Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Winbind status program.
5 :
6 : Copyright (C) Tim Potter 2000-2003
7 : Copyright (C) Andrew Bartlett 2002-2007
8 : Copyright (C) Volker Lendecke 2009
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "libwbclient/wbclient.h"
26 : #include "winbind_struct_protocol.h"
27 : #include "libwbclient/wbclient_internal.h"
28 : #include "../libcli/auth/libcli_auth.h"
29 : #include "lib/cmdline/cmdline.h"
30 : #include "lib/afs/afs_settoken.h"
31 : #include "lib/util/smb_strtox.h"
32 : #include "lib/util/string_wrappers.h"
33 :
34 : #ifdef DBGC_CLASS
35 : #undef DBGC_CLASS
36 : #define DBGC_CLASS DBGC_WINBIND
37 : #endif
38 :
39 750 : static struct wbcInterfaceDetails *init_interface_details(void)
40 : {
41 750 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42 : static struct wbcInterfaceDetails *details;
43 :
44 750 : if (details) {
45 240 : return details;
46 : }
47 :
48 510 : wbc_status = wbcInterfaceDetails(&details);
49 510 : if (!WBC_ERROR_IS_OK(wbc_status)) {
50 6 : d_fprintf(stderr, "could not obtain winbind interface "
51 : "details: %s\n", wbcErrorString(wbc_status));
52 : }
53 :
54 510 : return details;
55 : }
56 :
57 394 : static char winbind_separator(void)
58 : {
59 : struct wbcInterfaceDetails *details;
60 : static bool got_sep;
61 : static char sep;
62 :
63 394 : if (got_sep)
64 22 : return sep;
65 :
66 372 : details = init_interface_details();
67 :
68 372 : if (!details) {
69 0 : d_fprintf(stderr, "could not obtain winbind separator!\n");
70 0 : return 0;
71 : }
72 :
73 372 : sep = details->winbind_separator;
74 372 : got_sep = true;
75 :
76 372 : if (!sep) {
77 0 : d_fprintf(stderr, "winbind separator was NULL!\n");
78 0 : return 0;
79 : }
80 :
81 372 : return sep;
82 : }
83 :
84 289 : static const char *get_winbind_domain(void)
85 : {
86 : static struct wbcInterfaceDetails *details;
87 :
88 289 : details = init_interface_details();
89 :
90 289 : if (!details) {
91 6 : d_fprintf(stderr, "could not obtain winbind domain name!\n");
92 6 : return 0;
93 : }
94 :
95 283 : return details->netbios_domain;
96 : }
97 :
98 89 : static const char *get_winbind_netbios_name(void)
99 : {
100 : static struct wbcInterfaceDetails *details;
101 :
102 89 : details = init_interface_details();
103 :
104 89 : if (!details) {
105 0 : d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106 0 : return 0;
107 : }
108 :
109 89 : return details->netbios_name;
110 : }
111 :
112 : /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
113 : form DOMAIN/user into a domain and a user */
114 :
115 302 : static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116 : fstring user)
117 : {
118 :
119 302 : char *p = strchr(domuser,winbind_separator());
120 :
121 302 : if (!p) {
122 : /* Maybe it was a UPN? */
123 82 : p = strchr(domuser, '@');
124 82 : if (p != NULL) {
125 20 : fstrcpy(domain, "");
126 20 : fstrcpy(user, domuser);
127 20 : return true;
128 : }
129 :
130 62 : fstrcpy(user, domuser);
131 62 : fstrcpy(domain, get_winbind_domain());
132 62 : return true;
133 : }
134 :
135 220 : fstrcpy(user, p+1);
136 220 : fstrcpy(domain, domuser);
137 220 : domain[PTR_DIFF(p, domuser)] = 0;
138 :
139 220 : return true;
140 : }
141 :
142 : /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143 : * Return true if input was valid, false otherwise. */
144 0 : static bool parse_mapping_arg(char *arg, int *id, char **sid)
145 : {
146 : char *tmp;
147 0 : int error = 0;
148 :
149 0 : if (!arg || !*arg)
150 0 : return false;
151 :
152 0 : tmp = strtok(arg, ",");
153 0 : *sid = strtok(NULL, ",");
154 :
155 0 : if (!tmp || !*tmp || !*sid || !**sid)
156 0 : return false;
157 :
158 : /* Because atoi() can return 0 on invalid input, which would be a valid
159 : * UID/GID we must use strtoul() and do error checking */
160 0 : *id = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
161 0 : if (error != 0)
162 0 : return false;
163 :
164 0 : return true;
165 : }
166 :
167 : /* pull pwent info for a given user */
168 :
169 48 : static bool wbinfo_get_userinfo(char *user)
170 : {
171 48 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172 48 : struct passwd *pwd = NULL;
173 :
174 48 : wbc_status = wbcGetpwnam(user, &pwd);
175 48 : if (!WBC_ERROR_IS_OK(wbc_status)) {
176 4 : d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177 : wbcErrorString(wbc_status));
178 4 : return false;
179 : }
180 :
181 144 : d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182 44 : pwd->pw_name,
183 44 : pwd->pw_passwd,
184 44 : (unsigned int)pwd->pw_uid,
185 44 : (unsigned int)pwd->pw_gid,
186 44 : pwd->pw_gecos,
187 44 : pwd->pw_dir,
188 44 : pwd->pw_shell);
189 :
190 44 : wbcFreeMemory(pwd);
191 :
192 44 : return true;
193 : }
194 :
195 : /* pull pwent info for a given uid */
196 6 : static bool wbinfo_get_uidinfo(int uid)
197 : {
198 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
199 6 : struct passwd *pwd = NULL;
200 :
201 6 : wbc_status = wbcGetpwuid(uid, &pwd);
202 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
203 0 : d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
204 : wbcErrorString(wbc_status));
205 0 : return false;
206 : }
207 :
208 22 : d_printf("%s:%s:%u:%u:%s:%s:%s\n",
209 6 : pwd->pw_name,
210 6 : pwd->pw_passwd,
211 6 : (unsigned int)pwd->pw_uid,
212 6 : (unsigned int)pwd->pw_gid,
213 6 : pwd->pw_gecos,
214 6 : pwd->pw_dir,
215 6 : pwd->pw_shell);
216 :
217 6 : wbcFreeMemory(pwd);
218 :
219 6 : return true;
220 : }
221 :
222 0 : static bool wbinfo_get_user_sidinfo(const char *sid_str)
223 : {
224 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
225 0 : struct passwd *pwd = NULL;
226 : struct wbcDomainSid sid;
227 :
228 0 : wbc_status = wbcStringToSid(sid_str, &sid);
229 0 : wbc_status = wbcGetpwsid(&sid, &pwd);
230 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
231 0 : d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
232 : wbcErrorString(wbc_status));
233 0 : return false;
234 : }
235 :
236 0 : d_printf("%s:%s:%u:%u:%s:%s:%s\n",
237 0 : pwd->pw_name,
238 0 : pwd->pw_passwd,
239 0 : (unsigned int)pwd->pw_uid,
240 0 : (unsigned int)pwd->pw_gid,
241 0 : pwd->pw_gecos,
242 0 : pwd->pw_dir,
243 0 : pwd->pw_shell);
244 :
245 0 : wbcFreeMemory(pwd);
246 :
247 0 : return true;
248 : }
249 :
250 :
251 : /* pull grent for a given group */
252 18 : static bool wbinfo_get_groupinfo(const char *group)
253 : {
254 18 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
255 : struct group *grp;
256 : char **mem;
257 :
258 18 : wbc_status = wbcGetgrnam(group, &grp);
259 18 : if (!WBC_ERROR_IS_OK(wbc_status)) {
260 6 : d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
261 : wbcErrorString(wbc_status));
262 6 : return false;
263 : }
264 :
265 20 : d_printf("%s:%s:%u:",
266 12 : grp->gr_name,
267 12 : grp->gr_passwd,
268 12 : (unsigned int)grp->gr_gid);
269 :
270 12 : mem = grp->gr_mem;
271 20 : while (*mem != NULL) {
272 0 : d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
273 0 : mem += 1;
274 : }
275 12 : d_printf("\n");
276 :
277 12 : wbcFreeMemory(grp);
278 :
279 12 : return true;
280 : }
281 :
282 : /* pull grent for a given gid */
283 6 : static bool wbinfo_get_gidinfo(int gid)
284 : {
285 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
286 : struct group *grp;
287 : char **mem;
288 :
289 6 : wbc_status = wbcGetgrgid(gid, &grp);
290 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
291 0 : d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
292 : wbcErrorString(wbc_status));
293 0 : return false;
294 : }
295 :
296 10 : d_printf("%s:%s:%u:",
297 6 : grp->gr_name,
298 6 : grp->gr_passwd,
299 6 : (unsigned int)grp->gr_gid);
300 :
301 6 : mem = grp->gr_mem;
302 10 : while (*mem != NULL) {
303 0 : d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
304 0 : mem += 1;
305 : }
306 6 : d_printf("\n");
307 :
308 6 : wbcFreeMemory(grp);
309 :
310 6 : return true;
311 : }
312 :
313 : /* List groups a user is a member of */
314 :
315 12 : static bool wbinfo_get_usergroups(const char *user)
316 : {
317 12 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
318 : uint32_t num_groups;
319 : uint32_t i;
320 12 : gid_t *groups = NULL;
321 :
322 : /* Send request */
323 :
324 12 : wbc_status = wbcGetGroups(user, &num_groups, &groups);
325 12 : if (!WBC_ERROR_IS_OK(wbc_status)) {
326 0 : d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
327 : wbcErrorString(wbc_status));
328 0 : return false;
329 : }
330 :
331 164 : for (i = 0; i < num_groups; i++) {
332 152 : d_printf("%d\n", (int)groups[i]);
333 : }
334 :
335 12 : wbcFreeMemory(groups);
336 :
337 12 : return true;
338 : }
339 :
340 :
341 : /* List group SIDs a user SID is a member of */
342 6 : static bool wbinfo_get_usersids(const char *user_sid_str)
343 : {
344 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
345 : uint32_t num_sids;
346 : uint32_t i;
347 6 : struct wbcDomainSid user_sid, *sids = NULL;
348 :
349 : /* Send request */
350 :
351 6 : wbc_status = wbcStringToSid(user_sid_str, &user_sid);
352 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
353 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
354 : wbcErrorString(wbc_status));
355 0 : return false;
356 : }
357 :
358 6 : wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
359 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
360 0 : d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
361 : wbcErrorString(wbc_status));
362 0 : return false;
363 : }
364 :
365 55 : for (i = 0; i < num_sids; i++) {
366 : char str[WBC_SID_STRING_BUFLEN];
367 49 : wbcSidToStringBuf(&sids[i], str, sizeof(str));
368 49 : d_printf("%s\n", str);
369 : }
370 :
371 6 : wbcFreeMemory(sids);
372 :
373 6 : return true;
374 : }
375 :
376 6 : static bool wbinfo_get_userdomgroups(const char *user_sid_str)
377 : {
378 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
379 : uint32_t num_sids;
380 : uint32_t i;
381 6 : struct wbcDomainSid user_sid, *sids = NULL;
382 :
383 : /* Send request */
384 :
385 6 : wbc_status = wbcStringToSid(user_sid_str, &user_sid);
386 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
387 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
388 : wbcErrorString(wbc_status));
389 0 : return false;
390 : }
391 :
392 6 : wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
393 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
394 0 : d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
395 : wbcErrorString(wbc_status));
396 0 : return false;
397 : }
398 :
399 47 : for (i = 0; i < num_sids; i++) {
400 : char str[WBC_SID_STRING_BUFLEN];
401 41 : wbcSidToStringBuf(&sids[i], str, sizeof(str));
402 41 : d_printf("%s\n", str);
403 : }
404 :
405 6 : wbcFreeMemory(sids);
406 :
407 6 : return true;
408 : }
409 :
410 0 : static bool wbinfo_get_sidaliases(const char *domain,
411 : const char *user_sid_str)
412 : {
413 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
414 0 : struct wbcDomainInfo *dinfo = NULL;
415 : uint32_t i;
416 : struct wbcDomainSid user_sid;
417 0 : uint32_t *alias_rids = NULL;
418 : uint32_t num_alias_rids;
419 : char domain_sid_str[WBC_SID_STRING_BUFLEN];
420 :
421 : /* Send request */
422 0 : if ((domain == NULL) || (strequal(domain, ".")) ||
423 0 : (domain[0] == '\0')) {
424 0 : domain = get_winbind_domain();
425 : }
426 :
427 : /* Send request */
428 :
429 0 : wbc_status = wbcDomainInfo(domain, &dinfo);
430 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
431 0 : d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
432 : wbcErrorString(wbc_status));
433 0 : goto done;
434 : }
435 0 : wbc_status = wbcStringToSid(user_sid_str, &user_sid);
436 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
437 0 : goto done;
438 : }
439 :
440 0 : wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
441 : &alias_rids, &num_alias_rids);
442 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
443 0 : goto done;
444 : }
445 :
446 0 : wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
447 :
448 0 : for (i = 0; i < num_alias_rids; i++) {
449 0 : d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
450 : }
451 :
452 0 : wbcFreeMemory(alias_rids);
453 :
454 0 : done:
455 0 : wbcFreeMemory(dinfo);
456 0 : return (WBC_ERR_SUCCESS == wbc_status);
457 : }
458 :
459 :
460 : /* Convert NetBIOS name to IP */
461 :
462 6 : static bool wbinfo_wins_byname(const char *name)
463 : {
464 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
465 6 : char *ip = NULL;
466 :
467 6 : wbc_status = wbcResolveWinsByName(name, &ip);
468 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
469 0 : d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
470 : wbcErrorString(wbc_status));
471 0 : return false;
472 : }
473 :
474 : /* Display response */
475 :
476 6 : d_printf("%s\n", ip);
477 :
478 6 : wbcFreeMemory(ip);
479 :
480 6 : return true;
481 : }
482 :
483 : /* Convert IP to NetBIOS name */
484 :
485 6 : static bool wbinfo_wins_byip(const char *ip)
486 : {
487 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
488 6 : char *name = NULL;
489 :
490 6 : wbc_status = wbcResolveWinsByIP(ip, &name);
491 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
492 0 : d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
493 : wbcErrorString(wbc_status));
494 0 : return false;
495 : }
496 :
497 : /* Display response */
498 :
499 6 : d_printf("%s\n", name);
500 :
501 6 : wbcFreeMemory(name);
502 :
503 6 : return true;
504 : }
505 :
506 : /* List all/trusted domains */
507 :
508 20 : static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
509 : {
510 20 : struct wbcDomainInfo *domain_list = NULL;
511 : size_t i, num_domains;
512 20 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
513 20 : bool print_all = !list_all_domains && verbose;
514 :
515 20 : wbc_status = wbcListTrusts(&domain_list, &num_domains);
516 20 : if (!WBC_ERROR_IS_OK(wbc_status)) {
517 0 : d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
518 : wbcErrorString(wbc_status));
519 0 : return false;
520 : }
521 :
522 20 : if (print_all) {
523 0 : d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
524 : "Domain Name", "DNS Domain", "Trust Type",
525 : "Transitive", "In", "Out");
526 : }
527 :
528 88 : for (i=0; i<num_domains; i++) {
529 68 : if (print_all) {
530 0 : d_printf("%-16s", domain_list[i].short_name);
531 : } else {
532 68 : d_printf("%s", domain_list[i].short_name);
533 68 : d_printf("\n");
534 68 : continue;
535 : }
536 :
537 0 : d_printf("%-65s", domain_list[i].dns_name);
538 :
539 0 : switch(domain_list[i].trust_type) {
540 0 : case WBC_DOMINFO_TRUSTTYPE_NONE:
541 0 : if (domain_list[i].trust_routing != NULL) {
542 0 : d_printf("%s\n", domain_list[i].trust_routing);
543 : } else {
544 0 : d_printf("None\n");
545 : }
546 0 : continue;
547 0 : case WBC_DOMINFO_TRUSTTYPE_LOCAL:
548 0 : d_printf("Local\n");
549 0 : continue;
550 0 : case WBC_DOMINFO_TRUSTTYPE_RWDC:
551 0 : d_printf("RWDC\n");
552 0 : continue;
553 0 : case WBC_DOMINFO_TRUSTTYPE_RODC:
554 0 : d_printf("RODC\n");
555 0 : continue;
556 0 : case WBC_DOMINFO_TRUSTTYPE_PDC:
557 0 : d_printf("PDC\n");
558 0 : continue;
559 0 : case WBC_DOMINFO_TRUSTTYPE_WKSTA:
560 0 : d_printf("Workstation ");
561 0 : break;
562 0 : case WBC_DOMINFO_TRUSTTYPE_FOREST:
563 0 : d_printf("Forest ");
564 0 : break;
565 0 : case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
566 0 : d_printf("External ");
567 0 : break;
568 0 : case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
569 0 : d_printf("In-Forest ");
570 0 : break;
571 : }
572 :
573 0 : if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
574 0 : d_printf("Yes ");
575 : } else {
576 0 : d_printf("No ");
577 : }
578 :
579 0 : if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
580 0 : d_printf("Yes ");
581 : } else {
582 0 : d_printf("No ");
583 : }
584 :
585 0 : if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
586 0 : d_printf("Yes ");
587 : } else {
588 0 : d_printf("No ");
589 : }
590 :
591 0 : d_printf("\n");
592 : }
593 :
594 20 : wbcFreeMemory(domain_list);
595 :
596 20 : return true;
597 : }
598 :
599 : /* List own domain */
600 :
601 20 : static bool wbinfo_list_own_domain(void)
602 : {
603 20 : d_printf("%s\n", get_winbind_domain());
604 :
605 20 : return true;
606 : }
607 :
608 : /* show sequence numbers */
609 6 : static bool wbinfo_show_sequence(const char *domain)
610 : {
611 6 : d_printf("This command has been deprecated. Please use the "
612 : "--online-status option instead.\n");
613 6 : return false;
614 : }
615 :
616 : /* show sequence numbers */
617 16 : static bool wbinfo_show_onlinestatus(const char *domain)
618 : {
619 16 : struct wbcDomainInfo *domain_list = NULL;
620 : size_t i, num_domains;
621 16 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
622 :
623 16 : wbc_status = wbcListTrusts(&domain_list, &num_domains);
624 16 : if (!WBC_ERROR_IS_OK(wbc_status)) {
625 0 : d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
626 : wbcErrorString(wbc_status));
627 0 : return false;
628 : }
629 :
630 72 : for (i=0; i<num_domains; i++) {
631 : bool is_offline;
632 :
633 56 : if (domain) {
634 42 : if (!strequal(domain_list[i].short_name, domain)) {
635 30 : continue;
636 : }
637 : }
638 :
639 26 : is_offline = (domain_list[i].domain_flags &
640 : WBC_DOMINFO_DOMAIN_OFFLINE);
641 :
642 44 : d_printf("%s : %s\n",
643 26 : domain_list[i].short_name,
644 : is_offline ? "no active connection" : "active connection" );
645 : }
646 :
647 16 : wbcFreeMemory(domain_list);
648 :
649 16 : return true;
650 : }
651 :
652 :
653 : /* Show domain info */
654 :
655 16 : static bool wbinfo_domain_info(const char *domain)
656 : {
657 16 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
658 16 : struct wbcDomainInfo *dinfo = NULL;
659 : char sid_str[WBC_SID_STRING_BUFLEN];
660 :
661 16 : if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
662 0 : domain = get_winbind_domain();
663 : }
664 :
665 : /* Send request */
666 :
667 16 : wbc_status = wbcDomainInfo(domain, &dinfo);
668 16 : if (!WBC_ERROR_IS_OK(wbc_status)) {
669 0 : d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
670 : wbcErrorString(wbc_status));
671 0 : return false;
672 : }
673 :
674 16 : wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
675 :
676 : /* Display response */
677 :
678 16 : d_printf("Name : %s\n", dinfo->short_name);
679 16 : d_printf("Alt_Name : %s\n", dinfo->dns_name);
680 :
681 16 : d_printf("SID : %s\n", sid_str);
682 :
683 16 : d_printf("Active Directory : %s\n",
684 16 : (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
685 16 : d_printf("Native : %s\n",
686 16 : (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
687 : "Yes" : "No");
688 :
689 16 : d_printf("Primary : %s\n",
690 16 : (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
691 : "Yes" : "No");
692 :
693 16 : wbcFreeMemory(dinfo);
694 :
695 16 : return true;
696 : }
697 :
698 : /* Get a foreign DC's name */
699 6 : static bool wbinfo_getdcname(const char *domain_name)
700 : {
701 6 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
702 : struct winbindd_request request;
703 : struct winbindd_response response;
704 :
705 6 : ZERO_STRUCT(request);
706 6 : ZERO_STRUCT(response);
707 :
708 6 : fstrcpy(request.domain_name, domain_name);
709 :
710 : /* Send request */
711 :
712 6 : wbc_status = wbcRequestResponse(NULL, WINBINDD_GETDCNAME,
713 : &request, &response);
714 6 : if (!WBC_ERROR_IS_OK(wbc_status)) {
715 0 : d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
716 0 : return false;
717 : }
718 :
719 : /* Display response */
720 :
721 6 : d_printf("%s\n", response.data.dc_name);
722 :
723 6 : return true;
724 : }
725 :
726 : /* Find a DC */
727 0 : static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
728 : {
729 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
730 : struct wbcDomainControllerInfoEx *dc_info;
731 0 : char *str = NULL;
732 :
733 0 : wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
734 : flags | DS_DIRECTORY_SERVICE_REQUIRED,
735 : &dc_info);
736 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
737 0 : printf("Could not find dc for %s\n", domain_name);
738 0 : return false;
739 : }
740 :
741 0 : wbcGuidToString(dc_info->domain_guid, &str);
742 :
743 0 : d_printf("%s\n", dc_info->dc_unc);
744 0 : d_printf("%s\n", dc_info->dc_address);
745 0 : d_printf("%d\n", dc_info->dc_address_type);
746 0 : d_printf("%s\n", str);
747 0 : d_printf("%s\n", dc_info->domain_name);
748 0 : d_printf("%s\n", dc_info->forest_name);
749 0 : d_printf("0x%08x\n", dc_info->dc_flags);
750 0 : d_printf("%s\n", dc_info->dc_site_name);
751 0 : d_printf("%s\n", dc_info->client_site_name);
752 :
753 0 : wbcFreeMemory(str);
754 0 : wbcFreeMemory(dc_info);
755 :
756 0 : return true;
757 : }
758 :
759 : /* Check trust account password */
760 :
761 20 : static bool wbinfo_check_secret(const char *domain)
762 : {
763 20 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
764 20 : struct wbcAuthErrorInfo *error = NULL;
765 : const char *domain_name;
766 :
767 20 : if (domain) {
768 14 : domain_name = domain;
769 : } else {
770 6 : domain_name = get_winbind_domain();
771 : }
772 :
773 20 : wbc_status = wbcCheckTrustCredentials(domain_name, &error);
774 :
775 20 : d_printf("checking the trust secret for domain %s via RPC calls %s\n",
776 : domain_name,
777 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
778 :
779 20 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
780 0 : d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
781 0 : domain_name, error->nt_string, error->nt_status);
782 0 : wbcFreeMemory(error);
783 : }
784 20 : if (!WBC_ERROR_IS_OK(wbc_status)) {
785 0 : d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
786 : "%s\n", wbcErrorString(wbc_status));
787 0 : return false;
788 : }
789 :
790 20 : return true;
791 : }
792 :
793 : /* Find the currently connected DCs */
794 :
795 2 : static bool wbinfo_dc_info(const char *domain_name)
796 : {
797 2 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
798 : size_t i, num_dcs;
799 : const char **dc_names, **dc_ips;
800 :
801 2 : wbc_status = wbcDcInfo(domain_name, &num_dcs,
802 : &dc_names, &dc_ips);
803 2 : if (!WBC_ERROR_IS_OK(wbc_status)) {
804 0 : printf("Could not find dc info %s\n",
805 : domain_name ? domain_name : "our domain");
806 0 : return false;
807 : }
808 :
809 4 : for (i=0; i<num_dcs; i++) {
810 2 : printf("%s (%s)\n", dc_names[i], dc_ips[i]);
811 : }
812 2 : wbcFreeMemory(dc_names);
813 2 : wbcFreeMemory(dc_ips);
814 :
815 2 : return true;
816 : }
817 :
818 : /* Change trust account password */
819 :
820 16 : static bool wbinfo_change_secret(const char *domain)
821 : {
822 16 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
823 16 : struct wbcAuthErrorInfo *error = NULL;
824 : const char *domain_name;
825 :
826 16 : if (domain) {
827 10 : domain_name = domain;
828 : } else {
829 6 : domain_name = get_winbind_domain();
830 : }
831 :
832 16 : wbc_status = wbcChangeTrustCredentials(domain_name, &error);
833 :
834 16 : d_printf("changing the trust secret for domain %s via RPC calls %s\n",
835 : domain_name,
836 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
837 :
838 16 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
839 0 : d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
840 0 : domain_name, error->nt_string, error->nt_status);
841 0 : wbcFreeMemory(error);
842 : }
843 16 : if (!WBC_ERROR_IS_OK(wbc_status)) {
844 0 : d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
845 : "%s\n", wbcErrorString(wbc_status));
846 0 : return false;
847 : }
848 :
849 16 : return true;
850 : }
851 :
852 : /* Check DC connection */
853 :
854 92 : static bool wbinfo_ping_dc(const char *domain)
855 : {
856 92 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
857 92 : struct wbcAuthErrorInfo *error = NULL;
858 92 : char *dcname = NULL;
859 :
860 : const char *domain_name;
861 :
862 92 : if (domain) {
863 6 : domain_name = domain;
864 : } else {
865 86 : domain_name = get_winbind_domain();
866 : }
867 :
868 92 : wbc_status = wbcPingDc2(domain_name, &error, &dcname);
869 :
870 184 : d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
871 : domain_name ? domain_name : "",
872 92 : dcname ? dcname : "",
873 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
874 :
875 92 : wbcFreeMemory(dcname);
876 92 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
877 0 : d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
878 0 : domain_name, error->nt_string, error->nt_status);
879 0 : wbcFreeMemory(error);
880 0 : return false;
881 : }
882 92 : if (!WBC_ERROR_IS_OK(wbc_status)) {
883 10 : d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
884 : wbcErrorString(wbc_status));
885 10 : return false;
886 : }
887 :
888 82 : return true;
889 : }
890 :
891 : /* Convert uid to sid */
892 :
893 28 : static bool wbinfo_uid_to_sid(uid_t uid)
894 : {
895 28 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
896 : struct wbcDomainSid sid;
897 : char sid_str[WBC_SID_STRING_BUFLEN];
898 :
899 : /* Send request */
900 :
901 28 : wbc_status = wbcUidToSid(uid, &sid);
902 28 : if (!WBC_ERROR_IS_OK(wbc_status)) {
903 4 : d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
904 : wbcErrorString(wbc_status));
905 4 : return false;
906 : }
907 :
908 24 : wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
909 :
910 : /* Display response */
911 :
912 24 : d_printf("%s\n", sid_str);
913 :
914 24 : return true;
915 : }
916 :
917 : /* Convert gid to sid */
918 :
919 46 : static bool wbinfo_gid_to_sid(gid_t gid)
920 : {
921 46 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
922 : struct wbcDomainSid sid;
923 : char sid_str[WBC_SID_STRING_BUFLEN];
924 :
925 : /* Send request */
926 :
927 46 : wbc_status = wbcGidToSid(gid, &sid);
928 46 : if (!WBC_ERROR_IS_OK(wbc_status)) {
929 4 : d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
930 : wbcErrorString(wbc_status));
931 4 : return false;
932 : }
933 :
934 42 : wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
935 :
936 : /* Display response */
937 :
938 42 : d_printf("%s\n", sid_str);
939 :
940 42 : return true;
941 : }
942 :
943 : /* Convert sid to uid */
944 :
945 50 : static bool wbinfo_sid_to_uid(const char *sid_str)
946 : {
947 50 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
948 : struct wbcDomainSid sid;
949 : uid_t uid;
950 :
951 : /* Send request */
952 :
953 50 : wbc_status = wbcStringToSid(sid_str, &sid);
954 50 : if (!WBC_ERROR_IS_OK(wbc_status)) {
955 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
956 : wbcErrorString(wbc_status));
957 0 : return false;
958 : }
959 :
960 50 : wbc_status = wbcSidToUid(&sid, &uid);
961 50 : if (!WBC_ERROR_IS_OK(wbc_status)) {
962 6 : d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
963 : wbcErrorString(wbc_status));
964 6 : return false;
965 : }
966 :
967 : /* Display response */
968 :
969 44 : d_printf("%d\n", (int)uid);
970 :
971 44 : return true;
972 : }
973 :
974 119 : static bool wbinfo_sid_to_gid(const char *sid_str)
975 : {
976 119 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
977 : struct wbcDomainSid sid;
978 : gid_t gid;
979 :
980 : /* Send request */
981 :
982 119 : wbc_status = wbcStringToSid(sid_str, &sid);
983 119 : if (!WBC_ERROR_IS_OK(wbc_status)) {
984 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
985 : wbcErrorString(wbc_status));
986 0 : return false;
987 : }
988 :
989 119 : wbc_status = wbcSidToGid(&sid, &gid);
990 119 : if (!WBC_ERROR_IS_OK(wbc_status)) {
991 18 : d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
992 : wbcErrorString(wbc_status));
993 18 : return false;
994 : }
995 :
996 : /* Display response */
997 :
998 101 : d_printf("%d\n", (int)gid);
999 :
1000 101 : return true;
1001 : }
1002 :
1003 22 : static bool wbinfo_sids_to_unix_ids(const char *arg)
1004 : {
1005 : char sidstr[WBC_SID_STRING_BUFLEN];
1006 : struct wbcDomainSid *sids;
1007 : struct wbcUnixId *unix_ids;
1008 : int i, num_sids;
1009 : const char *p;
1010 : wbcErr wbc_status;
1011 :
1012 :
1013 22 : num_sids = 0;
1014 22 : sids = NULL;
1015 22 : p = arg;
1016 :
1017 118 : while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1018 82 : sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1019 : num_sids+1);
1020 82 : if (sids == NULL) {
1021 0 : d_fprintf(stderr, "talloc failed\n");
1022 0 : return false;
1023 : }
1024 82 : wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1025 82 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1026 0 : d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1027 : sidstr, wbcErrorString(wbc_status));
1028 0 : TALLOC_FREE(sids);
1029 0 : return false;
1030 : }
1031 82 : num_sids += 1;
1032 : }
1033 :
1034 22 : unix_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_sids);
1035 22 : if (unix_ids == NULL) {
1036 0 : TALLOC_FREE(sids);
1037 0 : return false;
1038 : }
1039 :
1040 22 : wbc_status = wbcSidsToUnixIds(sids, num_sids, unix_ids);
1041 22 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1042 0 : d_fprintf(stderr, "wbcSidsToUnixIds failed: %s\n",
1043 : wbcErrorString(wbc_status));
1044 0 : TALLOC_FREE(sids);
1045 0 : return false;
1046 : }
1047 :
1048 104 : for (i=0; i<num_sids; i++) {
1049 :
1050 82 : wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1051 :
1052 82 : switch(unix_ids[i].type) {
1053 0 : case WBC_ID_TYPE_UID:
1054 0 : d_printf("%s -> uid %d\n", sidstr, unix_ids[i].id.uid);
1055 0 : break;
1056 42 : case WBC_ID_TYPE_GID:
1057 42 : d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
1058 42 : break;
1059 34 : case WBC_ID_TYPE_BOTH:
1060 34 : d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
1061 34 : break;
1062 6 : default:
1063 6 : d_printf("%s -> unmapped\n", sidstr);
1064 6 : break;
1065 : }
1066 : }
1067 :
1068 22 : TALLOC_FREE(sids);
1069 22 : TALLOC_FREE(unix_ids);
1070 :
1071 22 : return true;
1072 : }
1073 :
1074 2 : static bool wbinfo_xids_to_sids(const char *arg)
1075 : {
1076 : fstring idstr;
1077 2 : struct wbcUnixId *xids = NULL;
1078 : struct wbcDomainSid *sids;
1079 : wbcErr wbc_status;
1080 2 : int num_xids = 0;
1081 : const char *p;
1082 : int i;
1083 :
1084 2 : p = arg;
1085 :
1086 73 : while (next_token(&p, idstr, LIST_SEP, sizeof(idstr))) {
1087 70 : xids = talloc_realloc(talloc_tos(), xids, struct wbcUnixId,
1088 : num_xids+1);
1089 70 : if (xids == NULL) {
1090 0 : d_fprintf(stderr, "talloc failed\n");
1091 0 : return false;
1092 : }
1093 :
1094 70 : switch (idstr[0]) {
1095 0 : case 'u':
1096 0 : xids[num_xids] = (struct wbcUnixId) {
1097 : .type = WBC_ID_TYPE_UID,
1098 0 : .id.uid = atoi(&idstr[1])
1099 : };
1100 0 : break;
1101 70 : case 'g':
1102 105 : xids[num_xids] = (struct wbcUnixId) {
1103 : .type = WBC_ID_TYPE_GID,
1104 70 : .id.gid = atoi(&idstr[1])
1105 : };
1106 70 : break;
1107 0 : default:
1108 0 : d_fprintf(stderr, "%s is an invalid id\n", idstr);
1109 0 : TALLOC_FREE(xids);
1110 0 : return false;
1111 : }
1112 70 : num_xids += 1;
1113 : }
1114 :
1115 2 : sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_xids);
1116 2 : if (sids == NULL) {
1117 0 : d_fprintf(stderr, "talloc failed\n");
1118 0 : TALLOC_FREE(xids);
1119 0 : return false;
1120 : }
1121 :
1122 2 : wbc_status = wbcUnixIdsToSids(xids, num_xids, sids);
1123 2 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1124 0 : d_fprintf(stderr, "wbcUnixIdsToSids failed: %s\n",
1125 : wbcErrorString(wbc_status));
1126 0 : TALLOC_FREE(sids);
1127 0 : TALLOC_FREE(xids);
1128 0 : return false;
1129 : }
1130 :
1131 72 : for (i=0; i<num_xids; i++) {
1132 : char str[WBC_SID_STRING_BUFLEN];
1133 70 : struct wbcDomainSid null_sid = { 0 };
1134 :
1135 70 : if (memcmp(&null_sid, &sids[i], sizeof(struct wbcDomainSid)) == 0) {
1136 0 : d_printf("NOT MAPPED\n");
1137 0 : continue;
1138 : }
1139 70 : wbcSidToStringBuf(&sids[i], str, sizeof(str));
1140 70 : d_printf("%s\n", str);
1141 : }
1142 :
1143 2 : return true;
1144 : }
1145 :
1146 4 : static bool wbinfo_allocate_uid(void)
1147 : {
1148 4 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1149 : uid_t uid;
1150 :
1151 : /* Send request */
1152 :
1153 4 : wbc_status = wbcAllocateUid(&uid);
1154 4 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1155 2 : d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
1156 : wbcErrorString(wbc_status));
1157 2 : return false;
1158 : }
1159 :
1160 : /* Display response */
1161 :
1162 2 : d_printf("New uid: %u\n", (unsigned int)uid);
1163 :
1164 2 : return true;
1165 : }
1166 :
1167 4 : static bool wbinfo_allocate_gid(void)
1168 : {
1169 4 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1170 : gid_t gid;
1171 :
1172 : /* Send request */
1173 :
1174 4 : wbc_status = wbcAllocateGid(&gid);
1175 4 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1176 2 : d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
1177 : wbcErrorString(wbc_status));
1178 2 : return false;
1179 : }
1180 :
1181 : /* Display response */
1182 :
1183 2 : d_printf("New gid: %u\n", (unsigned int)gid);
1184 :
1185 2 : return true;
1186 : }
1187 :
1188 0 : static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
1189 : {
1190 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1191 : struct wbcDomainSid sid;
1192 :
1193 : /* Send request */
1194 :
1195 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1196 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1197 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1198 : wbcErrorString(wbc_status));
1199 0 : return false;
1200 : }
1201 :
1202 0 : wbc_status = wbcSetUidMapping(uid, &sid);
1203 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1204 0 : d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
1205 : wbcErrorString(wbc_status));
1206 0 : return false;
1207 : }
1208 :
1209 : /* Display response */
1210 :
1211 0 : d_printf("uid %u now mapped to sid %s\n",
1212 : (unsigned int)uid, sid_str);
1213 :
1214 0 : return true;
1215 : }
1216 :
1217 0 : static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
1218 : {
1219 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1220 : struct wbcDomainSid sid;
1221 :
1222 : /* Send request */
1223 :
1224 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1225 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1226 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1227 : wbcErrorString(wbc_status));
1228 0 : return false;
1229 : }
1230 :
1231 0 : wbc_status = wbcSetGidMapping(gid, &sid);
1232 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1233 0 : d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
1234 : wbcErrorString(wbc_status));
1235 0 : return false;
1236 : }
1237 :
1238 : /* Display response */
1239 :
1240 0 : d_printf("gid %u now mapped to sid %s\n",
1241 : (unsigned int)gid, sid_str);
1242 :
1243 0 : return true;
1244 : }
1245 :
1246 0 : static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1247 : {
1248 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1249 : struct wbcDomainSid sid;
1250 :
1251 : /* Send request */
1252 :
1253 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1254 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1255 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1256 : wbcErrorString(wbc_status));
1257 0 : return false;
1258 : }
1259 :
1260 0 : wbc_status = wbcRemoveUidMapping(uid, &sid);
1261 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1262 0 : d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
1263 : wbcErrorString(wbc_status));
1264 0 : return false;
1265 : }
1266 :
1267 : /* Display response */
1268 :
1269 0 : d_printf("Removed uid %u to sid %s mapping\n",
1270 : (unsigned int)uid, sid_str);
1271 :
1272 0 : return true;
1273 : }
1274 :
1275 0 : static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1276 : {
1277 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1278 : struct wbcDomainSid sid;
1279 :
1280 : /* Send request */
1281 :
1282 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1283 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1284 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1285 : wbcErrorString(wbc_status));
1286 0 : return false;
1287 : }
1288 :
1289 0 : wbc_status = wbcRemoveGidMapping(gid, &sid);
1290 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1291 0 : d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
1292 : wbcErrorString(wbc_status));
1293 0 : return false;
1294 : }
1295 :
1296 : /* Display response */
1297 :
1298 0 : d_printf("Removed gid %u to sid %s mapping\n",
1299 : (unsigned int)gid, sid_str);
1300 :
1301 0 : return true;
1302 : }
1303 :
1304 : /* Convert sid to string */
1305 :
1306 66 : static bool wbinfo_lookupsid(const char *sid_str)
1307 : {
1308 66 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1309 : struct wbcDomainSid sid;
1310 : char *domain;
1311 : char *name;
1312 : enum wbcSidType type;
1313 :
1314 : /* Send off request */
1315 :
1316 66 : wbc_status = wbcStringToSid(sid_str, &sid);
1317 66 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1318 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1319 : wbcErrorString(wbc_status));
1320 0 : return false;
1321 : }
1322 :
1323 66 : wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1324 66 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1325 6 : d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1326 : wbcErrorString(wbc_status));
1327 6 : return false;
1328 : }
1329 :
1330 : /* Display response */
1331 :
1332 60 : if (type == WBC_SID_NAME_DOMAIN) {
1333 0 : d_printf("%s %d\n", domain, type);
1334 : } else {
1335 99 : d_printf("%s%c%s %d\n",
1336 60 : domain, winbind_separator(), name, type);
1337 : }
1338 :
1339 60 : wbcFreeMemory(domain);
1340 60 : wbcFreeMemory(name);
1341 :
1342 60 : return true;
1343 : }
1344 :
1345 : /* Convert sid to fullname */
1346 :
1347 0 : static bool wbinfo_lookupsid_fullname(const char *sid_str)
1348 : {
1349 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1350 : struct wbcDomainSid sid;
1351 : char *domain;
1352 : char *name;
1353 : enum wbcSidType type;
1354 :
1355 : /* Send off request */
1356 :
1357 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1358 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1359 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1360 : wbcErrorString(wbc_status));
1361 0 : return false;
1362 : }
1363 :
1364 0 : wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1365 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1366 0 : d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1367 : wbcErrorString(wbc_status));
1368 0 : return false;
1369 : }
1370 :
1371 : /* Display response */
1372 :
1373 0 : d_printf("%s%c%s %d\n",
1374 0 : domain, winbind_separator(), name, type);
1375 :
1376 0 : wbcFreeMemory(domain);
1377 0 : wbcFreeMemory(name);
1378 :
1379 0 : return true;
1380 : }
1381 :
1382 : /* Lookup a list of RIDs */
1383 :
1384 0 : static bool wbinfo_lookuprids(const char *domain, const char *arg)
1385 : {
1386 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1387 : struct wbcDomainSid dsid;
1388 0 : char *domain_name = NULL;
1389 0 : const char **names = NULL;
1390 0 : enum wbcSidType *types = NULL;
1391 : size_t i, num_rids;
1392 0 : uint32_t *rids = NULL;
1393 : const char *p;
1394 : char *ridstr;
1395 0 : TALLOC_CTX *mem_ctx = NULL;
1396 0 : bool ret = false;
1397 :
1398 0 : if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1399 0 : domain = get_winbind_domain();
1400 : }
1401 :
1402 0 : wbc_status = wbcStringToSid(domain, &dsid);
1403 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1404 0 : struct wbcDomainInfo *dinfo = NULL;
1405 :
1406 0 : wbc_status = wbcDomainInfo(domain, &dinfo);
1407 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1408 0 : d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1409 : wbcErrorString(wbc_status));
1410 0 : goto done;
1411 : }
1412 :
1413 0 : dsid = dinfo->sid;
1414 0 : wbcFreeMemory(dinfo);
1415 : }
1416 :
1417 0 : mem_ctx = talloc_new(NULL);
1418 0 : if (mem_ctx == NULL) {
1419 0 : d_printf("talloc_new failed\n");
1420 0 : goto done;
1421 : }
1422 :
1423 0 : num_rids = 0;
1424 0 : rids = NULL;
1425 0 : p = arg;
1426 :
1427 0 : while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1428 0 : int error = 0;
1429 : uint32_t rid;
1430 :
1431 0 : rid = smb_strtoul(ridstr, NULL, 10, &error, SMB_STR_STANDARD);
1432 0 : if (error != 0) {
1433 0 : d_printf("failed to convert rid\n");
1434 0 : goto done;
1435 : }
1436 0 : rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1437 0 : if (rids == NULL) {
1438 0 : d_printf("talloc_realloc failed\n");
1439 : }
1440 0 : rids[num_rids] = rid;
1441 0 : num_rids += 1;
1442 : }
1443 :
1444 0 : if (rids == NULL) {
1445 0 : d_printf("no rids\n");
1446 0 : goto done;
1447 : }
1448 :
1449 0 : wbc_status = wbcLookupRids(
1450 : &dsid, num_rids, rids, &p, &names, &types);
1451 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1452 0 : d_printf("winbind_lookup_rids failed: %s\n",
1453 : wbcErrorString(wbc_status));
1454 0 : goto done;
1455 : }
1456 :
1457 0 : domain_name = discard_const_p(char, p);
1458 0 : d_printf("Domain: %s\n", domain_name);
1459 :
1460 0 : for (i=0; i<num_rids; i++) {
1461 0 : d_printf("%8d: %s (%s)\n", rids[i], names[i],
1462 0 : wbcSidTypeString(types[i]));
1463 : }
1464 :
1465 0 : ret = true;
1466 0 : done:
1467 0 : wbcFreeMemory(domain_name);
1468 0 : wbcFreeMemory(names);
1469 0 : wbcFreeMemory(types);
1470 0 : TALLOC_FREE(mem_ctx);
1471 0 : return ret;
1472 : }
1473 :
1474 0 : static bool wbinfo_lookup_sids(const char *arg)
1475 : {
1476 : char sidstr[WBC_SID_STRING_BUFLEN];
1477 : struct wbcDomainSid *sids;
1478 : struct wbcDomainInfo *domains;
1479 : struct wbcTranslatedName *names;
1480 : int num_domains;
1481 : int i, num_sids;
1482 : const char *p;
1483 : wbcErr wbc_status;
1484 :
1485 :
1486 0 : num_sids = 0;
1487 0 : sids = NULL;
1488 0 : p = arg;
1489 :
1490 0 : while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1491 0 : sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1492 : num_sids+1);
1493 0 : if (sids == NULL) {
1494 0 : d_fprintf(stderr, "talloc failed\n");
1495 0 : return false;
1496 : }
1497 0 : wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1498 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1499 0 : d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1500 : sidstr, wbcErrorString(wbc_status));
1501 0 : TALLOC_FREE(sids);
1502 0 : return false;
1503 : }
1504 0 : num_sids += 1;
1505 : }
1506 :
1507 0 : wbc_status = wbcLookupSids(sids, num_sids, &domains, &num_domains,
1508 : &names);
1509 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1510 0 : d_fprintf(stderr, "wbcLookupSids failed: %s\n",
1511 : wbcErrorString(wbc_status));
1512 0 : TALLOC_FREE(sids);
1513 0 : return false;
1514 : }
1515 :
1516 0 : for (i=0; i<num_sids; i++) {
1517 0 : const char *domain = NULL;
1518 :
1519 0 : wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1520 :
1521 0 : if (names[i].domain_index >= num_domains) {
1522 0 : domain = "<none>";
1523 0 : } else if (names[i].domain_index < 0) {
1524 0 : domain = "<none>";
1525 : } else {
1526 0 : domain = domains[names[i].domain_index].short_name;
1527 : }
1528 :
1529 0 : if (names[i].type == WBC_SID_NAME_DOMAIN) {
1530 0 : d_printf("%s -> %s %d\n", sidstr,
1531 : domain,
1532 0 : names[i].type);
1533 : } else {
1534 0 : d_printf("%s -> %s%c%s %d\n", sidstr,
1535 : domain,
1536 0 : winbind_separator(),
1537 0 : names[i].name, names[i].type);
1538 : }
1539 : }
1540 0 : wbcFreeMemory(names);
1541 0 : wbcFreeMemory(domains);
1542 0 : return true;
1543 : }
1544 :
1545 : /* Convert string to sid */
1546 :
1547 212 : static bool wbinfo_lookupname(const char *full_name)
1548 : {
1549 212 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1550 : struct wbcDomainSid sid;
1551 : char sid_str[WBC_SID_STRING_BUFLEN];
1552 : enum wbcSidType type;
1553 : fstring domain_name;
1554 : fstring account_name;
1555 :
1556 : /* Send off request */
1557 :
1558 212 : parse_wbinfo_domain_user(full_name, domain_name,
1559 : account_name);
1560 :
1561 212 : wbc_status = wbcLookupName(domain_name, account_name,
1562 : &sid, &type);
1563 212 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1564 18 : d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1565 : wbcErrorString(wbc_status));
1566 18 : return false;
1567 : }
1568 :
1569 194 : wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
1570 :
1571 : /* Display response */
1572 :
1573 194 : d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1574 :
1575 194 : return true;
1576 : }
1577 :
1578 0 : static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1579 : const char *prefix,
1580 : const char *username)
1581 : {
1582 : char *prompt;
1583 0 : char buf[1024] = {0};
1584 : int rc;
1585 :
1586 0 : prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1587 0 : if (!prompt) {
1588 0 : return NULL;
1589 : }
1590 0 : if (prefix) {
1591 0 : prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1592 0 : if (!prompt) {
1593 0 : return NULL;
1594 : }
1595 : }
1596 0 : prompt = talloc_asprintf_append(prompt, "password: ");
1597 0 : if (!prompt) {
1598 0 : return NULL;
1599 : }
1600 :
1601 0 : rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
1602 0 : TALLOC_FREE(prompt);
1603 0 : if (rc < 0) {
1604 0 : return NULL;
1605 : }
1606 :
1607 0 : return talloc_strdup(mem_ctx, buf);
1608 : }
1609 :
1610 : /* Authenticate a user with a plaintext password */
1611 :
1612 42 : static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1613 : {
1614 42 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1615 42 : char *s = NULL;
1616 42 : char *p = NULL;
1617 42 : char *password = NULL;
1618 42 : char *name = NULL;
1619 42 : char *local_cctype = NULL;
1620 : uid_t uid;
1621 : struct wbcLogonUserParams params;
1622 : struct wbcLogonUserInfo *info;
1623 : struct wbcAuthErrorInfo *error;
1624 : struct wbcUserPasswordPolicyInfo *policy;
1625 42 : TALLOC_CTX *frame = talloc_tos();
1626 :
1627 42 : if ((s = talloc_strdup(frame, username)) == NULL) {
1628 0 : return false;
1629 : }
1630 :
1631 42 : if ((p = strchr(s, '%')) != NULL) {
1632 42 : *p = 0;
1633 42 : p++;
1634 42 : password = talloc_strdup(frame, p);
1635 : } else {
1636 0 : password = wbinfo_prompt_pass(frame, NULL, username);
1637 : }
1638 :
1639 42 : local_cctype = talloc_strdup(frame, cctype);
1640 :
1641 42 : name = s;
1642 :
1643 42 : uid = geteuid();
1644 :
1645 42 : params.username = name;
1646 42 : params.password = password;
1647 42 : params.num_blobs = 0;
1648 42 : params.blobs = NULL;
1649 :
1650 42 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
1651 : ¶ms.blobs,
1652 : "flags",
1653 : 0,
1654 : (uint8_t *)&flags,
1655 : sizeof(flags));
1656 42 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1657 0 : d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1658 : wbcErrorString(wbc_status));
1659 0 : goto done;
1660 : }
1661 :
1662 42 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
1663 : ¶ms.blobs,
1664 : "user_uid",
1665 : 0,
1666 : (uint8_t *)&uid,
1667 : sizeof(uid));
1668 42 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1669 0 : d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1670 : wbcErrorString(wbc_status));
1671 0 : goto done;
1672 : }
1673 :
1674 42 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
1675 : ¶ms.blobs,
1676 : "krb5_cc_type",
1677 : 0,
1678 : (uint8_t *)local_cctype,
1679 42 : strlen(cctype)+1);
1680 42 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1681 0 : d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1682 : wbcErrorString(wbc_status));
1683 0 : goto done;
1684 : }
1685 :
1686 42 : wbc_status = wbcLogonUser(¶ms, &info, &error, &policy);
1687 :
1688 42 : d_printf("plaintext kerberos password authentication for [%s] %s "
1689 : "(requesting cctype: %s)\n",
1690 : name, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1691 : cctype);
1692 :
1693 42 : if (error) {
1694 14 : d_fprintf(stderr,
1695 : "wbcLogonUser(%s): error code was %s (0x%x)\n"
1696 : "error message was: %s\n",
1697 6 : params.username, error->nt_string,
1698 6 : error->nt_status,
1699 6 : error->display_string);
1700 : }
1701 :
1702 42 : if (WBC_ERROR_IS_OK(wbc_status)) {
1703 36 : if (flags & WBFLAG_PAM_INFO3_TEXT) {
1704 36 : if (info && info->info && info->info->user_flags &
1705 : NETLOGON_CACHED_ACCOUNT) {
1706 8 : d_printf("user_flgs: "
1707 : "NETLOGON_CACHED_ACCOUNT\n");
1708 : }
1709 : }
1710 :
1711 36 : if (info) {
1712 : size_t i;
1713 36 : for (i=0; i < info->num_blobs; i++) {
1714 8 : if (strequal(info->blobs[i].name,
1715 : "krb5ccname")) {
1716 8 : d_printf("credentials were put "
1717 : "in: %s\n",
1718 : (const char *)
1719 8 : info->blobs[i].blob.data);
1720 8 : break;
1721 : }
1722 : }
1723 : } else {
1724 0 : d_printf("no credentials cached\n");
1725 : }
1726 : }
1727 29 : done:
1728 :
1729 42 : wbcFreeMemory(params.blobs);
1730 :
1731 42 : return WBC_ERROR_IS_OK(wbc_status);
1732 : }
1733 :
1734 : /* Authenticate a user with a plaintext password */
1735 :
1736 90 : static bool wbinfo_auth(char *username)
1737 : {
1738 90 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1739 90 : char *s = NULL;
1740 90 : char *p = NULL;
1741 90 : char *password = NULL;
1742 90 : char *name = NULL;
1743 90 : TALLOC_CTX *frame = talloc_tos();
1744 :
1745 90 : if ((s = talloc_strdup(frame, username)) == NULL) {
1746 0 : return false;
1747 : }
1748 :
1749 90 : if ((p = strchr(s, '%')) != NULL) {
1750 90 : *p = 0;
1751 90 : p++;
1752 90 : password = talloc_strdup(frame, p);
1753 : } else {
1754 0 : password = wbinfo_prompt_pass(frame, NULL, username);
1755 : }
1756 :
1757 90 : name = s;
1758 :
1759 90 : wbc_status = wbcAuthenticateUser(name, password);
1760 :
1761 90 : d_printf("plaintext password authentication %s\n",
1762 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1763 :
1764 : #if 0
1765 : if (response.data.auth.nt_status)
1766 : d_fprintf(stderr,
1767 : "error code was %s (0x%x)\nerror message was: %s\n",
1768 : response.data.auth.nt_status_string,
1769 : response.data.auth.nt_status,
1770 : response.data.auth.error_string);
1771 : #endif
1772 :
1773 90 : return WBC_ERROR_IS_OK(wbc_status);
1774 : }
1775 :
1776 : /* Authenticate a user with a challenge/response */
1777 :
1778 90 : static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1779 : {
1780 90 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1781 : struct wbcAuthUserParams params;
1782 90 : struct wbcAuthUserInfo *info = NULL;
1783 90 : struct wbcAuthErrorInfo *err = NULL;
1784 90 : DATA_BLOB lm = data_blob_null;
1785 90 : DATA_BLOB nt = data_blob_null;
1786 : fstring name_user;
1787 : fstring name_domain;
1788 : char *pass;
1789 : char *p;
1790 90 : TALLOC_CTX *frame = talloc_tos();
1791 :
1792 90 : p = strchr(username, '%');
1793 :
1794 90 : if (p) {
1795 90 : *p = 0;
1796 90 : pass = talloc_strdup(frame, p + 1);
1797 : } else {
1798 0 : pass = wbinfo_prompt_pass(frame, NULL, username);
1799 : }
1800 :
1801 90 : parse_wbinfo_domain_user(username, name_domain, name_user);
1802 :
1803 90 : params.account_name = name_user;
1804 90 : params.domain_name = name_domain;
1805 90 : params.workstation_name = NULL;
1806 :
1807 90 : params.flags = 0;
1808 90 : params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1809 : WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1810 :
1811 90 : params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1812 :
1813 90 : generate_random_buffer(params.password.response.challenge, 8);
1814 :
1815 90 : if (use_ntlmv2) {
1816 : DATA_BLOB server_chal;
1817 : DATA_BLOB names_blob;
1818 89 : const char *netbios_name = NULL;
1819 89 : const char *domain = NULL;
1820 :
1821 89 : netbios_name = get_winbind_netbios_name(),
1822 89 : domain = get_winbind_domain();
1823 89 : if (domain == NULL) {
1824 0 : d_fprintf(stderr, "Failed to get domain from winbindd\n");
1825 0 : return false;
1826 : }
1827 :
1828 89 : server_chal = data_blob(params.password.response.challenge, 8);
1829 :
1830 : /* Pretend this is a login to 'us', for blob purposes */
1831 89 : names_blob = NTLMv2_generate_names_blob(NULL,
1832 : netbios_name,
1833 : domain);
1834 :
1835 138 : if (pass != NULL &&
1836 89 : !SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1837 : &server_chal,
1838 : &names_blob,
1839 : &lm, &nt, NULL, NULL)) {
1840 0 : data_blob_free(&names_blob);
1841 0 : data_blob_free(&server_chal);
1842 0 : TALLOC_FREE(pass);
1843 0 : return false;
1844 : }
1845 89 : data_blob_free(&names_blob);
1846 89 : data_blob_free(&server_chal);
1847 :
1848 : } else {
1849 1 : if (use_lanman) {
1850 : bool ok;
1851 0 : lm = data_blob(NULL, 24);
1852 0 : ok = SMBencrypt(pass,
1853 : params.password.response.challenge,
1854 : lm.data);
1855 0 : if (!ok) {
1856 0 : data_blob_free(&lm);
1857 : }
1858 : }
1859 1 : nt = data_blob(NULL, 24);
1860 1 : SMBNTencrypt(pass, params.password.response.challenge,
1861 : nt.data);
1862 : }
1863 :
1864 90 : params.password.response.nt_length = nt.length;
1865 90 : params.password.response.nt_data = nt.data;
1866 90 : params.password.response.lm_length = lm.length;
1867 90 : params.password.response.lm_data = lm.data;
1868 :
1869 90 : wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
1870 :
1871 : /* Display response */
1872 :
1873 90 : d_printf("challenge/response password authentication %s\n",
1874 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1875 :
1876 90 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
1877 70 : d_fprintf(stderr,
1878 : "wbcAuthenticateUserEx(%s%c%s): error code was "
1879 : "%s (0x%x, authoritative=%"PRIu8")\n"
1880 : "error message was: %s\n",
1881 : name_domain,
1882 22 : winbind_separator(),
1883 : name_user,
1884 22 : err->nt_string,
1885 22 : err->nt_status,
1886 22 : err->authoritative,
1887 22 : err->display_string);
1888 22 : wbcFreeMemory(err);
1889 68 : } else if (WBC_ERROR_IS_OK(wbc_status)) {
1890 68 : wbcFreeMemory(info);
1891 : }
1892 :
1893 90 : data_blob_free(&nt);
1894 90 : data_blob_free(&lm);
1895 :
1896 90 : return WBC_ERROR_IS_OK(wbc_status);
1897 : }
1898 :
1899 : /* Authenticate a user with a plaintext password */
1900 :
1901 24 : static bool wbinfo_pam_logon(char *username, bool verbose)
1902 : {
1903 24 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1904 : struct wbcLogonUserParams params;
1905 24 : struct wbcLogonUserInfo *info = NULL;
1906 24 : struct wbcAuthErrorInfo *error = NULL;
1907 24 : char *s = NULL;
1908 24 : char *p = NULL;
1909 24 : TALLOC_CTX *frame = talloc_tos();
1910 : uint32_t flags;
1911 : uint32_t uid;
1912 :
1913 24 : ZERO_STRUCT(params);
1914 :
1915 24 : if ((s = talloc_strdup(frame, username)) == NULL) {
1916 0 : return false;
1917 : }
1918 :
1919 24 : if ((p = strchr(s, '%')) != NULL) {
1920 24 : *p = 0;
1921 24 : p++;
1922 24 : params.password = talloc_strdup(frame, p);
1923 : } else {
1924 0 : params.password = wbinfo_prompt_pass(frame, NULL, username);
1925 : }
1926 24 : params.username = s;
1927 :
1928 24 : flags = WBFLAG_PAM_CACHED_LOGIN;
1929 :
1930 24 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
1931 : "flags", 0,
1932 : (uint8_t *)&flags, sizeof(flags));
1933 24 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1934 0 : d_printf("wbcAddNamedBlob failed: %s\n",
1935 : wbcErrorString(wbc_status));
1936 0 : return false;
1937 : }
1938 :
1939 24 : uid = getuid();
1940 :
1941 24 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
1942 : "user_uid", 0,
1943 : (uint8_t *)&uid, sizeof(uid));
1944 24 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1945 0 : d_printf("wbcAddNamedBlob failed: %s\n",
1946 : wbcErrorString(wbc_status));
1947 0 : return false;
1948 : }
1949 :
1950 24 : wbc_status = wbcLogonUser(¶ms, &info, &error, NULL);
1951 :
1952 24 : if (verbose && (info != NULL)) {
1953 0 : struct wbcAuthUserInfo *i = info->info;
1954 : uint32_t j;
1955 :
1956 0 : if (i->account_name != NULL) {
1957 0 : d_printf("account_name: %s\n", i->account_name);
1958 : }
1959 0 : if (i->user_principal != NULL) {
1960 0 : d_printf("user_principal: %s\n", i->user_principal);
1961 : }
1962 0 : if (i->full_name != NULL) {
1963 0 : d_printf("full_name: %s\n", i->full_name);
1964 : }
1965 0 : if (i->domain_name != NULL) {
1966 0 : d_printf("domain_name: %s\n", i->domain_name);
1967 : }
1968 0 : if (i->dns_domain_name != NULL) {
1969 0 : d_printf("dns_domain_name: %s\n", i->dns_domain_name);
1970 : }
1971 0 : if (i->logon_server != NULL) {
1972 0 : d_printf("logon_server: %s\n", i->logon_server);
1973 : }
1974 0 : if (i->logon_script != NULL) {
1975 0 : d_printf("logon_script: %s\n", i->logon_script);
1976 : }
1977 0 : if (i->profile_path != NULL) {
1978 0 : d_printf("profile_path: %s\n", i->profile_path);
1979 : }
1980 0 : if (i->home_directory != NULL) {
1981 0 : d_printf("home_directory: %s\n", i->home_directory);
1982 : }
1983 0 : if (i->home_drive != NULL) {
1984 0 : d_printf("home_drive: %s\n", i->home_drive);
1985 : }
1986 :
1987 0 : d_printf("sids:");
1988 :
1989 0 : for (j=0; j<i->num_sids; j++) {
1990 : char buf[WBC_SID_STRING_BUFLEN];
1991 0 : wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
1992 0 : d_printf(" %s", buf);
1993 : }
1994 0 : d_printf("\n");
1995 :
1996 0 : wbcFreeMemory(info);
1997 0 : info = NULL;
1998 : }
1999 :
2000 24 : wbcFreeMemory(params.blobs);
2001 :
2002 24 : d_printf("plaintext password authentication %s\n",
2003 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2004 :
2005 24 : if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
2006 16 : d_fprintf(stderr,
2007 : "wbcLogonUser(%s): error code was %s (0x%x)\n"
2008 : "error message was: %s\n",
2009 : params.username,
2010 8 : error->nt_string,
2011 8 : (int)error->nt_status,
2012 8 : error->display_string);
2013 8 : wbcFreeMemory(error);
2014 : }
2015 24 : return WBC_ERROR_IS_OK(wbc_status);
2016 : }
2017 :
2018 : /* Save creds with winbind */
2019 :
2020 24 : static bool wbinfo_ccache_save(char *username)
2021 : {
2022 24 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2023 24 : char *s = NULL;
2024 24 : char *p = NULL;
2025 24 : char *password = NULL;
2026 24 : char *name = NULL;
2027 24 : TALLOC_CTX *frame = talloc_stackframe();
2028 :
2029 24 : s = talloc_strdup(frame, username);
2030 24 : if (s == NULL) {
2031 0 : return false;
2032 : }
2033 :
2034 24 : p = strchr(s, '%');
2035 24 : if (p != NULL) {
2036 24 : *p = 0;
2037 24 : p++;
2038 24 : password = talloc_strdup(frame, p);
2039 : } else {
2040 0 : password = wbinfo_prompt_pass(frame, NULL, username);
2041 : }
2042 :
2043 24 : name = s;
2044 :
2045 24 : wbc_status = wbcCredentialSave(name, password);
2046 :
2047 24 : d_printf("saving creds %s\n",
2048 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2049 :
2050 24 : TALLOC_FREE(frame);
2051 :
2052 24 : return WBC_ERROR_IS_OK(wbc_status);
2053 : }
2054 :
2055 : #ifdef WITH_FAKE_KASERVER
2056 : /* Authenticate a user with a plaintext password and set a token */
2057 :
2058 : static bool wbinfo_klog(char *username)
2059 : {
2060 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2061 : struct winbindd_request request;
2062 : struct winbindd_response response;
2063 : char *p;
2064 :
2065 : /* Send off request */
2066 :
2067 : ZERO_STRUCT(request);
2068 : ZERO_STRUCT(response);
2069 :
2070 : p = strchr(username, '%');
2071 :
2072 : if (p) {
2073 : *p = 0;
2074 : fstrcpy(request.data.auth.user, username);
2075 : fstrcpy(request.data.auth.pass, p + 1);
2076 : *p = '%';
2077 : } else {
2078 : fstrcpy(request.data.auth.user, username);
2079 : (void) samba_getpass("Password: ",
2080 : request.data.auth.pass,
2081 : sizeof(request.data.auth.pass),
2082 : false, false);
2083 : }
2084 :
2085 : request.flags |= WBFLAG_PAM_AFS_TOKEN;
2086 :
2087 : wbc_status = wbcRequestResponse(NULL, WINBINDD_PAM_AUTH,
2088 : &request, &response);
2089 :
2090 : /* Display response */
2091 :
2092 : d_printf("plaintext password authentication %s\n",
2093 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2094 :
2095 : if (response.data.auth.nt_status)
2096 : d_fprintf(stderr,
2097 : "error code was %s (0x%x)\nerror message was: %s\n",
2098 : response.data.auth.nt_status_string,
2099 : response.data.auth.nt_status,
2100 : response.data.auth.error_string);
2101 :
2102 : if (!WBC_ERROR_IS_OK(wbc_status))
2103 : return false;
2104 :
2105 : if (response.extra_data.data == NULL) {
2106 : d_fprintf(stderr, "Did not get token data\n");
2107 : return false;
2108 : }
2109 :
2110 : if (!afs_settoken_str((char *)response.extra_data.data)) {
2111 : winbindd_free_response(&response);
2112 : d_fprintf(stderr, "Could not set token\n");
2113 : return false;
2114 : }
2115 :
2116 : winbindd_free_response(&response);
2117 : d_printf("Successfully created AFS token\n");
2118 : return true;
2119 : }
2120 : #else
2121 0 : static bool wbinfo_klog(char *username)
2122 : {
2123 0 : d_fprintf(stderr, "No AFS support compiled in.\n");
2124 0 : return false;
2125 : }
2126 : #endif
2127 :
2128 : /* Print domain users */
2129 :
2130 10 : static bool print_domain_users(const char *domain)
2131 : {
2132 10 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2133 : uint32_t i;
2134 10 : uint32_t num_users = 0;
2135 10 : const char **users = NULL;
2136 :
2137 : /* Send request to winbind daemon */
2138 :
2139 10 : if (domain == NULL) {
2140 10 : domain = get_winbind_domain();
2141 : } else {
2142 : /* '.' is the special sign for our own domain */
2143 0 : if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2144 0 : domain = get_winbind_domain();
2145 : /* '*' is the special sign for all domains */
2146 0 : } else if (strcmp(domain, "*") == 0) {
2147 0 : domain = NULL;
2148 : }
2149 : }
2150 :
2151 10 : wbc_status = wbcListUsers(domain, &num_users, &users);
2152 10 : if (!WBC_ERROR_IS_OK(wbc_status)) {
2153 0 : return false;
2154 : }
2155 :
2156 141 : for (i=0; i < num_users; i++) {
2157 131 : d_printf("%s\n", users[i]);
2158 : }
2159 :
2160 10 : wbcFreeMemory(users);
2161 :
2162 10 : return true;
2163 : }
2164 :
2165 : /* Print domain groups */
2166 :
2167 10 : static bool print_domain_groups(const char *domain)
2168 : {
2169 10 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2170 : uint32_t i;
2171 10 : uint32_t num_groups = 0;
2172 10 : const char **groups = NULL;
2173 :
2174 : /* Send request to winbind daemon */
2175 :
2176 10 : if (domain == NULL) {
2177 10 : domain = get_winbind_domain();
2178 : } else {
2179 : /* '.' is the special sign for our own domain */
2180 0 : if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2181 0 : domain = get_winbind_domain();
2182 : /* '*' is the special sign for all domains */
2183 0 : } else if (strcmp(domain, "*") == 0) {
2184 0 : domain = NULL;
2185 : }
2186 : }
2187 :
2188 10 : wbc_status = wbcListGroups(domain, &num_groups, &groups);
2189 10 : if (!WBC_ERROR_IS_OK(wbc_status)) {
2190 0 : d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
2191 : wbcErrorString(wbc_status));
2192 0 : return false;
2193 : }
2194 :
2195 190 : for (i=0; i < num_groups; i++) {
2196 180 : d_printf("%s\n", groups[i]);
2197 : }
2198 :
2199 10 : wbcFreeMemory(groups);
2200 :
2201 10 : return true;
2202 : }
2203 :
2204 : /* Set the authorised user for winbindd access in secrets.tdb */
2205 :
2206 0 : static bool wbinfo_set_auth_user(char *username)
2207 : {
2208 0 : d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2209 : "See 'net help setauthuser' for details.\n");
2210 0 : return false;
2211 : }
2212 :
2213 0 : static void wbinfo_get_auth_user(void)
2214 : {
2215 0 : d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2216 : "See 'net help getauthuser' for details.\n");
2217 0 : }
2218 :
2219 27 : static bool wbinfo_ping(void)
2220 : {
2221 : wbcErr wbc_status;
2222 :
2223 27 : wbc_status = wbcPing();
2224 :
2225 : /* Display response */
2226 :
2227 27 : d_printf("Ping to winbindd %s\n",
2228 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2229 :
2230 27 : return WBC_ERROR_IS_OK(wbc_status);
2231 : }
2232 :
2233 0 : static bool wbinfo_change_user_password(const char *username)
2234 : {
2235 : wbcErr wbc_status;
2236 0 : char *old_password = NULL;
2237 0 : char *new_password = NULL;
2238 0 : TALLOC_CTX *frame = talloc_tos();
2239 :
2240 0 : old_password = wbinfo_prompt_pass(frame, "old", username);
2241 0 : new_password = wbinfo_prompt_pass(frame, "new", username);
2242 :
2243 0 : wbc_status = wbcChangeUserPassword(username, old_password,new_password);
2244 :
2245 : /* Display response */
2246 :
2247 0 : d_printf("Password change for user %s %s\n", username,
2248 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2249 :
2250 0 : return WBC_ERROR_IS_OK(wbc_status);
2251 : }
2252 :
2253 : /* Main program */
2254 :
2255 : enum {
2256 : OPT_SET_AUTH_USER = 1000,
2257 : OPT_GET_AUTH_USER,
2258 : OPT_DOMAIN_NAME,
2259 : OPT_SEQUENCE,
2260 : OPT_GETDCNAME,
2261 : OPT_DSGETDCNAME,
2262 : OPT_DC_INFO,
2263 : OPT_USERDOMGROUPS,
2264 : OPT_SIDALIASES,
2265 : OPT_USERSIDS,
2266 : OPT_LOOKUP_SIDS,
2267 : OPT_ALLOCATE_UID,
2268 : OPT_ALLOCATE_GID,
2269 : OPT_SET_UID_MAPPING,
2270 : OPT_SET_GID_MAPPING,
2271 : OPT_REMOVE_UID_MAPPING,
2272 : OPT_REMOVE_GID_MAPPING,
2273 : OPT_SIDS_TO_XIDS,
2274 : OPT_XIDS_TO_SIDS,
2275 : OPT_SEPARATOR,
2276 : OPT_LIST_ALL_DOMAINS,
2277 : OPT_LIST_OWN_DOMAIN,
2278 : OPT_UID_INFO,
2279 : OPT_USER_SIDINFO,
2280 : OPT_GROUP_INFO,
2281 : OPT_GID_INFO,
2282 : OPT_VERBOSE,
2283 : OPT_ONLINESTATUS,
2284 : OPT_CHANGE_USER_PASSWORD,
2285 : OPT_CCACHE_SAVE,
2286 : OPT_SID_TO_FULLNAME,
2287 : OPT_NTLMV1,
2288 : OPT_NTLMV2,
2289 : OPT_PAM_LOGON,
2290 : OPT_LOGOFF,
2291 : OPT_LOGOFF_USER,
2292 : OPT_LOGOFF_UID,
2293 : OPT_LANMAN,
2294 : OPT_KRB5CCNAME
2295 : };
2296 :
2297 1122 : int main(int argc, const char **argv, char **envp)
2298 : {
2299 : int opt;
2300 1122 : TALLOC_CTX *frame = talloc_stackframe();
2301 : poptContext pc;
2302 : static char *string_arg;
2303 1122 : char *string_subarg = NULL;
2304 : static char *opt_domain_name;
2305 : static int int_arg;
2306 1122 : int int_subarg = -1;
2307 1122 : int result = 1;
2308 1122 : bool verbose = false;
2309 1122 : bool use_ntlmv2 = true;
2310 1122 : bool use_lanman = false;
2311 1122 : char *logoff_user = getenv("USER");
2312 1122 : int logoff_uid = geteuid();
2313 1122 : const char *opt_krb5ccname = "FILE";
2314 :
2315 2244 : struct poptOption long_options[] = {
2316 : POPT_AUTOHELP
2317 :
2318 : /* longName, shortName, argInfo, argPtr, value, descrip,
2319 : argDesc */
2320 :
2321 : {
2322 : .longName = "domain-users",
2323 : .shortName = 'u',
2324 : .argInfo = POPT_ARG_NONE,
2325 : .val = 'u',
2326 : .descrip = "Lists all domain users",
2327 : .argDescrip = "domain"
2328 : },
2329 : {
2330 : .longName = "domain-groups",
2331 : .shortName = 'g',
2332 : .argInfo = POPT_ARG_NONE,
2333 : .val = 'g',
2334 : .descrip = "Lists all domain groups",
2335 : .argDescrip = "domain"
2336 : },
2337 : {
2338 : .longName = "WINS-by-name",
2339 : .shortName = 'N',
2340 : .argInfo = POPT_ARG_STRING,
2341 : .arg = &string_arg,
2342 : .val = 'N',
2343 : .descrip = "Converts NetBIOS name to IP",
2344 : .argDescrip = "NETBIOS-NAME"
2345 : },
2346 : {
2347 : .longName = "WINS-by-ip",
2348 : .shortName = 'I',
2349 : .argInfo = POPT_ARG_STRING,
2350 : .arg = &string_arg,
2351 : .val = 'I',
2352 : .descrip = "Converts IP address to NetBIOS name",
2353 : .argDescrip = "IP"
2354 : },
2355 : {
2356 : .longName = "name-to-sid",
2357 : .shortName = 'n',
2358 : .argInfo = POPT_ARG_STRING,
2359 : .arg = &string_arg,
2360 : .val = 'n',
2361 : .descrip = "Converts name to sid",
2362 : .argDescrip = "NAME"
2363 : },
2364 : {
2365 : .longName = "sid-to-name",
2366 : .shortName = 's',
2367 : .argInfo = POPT_ARG_STRING,
2368 : .arg = &string_arg,
2369 : .val = 's',
2370 : .descrip = "Converts sid to name",
2371 : .argDescrip = "SID"
2372 : },
2373 : {
2374 : .longName = "sid-to-fullname",
2375 : .argInfo = POPT_ARG_STRING,
2376 : .arg = &string_arg,
2377 : .val = OPT_SID_TO_FULLNAME,
2378 : .descrip = "Converts sid to fullname",
2379 : .argDescrip = "SID"
2380 : },
2381 : {
2382 : .longName = "lookup-rids",
2383 : .shortName = 'R',
2384 : .argInfo = POPT_ARG_STRING,
2385 : .arg = &string_arg,
2386 : .val = 'R',
2387 : .descrip = "Converts RIDs to names",
2388 : .argDescrip = "RIDs"
2389 : },
2390 : {
2391 : .longName = "lookup-sids",
2392 : .argInfo = POPT_ARG_STRING,
2393 : .arg = &string_arg,
2394 : .val = OPT_LOOKUP_SIDS,
2395 : .descrip = "Converts SIDs to types and names",
2396 : .argDescrip = "Sid-List"
2397 : },
2398 : {
2399 : .longName = "uid-to-sid",
2400 : .shortName = 'U',
2401 : .argInfo = POPT_ARG_INT,
2402 : .arg = &int_arg,
2403 : .val = 'U',
2404 : .descrip = "Converts uid to sid",
2405 : .argDescrip = "UID"
2406 : },
2407 : {
2408 : .longName = "gid-to-sid",
2409 : .shortName = 'G',
2410 : .argInfo = POPT_ARG_INT,
2411 : .arg = &int_arg,
2412 : .val = 'G',
2413 : .descrip = "Converts gid to sid",
2414 : .argDescrip = "GID"
2415 : },
2416 : {
2417 : .longName = "sid-to-uid",
2418 : .shortName = 'S',
2419 : .argInfo = POPT_ARG_STRING,
2420 : .arg = &string_arg,
2421 : .val = 'S',
2422 : .descrip = "Converts sid to uid",
2423 : .argDescrip = "SID"
2424 : },
2425 : {
2426 : .longName = "sid-to-gid",
2427 : .shortName = 'Y',
2428 : .argInfo = POPT_ARG_STRING,
2429 : .arg = &string_arg,
2430 : .val = 'Y',
2431 : .descrip = "Converts sid to gid",
2432 : .argDescrip = "SID"
2433 : },
2434 : {
2435 : .longName = "allocate-uid",
2436 : .argInfo = POPT_ARG_NONE,
2437 : .val = OPT_ALLOCATE_UID,
2438 : .descrip = "Get a new UID out of idmap"
2439 : },
2440 : {
2441 : .longName = "allocate-gid",
2442 : .argInfo = POPT_ARG_NONE,
2443 : .val = OPT_ALLOCATE_GID,
2444 : .descrip = "Get a new GID out of idmap"
2445 : },
2446 : {
2447 : .longName = "set-uid-mapping",
2448 : .argInfo = POPT_ARG_STRING,
2449 : .arg = &string_arg,
2450 : .val = OPT_SET_UID_MAPPING,
2451 : .descrip = "Create or modify uid to sid mapping in "
2452 : "idmap",
2453 : .argDescrip = "UID,SID"
2454 : },
2455 : {
2456 : .longName = "set-gid-mapping",
2457 : .argInfo = POPT_ARG_STRING,
2458 : .arg = &string_arg,
2459 : .val = OPT_SET_GID_MAPPING,
2460 : .descrip = "Create or modify gid to sid mapping in "
2461 : "idmap",
2462 : .argDescrip = "GID,SID"
2463 : },
2464 : {
2465 : .longName = "remove-uid-mapping",
2466 : .argInfo = POPT_ARG_STRING,
2467 : .arg = &string_arg,
2468 : .val = OPT_REMOVE_UID_MAPPING,
2469 : .descrip = "Remove uid to sid mapping in idmap",
2470 : .argDescrip = "UID,SID"
2471 : },
2472 : {
2473 : .longName = "remove-gid-mapping",
2474 : .argInfo = POPT_ARG_STRING,
2475 : .arg = &string_arg,
2476 : .val = OPT_REMOVE_GID_MAPPING,
2477 : .descrip = "Remove gid to sid mapping in idmap",
2478 : .argDescrip = "GID,SID",
2479 : },
2480 : {
2481 : .longName = "sids-to-unix-ids",
2482 : .argInfo = POPT_ARG_STRING,
2483 : .arg = &string_arg,
2484 : .val = OPT_SIDS_TO_XIDS,
2485 : .descrip = "Translate SIDs to Unix IDs",
2486 : .argDescrip = "Sid-List",
2487 : },
2488 : {
2489 : .longName = "unix-ids-to-sids",
2490 : .argInfo = POPT_ARG_STRING,
2491 : .arg = &string_arg,
2492 : .val = OPT_XIDS_TO_SIDS,
2493 : .descrip = "Translate Unix IDs to SIDs",
2494 : .argDescrip = "ID-List (u<num> g<num>)",
2495 : },
2496 : {
2497 : .longName = "check-secret",
2498 : .shortName = 't',
2499 : .argInfo = POPT_ARG_NONE,
2500 : .val = 't',
2501 : .descrip = "Check shared secret",
2502 : },
2503 : {
2504 : .longName = "change-secret",
2505 : .shortName = 'c',
2506 : .argInfo = POPT_ARG_NONE,
2507 : .val = 'c',
2508 : .descrip = "Change shared secret",
2509 : },
2510 : {
2511 : .longName = "ping-dc",
2512 : .shortName = 'P',
2513 : .argInfo = POPT_ARG_NONE,
2514 : .val = 'P',
2515 : .descrip = "Check the NETLOGON connection",
2516 : },
2517 : {
2518 : .longName = "trusted-domains",
2519 : .shortName = 'm',
2520 : .argInfo = POPT_ARG_NONE,
2521 : .val = 'm',
2522 : .descrip = "List trusted domains",
2523 : },
2524 : {
2525 : .longName = "all-domains",
2526 : .argInfo = POPT_ARG_NONE,
2527 : .val = OPT_LIST_ALL_DOMAINS,
2528 : .descrip = "List all domains (trusted and own "
2529 : "domain)",
2530 : },
2531 : {
2532 : .longName = "own-domain",
2533 : .argInfo = POPT_ARG_NONE,
2534 : .val = OPT_LIST_OWN_DOMAIN,
2535 : .descrip = "List own domain",
2536 : },
2537 : {
2538 : .longName = "sequence",
2539 : .argInfo = POPT_ARG_NONE,
2540 : .val = OPT_SEQUENCE,
2541 : .descrip = "Deprecated command, see --online-status",
2542 : },
2543 : {
2544 : .longName = "online-status",
2545 : .argInfo = POPT_ARG_NONE,
2546 : .val = OPT_ONLINESTATUS,
2547 : .descrip = "Show whether domains maintain an active "
2548 : "connection",
2549 : },
2550 : {
2551 : .longName = "domain-info",
2552 : .shortName = 'D',
2553 : .argInfo = POPT_ARG_STRING,
2554 : .arg = &string_arg,
2555 : .val = 'D',
2556 : .descrip = "Show most of the info we have about the "
2557 : "domain",
2558 : },
2559 : {
2560 : .longName = "user-info",
2561 : .shortName = 'i',
2562 : .argInfo = POPT_ARG_STRING,
2563 : .arg = &string_arg,
2564 : .val = 'i',
2565 : .descrip = "Get user info",
2566 : .argDescrip = "USER",
2567 : },
2568 : {
2569 : .longName = "uid-info",
2570 : .argInfo = POPT_ARG_INT,
2571 : .arg = &int_arg,
2572 : .val = OPT_UID_INFO,
2573 : .descrip = "Get user info from uid",
2574 : .argDescrip = "UID",
2575 : },
2576 : {
2577 : .longName = "group-info",
2578 : .argInfo = POPT_ARG_STRING,
2579 : .arg = &string_arg,
2580 : .val = OPT_GROUP_INFO,
2581 : .descrip = "Get group info",
2582 : .argDescrip = "GROUP",
2583 : },
2584 : {
2585 : .longName = "user-sidinfo",
2586 : .argInfo = POPT_ARG_STRING,
2587 : .arg = &string_arg,
2588 : .val = OPT_USER_SIDINFO,
2589 : .descrip = "Get user info from sid",
2590 : .argDescrip = "SID",
2591 : },
2592 : {
2593 : .longName = "gid-info",
2594 : .argInfo = POPT_ARG_INT,
2595 : .arg = &int_arg,
2596 : .val = OPT_GID_INFO,
2597 : .descrip = "Get group info from gid",
2598 : .argDescrip = "GID",
2599 : },
2600 : {
2601 : .longName = "user-groups",
2602 : .shortName = 'r',
2603 : .argInfo = POPT_ARG_STRING,
2604 : .arg = &string_arg,
2605 : .val = 'r',
2606 : .descrip = "Get user groups",
2607 : .argDescrip = "USER",
2608 : },
2609 : {
2610 : .longName = "user-domgroups",
2611 : .argInfo = POPT_ARG_STRING,
2612 : .arg = &string_arg,
2613 : .val = OPT_USERDOMGROUPS,
2614 : .descrip = "Get user domain groups",
2615 : .argDescrip = "SID",
2616 : },
2617 : {
2618 : .longName = "sid-aliases",
2619 : .argInfo = POPT_ARG_STRING,
2620 : .arg = &string_arg,
2621 : .val = OPT_SIDALIASES,
2622 : .descrip = "Get sid aliases",
2623 : .argDescrip = "SID",
2624 : },
2625 : {
2626 : .longName = "user-sids",
2627 : .argInfo = POPT_ARG_STRING,
2628 : .arg = &string_arg,
2629 : .val = OPT_USERSIDS,
2630 : .descrip = "Get user group sids for user SID",
2631 : .argDescrip = "SID",
2632 : },
2633 : {
2634 : .longName = "authenticate",
2635 : .shortName = 'a',
2636 : .argInfo = POPT_ARG_STRING,
2637 : .arg = &string_arg,
2638 : .val = 'a',
2639 : .descrip = "authenticate user",
2640 : .argDescrip = "user%password",
2641 : },
2642 : {
2643 : .longName = "pam-logon",
2644 : .argInfo = POPT_ARG_STRING,
2645 : .arg = &string_arg,
2646 : .val = OPT_PAM_LOGON,
2647 : .descrip = "do a pam logon equivalent",
2648 : .argDescrip = "user%password",
2649 : },
2650 : {
2651 : .longName = "logoff",
2652 : .argInfo = POPT_ARG_NONE,
2653 : .val = OPT_LOGOFF,
2654 : .descrip = "log off user",
2655 : .argDescrip = "uid",
2656 : },
2657 : {
2658 : .longName = "logoff-user",
2659 : .argInfo = POPT_ARG_STRING,
2660 : .arg = &logoff_user,
2661 : .val = OPT_LOGOFF_USER,
2662 : .descrip = "username to log off"
2663 : },
2664 : {
2665 : .longName = "logoff-uid",
2666 : .argInfo = POPT_ARG_INT,
2667 : .arg = &logoff_uid,
2668 : .val = OPT_LOGOFF_UID,
2669 : .descrip = "uid to log off",
2670 : },
2671 : {
2672 : .longName = "set-auth-user",
2673 : .argInfo = POPT_ARG_STRING,
2674 : .arg = &string_arg,
2675 : .val = OPT_SET_AUTH_USER,
2676 : .descrip = "Store user and password used by "
2677 : "winbindd (root only)",
2678 : .argDescrip = "user%password",
2679 : },
2680 : {
2681 : .longName = "ccache-save",
2682 : .shortName = 0,
2683 : .argInfo = POPT_ARG_STRING,
2684 : .arg = &string_arg,
2685 : .val = OPT_CCACHE_SAVE,
2686 : .descrip = "Store user and password for ccache "
2687 : "operation",
2688 : .argDescrip = "user%password",
2689 : },
2690 : {
2691 : .longName = "getdcname",
2692 : .argInfo = POPT_ARG_STRING,
2693 : .arg = &string_arg,
2694 : .val = OPT_GETDCNAME,
2695 : .descrip = "Get a DC name for a foreign domain",
2696 : .argDescrip = "domainname",
2697 : },
2698 : {
2699 : .longName = "dsgetdcname",
2700 : .argInfo = POPT_ARG_STRING,
2701 : .arg = &string_arg,
2702 : .val = OPT_DSGETDCNAME,
2703 : .descrip = "Find a DC for a domain",
2704 : .argDescrip = "domainname",
2705 : },
2706 : {
2707 : .longName = "dc-info",
2708 : .argInfo = POPT_ARG_STRING,
2709 : .arg = &string_arg,
2710 : .val = OPT_DC_INFO,
2711 : .descrip = "Find the currently known DCs",
2712 : .argDescrip = "domainname",
2713 : },
2714 : {
2715 : .longName = "get-auth-user",
2716 : .argInfo = POPT_ARG_NONE,
2717 : .val = OPT_GET_AUTH_USER,
2718 : .descrip = "Retrieve user and password used by "
2719 : "winbindd (root only)",
2720 : },
2721 : {
2722 : .longName = "ping",
2723 : .shortName = 'p',
2724 : .argInfo = POPT_ARG_NONE,
2725 : .arg = 0,
2726 : .val = 'p',
2727 : .descrip = "Ping winbindd to see if it is alive",
2728 : },
2729 : {
2730 : .longName = "domain",
2731 : .shortName = 0,
2732 : .argInfo = POPT_ARG_STRING,
2733 : .arg = &opt_domain_name,
2734 : .val = OPT_DOMAIN_NAME,
2735 : .descrip = "Define to the domain to restrict "
2736 : "operation",
2737 : .argDescrip = "domain",
2738 : },
2739 : #ifdef WITH_FAKE_KASERVER
2740 : {
2741 : .longName = "klog",
2742 : .shortName = 'k',
2743 : .argInfo = POPT_ARG_STRING,
2744 : .arg = &string_arg,
2745 : .val = 'k',
2746 : .descrip = "set an AFS token from winbind",
2747 : .argDescrip = "user%password",
2748 : },
2749 : #endif
2750 : #ifdef HAVE_KRB5
2751 : {
2752 : .longName = "krb5auth",
2753 : .shortName = 'K',
2754 : .argInfo = POPT_ARG_STRING,
2755 : .arg = &string_arg,
2756 : .val = 'K',
2757 : .descrip = "authenticate user using Kerberos",
2758 : .argDescrip = "user%password",
2759 : },
2760 : /* destroys wbinfo --help output */
2761 : /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
2762 : */
2763 : {
2764 : .longName = "krb5ccname",
2765 : .argInfo = POPT_ARG_STRING,
2766 : .arg = &opt_krb5ccname,
2767 : .val = OPT_KRB5CCNAME,
2768 : .descrip = "authenticate user using Kerberos and "
2769 : "specific credential cache type",
2770 : .argDescrip = "krb5ccname",
2771 : },
2772 : #endif
2773 : {
2774 : .longName = "separator",
2775 : .argInfo = POPT_ARG_NONE,
2776 : .val = OPT_SEPARATOR,
2777 : .descrip = "Get the active winbind separator",
2778 : },
2779 : {
2780 : .longName = "verbose",
2781 : .argInfo = POPT_ARG_NONE,
2782 : .val = OPT_VERBOSE,
2783 : .descrip = "Print additional information per command",
2784 : },
2785 : {
2786 : .longName = "change-user-password",
2787 : .argInfo = POPT_ARG_STRING,
2788 : .arg = &string_arg,
2789 : .val = OPT_CHANGE_USER_PASSWORD,
2790 : .descrip = "Change the password for a user",
2791 : },
2792 : {
2793 : .longName = "ntlmv1",
2794 : .argInfo = POPT_ARG_NONE,
2795 : .val = OPT_NTLMV1,
2796 : .descrip = "Use NTLMv1 cryptography for user authentication",
2797 : },
2798 : {
2799 : .longName = "ntlmv2",
2800 : .argInfo = POPT_ARG_NONE,
2801 : .val = OPT_NTLMV2,
2802 : .descrip = "Use NTLMv2 cryptography for user authentication",
2803 : },
2804 : {
2805 : .longName = "lanman",
2806 : .argInfo = POPT_ARG_NONE,
2807 : .val = OPT_LANMAN,
2808 : .descrip = "Use lanman cryptography for user authentication",
2809 : },
2810 1122 : POPT_COMMON_VERSION
2811 : POPT_TABLEEND
2812 : };
2813 :
2814 : /* Samba client initialisation */
2815 1122 : smb_init_locale();
2816 :
2817 :
2818 : /* Parse options */
2819 :
2820 1122 : pc = samba_popt_get_context(getprogname(),
2821 : argc,
2822 : argv,
2823 : long_options,
2824 : 0);
2825 1122 : if (pc == NULL) {
2826 0 : DBG_ERR("Failed to setup popt context!\n");
2827 0 : exit(1);
2828 : }
2829 :
2830 : /* Parse command line options */
2831 :
2832 1122 : if (argc == 1) {
2833 0 : poptPrintHelp(pc, stderr, 0);
2834 0 : return 1;
2835 : }
2836 :
2837 3131 : while((opt = poptGetNextOpt(pc)) != -1) {
2838 : /* get the generic configuration parameters like --domain */
2839 1301 : switch (opt) {
2840 0 : case OPT_VERBOSE:
2841 0 : verbose = true;
2842 0 : break;
2843 1 : case OPT_NTLMV1:
2844 1 : use_ntlmv2 = false;
2845 1 : break;
2846 0 : case OPT_LANMAN:
2847 0 : use_lanman = true;
2848 0 : break;
2849 : }
2850 : }
2851 :
2852 1122 : poptFreeContext(pc);
2853 :
2854 1122 : pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
2855 : POPT_CONTEXT_KEEP_FIRST);
2856 :
2857 1539 : while((opt = poptGetNextOpt(pc)) != -1) {
2858 1301 : switch (opt) {
2859 10 : case 'u':
2860 10 : if (!print_domain_users(opt_domain_name)) {
2861 0 : d_fprintf(stderr,
2862 : "Error looking up domain users\n");
2863 0 : goto done;
2864 : }
2865 10 : break;
2866 10 : case 'g':
2867 10 : if (!print_domain_groups(opt_domain_name)) {
2868 0 : d_fprintf(stderr,
2869 : "Error looking up domain groups\n");
2870 0 : goto done;
2871 : }
2872 10 : break;
2873 66 : case 's':
2874 66 : if (!wbinfo_lookupsid(string_arg)) {
2875 6 : d_fprintf(stderr,
2876 : "Could not lookup sid %s\n",
2877 : string_arg);
2878 6 : goto done;
2879 : }
2880 60 : break;
2881 0 : case OPT_SID_TO_FULLNAME:
2882 0 : if (!wbinfo_lookupsid_fullname(string_arg)) {
2883 0 : d_fprintf(stderr, "Could not lookup sid %s\n",
2884 : string_arg);
2885 0 : goto done;
2886 : }
2887 0 : break;
2888 0 : case 'R':
2889 0 : if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2890 0 : d_fprintf(stderr, "Could not lookup RIDs %s\n",
2891 : string_arg);
2892 0 : goto done;
2893 : }
2894 0 : break;
2895 0 : case OPT_LOOKUP_SIDS:
2896 0 : if (!wbinfo_lookup_sids(string_arg)) {
2897 0 : d_fprintf(stderr, "Could not lookup SIDs %s\n",
2898 : string_arg);
2899 0 : goto done;
2900 : }
2901 0 : break;
2902 212 : case 'n':
2903 212 : if (!wbinfo_lookupname(string_arg)) {
2904 18 : d_fprintf(stderr, "Could not lookup name %s\n",
2905 : string_arg);
2906 18 : goto done;
2907 : }
2908 194 : break;
2909 6 : case 'N':
2910 6 : if (!wbinfo_wins_byname(string_arg)) {
2911 0 : d_fprintf(stderr,
2912 : "Could not lookup WINS by name %s\n",
2913 : string_arg);
2914 0 : goto done;
2915 : }
2916 6 : break;
2917 6 : case 'I':
2918 6 : if (!wbinfo_wins_byip(string_arg)) {
2919 0 : d_fprintf(stderr,
2920 : "Could not lookup WINS by IP %s\n",
2921 : string_arg);
2922 0 : goto done;
2923 : }
2924 6 : break;
2925 28 : case 'U':
2926 28 : if (!wbinfo_uid_to_sid(int_arg)) {
2927 4 : d_fprintf(stderr,
2928 : "Could not convert uid %d to sid\n",
2929 : int_arg);
2930 4 : goto done;
2931 : }
2932 24 : break;
2933 46 : case 'G':
2934 46 : if (!wbinfo_gid_to_sid(int_arg)) {
2935 4 : d_fprintf(stderr,
2936 : "Could not convert gid %d to sid\n",
2937 : int_arg);
2938 4 : goto done;
2939 : }
2940 42 : break;
2941 50 : case 'S':
2942 50 : if (!wbinfo_sid_to_uid(string_arg)) {
2943 6 : d_fprintf(stderr,
2944 : "Could not convert sid %s to uid\n",
2945 : string_arg);
2946 6 : goto done;
2947 : }
2948 44 : break;
2949 119 : case 'Y':
2950 119 : if (!wbinfo_sid_to_gid(string_arg)) {
2951 18 : d_fprintf(stderr,
2952 : "Could not convert sid %s to gid\n",
2953 : string_arg);
2954 18 : goto done;
2955 : }
2956 101 : break;
2957 4 : case OPT_ALLOCATE_UID:
2958 4 : if (!wbinfo_allocate_uid()) {
2959 2 : d_fprintf(stderr, "Could not allocate a uid\n");
2960 2 : goto done;
2961 : }
2962 2 : break;
2963 4 : case OPT_ALLOCATE_GID:
2964 4 : if (!wbinfo_allocate_gid()) {
2965 2 : d_fprintf(stderr, "Could not allocate a gid\n");
2966 2 : goto done;
2967 : }
2968 2 : break;
2969 0 : case OPT_SET_UID_MAPPING:
2970 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
2971 0 : &string_subarg) ||
2972 0 : !wbinfo_set_uid_mapping(int_subarg, string_subarg))
2973 : {
2974 0 : d_fprintf(stderr, "Could not create or modify "
2975 : "uid to sid mapping\n");
2976 0 : goto done;
2977 : }
2978 0 : break;
2979 0 : case OPT_SET_GID_MAPPING:
2980 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
2981 0 : &string_subarg) ||
2982 0 : !wbinfo_set_gid_mapping(int_subarg, string_subarg))
2983 : {
2984 0 : d_fprintf(stderr, "Could not create or modify "
2985 : "gid to sid mapping\n");
2986 0 : goto done;
2987 : }
2988 0 : break;
2989 0 : case OPT_REMOVE_UID_MAPPING:
2990 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
2991 0 : &string_subarg) ||
2992 0 : !wbinfo_remove_uid_mapping(int_subarg,
2993 : string_subarg))
2994 : {
2995 0 : d_fprintf(stderr, "Could not remove uid to sid "
2996 : "mapping\n");
2997 0 : goto done;
2998 : }
2999 0 : break;
3000 0 : case OPT_REMOVE_GID_MAPPING:
3001 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
3002 0 : &string_subarg) ||
3003 0 : !wbinfo_remove_gid_mapping(int_subarg,
3004 : string_subarg))
3005 : {
3006 0 : d_fprintf(stderr, "Could not remove gid to sid "
3007 : "mapping\n");
3008 0 : goto done;
3009 : }
3010 0 : break;
3011 22 : case OPT_SIDS_TO_XIDS:
3012 22 : if (!wbinfo_sids_to_unix_ids(string_arg)) {
3013 0 : d_fprintf(stderr, "wbinfo_sids_to_unix_ids "
3014 : "failed\n");
3015 0 : goto done;
3016 : }
3017 22 : break;
3018 2 : case OPT_XIDS_TO_SIDS:
3019 2 : if (!wbinfo_xids_to_sids(string_arg)) {
3020 0 : d_fprintf(stderr, "wbinfo_xids_to_sids "
3021 : "failed\n");
3022 0 : goto done;
3023 : }
3024 2 : break;
3025 20 : case 't':
3026 20 : if (!wbinfo_check_secret(opt_domain_name)) {
3027 0 : d_fprintf(stderr, "Could not check secret\n");
3028 0 : goto done;
3029 : }
3030 20 : break;
3031 16 : case 'c':
3032 16 : if (!wbinfo_change_secret(opt_domain_name)) {
3033 0 : d_fprintf(stderr, "Could not change secret\n");
3034 0 : goto done;
3035 : }
3036 16 : break;
3037 92 : case 'P':
3038 92 : if (!wbinfo_ping_dc(opt_domain_name)) {
3039 10 : goto done;
3040 : }
3041 82 : break;
3042 10 : case 'm':
3043 10 : if (!wbinfo_list_domains(false, verbose)) {
3044 0 : d_fprintf(stderr,
3045 : "Could not list trusted domains\n");
3046 0 : goto done;
3047 : }
3048 10 : break;
3049 6 : case OPT_SEQUENCE:
3050 6 : if (!wbinfo_show_sequence(opt_domain_name)) {
3051 6 : d_fprintf(stderr,
3052 : "Could not show sequence numbers\n");
3053 6 : goto done;
3054 : }
3055 0 : break;
3056 16 : case OPT_ONLINESTATUS:
3057 16 : if (!wbinfo_show_onlinestatus(opt_domain_name)) {
3058 0 : d_fprintf(stderr,
3059 : "Could not show online-status\n");
3060 0 : goto done;
3061 : }
3062 16 : break;
3063 16 : case 'D':
3064 16 : if (!wbinfo_domain_info(string_arg)) {
3065 0 : d_fprintf(stderr,
3066 : "Could not get domain info\n");
3067 0 : goto done;
3068 : }
3069 16 : break;
3070 48 : case 'i':
3071 48 : if (!wbinfo_get_userinfo(string_arg)) {
3072 4 : d_fprintf(stderr,
3073 : "Could not get info for user %s\n",
3074 : string_arg);
3075 4 : goto done;
3076 : }
3077 44 : break;
3078 0 : case OPT_USER_SIDINFO:
3079 0 : if ( !wbinfo_get_user_sidinfo(string_arg)) {
3080 0 : d_fprintf(stderr,
3081 : "Could not get info for user "
3082 : "sid %s\n", string_arg);
3083 0 : goto done;
3084 : }
3085 0 : break;
3086 6 : case OPT_UID_INFO:
3087 6 : if ( !wbinfo_get_uidinfo(int_arg)) {
3088 0 : d_fprintf(stderr, "Could not get info for uid "
3089 : "%d\n", int_arg);
3090 0 : goto done;
3091 : }
3092 6 : break;
3093 18 : case OPT_GROUP_INFO:
3094 18 : if ( !wbinfo_get_groupinfo(string_arg)) {
3095 6 : d_fprintf(stderr, "Could not get info for "
3096 : "group %s\n", string_arg);
3097 6 : goto done;
3098 : }
3099 12 : break;
3100 6 : case OPT_GID_INFO:
3101 6 : if ( !wbinfo_get_gidinfo(int_arg)) {
3102 0 : d_fprintf(stderr, "Could not get info for gid "
3103 : "%d\n", int_arg);
3104 0 : goto done;
3105 : }
3106 6 : break;
3107 12 : case 'r':
3108 12 : if (!wbinfo_get_usergroups(string_arg)) {
3109 0 : d_fprintf(stderr,
3110 : "Could not get groups for user %s\n",
3111 : string_arg);
3112 0 : goto done;
3113 : }
3114 12 : break;
3115 6 : case OPT_USERSIDS:
3116 6 : if (!wbinfo_get_usersids(string_arg)) {
3117 0 : d_fprintf(stderr, "Could not get group SIDs "
3118 : "for user SID %s\n",
3119 : string_arg);
3120 0 : goto done;
3121 : }
3122 6 : break;
3123 6 : case OPT_USERDOMGROUPS:
3124 6 : if (!wbinfo_get_userdomgroups(string_arg)) {
3125 0 : d_fprintf(stderr, "Could not get user's domain "
3126 : "groups for user SID %s\n",
3127 : string_arg);
3128 0 : goto done;
3129 : }
3130 6 : break;
3131 0 : case OPT_SIDALIASES:
3132 0 : if (!wbinfo_get_sidaliases(opt_domain_name,
3133 : string_arg)) {
3134 0 : d_fprintf(stderr, "Could not get sid aliases "
3135 : "for user SID %s\n", string_arg);
3136 0 : goto done;
3137 : }
3138 0 : break;
3139 90 : case 'a': {
3140 90 : bool got_error = false;
3141 :
3142 90 : if (!wbinfo_auth(string_arg)) {
3143 24 : d_fprintf(stderr,
3144 : "Could not authenticate user "
3145 : "%s with plaintext "
3146 : "password\n", string_arg);
3147 24 : got_error = true;
3148 : }
3149 :
3150 90 : if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
3151 : use_lanman)) {
3152 22 : d_fprintf(stderr,
3153 : "Could not authenticate user "
3154 : "%s with challenge/response\n",
3155 : string_arg);
3156 22 : got_error = true;
3157 : }
3158 :
3159 90 : if (got_error)
3160 24 : goto done;
3161 66 : break;
3162 : }
3163 24 : case OPT_PAM_LOGON:
3164 24 : if (!wbinfo_pam_logon(string_arg, verbose)) {
3165 8 : d_fprintf(stderr, "pam_logon failed for %s\n",
3166 : string_arg);
3167 8 : goto done;
3168 : }
3169 16 : break;
3170 4 : case OPT_LOGOFF:
3171 : {
3172 : wbcErr wbc_status;
3173 :
3174 4 : wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
3175 : "");
3176 4 : d_printf("Logoff %s (%d): %s\n", logoff_user,
3177 : logoff_uid, wbcErrorString(wbc_status));
3178 4 : break;
3179 : }
3180 42 : case 'K': {
3181 42 : uint32_t flags = WBFLAG_PAM_KRB5 |
3182 : WBFLAG_PAM_CACHED_LOGIN |
3183 : WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
3184 : WBFLAG_PAM_INFO3_TEXT |
3185 : WBFLAG_PAM_CONTACT_TRUSTDOM;
3186 :
3187 42 : if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
3188 : flags)) {
3189 6 : d_fprintf(stderr,
3190 : "Could not authenticate user "
3191 : "[%s] with Kerberos "
3192 : "(ccache: %s)\n", string_arg,
3193 : opt_krb5ccname);
3194 6 : goto done;
3195 : }
3196 36 : break;
3197 : }
3198 0 : case 'k':
3199 0 : if (!wbinfo_klog(string_arg)) {
3200 0 : d_fprintf(stderr, "Could not klog user\n");
3201 0 : goto done;
3202 : }
3203 0 : break;
3204 27 : case 'p':
3205 27 : if (!wbinfo_ping()) {
3206 4 : d_fprintf(stderr, "could not ping winbindd!\n");
3207 4 : goto done;
3208 : }
3209 23 : break;
3210 0 : case OPT_SET_AUTH_USER:
3211 0 : if (!wbinfo_set_auth_user(string_arg)) {
3212 0 : goto done;
3213 : }
3214 0 : break;
3215 0 : case OPT_GET_AUTH_USER:
3216 0 : wbinfo_get_auth_user();
3217 0 : goto done;
3218 : break;
3219 24 : case OPT_CCACHE_SAVE:
3220 24 : if (!wbinfo_ccache_save(string_arg)) {
3221 0 : goto done;
3222 : }
3223 24 : break;
3224 6 : case OPT_GETDCNAME:
3225 6 : if (!wbinfo_getdcname(string_arg)) {
3226 0 : goto done;
3227 : }
3228 6 : break;
3229 0 : case OPT_DSGETDCNAME:
3230 0 : if (!wbinfo_dsgetdcname(string_arg, 0)) {
3231 0 : goto done;
3232 : }
3233 0 : break;
3234 2 : case OPT_DC_INFO:
3235 2 : if (!wbinfo_dc_info(string_arg)) {
3236 0 : goto done;
3237 : }
3238 2 : break;
3239 10 : case OPT_SEPARATOR: {
3240 10 : const char sep = winbind_separator();
3241 10 : if ( !sep ) {
3242 0 : goto done;
3243 : }
3244 10 : d_printf("%c\n", sep);
3245 10 : break;
3246 : }
3247 10 : case OPT_LIST_ALL_DOMAINS:
3248 10 : if (!wbinfo_list_domains(true, verbose)) {
3249 0 : goto done;
3250 : }
3251 10 : break;
3252 20 : case OPT_LIST_OWN_DOMAIN:
3253 20 : if (!wbinfo_list_own_domain()) {
3254 0 : goto done;
3255 : }
3256 20 : break;
3257 0 : case OPT_CHANGE_USER_PASSWORD:
3258 0 : if (!wbinfo_change_user_password(string_arg)) {
3259 0 : d_fprintf(stderr,
3260 : "Could not change user password "
3261 : "for user %s\n", string_arg);
3262 0 : goto done;
3263 : }
3264 0 : break;
3265 :
3266 : /* generic configuration options */
3267 179 : case OPT_DOMAIN_NAME:
3268 : case OPT_VERBOSE:
3269 : case OPT_NTLMV1:
3270 : case OPT_NTLMV2:
3271 : case OPT_LANMAN:
3272 : case OPT_LOGOFF_USER:
3273 : case OPT_LOGOFF_UID:
3274 : case OPT_KRB5CCNAME:
3275 179 : break;
3276 0 : default:
3277 0 : d_fprintf(stderr, "Invalid option\n");
3278 0 : poptPrintHelp(pc, stderr, 0);
3279 0 : goto done;
3280 : }
3281 : }
3282 :
3283 994 : result = 0;
3284 :
3285 : /* Exit code */
3286 :
3287 1122 : done:
3288 1122 : talloc_free(frame);
3289 :
3290 1122 : poptFreeContext(pc);
3291 1122 : return result;
3292 : }
|
