root/nsswitch/wbinfo.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. init_interface_details
  2. winbind_separator_int
  3. winbind_separator
  4. get_winbind_domain
  5. parse_wbinfo_domain_user
  6. parse_mapping_arg
  7. wbinfo_get_userinfo
  8. wbinfo_get_uidinfo
  9. wbinfo_get_user_sidinfo
  10. wbinfo_get_groupinfo
  11. wbinfo_get_gidinfo
  12. wbinfo_get_usergroups
  13. wbinfo_get_usersids
  14. wbinfo_get_userdomgroups
  15. wbinfo_get_sidaliases
  16. wbinfo_wins_byname
  17. wbinfo_wins_byip
  18. wbinfo_list_domains
  19. wbinfo_list_own_domain
  20. wbinfo_show_sequence
  21. wbinfo_show_onlinestatus
  22. wbinfo_domain_info
  23. wbinfo_getdcname
  24. wbinfo_dsgetdcname
  25. wbinfo_check_secret
  26. wbinfo_uid_to_sid
  27. wbinfo_gid_to_sid
  28. wbinfo_sid_to_uid
  29. wbinfo_sid_to_gid
  30. wbinfo_allocate_uid
  31. wbinfo_allocate_gid
  32. wbinfo_set_uid_mapping
  33. wbinfo_set_gid_mapping
  34. wbinfo_remove_uid_mapping
  35. wbinfo_remove_gid_mapping
  36. wbinfo_lookupsid
  37. wbinfo_lookupsid_fullname
  38. wbinfo_lookuprids
  39. wbinfo_lookupname
  40. wbinfo_prompt_pass
  41. wbinfo_auth_krb5
  42. wbinfo_auth
  43. wbinfo_auth_crap
  44. wbinfo_klog
  45. print_domain_users
  46. print_domain_groups
  47. wbinfo_set_auth_user
  48. wbinfo_get_auth_user
  49. wbinfo_ping
  50. wbinfo_change_user_password
  51. main

   1 /*
   2    Unix SMB/CIFS implementation.
   3 
   4    Winbind status program.
   5 
   6    Copyright (C) Tim Potter      2000-2003
   7    Copyright (C) Andrew Bartlett 2002
   8 
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13 
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18 
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #include "includes.h"
  24 #include "winbind_client.h"
  25 #include "libwbclient/wbclient.h"
  26 
  27 #undef DBGC_CLASS
  28 #define DBGC_CLASS DBGC_WINBIND
  29 
  30 static struct wbcInterfaceDetails *init_interface_details(void)
     /* [<][>][^][v][top][bottom][index][help] */
  31 {
  32         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
  33         static struct wbcInterfaceDetails *details;
  34 
  35         if (details) {
  36                 return details;
  37         }
  38 
  39         wbc_status = wbcInterfaceDetails(&details);
  40         if (!WBC_ERROR_IS_OK(wbc_status)) {
  41                 d_fprintf(stderr, "could not obtain winbind interface details!\n");
  42         }
  43 
  44         return details;
  45 }
  46 
  47 static char winbind_separator_int(bool strict)
     /* [<][>][^][v][top][bottom][index][help] */
  48 {
  49         struct wbcInterfaceDetails *details;
  50         static bool got_sep;
  51         static char sep;
  52 
  53         if (got_sep)
  54                 return sep;
  55 
  56         details = init_interface_details();
  57 
  58         if (!details) {
  59                 d_fprintf(stderr, "could not obtain winbind separator!\n");
  60                 if (strict) {
  61                         return 0;
  62                 }
  63                 /* HACK: (this module should not call lp_ funtions) */
  64                 return *lp_winbind_separator();
  65         }
  66 
  67         sep = details->winbind_separator;
  68         got_sep = true;
  69 
  70         if (!sep) {
  71                 d_fprintf(stderr, "winbind separator was NULL!\n");
  72                 if (strict) {
  73                         return 0;
  74                 }
  75                 /* HACK: (this module should not call lp_ funtions) */
  76                 sep = *lp_winbind_separator();
  77         }
  78 
  79         return sep;
  80 }
  81 
  82 static char winbind_separator(void)
     /* [<][>][^][v][top][bottom][index][help] */
  83 {
  84         return winbind_separator_int(false);
  85 }
  86 
  87 static const char *get_winbind_domain(void)
     /* [<][>][^][v][top][bottom][index][help] */
  88 {
  89         static struct wbcInterfaceDetails *details;
  90 
  91         details = init_interface_details();
  92 
  93         if (!details) {
  94                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
  95 
  96                 /* HACK: (this module should not call lp_ functions) */
  97                 return lp_workgroup();
  98         }
  99 
 100         return details->netbios_domain;
 101 }
 102 
 103 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
 104    form DOMAIN/user into a domain and a user */
 105 
 106 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
     /* [<][>][^][v][top][bottom][index][help] */
 107                                      fstring user)
 108 {
 109 
 110         char *p = strchr(domuser,winbind_separator());
 111 
 112         if (!p) {
 113                 /* Maybe it was a UPN? */
 114                 if ((p = strchr(domuser, '@')) != NULL) {
 115                         fstrcpy(domain, "");
 116                         fstrcpy(user, domuser);
 117                         return true;
 118                 }
 119 
 120                 fstrcpy(user, domuser);
 121                 fstrcpy(domain, get_winbind_domain());
 122                 return true;
 123         }
 124 
 125         fstrcpy(user, p+1);
 126         fstrcpy(domain, domuser);
 127         domain[PTR_DIFF(p, domuser)] = 0;
 128         strupper_m(domain);
 129 
 130         return true;
 131 }
 132 
 133 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
 134  * Return true if input was valid, false otherwise. */
 135 static bool parse_mapping_arg(char *arg, int *id, char **sid)
     /* [<][>][^][v][top][bottom][index][help] */
 136 {
 137         char *tmp, *endptr;
 138 
 139         if (!arg || !*arg)
 140                 return false;
 141 
 142         tmp = strtok(arg, ",");
 143         *sid = strtok(NULL, ",");
 144 
 145         if (!tmp || !*tmp || !*sid || !**sid)
 146                 return false;
 147 
 148         /* Because atoi() can return 0 on invalid input, which would be a valid
 149          * UID/GID we must use strtoul() and do error checking */
 150         *id = strtoul(tmp, &endptr, 10);
 151 
 152         if (endptr[0] != '\0')
 153                 return false;
 154 
 155         return true;
 156 }
 157 
 158 /* pull pwent info for a given user */
 159 
 160 static bool wbinfo_get_userinfo(char *user)
     /* [<][>][^][v][top][bottom][index][help] */
 161 {
 162         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 163         struct passwd *pwd = NULL;
 164 
 165         wbc_status = wbcGetpwnam(user, &pwd);
 166         if (!WBC_ERROR_IS_OK(wbc_status)) {
 167                 return false;
 168         }
 169 
 170         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
 171                  pwd->pw_name,
 172                  pwd->pw_passwd,
 173                  (unsigned int)pwd->pw_uid,
 174                  (unsigned int)pwd->pw_gid,
 175                  pwd->pw_gecos,
 176                  pwd->pw_dir,
 177                  pwd->pw_shell);
 178 
 179         return true;
 180 }
 181 
 182 /* pull pwent info for a given uid */
 183 static bool wbinfo_get_uidinfo(int uid)
     /* [<][>][^][v][top][bottom][index][help] */
 184 {
 185         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 186         struct passwd *pwd = NULL;
 187 
 188         wbc_status = wbcGetpwuid(uid, &pwd);
 189         if (!WBC_ERROR_IS_OK(wbc_status)) {
 190                 return false;
 191         }
 192 
 193         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
 194                  pwd->pw_name,
 195                  pwd->pw_passwd,
 196                  (unsigned int)pwd->pw_uid,
 197                  (unsigned int)pwd->pw_gid,
 198                  pwd->pw_gecos,
 199                  pwd->pw_dir,
 200                  pwd->pw_shell);
 201 
 202         return true;
 203 }
 204 
 205 static bool wbinfo_get_user_sidinfo(const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 206 {
 207         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 208         struct passwd *pwd = NULL;
 209         struct wbcDomainSid sid;
 210 
 211         wbc_status = wbcStringToSid(sid_str, &sid);
 212         wbc_status = wbcGetpwsid(&sid, &pwd);
 213         if (!WBC_ERROR_IS_OK(wbc_status)) {
 214                 return false;
 215         }
 216 
 217         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
 218                  pwd->pw_name,
 219                  pwd->pw_passwd,
 220                  (unsigned int)pwd->pw_uid,
 221                  (unsigned int)pwd->pw_gid,
 222                  pwd->pw_gecos,
 223                  pwd->pw_dir,
 224                  pwd->pw_shell);
 225 
 226         return true;
 227 }
 228 
 229 
 230 /* pull grent for a given group */
 231 static bool wbinfo_get_groupinfo(const char *group)
     /* [<][>][^][v][top][bottom][index][help] */
 232 {
 233         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 234         struct group *grp;
 235 
 236         wbc_status = wbcGetgrnam(group, &grp);
 237         if (!WBC_ERROR_IS_OK(wbc_status)) {
 238                 return false;
 239         }
 240 
 241         d_printf("%s:%s:%u\n",
 242                  grp->gr_name,
 243                  grp->gr_passwd,
 244                  (unsigned int)grp->gr_gid);
 245 
 246         wbcFreeMemory(grp);
 247 
 248         return true;
 249 }
 250 
 251 /* pull grent for a given gid */
 252 static bool wbinfo_get_gidinfo(int gid)
     /* [<][>][^][v][top][bottom][index][help] */
 253 {
 254         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 255         struct group *grp;
 256 
 257         wbc_status = wbcGetgrgid(gid, &grp);
 258         if (!WBC_ERROR_IS_OK(wbc_status)) {
 259                 return false;
 260         }
 261 
 262         d_printf("%s:%s:%u\n",
 263                  grp->gr_name,
 264                  grp->gr_passwd,
 265                  (unsigned int)grp->gr_gid);
 266 
 267         wbcFreeMemory(grp);
 268 
 269         return true;
 270 }
 271 
 272 /* List groups a user is a member of */
 273 
 274 static bool wbinfo_get_usergroups(const char *user)
     /* [<][>][^][v][top][bottom][index][help] */
 275 {
 276         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 277         uint32_t num_groups;
 278         uint32_t i;
 279         gid_t *groups = NULL;
 280 
 281         /* Send request */
 282 
 283         wbc_status = wbcGetGroups(user, &num_groups, &groups);
 284         if (!WBC_ERROR_IS_OK(wbc_status)) {
 285                 return false;
 286         }
 287 
 288         for (i = 0; i < num_groups; i++) {
 289                 d_printf("%d\n", (int)groups[i]);
 290         }
 291 
 292         wbcFreeMemory(groups);
 293 
 294         return true;
 295 }
 296 
 297 
 298 /* List group SIDs a user SID is a member of */
 299 static bool wbinfo_get_usersids(const char *user_sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 300 {
 301         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 302         uint32_t num_sids;
 303         uint32_t i;
 304         struct wbcDomainSid user_sid, *sids = NULL;
 305 
 306         /* Send request */
 307 
 308         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
 309         if (!WBC_ERROR_IS_OK(wbc_status)) {
 310                 return false;
 311         }
 312 
 313         wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
 314         if (!WBC_ERROR_IS_OK(wbc_status)) {
 315                 return false;
 316         }
 317 
 318         for (i = 0; i < num_sids; i++) {
 319                 char *str = NULL;
 320                 wbc_status = wbcSidToString(&sids[i], &str);
 321                 if (!WBC_ERROR_IS_OK(wbc_status)) {
 322                         wbcFreeMemory(sids);
 323                         return false;
 324                 }
 325                 d_printf("%s\n", str);
 326                 wbcFreeMemory(str);
 327         }
 328 
 329         wbcFreeMemory(sids);
 330 
 331         return true;
 332 }
 333 
 334 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 335 {
 336         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 337         uint32_t num_sids;
 338         uint32_t i;
 339         struct wbcDomainSid user_sid, *sids = NULL;
 340 
 341         /* Send request */
 342 
 343         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
 344         if (!WBC_ERROR_IS_OK(wbc_status)) {
 345                 return false;
 346         }
 347 
 348         wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
 349         if (!WBC_ERROR_IS_OK(wbc_status)) {
 350                 return false;
 351         }
 352 
 353         for (i = 0; i < num_sids; i++) {
 354                 char *str = NULL;
 355                 wbc_status = wbcSidToString(&sids[i], &str);
 356                 if (!WBC_ERROR_IS_OK(wbc_status)) {
 357                         wbcFreeMemory(sids);
 358                         return false;
 359                 }
 360                 d_printf("%s\n", str);
 361                 wbcFreeMemory(str);
 362         }
 363 
 364         wbcFreeMemory(sids);
 365 
 366         return true;
 367 }
 368 
 369 static bool wbinfo_get_sidaliases(const char *domain,
     /* [<][>][^][v][top][bottom][index][help] */
 370                                   const char *user_sid_str)
 371 {
 372         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 373         struct wbcDomainInfo *dinfo = NULL;
 374         uint32_t i;
 375         struct wbcDomainSid user_sid;
 376         uint32_t *alias_rids = NULL;
 377         uint32_t num_alias_rids;
 378         char *domain_sid_str = NULL;
 379 
 380         /* Send request */
 381         if ((domain == NULL) || (strequal(domain, ".")) ||
 382            (domain[0] == '\0')) {
 383                 domain = get_winbind_domain();
 384         }
 385 
 386         /* Send request */
 387 
 388         wbc_status = wbcDomainInfo(domain, &dinfo);
 389         if (!WBC_ERROR_IS_OK(wbc_status)) {
 390                 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
 391                          wbcErrorString(wbc_status));
 392                 goto done;
 393         }
 394         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
 395         if (!WBC_ERROR_IS_OK(wbc_status)) {
 396                 goto done;
 397         }
 398 
 399         wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
 400             &alias_rids, &num_alias_rids);
 401         if (!WBC_ERROR_IS_OK(wbc_status)) {
 402                 goto done;
 403         }
 404 
 405         wbc_status = wbcSidToString(&dinfo->sid, &domain_sid_str);
 406         if (!WBC_ERROR_IS_OK(wbc_status)) {
 407                 goto done;
 408         }
 409 
 410         for (i = 0; i < num_alias_rids; i++) {
 411                 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
 412         }
 413 
 414         wbcFreeMemory(alias_rids);
 415 
 416 done:
 417         if (domain_sid_str) {
 418                 wbcFreeMemory(domain_sid_str);
 419         }
 420         if (dinfo) {
 421                 wbcFreeMemory(dinfo);
 422         }
 423         return (WBC_ERR_SUCCESS == wbc_status);
 424 }
 425 
 426 
 427 /* Convert NetBIOS name to IP */
 428 
 429 static bool wbinfo_wins_byname(const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
 430 {
 431         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 432         char *ip = NULL;
 433 
 434         wbc_status = wbcResolveWinsByName(name, &ip);
 435         if (!WBC_ERROR_IS_OK(wbc_status)) {
 436                 return false;
 437         }
 438 
 439         /* Display response */
 440 
 441         d_printf("%s\n", ip);
 442 
 443         wbcFreeMemory(ip);
 444 
 445         return true;
 446 }
 447 
 448 /* Convert IP to NetBIOS name */
 449 
 450 static bool wbinfo_wins_byip(const char *ip)
     /* [<][>][^][v][top][bottom][index][help] */
 451 {
 452         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 453         char *name = NULL;
 454 
 455         wbc_status = wbcResolveWinsByIP(ip, &name);
 456         if (!WBC_ERROR_IS_OK(wbc_status)) {
 457                 return false;
 458         }
 459 
 460         /* Display response */
 461 
 462         d_printf("%s\n", name);
 463 
 464         wbcFreeMemory(name);
 465 
 466         return true;
 467 }
 468 
 469 /* List all/trusted domains */
 470 
 471 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
     /* [<][>][^][v][top][bottom][index][help] */
 472 {
 473         struct wbcDomainInfo *domain_list = NULL;
 474         size_t num_domains;
 475         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 476         bool print_all = !list_all_domains && verbose;
 477         int i;
 478 
 479         wbc_status = wbcListTrusts(&domain_list, &num_domains);
 480         if (!WBC_ERROR_IS_OK(wbc_status)) {
 481                 return false;
 482         }
 483 
 484         if (print_all) {
 485                 d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
 486                          "Domain Name", "DNS Domain", "Trust Type",
 487                          "Transitive", "In", "Out");
 488         }
 489 
 490         for (i=0; i<num_domains; i++) {
 491                 if (print_all) {
 492                         d_printf("%-16s", domain_list[i].short_name);
 493                 } else {
 494                         d_printf("%s", domain_list[i].short_name);
 495                         d_printf("\n");
 496                         continue;
 497                 }
 498 
 499                 d_printf("%-24s", domain_list[i].dns_name);
 500 
 501                 switch(domain_list[i].trust_type) {
 502                 case WBC_DOMINFO_TRUSTTYPE_NONE:
 503                         d_printf("None        ");
 504                         break;
 505                 case WBC_DOMINFO_TRUSTTYPE_FOREST:
 506                         d_printf("Forest      ");
 507                         break;
 508                 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
 509                         d_printf("External    ");
 510                         break;
 511                 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
 512                         d_printf("In-Forest   ");
 513                         break;
 514                 }
 515 
 516                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
 517                         d_printf("Yes         ");
 518                 } else {
 519                         d_printf("No          ");
 520                 }
 521 
 522                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
 523                         d_printf("Yes  ");
 524                 } else {
 525                         d_printf("No   ");
 526                 }
 527 
 528                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
 529                         d_printf("Yes  ");
 530                 } else {
 531                         d_printf("No   ");
 532                 }
 533 
 534                 d_printf("\n");
 535         }
 536 
 537         return true;
 538 }
 539 
 540 /* List own domain */
 541 
 542 static bool wbinfo_list_own_domain(void)
     /* [<][>][^][v][top][bottom][index][help] */
 543 {
 544         d_printf("%s\n", get_winbind_domain());
 545 
 546         return true;
 547 }
 548 
 549 /* show sequence numbers */
 550 static bool wbinfo_show_sequence(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
 551 {
 552         d_printf("This command has been deprecated.  Please use the --online-status option instead.\n");
 553         return false;
 554 }
 555 
 556 /* show sequence numbers */
 557 static bool wbinfo_show_onlinestatus(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
 558 {
 559         struct wbcDomainInfo *domain_list = NULL;
 560         size_t num_domains;
 561         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 562         int i;
 563 
 564         wbc_status = wbcListTrusts(&domain_list, &num_domains);
 565         if (!WBC_ERROR_IS_OK(wbc_status)) {
 566                 return false;
 567         }
 568 
 569         for (i=0; i<num_domains; i++) {
 570                 bool is_offline;
 571 
 572                 if (domain) {
 573                         if (!strequal(domain_list[i].short_name, domain)) {
 574                                 continue;
 575                         }
 576                 }
 577 
 578                 is_offline = (domain_list[i].domain_flags & WBC_DOMINFO_DOMAIN_OFFLINE);
 579 
 580                 d_printf("%s : %s\n",
 581                          domain_list[i].short_name,
 582                          is_offline ? "offline" : "online" );
 583         }
 584 
 585         return true;
 586 }
 587 
 588 
 589 /* Show domain info */
 590 
 591 static bool wbinfo_domain_info(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
 592 {
 593         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 594         struct wbcDomainInfo *dinfo = NULL;
 595         char *sid_str = NULL;
 596 
 597         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')) {
 598                 domain = get_winbind_domain();
 599         }
 600 
 601         /* Send request */
 602 
 603         wbc_status = wbcDomainInfo(domain, &dinfo);
 604         if (!WBC_ERROR_IS_OK(wbc_status)) {
 605                 return false;
 606         }
 607 
 608         wbc_status = wbcSidToString(&dinfo->sid, &sid_str);
 609         if (!WBC_ERROR_IS_OK(wbc_status)) {
 610                 wbcFreeMemory(dinfo);
 611                 return false;
 612         }
 613 
 614         /* Display response */
 615 
 616         d_printf("Name              : %s\n", dinfo->short_name);
 617         d_printf("Alt_Name          : %s\n", dinfo->dns_name);
 618 
 619         d_printf("SID               : %s\n", sid_str);
 620 
 621         d_printf("Active Directory  : %s\n",
 622                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
 623         d_printf("Native            : %s\n",
 624                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ? "Yes" : "No");
 625 
 626         d_printf("Primary           : %s\n",
 627                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ? "Yes" : "No");
 628 
 629         wbcFreeMemory(sid_str);
 630         wbcFreeMemory(dinfo);
 631 
 632         return true;
 633 }
 634 
 635 /* Get a foreign DC's name */
 636 static bool wbinfo_getdcname(const char *domain_name)
     /* [<][>][^][v][top][bottom][index][help] */
 637 {
 638         struct winbindd_request request;
 639         struct winbindd_response response;
 640 
 641         ZERO_STRUCT(request);
 642         ZERO_STRUCT(response);
 643 
 644         fstrcpy(request.domain_name, domain_name);
 645 
 646         /* Send request */
 647 
 648         if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
 649             NSS_STATUS_SUCCESS) {
 650                 d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
 651                 return false;
 652         }
 653 
 654         /* Display response */
 655 
 656         d_printf("%s\n", response.data.dc_name);
 657 
 658         return true;
 659 }
 660 
 661 /* Find a DC */
 662 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
     /* [<][>][^][v][top][bottom][index][help] */
 663 {
 664         struct winbindd_request request;
 665         struct winbindd_response response;
 666 
 667         ZERO_STRUCT(request);
 668         ZERO_STRUCT(response);
 669 
 670         fstrcpy(request.data.dsgetdcname.domain_name, domain_name);
 671         request.data.dsgetdcname.flags = flags;
 672 
 673         request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
 674 
 675         /* Send request */
 676 
 677         if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
 678             NSS_STATUS_SUCCESS) {
 679                 d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
 680                 return false;
 681         }
 682 
 683         /* Display response */
 684 
 685         d_printf("%s\n", response.data.dsgetdcname.dc_unc);
 686         d_printf("%s\n", response.data.dsgetdcname.dc_address);
 687         d_printf("%d\n", response.data.dsgetdcname.dc_address_type);
 688         d_printf("%s\n", response.data.dsgetdcname.domain_guid);
 689         d_printf("%s\n", response.data.dsgetdcname.domain_name);
 690         d_printf("%s\n", response.data.dsgetdcname.forest_name);
 691         d_printf("0x%08x\n", response.data.dsgetdcname.dc_flags);
 692         d_printf("%s\n", response.data.dsgetdcname.dc_site_name);
 693         d_printf("%s\n", response.data.dsgetdcname.client_site_name);
 694 
 695         return true;
 696 }
 697 
 698 /* Check trust account password */
 699 
 700 static bool wbinfo_check_secret(void)
     /* [<][>][^][v][top][bottom][index][help] */
 701 {
 702         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 703         struct wbcAuthErrorInfo *error = NULL;
 704 
 705         wbc_status = wbcCheckTrustCredentials(NULL, &error);
 706 
 707         d_printf("checking the trust secret via RPC calls %s\n",
 708                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 709 
 710         if (wbc_status == WBC_ERR_AUTH_ERROR) {
 711                 d_fprintf(stderr, "error code was %s (0x%x)\n",
 712                           error->nt_string, error->nt_status);
 713                 wbcFreeMemory(error);
 714         }
 715         if (!WBC_ERROR_IS_OK(wbc_status)) {
 716                 return false;
 717         }
 718 
 719         return true;
 720 }
 721 
 722 /* Convert uid to sid */
 723 
 724 static bool wbinfo_uid_to_sid(uid_t uid)
     /* [<][>][^][v][top][bottom][index][help] */
 725 {
 726         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 727         struct wbcDomainSid sid;
 728         char *sid_str = NULL;
 729 
 730         /* Send request */
 731 
 732         wbc_status = wbcUidToSid(uid, &sid);
 733         if (!WBC_ERROR_IS_OK(wbc_status)) {
 734                 return false;
 735         }
 736 
 737         wbc_status = wbcSidToString(&sid, &sid_str);
 738         if (!WBC_ERROR_IS_OK(wbc_status)) {
 739                 return false;
 740         }
 741 
 742         /* Display response */
 743 
 744         d_printf("%s\n", sid_str);
 745 
 746         wbcFreeMemory(sid_str);
 747 
 748         return true;
 749 }
 750 
 751 /* Convert gid to sid */
 752 
 753 static bool wbinfo_gid_to_sid(gid_t gid)
     /* [<][>][^][v][top][bottom][index][help] */
 754 {
 755         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 756         struct wbcDomainSid sid;
 757         char *sid_str = NULL;
 758 
 759         /* Send request */
 760 
 761         wbc_status = wbcGidToSid(gid, &sid);
 762         if (!WBC_ERROR_IS_OK(wbc_status)) {
 763                 return false;
 764         }
 765 
 766         wbc_status = wbcSidToString(&sid, &sid_str);
 767         if (!WBC_ERROR_IS_OK(wbc_status)) {
 768                 return false;
 769         }
 770 
 771         /* Display response */
 772 
 773         d_printf("%s\n", sid_str);
 774 
 775         wbcFreeMemory(sid_str);
 776 
 777         return true;
 778 }
 779 
 780 /* Convert sid to uid */
 781 
 782 static bool wbinfo_sid_to_uid(const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 783 {
 784         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 785         struct wbcDomainSid sid;
 786         uid_t uid;
 787 
 788         /* Send request */
 789 
 790         wbc_status = wbcStringToSid(sid_str, &sid);
 791         if (!WBC_ERROR_IS_OK(wbc_status)) {
 792                 return false;
 793         }
 794 
 795         wbc_status = wbcSidToUid(&sid, &uid);
 796         if (!WBC_ERROR_IS_OK(wbc_status)) {
 797                 return false;
 798         }
 799 
 800         /* Display response */
 801 
 802         d_printf("%d\n", (int)uid);
 803 
 804         return true;
 805 }
 806 
 807 static bool wbinfo_sid_to_gid(const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 808 {
 809         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 810         struct wbcDomainSid sid;
 811         gid_t gid;
 812 
 813         /* Send request */
 814 
 815         wbc_status = wbcStringToSid(sid_str, &sid);
 816         if (!WBC_ERROR_IS_OK(wbc_status)) {
 817                 return false;
 818         }
 819 
 820         wbc_status = wbcSidToGid(&sid, &gid);
 821         if (!WBC_ERROR_IS_OK(wbc_status)) {
 822                 return false;
 823         }
 824 
 825         /* Display response */
 826 
 827         d_printf("%d\n", (int)gid);
 828 
 829         return true;
 830 }
 831 
 832 static bool wbinfo_allocate_uid(void)
     /* [<][>][^][v][top][bottom][index][help] */
 833 {
 834         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 835         uid_t uid;
 836 
 837         /* Send request */
 838 
 839         wbc_status = wbcAllocateUid(&uid);
 840         if (!WBC_ERROR_IS_OK(wbc_status)) {
 841                 return false;
 842         }
 843 
 844         /* Display response */
 845 
 846         d_printf("New uid: %u\n", (unsigned int)uid);
 847 
 848         return true;
 849 }
 850 
 851 static bool wbinfo_allocate_gid(void)
     /* [<][>][^][v][top][bottom][index][help] */
 852 {
 853         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 854         gid_t gid;
 855 
 856         /* Send request */
 857 
 858         wbc_status = wbcAllocateGid(&gid);
 859         if (!WBC_ERROR_IS_OK(wbc_status)) {
 860                 return false;
 861         }
 862 
 863         /* Display response */
 864 
 865         d_printf("New gid: %u\n", (unsigned int)gid);
 866 
 867         return true;
 868 }
 869 
 870 static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 871 {
 872         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 873         struct wbcDomainSid sid;
 874 
 875         /* Send request */
 876 
 877         wbc_status = wbcStringToSid(sid_str, &sid);
 878         if (!WBC_ERROR_IS_OK(wbc_status)) {
 879                 return false;
 880         }
 881 
 882         wbc_status = wbcSetUidMapping(uid, &sid);
 883         if (!WBC_ERROR_IS_OK(wbc_status)) {
 884                 return false;
 885         }
 886 
 887         /* Display response */
 888 
 889         d_printf("uid %u now mapped to sid %s\n",
 890                 (unsigned int)uid, sid_str);
 891 
 892         return true;
 893 }
 894 
 895 static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 896 {
 897         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 898         struct wbcDomainSid sid;
 899 
 900         /* Send request */
 901 
 902         wbc_status = wbcStringToSid(sid_str, &sid);
 903         if (!WBC_ERROR_IS_OK(wbc_status)) {
 904                 return false;
 905         }
 906 
 907         wbc_status = wbcSetGidMapping(gid, &sid);
 908         if (!WBC_ERROR_IS_OK(wbc_status)) {
 909                 return false;
 910         }
 911 
 912         /* Display response */
 913 
 914         d_printf("gid %u now mapped to sid %s\n",
 915                 (unsigned int)gid, sid_str);
 916 
 917         return true;
 918 }
 919 
 920 static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 921 {
 922         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 923         struct wbcDomainSid sid;
 924 
 925         /* Send request */
 926 
 927         wbc_status = wbcStringToSid(sid_str, &sid);
 928         if (!WBC_ERROR_IS_OK(wbc_status)) {
 929                 return false;
 930         }
 931 
 932         wbc_status = wbcRemoveUidMapping(uid, &sid);
 933         if (!WBC_ERROR_IS_OK(wbc_status)) {
 934                 return false;
 935         }
 936 
 937         /* Display response */
 938 
 939         d_printf("Removed uid %u to sid %s mapping\n",
 940                 (unsigned int)uid, sid_str);
 941 
 942         return true;
 943 }
 944 
 945 static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 946 {
 947         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 948         struct wbcDomainSid sid;
 949 
 950         /* Send request */
 951 
 952         wbc_status = wbcStringToSid(sid_str, &sid);
 953         if (!WBC_ERROR_IS_OK(wbc_status)) {
 954                 return false;
 955         }
 956 
 957         wbc_status = wbcRemoveGidMapping(gid, &sid);
 958         if (!WBC_ERROR_IS_OK(wbc_status)) {
 959                 return false;
 960         }
 961 
 962         /* Display response */
 963 
 964         d_printf("Removed gid %u to sid %s mapping\n",
 965                 (unsigned int)gid, sid_str);
 966 
 967         return true;
 968 }
 969 
 970 /* Convert sid to string */
 971 
 972 static bool wbinfo_lookupsid(const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
 973 {
 974         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 975         struct wbcDomainSid sid;
 976         char *domain;
 977         char *name;
 978         enum wbcSidType type;
 979 
 980         /* Send off request */
 981 
 982         wbc_status = wbcStringToSid(sid_str, &sid);
 983         if (!WBC_ERROR_IS_OK(wbc_status)) {
 984                 return false;
 985         }
 986 
 987         wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
 988         if (!WBC_ERROR_IS_OK(wbc_status)) {
 989                 return false;
 990         }
 991 
 992         /* Display response */
 993 
 994         d_printf("%s%c%s %d\n",
 995                  domain, winbind_separator(), name, type);
 996 
 997         return true;
 998 }
 999 
1000 /* Convert sid to fullname */
1001 
1002 static bool wbinfo_lookupsid_fullname(const char *sid_str)
     /* [<][>][^][v][top][bottom][index][help] */
1003 {
1004         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1005         struct wbcDomainSid sid;
1006         char *domain;
1007         char *name;
1008         enum wbcSidType type;
1009 
1010         /* Send off request */
1011 
1012         wbc_status = wbcStringToSid(sid_str, &sid);
1013         if (!WBC_ERROR_IS_OK(wbc_status)) {
1014                 return false;
1015         }
1016 
1017         wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1018         if (!WBC_ERROR_IS_OK(wbc_status)) {
1019                 return false;
1020         }
1021 
1022         /* Display response */
1023 
1024         d_printf("%s%c%s %d\n",
1025                  domain, winbind_separator(), name, type);
1026 
1027         return true;
1028 }
1029 
1030 /* Lookup a list of RIDs */
1031 
1032 static bool wbinfo_lookuprids(const char *domain, const char *arg)
     /* [<][>][^][v][top][bottom][index][help] */
1033 {
1034         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1035         struct wbcDomainInfo *dinfo = NULL;
1036         char *domain_name = NULL;
1037         const char **names = NULL;
1038         enum wbcSidType *types = NULL;
1039         size_t i;
1040         int num_rids;
1041         uint32 *rids = NULL;
1042         const char *p;
1043         char *ridstr;
1044         TALLOC_CTX *mem_ctx = NULL;
1045         bool ret = false;
1046 
1047         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')) {
1048                 domain = get_winbind_domain();
1049         }
1050 
1051         /* Send request */
1052 
1053         wbc_status = wbcDomainInfo(domain, &dinfo);
1054         if (!WBC_ERROR_IS_OK(wbc_status)) {
1055                 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1056                          wbcErrorString(wbc_status));
1057                 goto done;
1058         }
1059 
1060         mem_ctx = talloc_new(NULL);
1061         if (mem_ctx == NULL) {
1062                 d_printf("talloc_new failed\n");
1063                 goto done;
1064         }
1065 
1066         num_rids = 0;
1067         rids = NULL;
1068         p = arg;
1069 
1070         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1071                 uint32 rid = strtoul(ridstr, NULL, 10);
1072                 ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
1073         }
1074 
1075         if (rids == NULL) {
1076                 d_printf("no rids\n");
1077                 goto done;
1078         }
1079 
1080         wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
1081                                    (const char **)&domain_name, &names, &types);
1082         if (!WBC_ERROR_IS_OK(wbc_status)) {
1083                 d_printf("winbind_lookup_rids failed: %s\n",
1084                          wbcErrorString(wbc_status));
1085                 goto done;
1086         }
1087 
1088         d_printf("Domain: %s\n", domain_name);
1089 
1090         for (i=0; i<num_rids; i++) {
1091                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1092                          sid_type_lookup(types[i]));
1093         }
1094 
1095         ret = true;
1096 done:
1097         if (dinfo) {
1098                 wbcFreeMemory(dinfo);
1099         }
1100         if (domain_name) {
1101                 wbcFreeMemory(domain_name);
1102         }
1103         if (names) {
1104                 wbcFreeMemory(names);
1105         }
1106         if (types) {
1107                 wbcFreeMemory(types);
1108         }
1109         TALLOC_FREE(mem_ctx);
1110         return ret;
1111 }
1112 
1113 /* Convert string to sid */
1114 
1115 static bool wbinfo_lookupname(const char *full_name)
     /* [<][>][^][v][top][bottom][index][help] */
1116 {
1117         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1118         struct wbcDomainSid sid;
1119         char *sid_str;
1120         enum wbcSidType type;
1121         fstring domain_name;
1122         fstring account_name;
1123 
1124         /* Send off request */
1125 
1126         parse_wbinfo_domain_user(full_name, domain_name,
1127                                  account_name);
1128 
1129         wbc_status = wbcLookupName(domain_name, account_name,
1130                                    &sid, &type);
1131         if (!WBC_ERROR_IS_OK(wbc_status)) {
1132                 return false;
1133         }
1134 
1135         wbc_status = wbcSidToString(&sid, &sid_str);
1136         if (!WBC_ERROR_IS_OK(wbc_status)) {
1137                 return false;
1138         }
1139 
1140         /* Display response */
1141 
1142         d_printf("%s %s (%d)\n", sid_str, sid_type_lookup(type), type);
1143 
1144         wbcFreeMemory(sid_str);
1145 
1146         return true;
1147 }
1148 
1149 static char *wbinfo_prompt_pass(const char *prefix,
     /* [<][>][^][v][top][bottom][index][help] */
1150                                 const char *username)
1151 {
1152         char *prompt;
1153         const char *ret = NULL;
1154 
1155         prompt = talloc_asprintf(talloc_tos(), "Enter %s's ", username);
1156         if (!prompt) {
1157                 return NULL;
1158         }
1159         if (prefix) {
1160                 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1161                 if (!prompt) {
1162                         return NULL;
1163                 }
1164         }
1165         prompt = talloc_asprintf_append(prompt, "password: ");
1166         if (!prompt) {
1167                 return NULL;
1168         }
1169 
1170         ret = getpass(prompt);
1171         TALLOC_FREE(prompt);
1172 
1173         return SMB_STRDUP(ret);
1174 }
1175 
1176 /* Authenticate a user with a plaintext password */
1177 
1178 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
     /* [<][>][^][v][top][bottom][index][help] */
1179 {
1180         struct winbindd_request request;
1181         struct winbindd_response response;
1182         NSS_STATUS result;
1183         char *p;
1184         char *password;
1185 
1186         /* Send off request */
1187 
1188         ZERO_STRUCT(request);
1189         ZERO_STRUCT(response);
1190 
1191         p = strchr(username, '%');
1192 
1193         if (p) {
1194                 *p = 0;
1195                 fstrcpy(request.data.auth.user, username);
1196                 fstrcpy(request.data.auth.pass, p + 1);
1197                 *p = '%';
1198         } else {
1199                 fstrcpy(request.data.auth.user, username);
1200                 password = wbinfo_prompt_pass(NULL, username);
1201                 fstrcpy(request.data.auth.pass, password);
1202                 SAFE_FREE(password);
1203         }
1204 
1205         request.flags = flags;
1206 
1207         fstrcpy(request.data.auth.krb5_cc_type, cctype);
1208 
1209         request.data.auth.uid = geteuid();
1210 
1211         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1212 
1213         /* Display response */
1214 
1215         d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
1216                 username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
1217 
1218         if (response.data.auth.nt_status)
1219                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1220                          response.data.auth.nt_status_string,
1221                          response.data.auth.nt_status,
1222                          response.data.auth.error_string);
1223 
1224         if (result == NSS_STATUS_SUCCESS) {
1225 
1226                 if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
1227                         if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
1228                                 d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
1229                         }
1230                 }
1231 
1232                 if (response.data.auth.krb5ccname[0] != '\0') {
1233                         d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
1234                 } else {
1235                         d_printf("no credentials cached\n");
1236                 }
1237         }
1238 
1239         return result == NSS_STATUS_SUCCESS;
1240 }
1241 
1242 /* Authenticate a user with a plaintext password */
1243 
1244 static bool wbinfo_auth(char *username)
     /* [<][>][^][v][top][bottom][index][help] */
1245 {
1246         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1247         char *s = NULL;
1248         char *p = NULL;
1249         char *password = NULL;
1250         char *name = NULL;
1251 
1252         if ((s = SMB_STRDUP(username)) == NULL) {
1253                 return false;
1254         }
1255 
1256         if ((p = strchr(s, '%')) != NULL) {
1257                 *p = 0;
1258                 p++;
1259                 password = SMB_STRDUP(p);
1260         } else {
1261                 password = wbinfo_prompt_pass(NULL, username);
1262         }
1263 
1264         name = s;
1265 
1266         wbc_status = wbcAuthenticateUser(name, password);
1267 
1268         d_printf("plaintext password authentication %s\n",
1269                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1270 
1271 #if 0
1272         if (response.data.auth.nt_status)
1273                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1274                          response.data.auth.nt_status_string,
1275                          response.data.auth.nt_status,
1276                          response.data.auth.error_string);
1277 #endif
1278 
1279         SAFE_FREE(s);
1280         SAFE_FREE(password);
1281 
1282         return WBC_ERROR_IS_OK(wbc_status);
1283 }
1284 
1285 /* Authenticate a user with a challenge/response */
1286 
1287 static bool wbinfo_auth_crap(char *username)
     /* [<][>][^][v][top][bottom][index][help] */
1288 {
1289         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1290         struct wbcAuthUserParams params;
1291         struct wbcAuthUserInfo *info = NULL;
1292         struct wbcAuthErrorInfo *err = NULL;
1293         DATA_BLOB lm = data_blob_null;
1294         DATA_BLOB nt = data_blob_null;
1295         fstring name_user;
1296         fstring name_domain;
1297         char *pass;
1298         char *p;
1299 
1300         p = strchr(username, '%');
1301 
1302         if (p) {
1303                 *p = 0;
1304                 pass = SMB_STRDUP(p + 1);
1305         } else {
1306                 pass = wbinfo_prompt_pass(NULL, username);
1307         }
1308 
1309         parse_wbinfo_domain_user(username, name_domain, name_user);
1310 
1311         params.account_name     = name_user;
1312         params.domain_name      = name_domain;
1313         params.workstation_name = NULL;
1314 
1315         params.flags            = 0;
1316         params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1317                                   WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1318 
1319         params.level            = WBC_AUTH_USER_LEVEL_RESPONSE;
1320 
1321         generate_random_buffer(params.password.response.challenge, 8);
1322 
1323         if (lp_client_ntlmv2_auth()) {
1324                 DATA_BLOB server_chal;
1325                 DATA_BLOB names_blob;
1326 
1327                 server_chal = data_blob(params.password.response.challenge, 8);
1328 
1329                 /* Pretend this is a login to 'us', for blob purposes */
1330                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
1331 
1332                 if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
1333                                       &names_blob,
1334                                       &lm, &nt, NULL)) {
1335                         data_blob_free(&names_blob);
1336                         data_blob_free(&server_chal);
1337                         SAFE_FREE(pass);
1338                         return false;
1339                 }
1340                 data_blob_free(&names_blob);
1341                 data_blob_free(&server_chal);
1342 
1343         } else {
1344                 if (lp_client_lanman_auth()) {
1345                         bool ok;
1346                         lm = data_blob(NULL, 24);
1347                         ok = SMBencrypt(pass, params.password.response.challenge,
1348                                         lm.data);
1349                         if (!ok) {
1350                                 data_blob_free(&lm);
1351                         }
1352                 }
1353                 nt = data_blob(NULL, 24);
1354                 SMBNTencrypt(pass, params.password.response.challenge,
1355                              nt.data);
1356         }
1357 
1358         params.password.response.nt_length      = nt.length;
1359         params.password.response.nt_data        = nt.data;
1360         params.password.response.lm_length      = lm.length;
1361         params.password.response.lm_data        = lm.data;
1362 
1363         wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1364 
1365         /* Display response */
1366 
1367         d_printf("challenge/response password authentication %s\n",
1368                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1369 
1370         if (wbc_status == WBC_ERR_AUTH_ERROR) {
1371                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1372                          err->nt_string,
1373                          err->nt_status,
1374                          err->display_string);
1375                 wbcFreeMemory(err);
1376         } else if (WBC_ERROR_IS_OK(wbc_status)) {
1377                 wbcFreeMemory(info);
1378         }
1379 
1380         data_blob_free(&nt);
1381         data_blob_free(&lm);
1382         SAFE_FREE(pass);
1383 
1384         return WBC_ERROR_IS_OK(wbc_status);
1385 }
1386 
1387 /* Authenticate a user with a plaintext password and set a token */
1388 
1389 static bool wbinfo_klog(char *username)
     /* [<][>][^][v][top][bottom][index][help] */
1390 {
1391         struct winbindd_request request;
1392         struct winbindd_response response;
1393         NSS_STATUS result;
1394         char *p;
1395 
1396         /* Send off request */
1397 
1398         ZERO_STRUCT(request);
1399         ZERO_STRUCT(response);
1400 
1401         p = strchr(username, '%');
1402 
1403         if (p) {
1404                 *p = 0;
1405                 fstrcpy(request.data.auth.user, username);
1406                 fstrcpy(request.data.auth.pass, p + 1);
1407                 *p = '%';
1408         } else {
1409                 fstrcpy(request.data.auth.user, username);
1410                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1411         }
1412 
1413         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1414 
1415         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1416 
1417         /* Display response */
1418 
1419         d_printf("plaintext password authentication %s\n",
1420                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1421 
1422         if (response.data.auth.nt_status)
1423                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
1424                          response.data.auth.nt_status_string,
1425                          response.data.auth.nt_status,
1426                          response.data.auth.error_string);
1427 
1428         if (result != NSS_STATUS_SUCCESS)
1429                 return false;
1430 
1431         if (response.extra_data.data == NULL) {
1432                 d_fprintf(stderr, "Did not get token data\n");
1433                 return false;
1434         }
1435 
1436         if (!afs_settoken_str((char *)response.extra_data.data)) {
1437                 d_fprintf(stderr, "Could not set token\n");
1438                 return false;
1439         }
1440 
1441         d_printf("Successfully created AFS token\n");
1442         return true;
1443 }
1444 
1445 /* Print domain users */
1446 
1447 static bool print_domain_users(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
1448 {
1449         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1450         uint32_t i;
1451         uint32_t num_users = 0;
1452         const char **users = NULL;
1453 
1454         /* Send request to winbind daemon */
1455 
1456         /* '.' is the special sign for our own domain */
1457         if (domain && strcmp(domain, ".") == 0) {
1458                 domain = get_winbind_domain();
1459         }
1460 
1461         wbc_status = wbcListUsers(domain, &num_users, &users);
1462         if (!WBC_ERROR_IS_OK(wbc_status)) {
1463                 return false;
1464         }
1465 
1466         for (i=0; i < num_users; i++) {
1467                 d_printf("%s\n", users[i]);
1468         }
1469 
1470         wbcFreeMemory(users);
1471 
1472         return true;
1473 }
1474 
1475 /* Print domain groups */
1476 
1477 static bool print_domain_groups(const char *domain)
     /* [<][>][^][v][top][bottom][index][help] */
1478 {
1479         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1480         uint32_t i;
1481         uint32_t num_groups = 0;
1482         const char **groups = NULL;
1483 
1484         /* Send request to winbind daemon */
1485 
1486         /* '.' is the special sign for our own domain */
1487         if (domain && strcmp(domain, ".") == 0) {
1488                 domain = get_winbind_domain();
1489         }
1490 
1491         wbc_status = wbcListGroups(domain, &num_groups, &groups);
1492         if (!WBC_ERROR_IS_OK(wbc_status)) {
1493                 return false;
1494         }
1495 
1496         for (i=0; i < num_groups; i++) {
1497                 d_printf("%s\n", groups[i]);
1498         }
1499 
1500         wbcFreeMemory(groups);
1501 
1502         return true;
1503 }
1504 
1505 /* Set the authorised user for winbindd access in secrets.tdb */
1506 
1507 static bool wbinfo_set_auth_user(char *username)
     /* [<][>][^][v][top][bottom][index][help] */
1508 {
1509         const char *password;
1510         char *p;
1511         fstring user, domain;
1512 
1513         /* Separate into user and password */
1514 
1515         parse_wbinfo_domain_user(username, domain, user);
1516 
1517         p = strchr(user, '%');
1518 
1519         if (p != NULL) {
1520                 *p = 0;
1521                 password = p+1;
1522         } else {
1523                 char *thepass = getpass("Password: ");
1524                 if (thepass) {
1525                         password = thepass;
1526                 } else
1527                         password = "";
1528         }
1529 
1530         /* Store or remove DOMAIN\username%password in secrets.tdb */
1531 
1532         secrets_init();
1533 
1534         if (user[0]) {
1535 
1536                 if (!secrets_store(SECRETS_AUTH_USER, user,
1537                                    strlen(user) + 1)) {
1538                         d_fprintf(stderr, "error storing username\n");
1539                         return false;
1540                 }
1541 
1542                 /* We always have a domain name added by the
1543                    parse_wbinfo_domain_user() function. */
1544 
1545                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
1546                                    strlen(domain) + 1)) {
1547                         d_fprintf(stderr, "error storing domain name\n");
1548                         return false;
1549                 }
1550 
1551         } else {
1552                 secrets_delete(SECRETS_AUTH_USER);
1553                 secrets_delete(SECRETS_AUTH_DOMAIN);
1554         }
1555 
1556         if (password[0]) {
1557 
1558                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
1559                                    strlen(password) + 1)) {
1560                         d_fprintf(stderr, "error storing password\n");
1561                         return false;
1562                 }
1563 
1564         } else
1565                 secrets_delete(SECRETS_AUTH_PASSWORD);
1566 
1567         return true;
1568 }
1569 
1570 static void wbinfo_get_auth_user(void)
     /* [<][>][^][v][top][bottom][index][help] */
1571 {
1572         char *user, *domain, *password;
1573 
1574         /* Lift data from secrets file */
1575 
1576         secrets_fetch_ipc_userpass(&user, &domain, &password);
1577 
1578         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
1579 
1580                 SAFE_FREE(user);
1581                 SAFE_FREE(domain);
1582                 SAFE_FREE(password);
1583                 d_printf("No authorised user configured\n");
1584                 return;
1585         }
1586 
1587         /* Pretty print authorised user info */
1588 
1589         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
1590                  user, password ? "%" : "", password ? password : "");
1591 
1592         SAFE_FREE(user);
1593         SAFE_FREE(domain);
1594         SAFE_FREE(password);
1595 }
1596 
1597 static bool wbinfo_ping(void)
     /* [<][>][^][v][top][bottom][index][help] */
1598 {
1599         wbcErr wbc_status;
1600 
1601         wbc_status = wbcPing();
1602 
1603         /* Display response */
1604 
1605         d_printf("Ping to winbindd %s\n",
1606                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1607 
1608         return WBC_ERROR_IS_OK(wbc_status);
1609 }
1610 
1611 static bool wbinfo_change_user_password(const char *username)
     /* [<][>][^][v][top][bottom][index][help] */
1612 {
1613         wbcErr wbc_status;
1614         char *old_password = NULL;
1615         char *new_password = NULL;
1616 
1617         old_password = wbinfo_prompt_pass("old", username);
1618         new_password = wbinfo_prompt_pass("new", username);
1619 
1620         wbc_status = wbcChangeUserPassword(username, old_password, new_password);
1621 
1622         /* Display response */
1623 
1624         d_printf("Password change for user %s %s\n", username,
1625                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1626 
1627         SAFE_FREE(old_password);
1628         SAFE_FREE(new_password);
1629 
1630         return WBC_ERROR_IS_OK(wbc_status);
1631 }
1632 
1633 /* Main program */
1634 
1635 enum {
1636         OPT_SET_AUTH_USER = 1000,
1637         OPT_GET_AUTH_USER,
1638         OPT_DOMAIN_NAME,
1639         OPT_SEQUENCE,
1640         OPT_GETDCNAME,
1641         OPT_DSGETDCNAME,
1642         OPT_USERDOMGROUPS,
1643         OPT_SIDALIASES,
1644         OPT_USERSIDS,
1645         OPT_ALLOCATE_UID,
1646         OPT_ALLOCATE_GID,
1647         OPT_SET_UID_MAPPING,
1648         OPT_SET_GID_MAPPING,
1649         OPT_REMOVE_UID_MAPPING,
1650         OPT_REMOVE_GID_MAPPING,
1651         OPT_SEPARATOR,
1652         OPT_LIST_ALL_DOMAINS,
1653         OPT_LIST_OWN_DOMAIN,
1654         OPT_UID_INFO,
1655         OPT_USER_SIDINFO,
1656         OPT_GROUP_INFO,
1657         OPT_GID_INFO,
1658         OPT_VERBOSE,
1659         OPT_ONLINESTATUS,
1660         OPT_CHANGE_USER_PASSWORD,
1661         OPT_SID_TO_FULLNAME
1662 };
1663 
1664 int main(int argc, char **argv, char **envp)
     /* [<][>][^][v][top][bottom][index][help] */
1665 {
1666         int opt;
1667         TALLOC_CTX *frame = talloc_stackframe();
1668         poptContext pc;
1669         static char *string_arg;
1670         char *string_subarg = NULL;
1671         static char *opt_domain_name;
1672         static int int_arg;
1673         int int_subarg = -1;
1674         int result = 1;
1675         bool verbose = false;
1676 
1677         struct poptOption long_options[] = {
1678                 POPT_AUTOHELP
1679 
1680                 /* longName, shortName, argInfo, argPtr, value, descrip,
1681                    argDesc */
1682 
1683                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1684                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1685                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1686                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1687                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1688                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1689                 { "sid-to-fullname", 0, POPT_ARG_STRING, &string_arg,
1690                   OPT_SID_TO_FULLNAME, "Converts sid to fullname", "SID" },
1691                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1692                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1693                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1694                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1695                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1696                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1697                   "Get a new UID out of idmap" },
1698                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1699                   "Get a new GID out of idmap" },
1700                 { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" },
1701                 { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" },
1702                 { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" },
1703                 { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
1704                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1705                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1706                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1707                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1708                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1709                 { "online-status", 0, POPT_ARG_NONE, 0, OPT_ONLINESTATUS, "Show whether domains are marked as online or offline"},
1710                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1711                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1712                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1713                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1714                 { "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" },
1715                 { "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" },
1716                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1717                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1718                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1719                 { "sid-aliases", 0, POPT_ARG_STRING, &string_arg, OPT_SIDALIASES, "Get sid aliases", "SID" },
1720                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1721                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1722                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1723                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1724                   "Get a DC name for a foreign domain", "domainname" },
1725                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1726                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1727                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1728                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1729 #ifdef WITH_FAKE_KASERVER
1730                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1731 #endif
1732 #ifdef HAVE_KRB5
1733                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1734                         /* destroys wbinfo --help output */
1735                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1736 #endif
1737                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1738                 { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
1739                 { "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
1740                 POPT_COMMON_CONFIGFILE
1741                 POPT_COMMON_VERSION
1742                 POPT_TABLEEND
1743         };
1744 
1745         /* Samba client initialisation */
1746         load_case_tables();
1747 
1748 
1749         /* Parse options */
1750 
1751         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1752 
1753         /* Parse command line options */
1754 
1755         if (argc == 1) {
1756                 poptPrintHelp(pc, stderr, 0);
1757                 return 1;
1758         }
1759 
1760         while((opt = poptGetNextOpt(pc)) != -1) {
1761                 /* get the generic configuration parameters like --domain */
1762                 switch (opt) {
1763                 case OPT_VERBOSE:
1764                         verbose = True;
1765                         break;
1766                 }
1767         }
1768 
1769         poptFreeContext(pc);
1770 
1771         if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
1772                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1773                         get_dyn_CONFIGFILE(), strerror(errno));
1774                 exit(1);
1775         }
1776 
1777         if (!init_names())
1778                 return 1;
1779 
1780         load_interfaces();
1781 
1782         pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
1783                             POPT_CONTEXT_KEEP_FIRST);
1784 
1785         while((opt = poptGetNextOpt(pc)) != -1) {
1786                 switch (opt) {
1787                 case 'u':
1788                         if (!print_domain_users(opt_domain_name)) {
1789                                 d_fprintf(stderr, "Error looking up domain users\n");
1790                                 goto done;
1791                         }
1792                         break;
1793                 case 'g':
1794                         if (!print_domain_groups(opt_domain_name)) {
1795                                 d_fprintf(stderr, "Error looking up domain groups\n");
1796                                 goto done;
1797                         }
1798                         break;
1799                 case 's':
1800                         if (!wbinfo_lookupsid(string_arg)) {
1801                                 d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
1802                                 goto done;
1803                         }
1804                         break;
1805                 case OPT_SID_TO_FULLNAME:
1806                         if (!wbinfo_lookupsid_fullname(string_arg)) {
1807                                 d_fprintf(stderr, "Could not lookup sid %s\n",
1808                                           string_arg);
1809                                 goto done;
1810                         }
1811                         break;
1812                 case 'R':
1813                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1814                                 d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
1815                                 goto done;
1816                         }
1817                         break;
1818                 case 'n':
1819                         if (!wbinfo_lookupname(string_arg)) {
1820                                 d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
1821                                 goto done;
1822                         }
1823                         break;
1824                 case 'N':
1825                         if (!wbinfo_wins_byname(string_arg)) {
1826                                 d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
1827                                 goto done;
1828                         }
1829                         break;
1830                 case 'I':
1831                         if (!wbinfo_wins_byip(string_arg)) {
1832                                 d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
1833                                 goto done;
1834                         }
1835                         break;
1836                 case 'U':
1837                         if (!wbinfo_uid_to_sid(int_arg)) {
1838                                 d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
1839                                 goto done;
1840                         }
1841                         break;
1842                 case 'G':
1843                         if (!wbinfo_gid_to_sid(int_arg)) {
1844                                 d_fprintf(stderr, "Could not convert gid %d to sid\n",
1845                                        int_arg);
1846                                 goto done;
1847                         }
1848                         break;
1849                 case 'S':
1850                         if (!wbinfo_sid_to_uid(string_arg)) {
1851                                 d_fprintf(stderr, "Could not convert sid %s to uid\n",
1852                                        string_arg);
1853                                 goto done;
1854                         }
1855                         break;
1856                 case 'Y':
1857                         if (!wbinfo_sid_to_gid(string_arg)) {
1858                                 d_fprintf(stderr, "Could not convert sid %s to gid\n",
1859                                        string_arg);
1860                                 goto done;
1861                         }
1862                         break;
1863                 case OPT_ALLOCATE_UID:
1864                         if (!wbinfo_allocate_uid()) {
1865                                 d_fprintf(stderr, "Could not allocate a uid\n");
1866                                 goto done;
1867                         }
1868                         break;
1869                 case OPT_ALLOCATE_GID:
1870                         if (!wbinfo_allocate_gid()) {
1871                                 d_fprintf(stderr, "Could not allocate a gid\n");
1872                                 goto done;
1873                         }
1874                         break;
1875                 case OPT_SET_UID_MAPPING:
1876                         if (!parse_mapping_arg(string_arg, &int_subarg,
1877                                 &string_subarg) ||
1878                             !wbinfo_set_uid_mapping(int_subarg, string_subarg))
1879                         {
1880                                 d_fprintf(stderr, "Could not create or modify "
1881                                           "uid to sid mapping\n");
1882                                 goto done;
1883                         }
1884                         break;
1885                 case OPT_SET_GID_MAPPING:
1886                         if (!parse_mapping_arg(string_arg, &int_subarg,
1887                                 &string_subarg) ||
1888                             !wbinfo_set_gid_mapping(int_subarg, string_subarg))
1889                         {
1890                                 d_fprintf(stderr, "Could not create or modify "
1891                                           "gid to sid mapping\n");
1892                                 goto done;
1893                         }
1894                         break;
1895                 case OPT_REMOVE_UID_MAPPING:
1896                         if (!parse_mapping_arg(string_arg, &int_subarg,
1897                                 &string_subarg) ||
1898                             !wbinfo_remove_uid_mapping(int_subarg,
1899                                 string_subarg))
1900                         {
1901                                 d_fprintf(stderr, "Could not remove uid to sid "
1902                                     "mapping\n");
1903                                 goto done;
1904                         }
1905                         break;
1906                 case OPT_REMOVE_GID_MAPPING:
1907                         if (!parse_mapping_arg(string_arg, &int_subarg,
1908                                 &string_subarg) ||
1909                             !wbinfo_remove_gid_mapping(int_subarg,
1910                                 string_subarg))
1911                         {
1912                                 d_fprintf(stderr, "Could not remove gid to sid "
1913                                     "mapping\n");
1914                                 goto done;
1915                         }
1916                         break;
1917                 case 't':
1918                         if (!wbinfo_check_secret()) {
1919                                 d_fprintf(stderr, "Could not check secret\n");
1920                                 goto done;
1921                         }
1922                         break;
1923                 case 'm':
1924                         if (!wbinfo_list_domains(false, verbose)) {
1925                                 d_fprintf(stderr, "Could not list trusted domains\n");
1926                                 goto done;
1927                         }
1928                         break;
1929                 case OPT_SEQUENCE:
1930                         if (!wbinfo_show_sequence(opt_domain_name)) {
1931                                 d_fprintf(stderr, "Could not show sequence numbers\n");
1932                                 goto done;
1933                         }
1934                         break;
1935                 case OPT_ONLINESTATUS:
1936                         if (!wbinfo_show_onlinestatus(opt_domain_name)) {
1937                                 d_fprintf(stderr, "Could not show online-status\n");
1938                                 goto done;
1939                         }
1940                         break;
1941                 case 'D':
1942                         if (!wbinfo_domain_info(string_arg)) {
1943                                 d_fprintf(stderr, "Could not get domain info\n");
1944                                 goto done;
1945                         }
1946                         break;
1947                 case 'i':
1948                         if (!wbinfo_get_userinfo(string_arg)) {
1949                                 d_fprintf(stderr, "Could not get info for user %s\n",
1950                                                   string_arg);
1951                                 goto done;
1952                         }
1953                         break;
1954                 case OPT_USER_SIDINFO:
1955                         if ( !wbinfo_get_user_sidinfo(string_arg)) {
1956                                 d_fprintf(stderr, "Could not get info for user sid %s\n",
1957                                     string_arg);
1958                                 goto done;
1959                         }
1960                         break;
1961                 case OPT_UID_INFO:
1962                         if ( !wbinfo_get_uidinfo(int_arg)) {
1963                                 d_fprintf(stderr, "Could not get info for uid "
1964                                                 "%d\n", int_arg);
1965                                 goto done;
1966                         }
1967                         break;
1968                 case OPT_GROUP_INFO:
1969                         if ( !wbinfo_get_groupinfo(string_arg)) {
1970                                 d_fprintf(stderr, "Could not get info for "
1971                                           "group %s\n", string_arg);
1972                                 goto done;
1973                         }
1974                         break;
1975                 case OPT_GID_INFO:
1976                         if ( !wbinfo_get_gidinfo(int_arg)) {
1977                                 d_fprintf(stderr, "Could not get info for gid "
1978                                                 "%d\n", int_arg);
1979                                 goto done;
1980                         }
1981                         break;
1982                 case 'r':
1983                         if (!wbinfo_get_usergroups(string_arg)) {
1984                                 d_fprintf(stderr, "Could not get groups for user %s\n",
1985                                        string_arg);
1986                                 goto done;
1987                         }
1988                         break;
1989                 case OPT_USERSIDS:
1990                         if (!wbinfo_get_usersids(string_arg)) {
1991                                 d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
1992                                        string_arg);
1993                                 goto done;
1994                         }
1995                         break;
1996                 case OPT_USERDOMGROUPS:
1997                         if (!wbinfo_get_userdomgroups(string_arg)) {
1998                                 d_fprintf(stderr, "Could not get user's domain groups "
1999                                          "for user SID %s\n", string_arg);
2000                                 goto done;
2001                         }
2002                         break;
2003                 case OPT_SIDALIASES:
2004                         if (!wbinfo_get_sidaliases(opt_domain_name, string_arg)) {
2005                                 d_fprintf(stderr, "Could not get sid aliases "
2006                                          "for user SID %s\n", string_arg);
2007                                 goto done;
2008                         }
2009                         break;
2010                 case 'a': {
2011                                 bool got_error = false;
2012 
2013                                 if (!wbinfo_auth(string_arg)) {
2014                                         d_fprintf(stderr, "Could not authenticate user %s with "
2015                                                 "plaintext password\n", string_arg);
2016                                         got_error = true;
2017                                 }
2018 
2019                                 if (!wbinfo_auth_crap(string_arg)) {
2020                                         d_fprintf(stderr, "Could not authenticate user %s with "
2021                                                 "challenge/response\n", string_arg);
2022                                         got_error = true;
2023                                 }
2024 
2025                                 if (got_error)
2026                                         goto done;
2027                                 break;
2028                         }
2029                 case 'K': {
2030                                 uint32 flags =  WBFLAG_PAM_KRB5 |
2031                                                 WBFLAG_PAM_CACHED_LOGIN |
2032                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
2033                                                 WBFLAG_PAM_INFO3_TEXT;
2034 
2035                                 if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
2036                                         d_fprintf(stderr, "Could not authenticate user [%s] with "
2037                                                 "Kerberos (ccache: %s)\n", string_arg, "FILE");
2038                                         goto done;
2039                                 }
2040                                 break;
2041                         }
2042                 case 'k':
2043                         if (!wbinfo_klog(string_arg)) {
2044                                 d_fprintf(stderr, "Could not klog user\n");
2045                                 goto done;
2046                         }
2047                         break;
2048                 case 'p':
2049                         if (!wbinfo_ping()) {
2050                                 d_fprintf(stderr, "could not ping winbindd!\n");
2051                                 goto done;
2052                         }
2053                         break;
2054                 case OPT_SET_AUTH_USER:
2055                         if (!wbinfo_set_auth_user(string_arg)) {
2056                                 goto done;
2057                         }
2058                         break;
2059                 case OPT_GET_AUTH_USER:
2060                         wbinfo_get_auth_user();
2061                         break;
2062                 case OPT_GETDCNAME:
2063                         if (!wbinfo_getdcname(string_arg)) {
2064                                 goto done;
2065                         }
2066                         break;
2067                 case OPT_DSGETDCNAME:
2068                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
2069                                 goto done;
2070                         }
2071                         break;
2072                 case OPT_SEPARATOR: {
2073                         const char sep = winbind_separator_int(true);
2074                         if ( !sep ) {
2075                                 goto done;
2076                         }
2077                         d_printf("%c\n", sep);
2078                         break;
2079                 }
2080                 case OPT_LIST_ALL_DOMAINS:
2081                         if (!wbinfo_list_domains(true, verbose)) {
2082                                 goto done;
2083                         }
2084                         break;
2085                 case OPT_LIST_OWN_DOMAIN:
2086                         if (!wbinfo_list_own_domain()) {
2087                                 goto done;
2088                         }
2089                         break;
2090                 case OPT_CHANGE_USER_PASSWORD:
2091                         if (!wbinfo_change_user_password(string_arg)) {
2092                                 d_fprintf(stderr, "Could not change user password "
2093                                          "for user %s\n", string_arg);
2094                                 goto done;
2095                         }
2096                         break;
2097 
2098                 /* generic configuration options */
2099                 case OPT_DOMAIN_NAME:
2100                         break;
2101                 case OPT_VERBOSE:
2102                         break;
2103                 default:
2104                         d_fprintf(stderr, "Invalid option\n");
2105                         poptPrintHelp(pc, stderr, 0);
2106                         goto done;
2107                 }
2108         }
2109 
2110         result = 0;
2111 
2112         /* Exit code */
2113 
2114  done:
2115         talloc_destroy(frame);
2116 
2117         poptFreeContext(pc);
2118         return result;
2119 }

/* [<][>][^][v][top][bottom][index][help] */