status,
1925 err->authoritative,
1926 err->display_string);
1927 wbcFreeMemory(err);
1928 } else if (WBC_ERROR_IS_OK(wbc_status)) {
1929 wbcFreeMemory(info);
1930 }
1931
1932 data_blob_free(&nt);
1933 data_blob_free(&lm);
1934
1935 return WBC_ERROR_IS_OK(wbc_status);
1936 }
1937
1938 /* Authenticate a user with a plaintext password */
1939
1940 static bool wbinfo_pam_logon(char *username, bool verbose)
1941 {
1942 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1943 struct wbcLogonUserParams params;
1944 struct wbcLogonUserInfo *info = NULL;
1945 struct wbcAuthErrorInfo *error = NULL;
1946 char *s = NULL;
1947 char *p = NULL;
1948 TALLOC_CTX *frame = talloc_tos();
1949 uint32_t flags;
1950 uint32_t uid;
1951
1952 ZERO_STRUCT(params);
1953
1954 if ((s = talloc_strdup(frame, username)) == NULL) {
1955 return false;
1956 }
1957
1958 if ((p = strchr(s, '%')) != NULL) {
1959 *p = 0;
1960 p++;
1961 params.password = talloc_strdup(frame, p);
1962 } else {
1963 params.password = wbinfo_prompt_pass(frame, NULL, username);
1964 }
1965 params.username = s;
1966
1967 flags = WBFLAG_PAM_CACHED_LOGIN;
1968
1969 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1970 "flags", 0,
1971 (uint8_t *)&flags, sizeof(flags));
1972 if (!WBC_ERROR_IS_OK(wbc_status)) {
1973 d_printf("wbcAddNamedBlob failed: %s\n",
1974 wbcErrorString(wbc_status));
1975 return false;
1976 }
1977
1978 uid = getuid();
1979
1980 wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1981 "user_uid", 0,
1982 (uint8_t *)&uid, sizeof(uid));
1983 if (!WBC_ERROR_IS_OK(wbc_status)) {
1984 d_printf("wbcAddNamedBlob failed: %s\n",
1985 wbcErrorString(wbc_status));
1986 return false;
1987 }
1988
1989 wbc_status = wbcLogonUser(&params, &info, &error, NULL);
1990
1991 if (verbose && (info != NULL)) {
1992 struct wbcAuthUserInfo *i = info->info;
1993 uint32_t j;
1994
1995 if (i->account_name != NULL) {
1996 d_printf("account_name: %s\n", i->account_name);
1997 }
1998 if (i->user_principal != NULL) {
1999 d_printf("user_principal: %s\n", i->user_principal);
2000 }
2001 if (i->full_name != NULL) {
2002 d_printf("full_name: %s\n", i->full_name);
2003 }
2004 if (i->domain_name != NULL) {
2005 d_printf("domain_name: %s\n", i->domain_name);
2006 }
2007 if (i->dns_domain_name != NULL) {
2008 d_printf("dns_domain_name: %s\n", i->dns_domain_name);
2009 }
2010 if (i->logon_server != NULL) {
2011 d_printf("logon_server: %s\n", i->logon_server);
2012 }
2013 if (i->logon_script != NULL) {
2014 d_printf("logon_script: %s\n", i->logon_script);
2015 }
2016 if (i->profile_path != NULL) {
2017 d_printf("profile_path: %s\n", i->profile_path);
2018 }
2019 if (i->home_directory != NULL) {
2020 d_printf("home_directory: %s\n", i->home_directory);
2021 }
2022 if (i->home_drive != NULL) {
2023 d_printf("home_drive: %s\n", i->home_drive);
2024 }
2025
2026 d_printf("sids:");
2027
2028 for (j=0; j<i->num_sids; j++) {
2029 char buf[WBC_SID_STRING_BUFLEN];
2030 wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
2031 d_printf(" %s", buf);
2032 }
2033 d_printf("\n");
2034
2035 wbcFreeMemory(info);
2036 info = NULL;
2037 }
2038
2039 wbcFreeMemory(params.blobs);
2040
2041 d_printf("plaintext password authentication %s\n",
2042 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2043
2044 if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
2045 d_fprintf(stderr,
2046 "wbcLogonUser(%s): error code was %s (0x%x)\n"
2047 "error message was: %s\n",
2048 params.username,
2049 error->nt_string,
2050 (int)error->nt_status,
2051 error->display_string);
2052 wbcFreeMemory(error);
2053 }
2054 return WBC_ERROR_IS_OK(wbc_status);
2055 }
2056
2057 /* Save creds with winbind */
2058
2059 static bool wbinfo_ccache_save(char *username)
2060 {
2061 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2062 char *s = NULL;
2063 char *p = NULL;
2064 char *password = NULL;
2065 char *name = NULL;
2066 TALLOC_CTX *frame = talloc_stackframe();
2067
2068 s = talloc_strdup(frame, username);
2069 if (s == NULL) {
2070 return false;
2071 }
2072
2073 p = strchr(s, '%');
2074 if (p != NULL) {
2075 *p = 0;
2076 p++;
2077 password = talloc_strdup(frame, p);
2078 } else {
2079 password = wbinfo_prompt_pass(frame, NULL, username);
2080 }
2081
2082 name = s;
2083
2084 wbc_status = wbcCredentialSave(name, password);
2085
2086 d_printf("saving creds %s\n",
2087 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2088
2089 TALLOC_FREE(frame);
2090
2091 return WBC_ERROR_IS_OK(wbc_status);
2092 }
2093
2094 #ifdef WITH_FAKE_KASERVER
2095 /* Authenticate a user with a plaintext password and set a token */
2096
2097 static bool wbinfo_klog(char *username)
2098 {
2099 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2100 struct winbindd_request request;
2101 struct winbindd_response response;
2102 char *p;
2103
2104 /* Send off request */
2105
2106 ZERO_STRUCT(request);
2107 ZERO_STRUCT(response);
2108
2109 p = strchr(username, '%');
2110
2111 if (p) {
2112 *p = 0;
2113 fstrcpy(request.data.auth.user, username);
2114 fstrcpy(request.data.auth.pass, p + 1);
2115 *p = '%';
2116 } else {
2117 fstrcpy(request.data.auth.user, username);
2118 (void) samba_getpass("Password: ",
2119 request.data.auth.pass,
2120 sizeof(request.data.auth.pass),
2121 false, false);
2122 }
2123
2124 request.flags |= WBFLAG_PAM_AFS_TOKEN;
2125
2126 wbc_status = wbcRequestResponse(NULL, WINBINDD_PAM_AUTH,
2127 &request, &response);
2128
2129 /* Display response */
2130
2131 d_printf("plaintext password authentication %s\n",
2132 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2133
2134 if (response.data.auth.nt_status)
2135 d_fprintf(stderr,
2136 "error code was %s (0x%x)\nerror message was: %s\n",
2137 response.data.auth.nt_status_string,
2138 response.data.auth.nt_status,
2139 response.data.auth.error_string);
2140
2141 if (!WBC_ERROR_IS_OK(wbc_status))
2142 return false;
2143
2144 if (response.extra_data.data == NULL) {
2145 d_fprintf(stderr, "Did not get token data\n");
2146 return false;
2147 }
2148
2149 if (!afs_settoken_str((char *)response.extra_data.data)) {
2150 winbindd_free_response(&response);
2151 d_fprintf(stderr, "Could not set token\n");
2152 return false;
2153 }
2154
2155 winbindd_free_response(&response);
2156 d_printf("Successfully created AFS token\n");
2157 return true;
2158 }
2159 #else
2160 static bool wbinfo_klog(char *username)
2161 {
2162 d_fprintf(stderr, "No AFS support compiled in.\n");
2163 return false;
2164 }
2165 #endif
2166
2167 /* Print domain users */
2168
2169 static bool print_domain_users(const char *domain)
2170 {
2171 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2172 uint32_t i;
2173 uint32_t num_users = 0;
2174 const char **users = NULL;
2175
2176 /* Send request to winbind daemon */
2177
2178 if (domain == NULL) {
2179 domain = get_winbind_domain();
2180 } else {
2181 /* '.' is the special sign for our own domain */
2182 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2183 domain = get_winbind_domain();
2184 /* '*' is the special sign for all domains */
2185 } else if (strcmp(domain, "*") == 0) {
2186 domain = NULL;
2187 }
2188 }
2189
2190 wbc_status = wbcListUsers(domain, &num_users, &users);
2191 if (!WBC_ERROR_IS_OK(wbc_status)) {
2192 return false;
2193 }
2194
2195 for (i=0; i < num_users; i++) {
2196 d_printf("%s\n", users[i]);
2197 }
2198
2199 wbcFreeMemory(users);
2200
2201 return true;
2202 }
2203
2204 /* Print domain groups */
2205
2206 static bool print_domain_groups(const char *domain)
2207 {
2208 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2209 uint32_t i;
2210 uint32_t num_groups = 0;
2211 const char **groups = NULL;
2212
2213 /* Send request to winbind daemon */
2214
2215 if (domain == NULL) {
2216 domain = get_winbind_domain();
2217 } else {
2218 /* '.' is the special sign for our own domain */
2219 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2220 domain = get_winbind_domain();
2221 /* '*' is the special sign for all domains */
2222 } else if (strcmp(domain, "*") == 0) {
2223 domain = NULL;
2224 }
2225 }
2226
2227 wbc_status = wbcListGroups(domain, &num_groups, &groups);
2228 if (!WBC_ERROR_IS_OK(wbc_status)) {
2229 d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
2230 wbcErrorString(wbc_status));
2231 return false;
2232 }
2233
2234 for (i=0; i < num_groups; i++) {
2235 d_printf("%s\n", groups[i]);
2236 }
2237
2238 wbcFreeMemory(groups);
2239
2240 return true;
2241 }
2242
2243 /* Set the authorised user for winbindd access in secrets.tdb */
2244
2245 static bool wbinfo_set_auth_user(char *username)
2246 {
2247 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2248 "See 'net help setauthuser' for details.\n");
2249 return false;
2250 }
2251
2252 static void wbinfo_get_auth_user(void)
2253 {
2254 d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2255 "See 'net help getauthuser' for details.\n");
2256 }
2257
2258 static bool wbinfo_ping(void)
2259 {
2260 wbcErr wbc_status;
2261
2262 wbc_status = wbcPing();
2263
2264 /* Display response */
2265
2266 d_printf("Ping to winbindd %s\n",
2267 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2268
2269 return WBC_ERROR_IS_OK(wbc_status);
2270 }
2271
2272 static bool wbinfo_change_user_password(const char *username)
2273 {
2274 wbcErr wbc_status;
2275 char *old_password = NULL;
2276 char *new_password = NULL;
2277 TALLOC_CTX *frame = talloc_tos();
2278
2279 old_password = wbinfo_prompt_pass(frame, "old", username);
2280 new_password = wbinfo_prompt_pass(frame, "new", username);
2281
2282 wbc_status = wbcChangeUserPassword(username, old_password,new_password);
2283
2284 /* Display response */
2285
2286 d_printf("Password change for user %s %s\n", username,
2287 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2288
2289 return WBC_ERROR_IS_OK(wbc_status);
2290 }
2291
2292 /* Main program */
2293
2294 enum {
2295 OPT_SET_AUTH_USER = 1000,
2296 OPT_GET_AUTH_USER,
2297 OPT_DOMAIN_NAME,
2298 OPT_SEQUENCE,
2299 OPT_GETDCNAME,
2300 OPT_DSGETDCNAME,
2301 OPT_DC_INFO,
2302 OPT_USERDOMGROUPS,
2303 OPT_SIDALIASES,
2304 OPT_USERSIDS,
2305 OPT_LOOKUP_SIDS,
2306 OPT_ALLOCATE_UID,
2307 OPT_ALLOCATE_GID,
2308 OPT_SET_UID_MAPPING,
2309 OPT_SET_GID_MAPPING,
2310 OPT_REMOVE_UID_MAPPING,
2311 OPT_REMOVE_GID_MAPPING,
2312 OPT_SIDS_TO_XIDS,
2313 OPT_XIDS_TO_SIDS,
2314 OPT_SEPARATOR,
2315 OPT_LIST_ALL_DOMAINS,
2316 OPT_LIST_OWN_DOMAIN,
2317 OPT_UID_INFO,
2318 OPT_USER_SIDINFO,
2319 OPT_GROUP_INFO,
2320 OPT_GID_INFO,
2321 OPT_VERBOSE,
2322 OPT_ONLINESTATUS,
2323 OPT_CHANGE_USER_PASSWORD,
2324 OPT_CCACHE_SAVE,
2325 OPT_SID_TO_FULLNAME,
2326 OPT_NTLMV1,
2327 OPT_NTLMV2,
2328 OPT_PAM_LOGON,
2329 OPT_LOGOFF,
2330 OPT_LOGOFF_USER,
2331 OPT_LOGOFF_UID,
2332 OPT_LANMAN,
2333 OPT_KRB5CCNAME,
2334 OPT_CHANGE_SECRET_AT
2335 };
2336
2337 int main(int argc, const char **argv, char **envp)
2338 {
2339 int opt;
2340 TALLOC_CTX *frame = talloc_stackframe();
2341 poptContext pc;
2342 static char *string_arg;
2343 char *string_subarg = NULL;
2344 static char *opt_domain_name;
2345 static int int_arg;
2346 int int_subarg = -1;
2347 int result = 1;
2348 bool verbose = false;
2349 bool use_ntlmv2 = true;
2350 bool use_lanman = false;
2351 char *logoff_user = getenv("USER");
2352 int logoff_uid = geteuid();
2353 const char *opt_krb5ccname = "FILE";
2354
2355 struct poptOption long_options[] = {
2356 POPT_AUTOHELP
2357
2358 /* longName, shortName, argInfo, argPtr, value, descrip,
2359 argDesc */
2360
2361 {
2362 .longName = "domain-users",
2363 .shortName = 'u',
2364 .argInfo = POPT_ARG_NONE,
2365 .val = 'u',
2366 .descrip = "Lists all domain users",
2367 .argDescrip = "domain"
2368 },
2369 {
2370 .longName = "domain-groups",
2371 .shortName = 'g',
2372 .argInfo = POPT_ARG_NONE,
2373 .val = 'g',
2374 .descrip = "Lists all domain groups",
2375 .argDescrip = "domain"
2376 },
2377 {
2378 .longName = "WINS-by-name",
2379 .shortName = 'N',
2380 .argInfo = POPT_ARG_STRING,
2381 .arg = &string_arg,
2382 .val = 'N',
2383 .descrip = "Converts NetBIOS name to IP",
2384 .argDescrip = "NETBIOS-NAME"
2385 },
2386 {
2387 .longName = "WINS-by-ip",
2388 .shortName = 'I',
2389 .argInfo = POPT_ARG_STRING,
2390 .arg = &string_arg,
2391 .val = 'I',
2392 .descrip = "Converts IP address to NetBIOS name",
2393 .argDescrip = "IP"
2394 },
2395 {
2396 .longName = "name-to-sid",
2397 .shortName = 'n',
2398 .argInfo = POPT_ARG_STRING,
2399 .arg = &string_arg,
2400 .val = 'n',
2401 .descrip = "Converts name to sid",
2402 .argDescrip = "NAME"
2403 },
2404 {
2405 .longName = "sid-to-name",
2406 .shortName = 's',
2407 .argInfo = POPT_ARG_STRING,
2408 .arg = &string_arg,
2409 .val = 's',
2410 .descrip = "Converts sid to name",
2411 .argDescrip = "SID"
2412 },
2413 {
2414 .longName = "sid-to-fullname",
2415 .argInfo = POPT_ARG_STRING,
2416 .arg = &string_arg,
2417 .val = OPT_SID_TO_FULLNAME,
2418 .descrip = "Converts sid to fullname",
2419 .argDescrip = "SID"
2420 },
2421 {
2422 .longName = "lookup-rids",
2423 .shortName = 'R',
2424 .argInfo = POPT_ARG_STRING,
2425 .arg = &string_arg,
2426 .val = 'R',
2427 .descrip = "Converts RIDs to names",
2428 .argDescrip = "RIDs"
2429 },
2430 {
2431 .longName = "lookup-sids",
2432 .argInfo = POPT_ARG_STRING,
2433 .arg = &string_arg,
2434 .val = OPT_LOOKUP_SIDS,
2435 .descrip = "Converts SIDs to types and names",
2436 .argDescrip = "Sid-List"
2437 },
2438 {
2439 .longName = "uid-to-sid",
2440 .shortName = 'U',
2441 .argInfo = POPT_ARG_INT,
2442 .arg = &int_arg,
2443 .val = 'U',
2444 .descrip = "Converts uid to sid",
2445 .argDescrip = "UID"
2446 },
2447 {
2448 .longName = "gid-to-sid",
2449 .shortName = 'G',
2450 .argInfo = POPT_ARG_INT,
2451 .arg = &int_arg,
2452 .val = 'G',
2453 .descrip = "Converts gid to sid",
2454 .argDescrip = "GID"
2455 },
2456 {
2457 .longName = "sid-to-uid",
2458 .shortName = 'S',
2459 .argInfo = POPT_ARG_STRING,
2460 .arg = &string_arg,
2461 .val = 'S',
2462 .descrip = "Converts sid to uid",
2463 .argDescrip = "SID"
2464 },
2465 {
2466 .longName = "sid-to-gid",
2467 .shortName = 'Y',
2468 .argInfo = POPT_ARG_STRING,
2469 .arg = &string_arg,
2470 .val = 'Y',
2471 .descrip = "Converts sid to gid",
2472 .argDescrip = "SID"
2473 },
2474 {
2475 .longName = "allocate-uid",
2476 .argInfo = POPT_ARG_NONE,
2477 .val = OPT_ALLOCATE_UID,
2478 .descrip = "Get a new UID out of idmap"
2479 },
2480 {
2481 .longName = "allocate-gid",
2482 .argInfo = POPT_ARG_NONE,
2483 .val = OPT_ALLOCATE_GID,
2484 .descrip = "Get a new GID out of idmap"
2485 },
2486 {
2487 .longName = "set-uid-mapping",
2488 .argInfo = POPT_ARG_STRING,
2489 .arg = &string_arg,
2490 .val = OPT_SET_UID_MAPPING,
2491 .descrip = "Create or modify uid to sid mapping in "
2492 "idmap",
2493 .argDescrip = "UID,SID"
2494 },
2495 {
2496 .longName = "set-gid-mapping",
2497 .argInfo = POPT_ARG_STRING,
2498 .arg = &string_arg,
2499 .val = OPT_SET_GID_MAPPING,
2500 .descrip = "Create or modify gid to sid mapping in "
2501 "idmap",
2502 .argDescrip = "GID,SID"
2503 },
2504 {
2505 .longName = "remove-uid-mapping",
2506 .argInfo = POPT_ARG_STRING,
2507 .arg = &string_arg,
2508 .val = OPT_REMOVE_UID_MAPPING,
2509 .descrip = "Remove uid to sid mapping in idmap",
2510 .argDescrip = "UID,SID"
2511 },
2512 {
2513 .longName = "remove-gid-mapping",
2514 .argInfo = POPT_ARG_STRING,
2515 .arg = &string_arg,
2516 .val = OPT_REMOVE_GID_MAPPING,
2517 .descrip = "Remove gid to sid mapping in idmap",
2518 .argDescrip = "GID,SID",
2519 },
2520 {
2521 .longName = "sids-to-unix-ids",
2522 .argInfo = POPT_ARG_STRING,
2523 .arg = &string_arg,
2524 .val = OPT_SIDS_TO_XIDS,
2525 .descrip = "Translate SIDs to Unix IDs",
2526 .argDescrip = "Sid-List",
2527 },
2528 {
2529 .longName = "unix-ids-to-sids",
2530 .argInfo = POPT_ARG_STRING,
2531 .arg = &string_arg,
2532 .val = OPT_XIDS_TO_SIDS,
2533 .descrip = "Translate Unix IDs to SIDs",
2534 .argDescrip = "ID-List (u<num> g<num>)",
2535 },
2536 {
2537 .longName = "check-secret",
2538 .shortName = 't',
2539 .argInfo = POPT_ARG_NONE,
2540 .val = 't',
2541 .descrip = "Check shared secret",
2542 },
2543 {
2544 .longName = "change-secret",
2545 .shortName = 'c',
2546 .argInfo = POPT_ARG_NONE,
2547 .val = 'c',
2548 .descrip = "Change shared secret",
2549 },
2550 {
2551 .longName = "change-secret-at",
2552 .shortName = 0,
2553 .argInfo = POPT_ARG_STRING,
2554 .arg = &string_arg,
2555 .val = OPT_CHANGE_SECRET_AT,
2556 .descrip = "Change shared secret at Domain Controller" },
2557 {
2558 .longName = "ping-dc",
2559 .shortName = 'P',
2560 .argInfo = POPT_ARG_NONE,
2561 .val = 'P',
2562 .descrip = "Check the NETLOGON connection",
2563 },
2564 {
2565 .longName = "trusted-domains",
2566 .shortName = 'm',
2567 .argInfo = POPT_ARG_NONE,
2568 .val = 'm',
2569 .descrip = "List trusted domains",
2570 },
2571 {
2572 .longName = "all-domains",
2573 .argInfo = POPT_ARG_NONE,
2574 .val = OPT_LIST_ALL_DOMAINS,
2575 .descrip = "List all domains (trusted and own "
2576 "domain)",
2577 },
2578 {
2579 .longName = "own-domain",
2580 .argInfo = POPT_ARG_NONE,
2581 .val = OPT_LIST_OWN_DOMAIN,
2582 .descrip = "List own domain",
2583 },
2584 {
2585 .longName = "sequence",
2586 .argInfo = POPT_ARG_NONE,
2587 .val = OPT_SEQUENCE,
2588 .descrip = "Deprecated command, see --online-status",
2589 },
2590 {
2591 .longName = "online-status",
2592 .argInfo = POPT_ARG_NONE,
2593 .val = OPT_ONLINESTATUS,
2594 .descrip = "Show whether domains maintain an active "
2595 "connection",
2596 },
2597 {
2598 .longName = "domain-info",
2599 .shortName = 'D',
2600 .argInfo = POPT_ARG_STRING,
2601 .arg = &string_arg,
2602 .val = 'D',
2603 .descrip = "Show most of the info we have about the "
2604 "domain",
2605 },
2606 {
2607 .longName = "user-info",
2608 .shortName = 'i',
2609 .argInfo = POPT_ARG_STRING,
2610 .arg = &string_arg,
2611 .val = 'i',
2612 .descrip = "Get user info",
2613 .argDescrip = "USER",
2614 },
2615 {
2616 .longName = "uid-info",
2617 .argInfo = POPT_ARG_INT,
2618 .arg = &int_arg,
2619 .val = OPT_UID_INFO,
2620 .descrip = "Get user info from uid",
2621 .argDescrip = "UID",
2622 },
2623 {
2624 .longName = "group-info",
2625 .argInfo = POPT_ARG_STRING,
2626 .arg = &string_arg,
2627 .val = OPT_GROUP_INFO,
2628 .descrip = "Get group info",
2629 .argDescrip = "GROUP",
2630 },
2631 {
2632 .longName = "user-sidinfo",
2633 .argInfo = POPT_ARG_STRING,
2634 .arg = &string_arg,
2635 .val = OPT_USER_SIDINFO,
2636 .descrip = "Get user info from sid",
2637 .argDescrip = "SID",
2638 },
2639 {
2640 .longName = "gid-info",
2641 .argInfo = POPT_ARG_INT,
2642 .arg = &int_arg,
2643 .val = OPT_GID_INFO,
2644 .descrip = "Get group info from gid",
2645 .argDescrip = "GID",
2646 },
2647 {
2648 .longName = "user-groups",
2649 .shortName = 'r',
2650 .argInfo = POPT_ARG_STRING,
2651 .arg = &string_arg,
2652 .val = 'r',
2653 .descrip = "Get user groups",
2654 .argDescrip = "USER",
2655 },
2656 {
2657 .longName = "user-domgroups",
2658 .argInfo = POPT_ARG_STRING,
2659 .arg = &string_arg,
2660 .val = OPT_USERDOMGROUPS,
2661 .descrip = "Get user domain groups",
2662 .argDescrip = "SID",
2663 },
2664 {
2665 .longName = "sid-aliases",
2666 .argInfo = POPT_ARG_STRING,
2667 .arg = &string_arg,
2668 .val = OPT_SIDALIASES,
2669 .descrip = "Get sid aliases",
2670 .argDescrip = "SID",
2671 },
2672 {
2673 .longName = "user-sids",
2674 .argInfo = POPT_ARG_STRING,
2675 .arg = &string_arg,
2676 .val = OPT_USERSIDS,
2677 .descrip = "Get user group sids for user SID",
2678 .argDescrip = "SID",
2679 },
2680 {
2681 .longName = "authenticate",
2682 .shortName = 'a',
2683 .argInfo = POPT_ARG_STRING,
2684 .arg = &string_arg,
2685 .val = 'a',
2686 .descrip = "authenticate user",
2687 .argDescrip = "user%password",
2688 },
2689 {
2690 .longName = "pam-logon",
2691 .argInfo = POPT_ARG_STRING,
2692 .arg = &string_arg,
2693 .val = OPT_PAM_LOGON,
2694 .descrip = "do a pam logon equivalent",
2695 .argDescrip = "user%password",
2696 },
2697 {
2698 .longName = "logoff",
2699 .argInfo = POPT_ARG_NONE,
2700 .val = OPT_LOGOFF,
2701 .descrip = "log off user",
2702 .argDescrip = "uid",
2703 },
2704 {
2705 .longName = "logoff-user",
2706 .argInfo = POPT_ARG_STRING,
2707 .arg = &logoff_user,
2708 .val = OPT_LOGOFF_USER,
2709 .descrip = "username to log off"
2710 },
2711 {
2712 .longName = "logoff-uid",
2713 .argInfo = POPT_ARG_INT,
2714 .arg = &logoff_uid,
2715 .val = OPT_LOGOFF_UID,
2716 .descrip = "uid to log off",
2717 },
2718 {
2719 .longName = "set-auth-user",
2720 .argInfo = POPT_ARG_STRING,
2721 .arg = &string_arg,
2722 .val = OPT_SET_AUTH_USER,
2723 .descrip = "Store user and password used by "
2724 "winbindd (root only)",
2725 .argDescrip = "user%password",
2726 },
2727 {
2728 .longName = "ccache-save",
2729 .shortName = 0,
2730 .argInfo = POPT_ARG_STRING,
2731 .arg = &string_arg,
2732 .val = OPT_CCACHE_SAVE,
2733 .descrip = "Store user and password for ccache "
2734 "operation",
2735 .argDescrip = "user%password",
2736 },
2737 {
2738 .longName = "getdcname",
2739 .argInfo = POPT_ARG_STRING,
2740 .arg = &string_arg,
2741 .val = OPT_GETDCNAME,
2742 .descrip = "Get a DC name for a foreign domain",
2743 .argDescrip = "domainname",
2744 },
2745 {
2746 .longName = "dsgetdcname",
2747 .argInfo = POPT_ARG_STRING,
2748 .arg = &string_arg,
2749 .val = OPT_DSGETDCNAME,
2750 .descrip = "Find a DC for a domain",
2751 .argDescrip = "domainname",
2752 },
2753 {
2754 .longName = "dc-info",
2755 .argInfo = POPT_ARG_STRING,
2756 .arg = &string_arg,
2757 .val = OPT_DC_INFO,
2758 .descrip = "Find the currently known DCs",
2759 .argDescrip = "domainname",
2760 },
2761 {
2762 .longName = "get-auth-user",
2763 .argInfo = POPT_ARG_NONE,
2764 .val = OPT_GET_AUTH_USER,
2765 .descrip = "Retrieve user and password used by "
2766 "winbindd (root only)",
2767 },
2768 {
2769 .longName = "ping",
2770 .shortName = 'p',
2771 .argInfo = POPT_ARG_NONE,
2772 .arg = 0,
2773 .val = 'p',
2774 .descrip = "Ping winbindd to see if it is alive",
2775 },
2776 {
2777 .longName = "domain",
2778 .shortName = 0,
2779 .argInfo = POPT_ARG_STRING,
2780 .arg = &opt_domain_name,
2781 .val = OPT_DOMAIN_NAME,
2782 .descrip = "Define to the domain to restrict "
2783 "operation",
2784 .argDescrip = "domain",
2785 },
2786 #ifdef WITH_FAKE_KASERVER
2787 {
2788 .longName = "klog",
2789 .shortName = 'k',
2790 .argInfo = POPT_ARG_STRING,
2791 .arg = &string_arg,
2792 .val = 'k',
2793 .descrip = "set an AFS token from winbind",
2794 .argDescrip = "user%password",
2795 },
2796 #endif
2797 #ifdef HAVE_KRB5
2798 {
2799 .longName = "krb5auth",
2800 .shortName = 'K',
2801 .argInfo = POPT_ARG_STRING,
2802 .arg = &string_arg,
2803 .val = 'K',
2804 .descrip = "authenticate user using Kerberos",
2805 .argDescrip = "user%password",
2806 },
2807 /* destroys wbinfo --help output */
2808 /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
2809 */
2810 {
2811 .longName = "krb5ccname",
2812 .argInfo = POPT_ARG_STRING,
2813 .arg = &opt_krb5ccname,
2814 .val = OPT_KRB5CCNAME,
2815 .descrip = "authenticate user using Kerberos and "
2816 "specific credential cache type",
2817 .argDescrip = "krb5ccname",
2818 },
2819 #endif
2820 {
2821 .longName = "separator",
2822 .argInfo = POPT_ARG_NONE,
2823 .val = OPT_SEPARATOR,
2824 .descrip = "Get the active winbind separator",
2825 },
2826 {
2827 .longName = "verbose",
2828 .argInfo = POPT_ARG_NONE,
2829 .val = OPT_VERBOSE,
2830 .descrip = "Print additional information per command",
2831 },
2832 {
2833 .longName = "change-user-password",
2834 .argInfo = POPT_ARG_STRING,
2835 .arg = &string_arg,
2836 .val = OPT_CHANGE_USER_PASSWORD,
2837 .descrip = "Change the password for a user",
2838 },
2839 {
2840 .longName = "ntlmv1",
2841 .argInfo = POPT_ARG_NONE,
2842 .val = OPT_NTLMV1,
2843 .descrip = "Use NTLMv1 cryptography for user authentication",
2844 },
2845 {
2846 .longName = "ntlmv2",
2847 .argInfo = POPT_ARG_NONE,
2848 .val = OPT_NTLMV2,
2849 .descrip = "Use NTLMv2 cryptography for user authentication",
2850 },
2851 {
2852 .longName = "lanman",
2853 .argInfo = POPT_ARG_NONE,
2854 .val = OPT_LANMAN,
2855 .descrip = "Use lanman cryptography for user authentication",
2856 },
2857 POPT_COMMON_VERSION
2858 POPT_TABLEEND
2859 };
2860
2861 /* Samba client initialisation */
2862 smb_init_locale();
2863
2864
2865 /* Parse options */
2866
2867 pc = samba_popt_get_context(getprogname(),
2868 argc,
2869 argv,
2870 long_options,
2871 0);
2872 if (pc == NULL) {
2873 DBG_ERR("Failed to setup popt context!\n");
2874 exit(1);
2875 }
2876
2877 /* Parse command line options */
2878
2879 if (argc == 1) {
2880 poptPrintHelp(pc, stderr, 0);
2881 return 1;
2882 }
2883
2884 while((opt = poptGetNextOpt(pc)) != -1) {
2885 /* get the generic configuration parameters like --domain */
2886 switch (opt) {
2887 case OPT_VERBOSE:
2888 verbose = true;
2889 break;
2890 case OPT_NTLMV1:
2891 use_ntlmv2 = false;
2892 break;
2893 case OPT_LANMAN:
2894 use_lanman = true;
2895 break;
2896 }
2897 }
2898
2899 poptFreeContext(pc);
2900
2901 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
2902 POPT_CONTEXT_KEEP_FIRST);
2903
2904 while((opt = poptGetNextOpt(pc)) != -1) {
2905 switch (opt) {
2906 case 'u':
2907 if (!print_domain_users(opt_domain_name)) {
2908 d_fprintf(stderr,
2909 "Error looking up domain users\n");
2910 goto done;
2911 }
2912 break;
2913 case 'g':
2914 if (!print_domain_groups(opt_domain_name)) {
2915 d_fprintf(stderr,
2916 "Error looking up domain groups\n");
2917 goto done;
2918 }
2919 break;
2920 case 's':
2921 if (!wbinfo_lookupsid(string_arg)) {
2922 d_fprintf(stderr,
2923 "Could not lookup sid %s\n",
2924 string_arg);
2925 goto done;
2926 }
2927 break;
2928 case OPT_SID_TO_FULLNAME:
2929 if (!wbinfo_lookupsid_fullname(string_arg)) {
2930 d_fprintf(stderr, "Could not lookup sid %s\n",
2931 string_arg);
2932 goto done;
2933 }
2934 break;
2935 case 'R':
2936 if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2937 d_fprintf(stderr, "Could not lookup RIDs %s\n",
2938 string_arg);
2939 goto done;
2940 }
2941 break;
2942 case OPT_LOOKUP_SIDS:
2943 if (!wbinfo_lookup_sids(string_arg)) {
2944 d_fprintf(stderr, "Could not lookup SIDs %s\n",
2945 string_arg);
2946 goto done;
2947 }
2948 break;
2949 case 'n':
2950 if (!wbinfo_lookupname(string_arg)) {
2951 d_fprintf(stderr, "Could not lookup name %s\n",
2952 string_arg);
2953 goto done;
2954 }
2955 break;
2956 case 'N':
2957 if (!wbinfo_wins_byname(string_arg)) {
2958 d_fprintf(stderr,
2959 "Could not lookup WINS by name %s\n",
2960 string_arg);
2961 goto done;
2962 }
2963 break;
2964 case 'I':
2965 if (!wbinfo_wins_byip(string_arg)) {
2966 d_fprintf(stderr,
2967 "Could not lookup WINS by IP %s\n",
2968 string_arg);
2969 goto done;
2970 }
2971 break;
2972 case 'U':
2973 if (!wbinfo_uid_to_sid(int_arg)) {
2974 d_fprintf(stderr,
2975 "Could not convert uid %d to sid\n",
2976 int_arg);
2977 goto done;
2978 }
2979 break;
2980 case 'G':
2981 if (!wbinfo_gid_to_sid(int_arg)) {
2982 d_fprintf(stderr,
2983 "Could not convert gid %d to sid\n",
2984 int_arg);
2985 goto done;
2986 }
2987 break;
2988 case 'S':
2989 if (!wbinfo_sid_to_uid(string_arg)) {
2990 d_fprintf(stderr,
2991 "Could not convert sid %s to uid\n",
2992 string_arg);
2993 goto done;
2994 }
2995 break;
2996 case 'Y':
2997 if (!wbinfo_sid_to_gid(string_arg)) {
2998 d_fprintf(stderr,
2999 "Could not convert sid %s to gid\n",
3000 string_arg);
3001 goto done;
3002 }
3003 break;
3004 case OPT_ALLOCATE_UID:
3005 if (!wbinfo_allocate_uid()) {
3006 d_fprintf(stderr, "Could not allocate a uid\n");
3007 goto done;
3008 }
3009 break;
3010 case OPT_ALLOCATE_GID:
3011 if (!wbinfo_allocate_gid()) {
3012 d_fprintf(stderr, "Could not allocate a gid\n");
3013 goto done;
3014 }
3015 break;
3016 case OPT_SET_UID_MAPPING:
3017 if (!parse_mapping_arg(string_arg, &int_subarg,
3018 &string_subarg) ||
3019 !wbinfo_set_uid_mapping(int_subarg, string_subarg))
3020 {
3021 d_fprintf(stderr, "Could not create or modify "
3022 "uid to sid mapping\n");
3023 goto done;
3024 }
3025 break;
3026 case OPT_SET_GID_MAPPING:
3027 if (!parse_mapping_arg(string_arg, &int_subarg,
3028 &string_subarg) ||
3029 !wbinfo_set_gid_mapping(int_subarg, string_subarg))
3030 {
3031 d_fprintf(stderr, "Could not create or modify "
3032 "gid to sid mapping\n");
3033 goto done;
3034 }
3035 break;
3036 case OPT_REMOVE_UID_MAPPING:
3037 if (!parse_mapping_arg(string_arg, &int_subarg,
3038 &string_subarg) ||
3039 !wbinfo_remove_uid_mapping(int_subarg,
3040 string_subarg))
3041 {
3042 d_fprintf(stderr, "Could not remove uid to sid "
3043 "mapping\n");
3044 goto done;
3045 }
3046 break;
3047 case OPT_REMOVE_GID_MAPPING:
3048 if (!parse_mapping_arg(string_arg, &int_subarg,
3049 &string_subarg) ||
3050 !wbinfo_remove_gid_mapping(int_subarg,
3051 string_subarg))
3052 {
3053 d_fprintf(stderr, "Could not remove gid to sid "
3054 "mapping\n");
3055 goto done;
3056 }
3057 break;
3058 case OPT_SIDS_TO_XIDS:
3059 if (!wbinfo_sids_to_unix_ids(string_arg)) {
3060 d_fprintf(stderr, "wbinfo_sids_to_unix_ids "
3061 "failed\n");
3062 goto done;
3063 }
3064 break;
3065 case OPT_XIDS_TO_SIDS:
3066 if (!wbinfo_xids_to_sids(string_arg)) {
3067 d_fprintf(stderr, "wbinfo_xids_to_sids "
3068 "failed\n");
3069 goto done;
3070 }
3071 break;
3072 case 't':
3073 if (!wbinfo_check_secret(opt_domain_name)) {
3074 d_fprintf(stderr, "Could not check secret\n");
3075 goto done;
3076 }
3077 break;
3078 case 'c':
3079 if (!wbinfo_change_secret(opt_domain_name)) {
3080 d_fprintf(stderr, "Could not change secret\n");
3081 goto done;
3082 }
3083 break;
3084 case OPT_CHANGE_SECRET_AT:
3085 if (!wbinfo_change_secret_at(opt_domain_name, string_arg)) {
3086 d_fprintf(stderr, "Could not change secret\n");
3087 goto done;
3088 }
3089 break;
3090 case 'P':
3091 if (!wbinfo_ping_dc(opt_domain_name)) {
3092 goto done;
3093 }
3094 break;
3095 case 'm':
3096 if (!wbinfo_list_domains(false, verbose)) {
3097 d_fprintf(stderr,
3098 "Could not list trusted domains\n");
3099 goto done;
3100 }
3101 break;
3102 case OPT_SEQUENCE:
3103 if (!wbinfo_show_sequence(opt_domain_name)) {
3104 d_fprintf(stderr,
3105 "Could not show sequence numbers\n");
3106 goto done;
3107 }
3108 break;
3109 case OPT_ONLINESTATUS:
3110 if (!wbinfo_show_onlinestatus(opt_domain_name)) {
3111 d_fprintf(stderr,
3112 "Could not show online-status\n");
3113 goto done;
3114 }
3115 break;
3116 case 'D':
3117 if (!wbinfo_domain_info(string_arg)) {
3118 d_fprintf(stderr,
3119 "Could not get domain info\n");
3120 goto done;
3121 }
3122 break;
3123 case 'i':
3124 if (!wbinfo_get_userinfo(string_arg)) {
3125 d_fprintf(stderr,
3126 "Could not get info for user %s\n",
3127 string_arg);
3128 goto done;
3129 }
3130 break;
3131 case OPT_USER_SIDINFO:
3132 if ( !wbinfo_get_user_sidinfo(string_arg)) {
3133 d_fprintf(stderr,
3134 "Could not get info for user "
3135 "sid %s\n", string_arg);
3136 goto done;
3137 }
3138 break;
3139 case OPT_UID_INFO:
3140 if ( !wbinfo_get_uidinfo(int_arg)) {
3141 d_fprintf(stderr, "Could not get info for uid "
3142 "%d\n", int_arg);
3143 goto done;
3144 }
3145 break;
3146 case OPT_GROUP_INFO:
3147 if ( !wbinfo_get_groupinfo(string_arg)) {
3148 d_fprintf(stderr, "Could not get info for "
3149 "group %s\n", string_arg);
3150 goto done;
3151 }
3152 break;
3153 case OPT_GID_INFO:
3154 if ( !wbinfo_get_gidinfo(int_arg)) {
3155 d_fprintf(stderr, "Could not get info for gid "
3156 "%d\n", int_arg);
3157 goto done;
3158 }
3159 break;
3160 case 'r':
3161 if (!wbinfo_get_usergroups(string_arg)) {
3162 d_fprintf(stderr,
3163 "Could not get groups for user %s\n",
3164 string_arg);
3165 goto done;
3166 }
3167 break;
3168 case OPT_USERSIDS:
3169 if (!wbinfo_get_usersids(string_arg)) {
3170 d_fprintf(stderr, "Could not get group SIDs "
3171 "for user SID %s\n",
3172 string_arg);
3173 goto done;
3174 }
3175 break;
3176 case OPT_USERDOMGROUPS:
3177 if (!wbinfo_get_userdomgroups(string_arg)) {
3178 d_fprintf(stderr, "Could not get user's domain "
3179 "groups for user SID %s\n",
3180 string_arg);
3181 goto done;
3182 }
3183 break;
3184 case OPT_SIDALIASES:
3185 if (!wbinfo_get_sidaliases(opt_domain_name,
3186 string_arg)) {
3187 d_fprintf(stderr, "Could not get sid aliases "
3188 "for user SID %s\n", string_arg);
3189 goto done;
3190 }
3191 break;
3192 case 'a': {
3193 bool got_error = false;
3194
3195 if (!wbinfo_auth(string_arg)) {
3196 d_fprintf(stderr,
3197 "Could not authenticate user "
3198 "%s with plaintext "
3199 "password\n", string_arg);
3200 got_error = true;
3201 }
3202
3203 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
3204 use_lanman)) {
3205 d_fprintf(stderr,
3206 "Could not authenticate user "
3207 "%s with challenge/response\n",
3208 string_arg);
3209 got_error = true;
3210 }
3211
3212 if (got_error)
3213 goto done;
3214 break;
3215 }
3216 case OPT_PAM_LOGON:
3217 if (!wbinfo_pam_logon(string_arg, verbose)) {
3218 d_fprintf(stderr, "pam_logon failed for %s\n",
3219 string_arg);
3220 goto done;
3221 }
3222 break;
3223 case OPT_LOGOFF:
3224 {
3225 wbcErr wbc_status;
3226
3227 wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
3228 "");
3229 d_printf("Logoff %s (%d): %s\n", logoff_user,
3230 logoff_uid, wbcErrorString(wbc_status));
3231 break;
3232 }
3233 case 'K': {
3234 uint32_t flags = WBFLAG_PAM_KRB5 |
3235 WBFLAG_PAM_CACHED_LOGIN |
3236 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
3237 WBFLAG_PAM_INFO3_TEXT |
3238 WBFLAG_PAM_CONTACT_TRUSTDOM;
3239
3240 if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
3241 flags)) {
3242 d_fprintf(stderr,
3243 "Could not authenticate user "
3244 "[%s] with Kerberos "
3245 "(ccache: %s)\n", string_arg,
3246 opt_krb5ccname);
3247 goto done;
3248 }
3249 break;
3250 }
3251 case 'k':
3252 if (!wbinfo_klog(string_arg)) {
3253 d_fprintf(stderr, "Could not klog user\n");
3254 goto done;
3255 }
3256 break;
3257 case 'p':
3258 if (!wbinfo_ping()) {
3259 d_fprintf(stderr, "could not ping winbindd!\n");
3260 goto done;
3261 }
3262 break;
3263 case OPT_SET_AUTH_USER:
3264 if (!wbinfo_set_auth_user(string_arg)) {
3265 goto done;
3266 }
3267 break;
3268 case OPT_GET_AUTH_USER:
3269 wbinfo_get_auth_user();
3270 goto done;
3271 break;
3272 case OPT_CCACHE_SAVE:
3273 if (!wbinfo_ccache_save(string_arg)) {
3274 goto done;
3275 }
3276 break;
3277 case OPT_GETDCNAME:
3278 if (!wbinfo_getdcname(string_arg)) {
3279 goto done;
3280 }
3281 break;
3282 case OPT_DSGETDCNAME:
3283 if (!wbinfo_dsgetdcname(string_arg, 0)) {
3284 goto done;
3285 }
3286 break;
3287 case OPT_DC_INFO:
3288 if (!wbinfo_dc_info(string_arg)) {
3289 goto done;
3290 }
3291 break;
3292 case OPT_SEPARATOR: {
3293 const char sep = winbind_separator();
3294 if ( !sep ) {
3295 goto done;
3296 }
3297 d_printf("%c\n", sep);
3298 break;
3299 }
3300 case OPT_LIST_ALL_DOMAINS:
3301 if (!wbinfo_list_domains(true, verbose)) {
3302 goto done;
3303 }
3304 break;
3305 case OPT_LIST_OWN_DOMAIN:
3306 if (!wbinfo_list_own_domain()) {
3307 goto done;
3308 }
3309 break;
3310 case OPT_CHANGE_USER_PASSWORD:
3311 if (!wbinfo_change_user_password(string_arg)) {
3312 d_fprintf(stderr,
3313 "Could not change user password "
3314 "for user %s\n", string_arg);
3315 goto done;
3316 }
3317 break;
3318
3319 /* generic configuration options */
3320 case OPT_DOMAIN_NAME:
3321 case OPT_VERBOSE:
3322 case OPT_NTLMV1:
3323 case OPT_NTLMV2:
3324 case OPT_LANMAN:
3325 case OPT_LOGOFF_USER:
3326 case OPT_LOGOFF_UID:
3327 case OPT_KRB5CCNAME:
3328 break;
3329 default:
3330 d_fprintf(stderr, "Invalid option\n");
3331 poptPrintHelp(pc, stderr, 0);
3332 goto done;
3333 }
3334 }
3335
3336 result = 0;
3337
3338 /* Exit code */
3339
3340 done:
3341 talloc_free(frame);
3342
3343 poptFreeContext(pc);
3344 return result;
3345 }
GSS-enabled samba4