Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.3.x/source/nsswitch/wbinfo.c@ 292

Visit:

Last change on this file since 292 was 206, checked in by Herwig Bauernfeind, 16 years ago
Import Samba 3.3 branch at 3.0.0 level (psmedley's port)
File size: 45.1 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3
4	Winbind status program.
5
6	Copyright (C) Tim Potter 2000-2003
7	Copyright (C) Andrew Bartlett 2002
8
9	This program is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 3 of the License, or
12	(at your option) any later version.
13
14	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.
18
19	You should have received a copy of the GNU General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#include "includes.h"
24	#include "winbind_client.h"
25	#include "libwbclient/wbclient.h"
26
27	#undef DBGC_CLASS
28	#define DBGC_CLASS DBGC_WINBIND
29
30	static struct wbcInterfaceDetails *init_interface_details(void)
31	{
32	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
33	static struct wbcInterfaceDetails *details;
34
35	if (details) {
36	return details;
37	}
38
39	wbc_status = wbcInterfaceDetails(&details);
40	if (!WBC_ERROR_IS_OK(wbc_status)) {
41	d_fprintf(stderr, "could not obtain winbind interface details!\n");
42	}
43
44	return details;
45	}
46
47	static char winbind_separator_int(bool strict)
48	{
49	struct wbcInterfaceDetails *details;
50	static bool got_sep;
51	static char sep;
52
53	if (got_sep)
54	return sep;
55
56	details = init_interface_details();
57
58	if (!details) {
59	d_fprintf(stderr, "could not obtain winbind separator!\n");
60	if (strict) {
61	return 0;
62	}
63	/* HACK: (this module should not call lp_ funtions) */
64	return *lp_winbind_separator();
65	}
66
67	sep = details->winbind_separator;
68	got_sep = true;
69
70	if (!sep) {
71	d_fprintf(stderr, "winbind separator was NULL!\n");
72	if (strict) {
73	return 0;
74	}
75	/* HACK: (this module should not call lp_ funtions) */
76	sep = *lp_winbind_separator();
77	}
78
79	return sep;
80	}
81
82	static char winbind_separator(void)
83	{
84	return winbind_separator_int(false);
85	}
86
87	static const char *get_winbind_domain(void)
88	{
89	static struct wbcInterfaceDetails *details;
90
91	details = init_interface_details();
92
93	if (!details) {
94	d_fprintf(stderr, "could not obtain winbind domain name!\n");
95
96	/* HACK: (this module should not call lp_ functions) */
97	return lp_workgroup();
98	}
99
100	return details->netbios_domain;
101	}
102
103	/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
104	form DOMAIN/user into a domain and a user */
105
106	static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
107	fstring user)
108	{
109
110	char *p = strchr(domuser,winbind_separator());
111
112	if (!p) {
113	/* Maybe it was a UPN? */
114	if ((p = strchr(domuser, '@')) != NULL) {
115	fstrcpy(domain, "");
116	fstrcpy(user, domuser);
117	return true;
118	}
119
120	fstrcpy(user, domuser);
121	fstrcpy(domain, get_winbind_domain());
122	return true;
123	}
124
125	fstrcpy(user, p+1);
126	fstrcpy(domain, domuser);
127	domain[PTR_DIFF(p, domuser)] = 0;
128	strupper_m(domain);
129
130	return true;
131	}
132
133	/* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
134	* Return true if input was valid, false otherwise. */
135	static bool parse_mapping_arg(char arg, int id, char **sid)
136	{
137	char tmp, endptr;
138
139	if (!arg \|\| !*arg)
140	return false;
141
142	tmp = strtok(arg, ",");
143	*sid = strtok(NULL, ",");
144
145	if (!tmp \|\| !tmp \|\| !sid \|\| !**sid)
146	return false;
147
148	/* Because atoi() can return 0 on invalid input, which would be a valid
149	* UID/GID we must use strtoul() and do error checking */
150	*id = strtoul(tmp, &endptr, 10);
151
152	if (endptr[0] != '\0')
153	return false;
154
155	return true;
156	}
157
158	/* pull pwent info for a given user */
159
160	static bool wbinfo_get_userinfo(char *user)
161	{
162	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
163	struct passwd *pwd = NULL;
164
165	wbc_status = wbcGetpwnam(user, &pwd);
166	if (!WBC_ERROR_IS_OK(wbc_status)) {
167	return false;
168	}
169
170	d_printf("%s:%s:%d:%d:%s:%s:%s\n",
171	pwd->pw_name,
172	pwd->pw_passwd,
173	pwd->pw_uid,
174	pwd->pw_gid,
175	pwd->pw_gecos,
176	pwd->pw_dir,
177	pwd->pw_shell);
178
179	return true;
180	}
181
182	/* pull pwent info for a given uid */
183	static bool wbinfo_get_uidinfo(int uid)
184	{
185	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
186	struct passwd *pwd = NULL;
187
188	wbc_status = wbcGetpwuid(uid, &pwd);
189	if (!WBC_ERROR_IS_OK(wbc_status)) {
190	return false;
191	}
192
193	d_printf("%s:%s:%d:%d:%s:%s:%s\n",
194	pwd->pw_name,
195	pwd->pw_passwd,
196	pwd->pw_uid,
197	pwd->pw_gid,
198	pwd->pw_gecos,
199	pwd->pw_dir,
200	pwd->pw_shell);
201
202	return true;
203	}
204
205	/* pull grent for a given group */
206	static bool wbinfo_get_groupinfo(const char *group)
207	{
208	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
209	struct group *grp;
210
211	wbc_status = wbcGetgrnam(group, &grp);
212	if (!WBC_ERROR_IS_OK(wbc_status)) {
213	return false;
214	}
215
216	d_printf("%s:%s:%d\n",
217	grp->gr_name,
218	grp->gr_passwd,
219	grp->gr_gid);
220
221	wbcFreeMemory(grp);
222
223	return true;
224	}
225
226	/* List groups a user is a member of */
227
228	static bool wbinfo_get_usergroups(const char *user)
229	{
230	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
231	uint32_t num_groups;
232	uint32_t i;
233	gid_t *groups = NULL;
234
235	/* Send request */
236
237	wbc_status = wbcGetGroups(user, &num_groups, &groups);
238	if (!WBC_ERROR_IS_OK(wbc_status)) {
239	return false;
240	}
241
242	for (i = 0; i < num_groups; i++) {
243	d_printf("%d\n", (int)groups[i]);
244	}
245
246	wbcFreeMemory(groups);
247
248	return true;
249	}
250
251
252	/* List group SIDs a user SID is a member of */
253	static bool wbinfo_get_usersids(const char *user_sid_str)
254	{
255	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
256	uint32_t num_sids;
257	uint32_t i;
258	struct wbcDomainSid user_sid, *sids = NULL;
259
260	/* Send request */
261
262	wbc_status = wbcStringToSid(user_sid_str, &user_sid);
263	if (!WBC_ERROR_IS_OK(wbc_status)) {
264	return false;
265	}
266
267	wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
268	if (!WBC_ERROR_IS_OK(wbc_status)) {
269	return false;
270	}
271
272	for (i = 0; i < num_sids; i++) {
273	char *str = NULL;
274	wbc_status = wbcSidToString(&sids[i], &str);
275	if (!WBC_ERROR_IS_OK(wbc_status)) {
276	wbcFreeMemory(sids);
277	return false;
278	}
279	d_printf("%s\n", str);
280	wbcFreeMemory(str);
281	}
282
283	wbcFreeMemory(sids);
284
285	return true;
286	}
287
288	static bool wbinfo_get_userdomgroups(const char *user_sid_str)
289	{
290	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
291	uint32_t num_sids;
292	uint32_t i;
293	struct wbcDomainSid user_sid, *sids = NULL;
294
295	/* Send request */
296
297	wbc_status = wbcStringToSid(user_sid_str, &user_sid);
298	if (!WBC_ERROR_IS_OK(wbc_status)) {
299	return false;
300	}
301
302	wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
303	if (!WBC_ERROR_IS_OK(wbc_status)) {
304	return false;
305	}
306
307	for (i = 0; i < num_sids; i++) {
308	char *str = NULL;
309	wbc_status = wbcSidToString(&sids[i], &str);
310	if (!WBC_ERROR_IS_OK(wbc_status)) {
311	wbcFreeMemory(sids);
312	return false;
313	}
314	d_printf("%s\n", str);
315	wbcFreeMemory(str);
316	}
317
318	wbcFreeMemory(sids);
319
320	return true;
321	}
322
323	/* Convert NetBIOS name to IP */
324
325	static bool wbinfo_wins_byname(const char *name)
326	{
327	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
328	char *ip = NULL;
329
330	wbc_status = wbcResolveWinsByName(name, &ip);
331	if (!WBC_ERROR_IS_OK(wbc_status)) {
332	return false;
333	}
334
335	/* Display response */
336
337	d_printf("%s\n", ip);
338
339	wbcFreeMemory(ip);
340
341	return true;
342	}
343
344	/* Convert IP to NetBIOS name */
345
346	static bool wbinfo_wins_byip(const char *ip)
347	{
348	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
349	char *name = NULL;
350
351	wbc_status = wbcResolveWinsByIP(ip, &name);
352	if (!WBC_ERROR_IS_OK(wbc_status)) {
353	return false;
354	}
355
356	/* Display response */
357
358	d_printf("%s\n", name);
359
360	wbcFreeMemory(name);
361
362	return true;
363	}
364
365	/* List all/trusted domains */
366
367	static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
368	{
369	struct wbcDomainInfo *domain_list = NULL;
370	size_t num_domains;
371	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
372	bool print_all = !list_all_domains && verbose;
373	int i;
374
375	wbc_status = wbcListTrusts(&domain_list, &num_domains);
376	if (!WBC_ERROR_IS_OK(wbc_status)) {
377	return false;
378	}
379
380	if (print_all) {
381	d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
382	"Domain Name", "DNS Domain", "Trust Type",
383	"Transitive", "In", "Out");
384	}
385
386	for (i=0; i<num_domains; i++) {
387	if (print_all) {
388	d_printf("%-16s", domain_list[i].short_name);
389	} else {
390	d_printf("%s", domain_list[i].short_name);
391	d_printf("\n");
392	continue;
393	}
394
395	d_printf("%-24s", domain_list[i].dns_name);
396
397	switch(domain_list[i].trust_type) {
398	case WBC_DOMINFO_TRUSTTYPE_NONE:
399	d_printf("None ");
400	break;
401	case WBC_DOMINFO_TRUSTTYPE_FOREST:
402	d_printf("Forest ");
403	break;
404	case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
405	d_printf("External ");
406	break;
407	case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
408	d_printf("In-Forest ");
409	break;
410	}
411
412	if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
413	d_printf("Yes ");
414	} else {
415	d_printf("No ");
416	}
417
418	if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
419	d_printf("Yes ");
420	} else {
421	d_printf("No ");
422	}
423
424	if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
425	d_printf("Yes ");
426	} else {
427	d_printf("No ");
428	}
429
430	d_printf("\n");
431	}
432
433	return true;
434	}
435
436	/* List own domain */
437
438	static bool wbinfo_list_own_domain(void)
439	{
440	d_printf("%s\n", get_winbind_domain());
441
442	return true;
443	}
444
445	/* show sequence numbers */
446	static bool wbinfo_show_sequence(const char *domain)
447	{
448	d_printf("This command has been deprecated. Please use the --online-status option instead.\n");
449	return false;
450	}
451
452	/* show sequence numbers */
453	static bool wbinfo_show_onlinestatus(const char *domain)
454	{
455	struct wbcDomainInfo *domain_list = NULL;
456	size_t num_domains;
457	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
458	int i;
459
460	wbc_status = wbcListTrusts(&domain_list, &num_domains);
461	if (!WBC_ERROR_IS_OK(wbc_status)) {
462	return false;
463	}
464
465	for (i=0; i<num_domains; i++) {
466	bool is_offline;
467
468	if (domain) {
469	if (!strequal(domain_list[i].short_name, domain)) {
470	continue;
471	}
472	}
473
474	is_offline = (domain_list[i].domain_flags & WBC_DOMINFO_DOMAIN_OFFLINE);
475
476	d_printf("%s : %s\n",
477	domain_list[i].short_name,
478	is_offline ? "offline" : "online" );
479	}
480
481	return true;
482	}
483
484
485	/* Show domain info */
486
487	static bool wbinfo_domain_info(const char *domain)
488	{
489	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
490	struct wbcDomainInfo *dinfo = NULL;
491	char *sid_str = NULL;
492
493	if ((domain == NULL) \|\| (strequal(domain, ".")) \|\| (domain[0] == '\0')) {
494	domain = get_winbind_domain();
495	}
496
497	/* Send request */
498
499	wbc_status = wbcDomainInfo(domain, &dinfo);
500	if (!WBC_ERROR_IS_OK(wbc_status)) {
501	return false;
502	}
503
504	wbc_status = wbcSidToString(&dinfo->sid, &sid_str);
505	if (!WBC_ERROR_IS_OK(wbc_status)) {
506	wbcFreeMemory(dinfo);
507	return false;
508	}
509
510	/* Display response */
511
512	d_printf("Name : %s\n", dinfo->short_name);
513	d_printf("Alt_Name : %s\n", dinfo->dns_name);
514
515	d_printf("SID : %s\n", sid_str);
516
517	d_printf("Active Directory : %s\n",
518	(dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
519	d_printf("Native : %s\n",
520	(dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ? "Yes" : "No");
521
522	d_printf("Primary : %s\n",
523	(dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ? "Yes" : "No");
524
525	wbcFreeMemory(sid_str);
526	wbcFreeMemory(dinfo);
527
528	return true;
529	}
530
531	/* Get a foreign DC's name */
532	static bool wbinfo_getdcname(const char *domain_name)
533	{
534	struct winbindd_request request;
535	struct winbindd_response response;
536
537	ZERO_STRUCT(request);
538	ZERO_STRUCT(response);
539
540	fstrcpy(request.domain_name, domain_name);
541
542	/* Send request */
543
544	if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
545	NSS_STATUS_SUCCESS) {
546	d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
547	return false;
548	}
549
550	/* Display response */
551
552	d_printf("%s\n", response.data.dc_name);
553
554	return true;
555	}
556
557	/* Find a DC */
558	static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
559	{
560	struct winbindd_request request;
561	struct winbindd_response response;
562
563	ZERO_STRUCT(request);
564	ZERO_STRUCT(response);
565
566	fstrcpy(request.data.dsgetdcname.domain_name, domain_name);
567	request.data.dsgetdcname.flags = flags;
568
569	request.flags \|= DS_DIRECTORY_SERVICE_REQUIRED;
570
571	/* Send request */
572
573	if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
574	NSS_STATUS_SUCCESS) {
575	d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
576	return false;
577	}
578
579	/* Display response */
580
581	d_printf("%s\n", response.data.dsgetdcname.dc_unc);
582	d_printf("%s\n", response.data.dsgetdcname.dc_address);
583	d_printf("%d\n", response.data.dsgetdcname.dc_address_type);
584	d_printf("%s\n", response.data.dsgetdcname.domain_guid);
585	d_printf("%s\n", response.data.dsgetdcname.domain_name);
586	d_printf("%s\n", response.data.dsgetdcname.forest_name);
587	d_printf("0x%08x\n", response.data.dsgetdcname.dc_flags);
588	d_printf("%s\n", response.data.dsgetdcname.dc_site_name);
589	d_printf("%s\n", response.data.dsgetdcname.client_site_name);
590
591	return true;
592	}
593
594	/* Check trust account password */
595
596	static bool wbinfo_check_secret(void)
597	{
598	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
599	struct wbcAuthErrorInfo *error = NULL;
600
601	wbc_status = wbcCheckTrustCredentials(NULL, &error);
602
603	d_printf("checking the trust secret via RPC calls %s\n",
604	WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
605
606	if (wbc_status == WBC_ERR_AUTH_ERROR) {
607	d_fprintf(stderr, "error code was %s (0x%x)\n",
608	error->nt_string, error->nt_status);
609	wbcFreeMemory(error);
610	}
611	if (!WBC_ERROR_IS_OK(wbc_status)) {
612	return false;
613	}
614
615	return true;
616	}
617
618	/* Convert uid to sid */
619
620	static bool wbinfo_uid_to_sid(uid_t uid)
621	{
622	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
623	struct wbcDomainSid sid;
624	char *sid_str = NULL;
625
626	/* Send request */
627
628	wbc_status = wbcUidToSid(uid, &sid);
629	if (!WBC_ERROR_IS_OK(wbc_status)) {
630	return false;
631	}
632
633	wbc_status = wbcSidToString(&sid, &sid_str);
634	if (!WBC_ERROR_IS_OK(wbc_status)) {
635	return false;
636	}
637
638	/* Display response */
639
640	d_printf("%s\n", sid_str);
641
642	wbcFreeMemory(sid_str);
643
644	return true;
645	}
646
647	/* Convert gid to sid */
648
649	static bool wbinfo_gid_to_sid(gid_t gid)
650	{
651	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
652	struct wbcDomainSid sid;
653	char *sid_str = NULL;
654
655	/* Send request */
656
657	wbc_status = wbcGidToSid(gid, &sid);
658	if (!WBC_ERROR_IS_OK(wbc_status)) {
659	return false;
660	}
661
662	wbc_status = wbcSidToString(&sid, &sid_str);
663	if (!WBC_ERROR_IS_OK(wbc_status)) {
664	return false;
665	}
666
667	/* Display response */
668
669	d_printf("%s\n", sid_str);
670
671	wbcFreeMemory(sid_str);
672
673	return true;
674	}
675
676	/* Convert sid to uid */
677
678	static bool wbinfo_sid_to_uid(const char *sid_str)
679	{
680	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
681	struct wbcDomainSid sid;
682	uid_t uid;
683
684	/* Send request */
685
686	wbc_status = wbcStringToSid(sid_str, &sid);
687	if (!WBC_ERROR_IS_OK(wbc_status)) {
688	return false;
689	}
690
691	wbc_status = wbcSidToUid(&sid, &uid);
692	if (!WBC_ERROR_IS_OK(wbc_status)) {
693	return false;
694	}
695
696	/* Display response */
697
698	d_printf("%d\n", (int)uid);
699
700	return true;
701	}
702
703	static bool wbinfo_sid_to_gid(const char *sid_str)
704	{
705	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
706	struct wbcDomainSid sid;
707	gid_t gid;
708
709	/* Send request */
710
711	wbc_status = wbcStringToSid(sid_str, &sid);
712	if (!WBC_ERROR_IS_OK(wbc_status)) {
713	return false;
714	}
715
716	wbc_status = wbcSidToGid(&sid, &gid);
717	if (!WBC_ERROR_IS_OK(wbc_status)) {
718	return false;
719	}
720
721	/* Display response */
722
723	d_printf("%d\n", (int)gid);
724
725	return true;
726	}
727
728	static bool wbinfo_allocate_uid(void)
729	{
730	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
731	uid_t uid;
732
733	/* Send request */
734
735	wbc_status = wbcAllocateUid(&uid);
736	if (!WBC_ERROR_IS_OK(wbc_status)) {
737	return false;
738	}
739
740	/* Display response */
741
742	d_printf("New uid: %d\n", uid);
743
744	return true;
745	}
746
747	static bool wbinfo_allocate_gid(void)
748	{
749	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
750	gid_t gid;
751
752	/* Send request */
753
754	wbc_status = wbcAllocateGid(&gid);
755	if (!WBC_ERROR_IS_OK(wbc_status)) {
756	return false;
757	}
758
759	/* Display response */
760
761	d_printf("New gid: %d\n", gid);
762
763	return true;
764	}
765
766	static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
767	{
768	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
769	struct wbcDomainSid sid;
770
771	/* Send request */
772
773	wbc_status = wbcStringToSid(sid_str, &sid);
774	if (!WBC_ERROR_IS_OK(wbc_status)) {
775	return false;
776	}
777
778	wbc_status = wbcSetUidMapping(uid, &sid);
779	if (!WBC_ERROR_IS_OK(wbc_status)) {
780	return false;
781	}
782
783	/* Display response */
784
785	d_printf("uid %d now mapped to sid %s\n", uid, sid_str);
786
787	return true;
788	}
789
790	static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
791	{
792	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
793	struct wbcDomainSid sid;
794
795	/* Send request */
796
797	wbc_status = wbcStringToSid(sid_str, &sid);
798	if (!WBC_ERROR_IS_OK(wbc_status)) {
799	return false;
800	}
801
802	wbc_status = wbcSetGidMapping(gid, &sid);
803	if (!WBC_ERROR_IS_OK(wbc_status)) {
804	return false;
805	}
806
807	/* Display response */
808
809	d_printf("gid %d now mapped to sid %s\n", gid, sid_str);
810
811	return true;
812	}
813
814	static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
815	{
816	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
817	struct wbcDomainSid sid;
818
819	/* Send request */
820
821	wbc_status = wbcStringToSid(sid_str, &sid);
822	if (!WBC_ERROR_IS_OK(wbc_status)) {
823	return false;
824	}
825
826	wbc_status = wbcRemoveUidMapping(uid, &sid);
827	if (!WBC_ERROR_IS_OK(wbc_status)) {
828	return false;
829	}
830
831	/* Display response */
832
833	d_printf("Removed uid %d to sid %s mapping\n", uid, sid_str);
834
835	return true;
836	}
837
838	static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
839	{
840	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
841	struct wbcDomainSid sid;
842
843	/* Send request */
844
845	wbc_status = wbcStringToSid(sid_str, &sid);
846	if (!WBC_ERROR_IS_OK(wbc_status)) {
847	return false;
848	}
849
850	wbc_status = wbcRemoveGidMapping(gid, &sid);
851	if (!WBC_ERROR_IS_OK(wbc_status)) {
852	return false;
853	}
854
855	/* Display response */
856
857	d_printf("Removed gid %d to sid %s mapping\n", gid, sid_str);
858
859	return true;
860	}
861
862	/* Convert sid to string */
863
864	static bool wbinfo_lookupsid(const char *sid_str)
865	{
866	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
867	struct wbcDomainSid sid;
868	char *domain;
869	char *name;
870	enum wbcSidType type;
871
872	/* Send off request */
873
874	wbc_status = wbcStringToSid(sid_str, &sid);
875	if (!WBC_ERROR_IS_OK(wbc_status)) {
876	return false;
877	}
878
879	wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
880	if (!WBC_ERROR_IS_OK(wbc_status)) {
881	return false;
882	}
883
884	/* Display response */
885
886	d_printf("%s%c%s %d\n",
887	domain, winbind_separator(), name, type);
888
889	return true;
890	}
891
892	/* Convert sid to fullname */
893
894	static bool wbinfo_lookupsid_fullname(const char *sid_str)
895	{
896	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
897	struct wbcDomainSid sid;
898	char *domain;
899	char *name;
900	enum wbcSidType type;
901
902	/* Send off request */
903
904	wbc_status = wbcStringToSid(sid_str, &sid);
905	if (!WBC_ERROR_IS_OK(wbc_status)) {
906	return false;
907	}
908
909	wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
910	if (!WBC_ERROR_IS_OK(wbc_status)) {
911	return false;
912	}
913
914	/* Display response */
915
916	d_printf("%s%c%s %d\n",
917	domain, winbind_separator(), name, type);
918
919	return true;
920	}
921
922	/* Lookup a list of RIDs */
923
924	static bool wbinfo_lookuprids(const char domain, const char arg)
925	{
926	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
927	struct wbcDomainInfo *dinfo = NULL;
928	char *domain_name = NULL;
929	const char **names = NULL;
930	enum wbcSidType *types = NULL;
931	size_t i;
932	int num_rids;
933	uint32 *rids = NULL;
934	const char *p;
935	char *ridstr;
936	TALLOC_CTX *mem_ctx = NULL;
937	bool ret = false;
938
939	if ((domain == NULL) \|\| (strequal(domain, ".")) \|\| (domain[0] == '\0')) {
940	domain = get_winbind_domain();
941	}
942
943	/* Send request */
944
945	wbc_status = wbcDomainInfo(domain, &dinfo);
946	if (!WBC_ERROR_IS_OK(wbc_status)) {
947	d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
948	wbcErrorString(wbc_status));
949	goto done;
950	}
951
952	mem_ctx = talloc_new(NULL);
953	if (mem_ctx == NULL) {
954	d_printf("talloc_new failed\n");
955	goto done;
956	}
957
958	num_rids = 0;
959	rids = NULL;
960	p = arg;
961
962	while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
963	uint32 rid = strtoul(ridstr, NULL, 10);
964	ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
965	}
966
967	if (rids == NULL) {
968	d_printf("no rids\n");
969	goto done;
970	}
971
972	wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
973	(const char **)&domain_name, &names, &types);
974	if (!WBC_ERROR_IS_OK(wbc_status)) {
975	d_printf("winbind_lookup_rids failed: %s\n",
976	wbcErrorString(wbc_status));
977	goto done;
978	}
979
980	d_printf("Domain: %s\n", domain_name);
981
982	for (i=0; i<num_rids; i++) {
983	d_printf("%8d: %s (%s)\n", rids[i], names[i],
984	sid_type_lookup(types[i]));
985	}
986
987	ret = true;
988	done:
989	if (dinfo) {
990	wbcFreeMemory(dinfo);
991	}
992	if (domain_name) {
993	wbcFreeMemory(domain_name);
994	}
995	if (names) {
996	wbcFreeMemory(names);
997	}
998	if (types) {
999	wbcFreeMemory(types);
1000	}
1001	TALLOC_FREE(mem_ctx);
1002	return ret;
1003	}
1004
1005	/* Convert string to sid */
1006
1007	static bool wbinfo_lookupname(const char *full_name)
1008	{
1009	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1010	struct wbcDomainSid sid;
1011	char *sid_str;
1012	enum wbcSidType type;
1013	fstring domain_name;
1014	fstring account_name;
1015
1016	/* Send off request */
1017
1018	parse_wbinfo_domain_user(full_name, domain_name,
1019	account_name);
1020
1021	wbc_status = wbcLookupName(domain_name, account_name,
1022	&sid, &type);
1023	if (!WBC_ERROR_IS_OK(wbc_status)) {
1024	return false;
1025	}
1026
1027	wbc_status = wbcSidToString(&sid, &sid_str);
1028	if (!WBC_ERROR_IS_OK(wbc_status)) {
1029	return false;
1030	}
1031
1032	/* Display response */
1033
1034	d_printf("%s %s (%d)\n", sid_str, sid_type_lookup(type), type);
1035
1036	wbcFreeMemory(sid_str);
1037
1038	return true;
1039	}
1040
1041	static char wbinfo_prompt_pass(const char prefix,
1042	const char *username)
1043	{
1044	char *prompt;
1045	const char *ret = NULL;
1046
1047	prompt = talloc_asprintf(talloc_tos(), "Enter %s's ", username);
1048	if (!prompt) {
1049	return NULL;
1050	}
1051	if (prefix) {
1052	prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1053	if (!prompt) {
1054	return NULL;
1055	}
1056	}
1057	prompt = talloc_asprintf_append(prompt, "password: ");
1058	if (!prompt) {
1059	return NULL;
1060	}
1061
1062	ret = getpass(prompt);
1063	TALLOC_FREE(prompt);
1064
1065	return SMB_STRDUP(ret);
1066	}
1067
1068	/* Authenticate a user with a plaintext password */
1069
1070	static bool wbinfo_auth_krb5(char username, const char cctype, uint32 flags)
1071	{
1072	struct winbindd_request request;
1073	struct winbindd_response response;
1074	NSS_STATUS result;
1075	char *p;
1076	char *password;
1077
1078	/* Send off request */
1079
1080	ZERO_STRUCT(request);
1081	ZERO_STRUCT(response);
1082
1083	p = strchr(username, '%');
1084
1085	if (p) {
1086	*p = 0;
1087	fstrcpy(request.data.auth.user, username);
1088	fstrcpy(request.data.auth.pass, p + 1);
1089	*p = '%';
1090	} else {
1091	fstrcpy(request.data.auth.user, username);
1092	password = wbinfo_prompt_pass(NULL, username);
1093	fstrcpy(request.data.auth.pass, password);
1094	SAFE_FREE(password);
1095	}
1096
1097	request.flags = flags;
1098
1099	fstrcpy(request.data.auth.krb5_cc_type, cctype);
1100
1101	request.data.auth.uid = geteuid();
1102
1103	result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1104
1105	/* Display response */
1106
1107	d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
1108	username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
1109
1110	if (response.data.auth.nt_status)
1111	d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1112	response.data.auth.nt_status_string,
1113	response.data.auth.nt_status,
1114	response.data.auth.error_string);
1115
1116	if (result == NSS_STATUS_SUCCESS) {
1117
1118	if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
1119	if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
1120	d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
1121	}
1122	}
1123
1124	if (response.data.auth.krb5ccname[0] != '\0') {
1125	d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
1126	} else {
1127	d_printf("no credentials cached\n");
1128	}
1129	}
1130
1131	return result == NSS_STATUS_SUCCESS;
1132	}
1133
1134	/* Authenticate a user with a plaintext password */
1135
1136	static bool wbinfo_auth(char *username)
1137	{
1138	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1139	char *s = NULL;
1140	char *p = NULL;
1141	char *password = NULL;
1142	char *name = NULL;
1143
1144	if ((s = SMB_STRDUP(username)) == NULL) {
1145	return false;
1146	}
1147
1148	if ((p = strchr(s, '%')) != NULL) {
1149	*p = 0;
1150	p++;
1151	password = SMB_STRDUP(p);
1152	} else {
1153	password = wbinfo_prompt_pass(NULL, username);
1154	}
1155
1156	name = s;
1157
1158	wbc_status = wbcAuthenticateUser(name, password);
1159
1160	d_printf("plaintext password authentication %s\n",
1161	WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1162
1163	#if 0
1164	if (response.data.auth.nt_status)
1165	d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1166	response.data.auth.nt_status_string,
1167	response.data.auth.nt_status,
1168	response.data.auth.error_string);
1169	#endif
1170
1171	SAFE_FREE(s);
1172	SAFE_FREE(password);
1173
1174	return WBC_ERROR_IS_OK(wbc_status);
1175	}
1176
1177	/* Authenticate a user with a challenge/response */
1178
1179	static bool wbinfo_auth_crap(char *username)
1180	{
1181	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1182	struct wbcAuthUserParams params;
1183	struct wbcAuthUserInfo *info = NULL;
1184	struct wbcAuthErrorInfo *err = NULL;
1185	DATA_BLOB lm = data_blob_null;
1186	DATA_BLOB nt = data_blob_null;
1187	fstring name_user;
1188	fstring name_domain;
1189	char *pass;
1190	char *p;
1191
1192	p = strchr(username, '%');
1193
1194	if (p) {
1195	*p = 0;
1196	pass = SMB_STRDUP(p + 1);
1197	} else {
1198	pass = wbinfo_prompt_pass(NULL, username);
1199	}
1200
1201	parse_wbinfo_domain_user(username, name_domain, name_user);
1202
1203	params.account_name = name_user;
1204	params.domain_name = name_domain;
1205	params.workstation_name = NULL;
1206
1207	params.flags = 0;
1208	params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT \|
1209	WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1210
1211	params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1212
1213	generate_random_buffer(params.password.response.challenge, 8);
1214
1215	if (lp_client_ntlmv2_auth()) {
1216	DATA_BLOB server_chal;
1217	DATA_BLOB names_blob;
1218
1219	server_chal = data_blob(params.password.response.challenge, 8);
1220
1221	/* Pretend this is a login to 'us', for blob purposes */
1222	names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
1223
1224	if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
1225	&names_blob,
1226	&lm, &nt, NULL)) {
1227	data_blob_free(&names_blob);
1228	data_blob_free(&server_chal);
1229	SAFE_FREE(pass);
1230	return false;
1231	}
1232	data_blob_free(&names_blob);
1233	data_blob_free(&server_chal);
1234
1235	} else {
1236	if (lp_client_lanman_auth()) {
1237	bool ok;
1238	lm = data_blob(NULL, 24);
1239	ok = SMBencrypt(pass, params.password.response.challenge,
1240	lm.data);
1241	if (!ok) {
1242	data_blob_free(&lm);
1243	}
1244	}
1245	nt = data_blob(NULL, 24);
1246	SMBNTencrypt(pass, params.password.response.challenge,
1247	nt.data);
1248	}
1249
1250	params.password.response.nt_length = nt.length;
1251	params.password.response.nt_data = nt.data;
1252	params.password.response.lm_length = lm.length;
1253	params.password.response.lm_data = lm.data;
1254
1255	wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1256
1257	/* Display response */
1258
1259	d_printf("challenge/response password authentication %s\n",
1260	WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1261
1262	if (wbc_status == WBC_ERR_AUTH_ERROR) {
1263	d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1264	err->nt_string,
1265	err->nt_status,
1266	err->display_string);
1267	wbcFreeMemory(err);
1268	} else if (WBC_ERROR_IS_OK(wbc_status)) {
1269	wbcFreeMemory(info);
1270	}
1271
1272	data_blob_free(&nt);
1273	data_blob_free(&lm);
1274	SAFE_FREE(pass);
1275
1276	return WBC_ERROR_IS_OK(wbc_status);
1277	}
1278
1279	/* Authenticate a user with a plaintext password and set a token */
1280
1281	static bool wbinfo_klog(char *username)
1282	{
1283	struct winbindd_request request;
1284	struct winbindd_response response;
1285	NSS_STATUS result;
1286	char *p;
1287
1288	/* Send off request */
1289
1290	ZERO_STRUCT(request);
1291	ZERO_STRUCT(response);
1292
1293	p = strchr(username, '%');
1294
1295	if (p) {
1296	*p = 0;
1297	fstrcpy(request.data.auth.user, username);
1298	fstrcpy(request.data.auth.pass, p + 1);
1299	*p = '%';
1300	} else {
1301	fstrcpy(request.data.auth.user, username);
1302	fstrcpy(request.data.auth.pass, getpass("Password: "));
1303	}
1304
1305	request.flags \|= WBFLAG_PAM_AFS_TOKEN;
1306
1307	result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1308
1309	/* Display response */
1310
1311	d_printf("plaintext password authentication %s\n",
1312	(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1313
1314	if (response.data.auth.nt_status)
1315	d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1316	response.data.auth.nt_status_string,
1317	response.data.auth.nt_status,
1318	response.data.auth.error_string);
1319
1320	if (result != NSS_STATUS_SUCCESS)
1321	return false;
1322
1323	if (response.extra_data.data == NULL) {
1324	d_fprintf(stderr, "Did not get token data\n");
1325	return false;
1326	}
1327
1328	if (!afs_settoken_str((char *)response.extra_data.data)) {
1329	d_fprintf(stderr, "Could not set token\n");
1330	return false;
1331	}
1332
1333	d_printf("Successfully created AFS token\n");
1334	return true;
1335	}
1336
1337	/* Print domain users */
1338
1339	static bool print_domain_users(const char *domain)
1340	{
1341	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1342	uint32_t i;
1343	uint32_t num_users = 0;
1344	const char **users = NULL;
1345
1346	/* Send request to winbind daemon */
1347
1348	/* '.' is the special sign for our own domain */
1349	if (domain && strcmp(domain, ".") == 0) {
1350	domain = get_winbind_domain();
1351	}
1352
1353	wbc_status = wbcListUsers(domain, &num_users, &users);
1354	if (!WBC_ERROR_IS_OK(wbc_status)) {
1355	return false;
1356	}
1357
1358	for (i=0; i < num_users; i++) {
1359	d_printf("%s\n", users[i]);
1360	}
1361
1362	wbcFreeMemory(users);
1363
1364	return true;
1365	}
1366
1367	/* Print domain groups */
1368
1369	static bool print_domain_groups(const char *domain)
1370	{
1371	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1372	uint32_t i;
1373	uint32_t num_groups = 0;
1374	const char **groups = NULL;
1375
1376	/* Send request to winbind daemon */
1377
1378	/* '.' is the special sign for our own domain */
1379	if (domain && strcmp(domain, ".") == 0) {
1380	domain = get_winbind_domain();
1381	}
1382
1383	wbc_status = wbcListGroups(domain, &num_groups, &groups);
1384	if (!WBC_ERROR_IS_OK(wbc_status)) {
1385	return false;
1386	}
1387
1388	for (i=0; i < num_groups; i++) {
1389	d_printf("%s\n", groups[i]);
1390	}
1391
1392	wbcFreeMemory(groups);
1393
1394	return true;
1395	}
1396
1397	/* Set the authorised user for winbindd access in secrets.tdb */
1398
1399	static bool wbinfo_set_auth_user(char *username)
1400	{
1401	const char *password;
1402	char *p;
1403	fstring user, domain;
1404
1405	/* Separate into user and password */
1406
1407	parse_wbinfo_domain_user(username, domain, user);
1408
1409	p = strchr(user, '%');
1410
1411	if (p != NULL) {
1412	*p = 0;
1413	password = p+1;
1414	} else {
1415	char *thepass = getpass("Password: ");
1416	if (thepass) {
1417	password = thepass;
1418	} else
1419	password = "";
1420	}
1421
1422	/* Store or remove DOMAIN\username%password in secrets.tdb */
1423
1424	secrets_init();
1425
1426	if (user[0]) {
1427
1428	if (!secrets_store(SECRETS_AUTH_USER, user,
1429	strlen(user) + 1)) {
1430	d_fprintf(stderr, "error storing username\n");
1431	return false;
1432	}
1433
1434	/* We always have a domain name added by the
1435	parse_wbinfo_domain_user() function. */
1436
1437	if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
1438	strlen(domain) + 1)) {
1439	d_fprintf(stderr, "error storing domain name\n");
1440	return false;
1441	}
1442
1443	} else {
1444	secrets_delete(SECRETS_AUTH_USER);
1445	secrets_delete(SECRETS_AUTH_DOMAIN);
1446	}
1447
1448	if (password[0]) {
1449
1450	if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
1451	strlen(password) + 1)) {
1452	d_fprintf(stderr, "error storing password\n");
1453	return false;
1454	}
1455
1456	} else
1457	secrets_delete(SECRETS_AUTH_PASSWORD);
1458
1459	return true;
1460	}
1461
1462	static void wbinfo_get_auth_user(void)
1463	{
1464	char user, domain, *password;
1465
1466	/* Lift data from secrets file */
1467
1468	secrets_fetch_ipc_userpass(&user, &domain, &password);
1469
1470	if ((!user \|\| !user) && (!domain \|\| !domain ) && (!password \|\| !*password)){
1471
1472	SAFE_FREE(user);
1473	SAFE_FREE(domain);
1474	SAFE_FREE(password);
1475	d_printf("No authorised user configured\n");
1476	return;
1477	}
1478
1479	/* Pretty print authorised user info */
1480
1481	d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
1482	user, password ? "%" : "", password ? password : "");
1483
1484	SAFE_FREE(user);
1485	SAFE_FREE(domain);
1486	SAFE_FREE(password);
1487	}
1488
1489	static bool wbinfo_ping(void)
1490	{
1491	wbcErr wbc_status;
1492
1493	wbc_status = wbcPing();
1494
1495	/* Display response */
1496
1497	d_printf("Ping to winbindd %s\n",
1498	WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1499
1500	return WBC_ERROR_IS_OK(wbc_status);
1501	}
1502
1503	static bool wbinfo_change_user_password(const char *username)
1504	{
1505	wbcErr wbc_status;
1506	char *old_password = NULL;
1507	char *new_password = NULL;
1508
1509	old_password = wbinfo_prompt_pass("old", username);
1510	new_password = wbinfo_prompt_pass("new", username);
1511
1512	wbc_status = wbcChangeUserPassword(username, old_password, new_password);
1513
1514	/* Display response */
1515
1516	d_printf("Password change for user %s %s\n", username,
1517	WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1518
1519	SAFE_FREE(old_password);
1520	SAFE_FREE(new_password);
1521
1522	return WBC_ERROR_IS_OK(wbc_status);
1523	}
1524
1525	/* Main program */
1526
1527	enum {
1528	OPT_SET_AUTH_USER = 1000,
1529	OPT_GET_AUTH_USER,
1530	OPT_DOMAIN_NAME,
1531	OPT_SEQUENCE,
1532	OPT_GETDCNAME,
1533	OPT_DSGETDCNAME,
1534	OPT_USERDOMGROUPS,
1535	OPT_USERSIDS,
1536	OPT_ALLOCATE_UID,
1537	OPT_ALLOCATE_GID,
1538	OPT_SET_UID_MAPPING,
1539	OPT_SET_GID_MAPPING,
1540	OPT_REMOVE_UID_MAPPING,
1541	OPT_REMOVE_GID_MAPPING,
1542	OPT_SEPARATOR,
1543	OPT_LIST_ALL_DOMAINS,
1544	OPT_LIST_OWN_DOMAIN,
1545	OPT_UID_INFO,
1546	OPT_GROUP_INFO,
1547	OPT_VERBOSE,
1548	OPT_ONLINESTATUS,
1549	OPT_CHANGE_USER_PASSWORD,
1550	OPT_SID_TO_FULLNAME
1551	};
1552
1553	int main(int argc, char argv, char envp)
1554	{
1555	int opt;
1556	TALLOC_CTX *frame = talloc_stackframe();
1557	poptContext pc;
1558	static char *string_arg;
1559	char *string_subarg = NULL;
1560	static char *opt_domain_name;
1561	static int int_arg;
1562	int int_subarg = -1;
1563	int result = 1;
1564	bool verbose = false;
1565
1566	struct poptOption long_options[] = {
1567	POPT_AUTOHELP
1568
1569	/* longName, shortName, argInfo, argPtr, value, descrip,
1570	argDesc */
1571
1572	{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1573	{ "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1574	{ "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1575	{ "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1576	{ "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1577	{ "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1578	{ "sid-to-fullname", 0, POPT_ARG_STRING, &string_arg,
1579	OPT_SID_TO_FULLNAME, "Converts sid to fullname", "SID" },
1580	{ "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1581	{ "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1582	{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1583	{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1584	{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1585	{ "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1586	"Get a new UID out of idmap" },
1587	{ "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1588	"Get a new GID out of idmap" },
1589	{ "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" },
1590	{ "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" },
1591	{ "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" },
1592	{ "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
1593	{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1594	{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1595	{ "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1596	{ "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1597	{ "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1598	{ "online-status", 0, POPT_ARG_NONE, 0, OPT_ONLINESTATUS, "Show whether domains are marked as online or offline"},
1599	{ "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1600	{ "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1601	{ "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1602	{ "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1603	{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1604	{ "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1605	OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1606	{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1607	{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1608	{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1609	{ "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1610	"Get a DC name for a foreign domain", "domainname" },
1611	{ "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1612	{ "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1613	{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1614	{ "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1615	#ifdef WITH_FAKE_KASERVER
1616	{ "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1617	#endif
1618	#ifdef HAVE_KRB5
1619	{ "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1620	/* destroys wbinfo --help output */
1621	/* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1622	#endif
1623	{ "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1624	{ "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
1625	{ "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
1626	POPT_COMMON_CONFIGFILE
1627	POPT_COMMON_VERSION
1628	POPT_TABLEEND
1629	};
1630
1631	/* Samba client initialisation */
1632	load_case_tables();
1633
1634
1635	/* Parse options */
1636
1637	pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1638
1639	/* Parse command line options */
1640
1641	if (argc == 1) {
1642	poptPrintHelp(pc, stderr, 0);
1643	return 1;
1644	}
1645
1646	while((opt = poptGetNextOpt(pc)) != -1) {
1647	/* get the generic configuration parameters like --domain */
1648	switch (opt) {
1649	case OPT_VERBOSE:
1650	verbose = True;
1651	break;
1652	}
1653	}
1654
1655	poptFreeContext(pc);
1656
1657	if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
1658	d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1659	get_dyn_CONFIGFILE(), strerror(errno));
1660	exit(1);
1661	}
1662
1663	if (!init_names())
1664	return 1;
1665
1666	load_interfaces();
1667
1668	pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
1669	POPT_CONTEXT_KEEP_FIRST);
1670
1671	while((opt = poptGetNextOpt(pc)) != -1) {
1672	switch (opt) {
1673	case 'u':
1674	if (!print_domain_users(opt_domain_name)) {
1675	d_fprintf(stderr, "Error looking up domain users\n");
1676	goto done;
1677	}
1678	break;
1679	case 'g':
1680	if (!print_domain_groups(opt_domain_name)) {
1681	d_fprintf(stderr, "Error looking up domain groups\n");
1682	goto done;
1683	}
1684	break;
1685	case 's':
1686	if (!wbinfo_lookupsid(string_arg)) {
1687	d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
1688	goto done;
1689	}
1690	break;
1691	case OPT_SID_TO_FULLNAME:
1692	if (!wbinfo_lookupsid_fullname(string_arg)) {
1693	d_fprintf(stderr, "Could not lookup sid %s\n",
1694	string_arg);
1695	goto done;
1696	}
1697	break;
1698	case 'R':
1699	if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1700	d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
1701	goto done;
1702	}
1703	break;
1704	case 'n':
1705	if (!wbinfo_lookupname(string_arg)) {
1706	d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
1707	goto done;
1708	}
1709	break;
1710	case 'N':
1711	if (!wbinfo_wins_byname(string_arg)) {
1712	d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
1713	goto done;
1714	}
1715	break;
1716	case 'I':
1717	if (!wbinfo_wins_byip(string_arg)) {
1718	d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
1719	goto done;
1720	}
1721	break;
1722	case 'U':
1723	if (!wbinfo_uid_to_sid(int_arg)) {
1724	d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
1725	goto done;
1726	}
1727	break;
1728	case 'G':
1729	if (!wbinfo_gid_to_sid(int_arg)) {
1730	d_fprintf(stderr, "Could not convert gid %d to sid\n",
1731	int_arg);
1732	goto done;
1733	}
1734	break;
1735	case 'S':
1736	if (!wbinfo_sid_to_uid(string_arg)) {
1737	d_fprintf(stderr, "Could not convert sid %s to uid\n",
1738	string_arg);
1739	goto done;
1740	}
1741	break;
1742	case 'Y':
1743	if (!wbinfo_sid_to_gid(string_arg)) {
1744	d_fprintf(stderr, "Could not convert sid %s to gid\n",
1745	string_arg);
1746	goto done;
1747	}
1748	break;
1749	case OPT_ALLOCATE_UID:
1750	if (!wbinfo_allocate_uid()) {
1751	d_fprintf(stderr, "Could not allocate a uid\n");
1752	goto done;
1753	}
1754	break;
1755	case OPT_ALLOCATE_GID:
1756	if (!wbinfo_allocate_gid()) {
1757	d_fprintf(stderr, "Could not allocate a gid\n");
1758	goto done;
1759	}
1760	break;
1761	case OPT_SET_UID_MAPPING:
1762	if (!parse_mapping_arg(string_arg, &int_subarg,
1763	&string_subarg) \|\|
1764	!wbinfo_set_uid_mapping(int_subarg, string_subarg))
1765	{
1766	d_fprintf(stderr, "Could not create or modify "
1767	"uid to sid mapping\n");
1768	goto done;
1769	}
1770	break;
1771	case OPT_SET_GID_MAPPING:
1772	if (!parse_mapping_arg(string_arg, &int_subarg,
1773	&string_subarg) \|\|
1774	!wbinfo_set_gid_mapping(int_subarg, string_subarg))
1775	{
1776	d_fprintf(stderr, "Could not create or modify "
1777	"gid to sid mapping\n");
1778	goto done;
1779	}
1780	break;
1781	case OPT_REMOVE_UID_MAPPING:
1782	if (!parse_mapping_arg(string_arg, &int_subarg,
1783	&string_subarg) \|\|
1784	!wbinfo_remove_uid_mapping(int_subarg,
1785	string_subarg))
1786	{
1787	d_fprintf(stderr, "Could not remove uid to sid "
1788	"mapping\n");
1789	goto done;
1790	}
1791	break;
1792	case OPT_REMOVE_GID_MAPPING:
1793	if (!parse_mapping_arg(string_arg, &int_subarg,
1794	&string_subarg) \|\|
1795	!wbinfo_remove_gid_mapping(int_subarg,
1796	string_subarg))
1797	{
1798	d_fprintf(stderr, "Could not remove gid to sid "
1799	"mapping\n");
1800	goto done;
1801	}
1802	break;
1803	case 't':
1804	if (!wbinfo_check_secret()) {
1805	d_fprintf(stderr, "Could not check secret\n");
1806	goto done;
1807	}
1808	break;
1809	case 'm':
1810	if (!wbinfo_list_domains(false, verbose)) {
1811	d_fprintf(stderr, "Could not list trusted domains\n");
1812	goto done;
1813	}
1814	break;
1815	case OPT_SEQUENCE:
1816	if (!wbinfo_show_sequence(opt_domain_name)) {
1817	d_fprintf(stderr, "Could not show sequence numbers\n");
1818	goto done;
1819	}
1820	break;
1821	case OPT_ONLINESTATUS:
1822	if (!wbinfo_show_onlinestatus(opt_domain_name)) {
1823	d_fprintf(stderr, "Could not show online-status\n");
1824	goto done;
1825	}
1826	break;
1827	case 'D':
1828	if (!wbinfo_domain_info(string_arg)) {
1829	d_fprintf(stderr, "Could not get domain info\n");
1830	goto done;
1831	}
1832	break;
1833	case 'i':
1834	if (!wbinfo_get_userinfo(string_arg)) {
1835	d_fprintf(stderr, "Could not get info for user %s\n",
1836	string_arg);
1837	goto done;
1838	}
1839	break;
1840	case OPT_UID_INFO:
1841	if ( !wbinfo_get_uidinfo(int_arg)) {
1842	d_fprintf(stderr, "Could not get info for uid "
1843	"%d\n", int_arg);
1844	goto done;
1845	}
1846	break;
1847	case OPT_GROUP_INFO:
1848	if ( !wbinfo_get_groupinfo(string_arg)) {
1849	d_fprintf(stderr, "Could not get info for "
1850	"group %s\n", string_arg);
1851	goto done;
1852	}
1853	break;
1854	case 'r':
1855	if (!wbinfo_get_usergroups(string_arg)) {
1856	d_fprintf(stderr, "Could not get groups for user %s\n",
1857	string_arg);
1858	goto done;
1859	}
1860	break;
1861	case OPT_USERSIDS:
1862	if (!wbinfo_get_usersids(string_arg)) {
1863	d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
1864	string_arg);
1865	goto done;
1866	}
1867	break;
1868	case OPT_USERDOMGROUPS:
1869	if (!wbinfo_get_userdomgroups(string_arg)) {
1870	d_fprintf(stderr, "Could not get user's domain groups "
1871	"for user SID %s\n", string_arg);
1872	goto done;
1873	}
1874	break;
1875	case 'a': {
1876	bool got_error = false;
1877
1878	if (!wbinfo_auth(string_arg)) {
1879	d_fprintf(stderr, "Could not authenticate user %s with "
1880	"plaintext password\n", string_arg);
1881	got_error = true;
1882	}
1883
1884	if (!wbinfo_auth_crap(string_arg)) {
1885	d_fprintf(stderr, "Could not authenticate user %s with "
1886	"challenge/response\n", string_arg);
1887	got_error = true;
1888	}
1889
1890	if (got_error)
1891	goto done;
1892	break;
1893	}
1894	case 'K': {
1895	uint32 flags = WBFLAG_PAM_KRB5 \|
1896	WBFLAG_PAM_CACHED_LOGIN \|
1897	WBFLAG_PAM_FALLBACK_AFTER_KRB5 \|
1898	WBFLAG_PAM_INFO3_TEXT;
1899
1900	if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
1901	d_fprintf(stderr, "Could not authenticate user [%s] with "
1902	"Kerberos (ccache: %s)\n", string_arg, "FILE");
1903	goto done;
1904	}
1905	break;
1906	}
1907	case 'k':
1908	if (!wbinfo_klog(string_arg)) {
1909	d_fprintf(stderr, "Could not klog user\n");
1910	goto done;
1911	}
1912	break;
1913	case 'p':
1914	if (!wbinfo_ping()) {
1915	d_fprintf(stderr, "could not ping winbindd!\n");
1916	goto done;
1917	}
1918	break;
1919	case OPT_SET_AUTH_USER:
1920	if (!wbinfo_set_auth_user(string_arg)) {
1921	goto done;
1922	}
1923	break;
1924	case OPT_GET_AUTH_USER:
1925	wbinfo_get_auth_user();
1926	break;
1927	case OPT_GETDCNAME:
1928	if (!wbinfo_getdcname(string_arg)) {
1929	goto done;
1930	}
1931	break;
1932	case OPT_DSGETDCNAME:
1933	if (!wbinfo_dsgetdcname(string_arg, 0)) {
1934	goto done;
1935	}
1936	break;
1937	case OPT_SEPARATOR: {
1938	const char sep = winbind_separator_int(true);
1939	if ( !sep ) {
1940	goto done;
1941	}
1942	d_printf("%c\n", sep);
1943	break;
1944	}
1945	case OPT_LIST_ALL_DOMAINS:
1946	if (!wbinfo_list_domains(true, verbose)) {
1947	goto done;
1948	}
1949	break;
1950	case OPT_LIST_OWN_DOMAIN:
1951	if (!wbinfo_list_own_domain()) {
1952	goto done;
1953	}
1954	break;
1955	case OPT_CHANGE_USER_PASSWORD:
1956	if (!wbinfo_change_user_password(string_arg)) {
1957	d_fprintf(stderr, "Could not change user password "
1958	"for user %s\n", string_arg);
1959	goto done;
1960	}
1961	break;
1962
1963	/* generic configuration options */
1964	case OPT_DOMAIN_NAME:
1965	break;
1966	case OPT_VERBOSE:
1967	break;
1968	default:
1969	d_fprintf(stderr, "Invalid option\n");
1970	poptPrintHelp(pc, stderr, 0);
1971	goto done;
1972	}
1973	}
1974
1975	result = 0;
1976
1977	/* Exit code */
1978
1979	done:
1980	talloc_destroy(frame);
1981
1982	poptFreeContext(pc);
1983	return result;
1984	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: