Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Winbind status program.
5 :
6 : Copyright (C) Tim Potter 2000-2003
7 : Copyright (C) Andrew Bartlett 2002-2007
8 : Copyright (C) Volker Lendecke 2009
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "libwbclient/wbclient.h"
26 : #include "winbind_struct_protocol.h"
27 : #include "libwbclient/wbclient_internal.h"
28 : #include "../libcli/auth/libcli_auth.h"
29 : #include "lib/cmdline/cmdline.h"
30 : #include "lib/afs/afs_settoken.h"
31 : #include "lib/util/smb_strtox.h"
32 : #include "lib/util/string_wrappers.h"
33 :
34 : #ifdef DBGC_CLASS
35 : #undef DBGC_CLASS
36 : #define DBGC_CLASS DBGC_WINBIND
37 : #endif
38 :
39 1170 : static struct wbcInterfaceDetails *init_interface_details(void)
40 : {
41 1170 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42 2 : static struct wbcInterfaceDetails *details;
43 :
44 1170 : if (details) {
45 400 : return details;
46 : }
47 :
48 770 : wbc_status = wbcInterfaceDetails(&details);
49 770 : if (!WBC_ERROR_IS_OK(wbc_status)) {
50 6 : d_fprintf(stderr, "could not obtain winbind interface "
51 : "details: %s\n", wbcErrorString(wbc_status));
52 : }
53 :
54 770 : return details;
55 : }
56 :
57 598 : static char winbind_separator(void)
58 : {
59 0 : struct wbcInterfaceDetails *details;
60 0 : static bool got_sep;
61 0 : static char sep;
62 :
63 598 : if (got_sep)
64 34 : return sep;
65 :
66 564 : details = init_interface_details();
67 :
68 564 : if (!details) {
69 0 : d_fprintf(stderr, "could not obtain winbind separator!\n");
70 0 : return 0;
71 : }
72 :
73 564 : sep = details->winbind_separator;
74 564 : got_sep = true;
75 :
76 564 : if (!sep) {
77 0 : d_fprintf(stderr, "winbind separator was NULL!\n");
78 0 : return 0;
79 : }
80 :
81 564 : return sep;
82 : }
83 :
84 483 : static const char *get_winbind_domain(void)
85 : {
86 2 : static struct wbcInterfaceDetails *details;
87 :
88 483 : details = init_interface_details();
89 :
90 483 : if (!details) {
91 6 : d_fprintf(stderr, "could not obtain winbind domain name!\n");
92 6 : return 0;
93 : }
94 :
95 477 : return details->netbios_domain;
96 : }
97 :
98 123 : static const char *get_winbind_netbios_name(void)
99 : {
100 0 : static struct wbcInterfaceDetails *details;
101 :
102 123 : details = init_interface_details();
103 :
104 123 : if (!details) {
105 0 : d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106 0 : return 0;
107 : }
108 :
109 123 : return details->netbios_name;
110 : }
111 :
112 : /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
113 : form DOMAIN/user into a domain and a user */
114 :
115 468 : static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116 : fstring user)
117 : {
118 :
119 468 : char *p = strchr(domuser,winbind_separator());
120 :
121 468 : if (!p) {
122 : /* Maybe it was a UPN? */
123 176 : p = strchr(domuser, '@');
124 176 : if (p != NULL) {
125 22 : fstrcpy(domain, "");
126 22 : fstrcpy(user, domuser);
127 22 : return true;
128 : }
129 :
130 154 : fstrcpy(user, domuser);
131 154 : fstrcpy(domain, get_winbind_domain());
132 154 : return true;
133 : }
134 :
135 292 : fstrcpy(user, p+1);
136 292 : fstrcpy(domain, domuser);
137 292 : domain[PTR_DIFF(p, domuser)] = 0;
138 :
139 292 : return true;
140 : }
141 :
142 : /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143 : * Return true if input was valid, false otherwise. */
144 0 : static bool parse_mapping_arg(char *arg, int *id, char **sid)
145 : {
146 0 : char *tmp;
147 0 : int error = 0;
148 :
149 0 : if (!arg || !*arg)
150 0 : return false;
151 :
152 0 : tmp = strtok(arg, ",");
153 0 : *sid = strtok(NULL, ",");
154 :
155 0 : if (!tmp || !*tmp || !*sid || !**sid)
156 0 : return false;
157 :
158 : /* Because atoi() can return 0 on invalid input, which would be a valid
159 : * UID/GID we must use strtoul() and do error checking */
160 0 : *id = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
161 0 : if (error != 0)
162 0 : return false;
163 :
164 0 : return true;
165 : }
166 :
167 : /* pull pwent info for a given user */
168 :
169 58 : static bool wbinfo_get_userinfo(char *user)
170 : {
171 58 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172 58 : struct passwd *pwd = NULL;
173 :
174 58 : wbc_status = wbcGetpwnam(user, &pwd);
175 58 : if (!WBC_ERROR_IS_OK(wbc_status)) {
176 4 : d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177 : wbcErrorString(wbc_status));
178 4 : return false;
179 : }
180 :
181 54 : d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182 54 : pwd->pw_name,
183 54 : pwd->pw_passwd,
184 54 : (unsigned int)pwd->pw_uid,
185 54 : (unsigned int)pwd->pw_gid,
186 54 : pwd->pw_gecos,
187 54 : pwd->pw_dir,
188 54 : pwd->pw_shell);
189 :
190 54 : wbcFreeMemory(pwd);
191 :
192 54 : return true;
193 : }
194 :
195 : /* pull pwent info for a given uid */
196 8 : static bool wbinfo_get_uidinfo(int uid)
197 : {
198 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
199 8 : struct passwd *pwd = NULL;
200 :
201 8 : wbc_status = wbcGetpwuid(uid, &pwd);
202 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
203 0 : d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
204 : wbcErrorString(wbc_status));
205 0 : return false;
206 : }
207 :
208 8 : d_printf("%s:%s:%u:%u:%s:%s:%s\n",
209 8 : pwd->pw_name,
210 8 : pwd->pw_passwd,
211 8 : (unsigned int)pwd->pw_uid,
212 8 : (unsigned int)pwd->pw_gid,
213 8 : pwd->pw_gecos,
214 8 : pwd->pw_dir,
215 8 : pwd->pw_shell);
216 :
217 8 : wbcFreeMemory(pwd);
218 :
219 8 : return true;
220 : }
221 :
222 0 : static bool wbinfo_get_user_sidinfo(const char *sid_str)
223 : {
224 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
225 0 : struct passwd *pwd = NULL;
226 0 : struct wbcDomainSid sid;
227 :
228 0 : wbc_status = wbcStringToSid(sid_str, &sid);
229 0 : wbc_status = wbcGetpwsid(&sid, &pwd);
230 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
231 0 : d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
232 : wbcErrorString(wbc_status));
233 0 : return false;
234 : }
235 :
236 0 : d_printf("%s:%s:%u:%u:%s:%s:%s\n",
237 0 : pwd->pw_name,
238 0 : pwd->pw_passwd,
239 0 : (unsigned int)pwd->pw_uid,
240 0 : (unsigned int)pwd->pw_gid,
241 0 : pwd->pw_gecos,
242 0 : pwd->pw_dir,
243 0 : pwd->pw_shell);
244 :
245 0 : wbcFreeMemory(pwd);
246 :
247 0 : return true;
248 : }
249 :
250 :
251 : /* pull grent for a given group */
252 26 : static bool wbinfo_get_groupinfo(const char *group)
253 : {
254 26 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
255 0 : struct group *grp;
256 0 : char **mem;
257 :
258 26 : wbc_status = wbcGetgrnam(group, &grp);
259 26 : if (!WBC_ERROR_IS_OK(wbc_status)) {
260 8 : d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
261 : wbcErrorString(wbc_status));
262 8 : return false;
263 : }
264 :
265 18 : d_printf("%s:%s:%u:",
266 18 : grp->gr_name,
267 18 : grp->gr_passwd,
268 18 : (unsigned int)grp->gr_gid);
269 :
270 18 : mem = grp->gr_mem;
271 36 : while (*mem != NULL) {
272 18 : d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
273 18 : mem += 1;
274 : }
275 18 : d_printf("\n");
276 :
277 18 : wbcFreeMemory(grp);
278 :
279 18 : return true;
280 : }
281 :
282 : /* pull grent for a given gid */
283 8 : static bool wbinfo_get_gidinfo(int gid)
284 : {
285 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
286 0 : struct group *grp;
287 0 : char **mem;
288 :
289 8 : wbc_status = wbcGetgrgid(gid, &grp);
290 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
291 0 : d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
292 : wbcErrorString(wbc_status));
293 0 : return false;
294 : }
295 :
296 8 : d_printf("%s:%s:%u:",
297 8 : grp->gr_name,
298 8 : grp->gr_passwd,
299 8 : (unsigned int)grp->gr_gid);
300 :
301 8 : mem = grp->gr_mem;
302 8 : while (*mem != NULL) {
303 0 : d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
304 0 : mem += 1;
305 : }
306 8 : d_printf("\n");
307 :
308 8 : wbcFreeMemory(grp);
309 :
310 8 : return true;
311 : }
312 :
313 : /* List groups a user is a member of */
314 :
315 20 : static bool wbinfo_get_usergroups(const char *user)
316 : {
317 20 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
318 0 : uint32_t num_groups;
319 0 : uint32_t i;
320 20 : gid_t *groups = NULL;
321 :
322 : /* Send request */
323 :
324 20 : wbc_status = wbcGetGroups(user, &num_groups, &groups);
325 20 : if (!WBC_ERROR_IS_OK(wbc_status)) {
326 0 : d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
327 : wbcErrorString(wbc_status));
328 0 : return false;
329 : }
330 :
331 216 : for (i = 0; i < num_groups; i++) {
332 196 : d_printf("%d\n", (int)groups[i]);
333 : }
334 :
335 20 : wbcFreeMemory(groups);
336 :
337 20 : return true;
338 : }
339 :
340 :
341 : /* List group SIDs a user SID is a member of */
342 8 : static bool wbinfo_get_usersids(const char *user_sid_str)
343 : {
344 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
345 0 : uint32_t num_sids;
346 0 : uint32_t i;
347 8 : struct wbcDomainSid user_sid, *sids = NULL;
348 :
349 : /* Send request */
350 :
351 8 : wbc_status = wbcStringToSid(user_sid_str, &user_sid);
352 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
353 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
354 : wbcErrorString(wbc_status));
355 0 : return false;
356 : }
357 :
358 8 : wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
359 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
360 0 : d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
361 : wbcErrorString(wbc_status));
362 0 : return false;
363 : }
364 :
365 78 : for (i = 0; i < num_sids; i++) {
366 0 : char str[WBC_SID_STRING_BUFLEN];
367 70 : wbcSidToStringBuf(&sids[i], str, sizeof(str));
368 70 : d_printf("%s\n", str);
369 : }
370 :
371 8 : wbcFreeMemory(sids);
372 :
373 8 : return true;
374 : }
375 :
376 8 : static bool wbinfo_get_userdomgroups(const char *user_sid_str)
377 : {
378 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
379 0 : uint32_t num_sids;
380 0 : uint32_t i;
381 8 : struct wbcDomainSid user_sid, *sids = NULL;
382 :
383 : /* Send request */
384 :
385 8 : wbc_status = wbcStringToSid(user_sid_str, &user_sid);
386 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
387 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
388 : wbcErrorString(wbc_status));
389 0 : return false;
390 : }
391 :
392 8 : wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
393 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
394 0 : d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
395 : wbcErrorString(wbc_status));
396 0 : return false;
397 : }
398 :
399 63 : for (i = 0; i < num_sids; i++) {
400 0 : char str[WBC_SID_STRING_BUFLEN];
401 55 : wbcSidToStringBuf(&sids[i], str, sizeof(str));
402 55 : d_printf("%s\n", str);
403 : }
404 :
405 8 : wbcFreeMemory(sids);
406 :
407 8 : return true;
408 : }
409 :
410 0 : static bool wbinfo_get_sidaliases(const char *domain,
411 : const char *user_sid_str)
412 : {
413 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
414 0 : struct wbcDomainInfo *dinfo = NULL;
415 0 : uint32_t i;
416 0 : struct wbcDomainSid user_sid;
417 0 : uint32_t *alias_rids = NULL;
418 0 : uint32_t num_alias_rids;
419 0 : char domain_sid_str[WBC_SID_STRING_BUFLEN];
420 :
421 : /* Send request */
422 0 : if ((domain == NULL) || (strequal(domain, ".")) ||
423 0 : (domain[0] == '\0')) {
424 0 : domain = get_winbind_domain();
425 : }
426 :
427 : /* Send request */
428 :
429 0 : wbc_status = wbcDomainInfo(domain, &dinfo);
430 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
431 0 : d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
432 : wbcErrorString(wbc_status));
433 0 : goto done;
434 : }
435 0 : wbc_status = wbcStringToSid(user_sid_str, &user_sid);
436 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
437 0 : goto done;
438 : }
439 :
440 0 : wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
441 : &alias_rids, &num_alias_rids);
442 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
443 0 : goto done;
444 : }
445 :
446 0 : wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
447 :
448 0 : for (i = 0; i < num_alias_rids; i++) {
449 0 : d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
450 : }
451 :
452 0 : wbcFreeMemory(alias_rids);
453 :
454 0 : done:
455 0 : wbcFreeMemory(dinfo);
456 0 : return (WBC_ERR_SUCCESS == wbc_status);
457 : }
458 :
459 :
460 : /* Convert NetBIOS name to IP */
461 :
462 8 : static bool wbinfo_wins_byname(const char *name)
463 : {
464 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
465 8 : char *ip = NULL;
466 :
467 8 : wbc_status = wbcResolveWinsByName(name, &ip);
468 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
469 0 : d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
470 : wbcErrorString(wbc_status));
471 0 : return false;
472 : }
473 :
474 : /* Display response */
475 :
476 8 : d_printf("%s\n", ip);
477 :
478 8 : wbcFreeMemory(ip);
479 :
480 8 : return true;
481 : }
482 :
483 : /* Convert IP to NetBIOS name */
484 :
485 8 : static bool wbinfo_wins_byip(const char *ip)
486 : {
487 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
488 8 : char *name = NULL;
489 :
490 8 : wbc_status = wbcResolveWinsByIP(ip, &name);
491 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
492 0 : d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
493 : wbcErrorString(wbc_status));
494 0 : return false;
495 : }
496 :
497 : /* Display response */
498 :
499 8 : d_printf("%s\n", name);
500 :
501 8 : wbcFreeMemory(name);
502 :
503 8 : return true;
504 : }
505 :
506 : /* List all/trusted domains */
507 :
508 36 : static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
509 : {
510 36 : struct wbcDomainInfo *domain_list = NULL;
511 0 : size_t i, num_domains;
512 36 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
513 36 : bool print_all = !list_all_domains && verbose;
514 :
515 36 : wbc_status = wbcListTrusts(&domain_list, &num_domains);
516 36 : if (!WBC_ERROR_IS_OK(wbc_status)) {
517 0 : d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
518 : wbcErrorString(wbc_status));
519 0 : return false;
520 : }
521 :
522 36 : if (print_all) {
523 0 : d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
524 : "Domain Name", "DNS Domain", "Trust Type",
525 : "Transitive", "In", "Out");
526 : }
527 :
528 142 : for (i=0; i<num_domains; i++) {
529 106 : if (print_all) {
530 0 : d_printf("%-16s", domain_list[i].short_name);
531 : } else {
532 106 : d_printf("%s", domain_list[i].short_name);
533 106 : d_printf("\n");
534 106 : continue;
535 : }
536 :
537 0 : d_printf("%-65s", domain_list[i].dns_name);
538 :
539 0 : switch(domain_list[i].trust_type) {
540 0 : case WBC_DOMINFO_TRUSTTYPE_NONE:
541 0 : if (domain_list[i].trust_routing != NULL) {
542 0 : d_printf("%s\n", domain_list[i].trust_routing);
543 : } else {
544 0 : d_printf("None\n");
545 : }
546 0 : continue;
547 0 : case WBC_DOMINFO_TRUSTTYPE_LOCAL:
548 0 : d_printf("Local\n");
549 0 : continue;
550 0 : case WBC_DOMINFO_TRUSTTYPE_RWDC:
551 0 : d_printf("RWDC\n");
552 0 : continue;
553 0 : case WBC_DOMINFO_TRUSTTYPE_RODC:
554 0 : d_printf("RODC\n");
555 0 : continue;
556 0 : case WBC_DOMINFO_TRUSTTYPE_PDC:
557 0 : d_printf("PDC\n");
558 0 : continue;
559 0 : case WBC_DOMINFO_TRUSTTYPE_WKSTA:
560 0 : d_printf("Workstation ");
561 0 : break;
562 0 : case WBC_DOMINFO_TRUSTTYPE_FOREST:
563 0 : d_printf("Forest ");
564 0 : break;
565 0 : case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
566 0 : d_printf("External ");
567 0 : break;
568 0 : case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
569 0 : d_printf("In-Forest ");
570 0 : break;
571 : }
572 :
573 0 : if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
574 0 : d_printf("Yes ");
575 : } else {
576 0 : d_printf("No ");
577 : }
578 :
579 0 : if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
580 0 : d_printf("Yes ");
581 : } else {
582 0 : d_printf("No ");
583 : }
584 :
585 0 : if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
586 0 : d_printf("Yes ");
587 : } else {
588 0 : d_printf("No ");
589 : }
590 :
591 0 : d_printf("\n");
592 : }
593 :
594 36 : wbcFreeMemory(domain_list);
595 :
596 36 : return true;
597 : }
598 :
599 : /* List own domain */
600 :
601 36 : static bool wbinfo_list_own_domain(void)
602 : {
603 36 : d_printf("%s\n", get_winbind_domain());
604 :
605 36 : return true;
606 : }
607 :
608 : /* show sequence numbers */
609 8 : static bool wbinfo_show_sequence(const char *domain)
610 : {
611 8 : d_printf("This command has been deprecated. Please use the "
612 : "--online-status option instead.\n");
613 8 : return false;
614 : }
615 :
616 : /* show sequence numbers */
617 40 : static bool wbinfo_show_onlinestatus(const char *domain)
618 : {
619 40 : struct wbcDomainInfo *domain_list = NULL;
620 0 : size_t i, num_domains;
621 40 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
622 :
623 40 : wbc_status = wbcListTrusts(&domain_list, &num_domains);
624 40 : if (!WBC_ERROR_IS_OK(wbc_status)) {
625 0 : d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
626 : wbcErrorString(wbc_status));
627 0 : return false;
628 : }
629 :
630 152 : for (i=0; i<num_domains; i++) {
631 0 : bool is_offline;
632 :
633 112 : if (domain) {
634 84 : if (!strequal(domain_list[i].short_name, domain)) {
635 54 : continue;
636 : }
637 : }
638 :
639 58 : is_offline = (domain_list[i].domain_flags &
640 : WBC_DOMINFO_DOMAIN_OFFLINE);
641 :
642 58 : d_printf("%s : %s\n",
643 58 : domain_list[i].short_name,
644 : is_offline ? "no active connection" : "active connection" );
645 : }
646 :
647 40 : wbcFreeMemory(domain_list);
648 :
649 40 : return true;
650 : }
651 :
652 :
653 : /* Show domain info */
654 :
655 30 : static bool wbinfo_domain_info(const char *domain)
656 : {
657 30 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
658 30 : struct wbcDomainInfo *dinfo = NULL;
659 0 : char sid_str[WBC_SID_STRING_BUFLEN];
660 :
661 30 : if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
662 0 : domain = get_winbind_domain();
663 : }
664 :
665 : /* Send request */
666 :
667 30 : wbc_status = wbcDomainInfo(domain, &dinfo);
668 30 : if (!WBC_ERROR_IS_OK(wbc_status)) {
669 0 : d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
670 : wbcErrorString(wbc_status));
671 0 : return false;
672 : }
673 :
674 30 : wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
675 :
676 : /* Display response */
677 :
678 30 : d_printf("Name : %s\n", dinfo->short_name);
679 30 : d_printf("Alt_Name : %s\n", dinfo->dns_name);
680 :
681 30 : d_printf("SID : %s\n", sid_str);
682 :
683 30 : d_printf("Active Directory : %s\n",
684 30 : (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
685 30 : d_printf("Native : %s\n",
686 30 : (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
687 : "Yes" : "No");
688 :
689 30 : d_printf("Primary : %s\n",
690 30 : (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
691 : "Yes" : "No");
692 :
693 30 : wbcFreeMemory(dinfo);
694 :
695 30 : return true;
696 : }
697 :
698 : /* Get a foreign DC's name */
699 8 : static bool wbinfo_getdcname(const char *domain_name)
700 : {
701 8 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
702 0 : struct winbindd_request request;
703 0 : struct winbindd_response response;
704 :
705 8 : ZERO_STRUCT(request);
706 8 : ZERO_STRUCT(response);
707 :
708 8 : fstrcpy(request.domain_name, domain_name);
709 :
710 : /* Send request */
711 :
712 8 : wbc_status = wbcRequestResponse(NULL, WINBINDD_GETDCNAME,
713 : &request, &response);
714 8 : if (!WBC_ERROR_IS_OK(wbc_status)) {
715 0 : d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
716 0 : return false;
717 : }
718 :
719 : /* Display response */
720 :
721 8 : d_printf("%s\n", response.data.dc_name);
722 :
723 8 : return true;
724 : }
725 :
726 : /* Find a DC */
727 0 : static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
728 : {
729 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
730 0 : struct wbcDomainControllerInfoEx *dc_info;
731 0 : char *str = NULL;
732 :
733 0 : wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
734 : flags | DS_DIRECTORY_SERVICE_REQUIRED,
735 : &dc_info);
736 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
737 0 : printf("Could not find dc for %s\n", domain_name);
738 0 : return false;
739 : }
740 :
741 0 : wbcGuidToString(dc_info->domain_guid, &str);
742 :
743 0 : d_printf("%s\n", dc_info->dc_unc);
744 0 : d_printf("%s\n", dc_info->dc_address);
745 0 : d_printf("%d\n", dc_info->dc_address_type);
746 0 : d_printf("%s\n", str);
747 0 : d_printf("%s\n", dc_info->domain_name);
748 0 : d_printf("%s\n", dc_info->forest_name);
749 0 : d_printf("0x%08x\n", dc_info->dc_flags);
750 0 : d_printf("%s\n", dc_info->dc_site_name);
751 0 : d_printf("%s\n", dc_info->client_site_name);
752 :
753 0 : wbcFreeMemory(str);
754 0 : wbcFreeMemory(dc_info);
755 :
756 0 : return true;
757 : }
758 :
759 : /* Check trust account password */
760 :
761 34 : static bool wbinfo_check_secret(const char *domain)
762 : {
763 34 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
764 34 : struct wbcAuthErrorInfo *error = NULL;
765 0 : const char *domain_name;
766 :
767 34 : if (domain) {
768 26 : domain_name = domain;
769 : } else {
770 8 : domain_name = get_winbind_domain();
771 : }
772 :
773 34 : wbc_status = wbcCheckTrustCredentials(domain_name, &error);
774 :
775 34 : d_printf("checking the trust secret for domain %s via RPC calls %s\n",
776 : domain_name,
777 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
778 :
779 34 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
780 0 : d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
781 0 : domain_name, error->nt_string, error->nt_status);
782 0 : wbcFreeMemory(error);
783 : }
784 34 : if (!WBC_ERROR_IS_OK(wbc_status)) {
785 0 : d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
786 : "%s\n", wbcErrorString(wbc_status));
787 0 : return false;
788 : }
789 :
790 34 : return true;
791 : }
792 :
793 : /* Find the currently connected DCs */
794 :
795 4 : static bool wbinfo_dc_info(const char *domain_name)
796 : {
797 4 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
798 0 : size_t i, num_dcs;
799 0 : const char **dc_names, **dc_ips;
800 :
801 4 : wbc_status = wbcDcInfo(domain_name, &num_dcs,
802 : &dc_names, &dc_ips);
803 4 : if (!WBC_ERROR_IS_OK(wbc_status)) {
804 0 : printf("Could not find dc info %s\n",
805 : domain_name ? domain_name : "our domain");
806 0 : return false;
807 : }
808 :
809 8 : for (i=0; i<num_dcs; i++) {
810 4 : printf("%s (%s)\n", dc_names[i], dc_ips[i]);
811 : }
812 4 : wbcFreeMemory(dc_names);
813 4 : wbcFreeMemory(dc_ips);
814 :
815 4 : return true;
816 : }
817 :
818 : /* Change trust account password */
819 :
820 26 : static bool wbinfo_change_secret(const char *domain)
821 : {
822 26 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
823 26 : struct wbcAuthErrorInfo *error = NULL;
824 0 : const char *domain_name;
825 :
826 26 : if (domain) {
827 16 : domain_name = domain;
828 : } else {
829 10 : domain_name = get_winbind_domain();
830 : }
831 :
832 26 : wbc_status = wbcChangeTrustCredentials(domain_name, &error);
833 :
834 26 : d_printf("changing the trust secret for domain %s via RPC calls %s\n",
835 : domain_name,
836 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
837 :
838 26 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
839 0 : d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
840 0 : domain_name, error->nt_string, error->nt_status);
841 0 : wbcFreeMemory(error);
842 : }
843 26 : if (!WBC_ERROR_IS_OK(wbc_status)) {
844 0 : d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
845 : "%s\n", wbcErrorString(wbc_status));
846 0 : return false;
847 : }
848 :
849 26 : return true;
850 : }
851 :
852 : /* Change trust account password chose Domain Controller */
853 :
854 2 : static bool wbinfo_change_secret_at(const char *domain,
855 : const char *domain_controller)
856 : {
857 2 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
858 2 : struct wbcAuthErrorInfo *error = NULL;
859 0 : const char *domain_name;
860 :
861 2 : if (domain) {
862 0 : domain_name = domain;
863 : } else {
864 2 : domain_name = get_winbind_domain();
865 : }
866 :
867 2 : wbc_status = wbcChangeTrustCredentialsAt(
868 : domain_name, domain_controller, &error);
869 :
870 2 : d_printf("changing the trust secret for domain %s via RPC calls %s\n",
871 : domain_name,
872 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
873 :
874 2 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
875 0 : d_fprintf(stderr, "wbcChangeTrustCredentials(%s): "
876 : "error code was %s (0x%x)\n",
877 0 : domain_name, error->nt_string, error->nt_status);
878 0 : wbcFreeMemory(error);
879 : }
880 2 : if (!WBC_ERROR_IS_OK(wbc_status)) {
881 0 : d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
882 : "%s\n", wbcErrorString(wbc_status));
883 0 : return false;
884 : }
885 :
886 2 : return true;
887 : }
888 :
889 : /* Check DC connection */
890 :
891 114 : static bool wbinfo_ping_dc(const char *domain)
892 : {
893 114 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
894 114 : struct wbcAuthErrorInfo *error = NULL;
895 114 : char *dcname = NULL;
896 :
897 2 : const char *domain_name;
898 :
899 114 : if (domain) {
900 6 : domain_name = domain;
901 : } else {
902 108 : domain_name = get_winbind_domain();
903 : }
904 :
905 114 : wbc_status = wbcPingDc2(domain_name, &error, &dcname);
906 :
907 228 : d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
908 : domain_name ? domain_name : "",
909 114 : dcname ? dcname : "",
910 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
911 :
912 114 : wbcFreeMemory(dcname);
913 114 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
914 0 : d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
915 0 : domain_name, error->nt_string, error->nt_status);
916 0 : wbcFreeMemory(error);
917 0 : return false;
918 : }
919 114 : if (!WBC_ERROR_IS_OK(wbc_status)) {
920 10 : d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
921 : wbcErrorString(wbc_status));
922 10 : return false;
923 : }
924 :
925 102 : return true;
926 : }
927 :
928 : /* Convert uid to sid */
929 :
930 44 : static bool wbinfo_uid_to_sid(uid_t uid)
931 : {
932 44 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
933 0 : struct wbcDomainSid sid;
934 0 : char sid_str[WBC_SID_STRING_BUFLEN];
935 :
936 : /* Send request */
937 :
938 44 : wbc_status = wbcUidToSid(uid, &sid);
939 44 : if (!WBC_ERROR_IS_OK(wbc_status)) {
940 4 : d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
941 : wbcErrorString(wbc_status));
942 4 : return false;
943 : }
944 :
945 40 : wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
946 :
947 : /* Display response */
948 :
949 40 : d_printf("%s\n", sid_str);
950 :
951 40 : return true;
952 : }
953 :
954 : /* Convert gid to sid */
955 :
956 88 : static bool wbinfo_gid_to_sid(gid_t gid)
957 : {
958 88 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
959 0 : struct wbcDomainSid sid;
960 0 : char sid_str[WBC_SID_STRING_BUFLEN];
961 :
962 : /* Send request */
963 :
964 88 : wbc_status = wbcGidToSid(gid, &sid);
965 88 : if (!WBC_ERROR_IS_OK(wbc_status)) {
966 4 : d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
967 : wbcErrorString(wbc_status));
968 4 : return false;
969 : }
970 :
971 84 : wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
972 :
973 : /* Display response */
974 :
975 84 : d_printf("%s\n", sid_str);
976 :
977 84 : return true;
978 : }
979 :
980 : /* Convert sid to uid */
981 :
982 76 : static bool wbinfo_sid_to_uid(const char *sid_str)
983 : {
984 76 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
985 0 : struct wbcDomainSid sid;
986 0 : uid_t uid;
987 :
988 : /* Send request */
989 :
990 76 : wbc_status = wbcStringToSid(sid_str, &sid);
991 76 : if (!WBC_ERROR_IS_OK(wbc_status)) {
992 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
993 : wbcErrorString(wbc_status));
994 0 : return false;
995 : }
996 :
997 76 : wbc_status = wbcSidToUid(&sid, &uid);
998 76 : if (!WBC_ERROR_IS_OK(wbc_status)) {
999 12 : d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
1000 : wbcErrorString(wbc_status));
1001 12 : return false;
1002 : }
1003 :
1004 : /* Display response */
1005 :
1006 64 : d_printf("%d\n", (int)uid);
1007 :
1008 64 : return true;
1009 : }
1010 :
1011 214 : static bool wbinfo_sid_to_gid(const char *sid_str)
1012 : {
1013 214 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1014 0 : struct wbcDomainSid sid;
1015 0 : gid_t gid;
1016 :
1017 : /* Send request */
1018 :
1019 214 : wbc_status = wbcStringToSid(sid_str, &sid);
1020 214 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1021 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1022 : wbcErrorString(wbc_status));
1023 0 : return false;
1024 : }
1025 :
1026 214 : wbc_status = wbcSidToGid(&sid, &gid);
1027 214 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1028 25 : d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
1029 : wbcErrorString(wbc_status));
1030 25 : return false;
1031 : }
1032 :
1033 : /* Display response */
1034 :
1035 189 : d_printf("%d\n", (int)gid);
1036 :
1037 189 : return true;
1038 : }
1039 :
1040 42 : static bool wbinfo_sids_to_unix_ids(const char *arg)
1041 : {
1042 0 : char sidstr[WBC_SID_STRING_BUFLEN];
1043 0 : struct wbcDomainSid *sids;
1044 0 : struct wbcUnixId *unix_ids;
1045 0 : int i, num_sids;
1046 0 : const char *p;
1047 0 : wbcErr wbc_status;
1048 :
1049 :
1050 42 : num_sids = 0;
1051 42 : sids = NULL;
1052 42 : p = arg;
1053 :
1054 236 : while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1055 194 : sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1056 : num_sids+1);
1057 194 : if (sids == NULL) {
1058 0 : d_fprintf(stderr, "talloc failed\n");
1059 0 : return false;
1060 : }
1061 194 : wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1062 194 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1063 0 : d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1064 : sidstr, wbcErrorString(wbc_status));
1065 0 : TALLOC_FREE(sids);
1066 0 : return false;
1067 : }
1068 194 : num_sids += 1;
1069 : }
1070 :
1071 42 : unix_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_sids);
1072 42 : if (unix_ids == NULL) {
1073 0 : TALLOC_FREE(sids);
1074 0 : return false;
1075 : }
1076 :
1077 42 : wbc_status = wbcSidsToUnixIds(sids, num_sids, unix_ids);
1078 42 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1079 0 : d_fprintf(stderr, "wbcSidsToUnixIds failed: %s\n",
1080 : wbcErrorString(wbc_status));
1081 0 : TALLOC_FREE(sids);
1082 0 : return false;
1083 : }
1084 :
1085 236 : for (i=0; i<num_sids; i++) {
1086 :
1087 194 : wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1088 :
1089 194 : switch(unix_ids[i].type) {
1090 0 : case WBC_ID_TYPE_UID:
1091 0 : d_printf("%s -> uid %d\n", sidstr, unix_ids[i].id.uid);
1092 0 : break;
1093 122 : case WBC_ID_TYPE_GID:
1094 122 : d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
1095 122 : break;
1096 64 : case WBC_ID_TYPE_BOTH:
1097 64 : d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
1098 64 : break;
1099 8 : default:
1100 8 : d_printf("%s -> unmapped\n", sidstr);
1101 8 : break;
1102 : }
1103 : }
1104 :
1105 42 : TALLOC_FREE(sids);
1106 42 : TALLOC_FREE(unix_ids);
1107 :
1108 42 : return true;
1109 : }
1110 :
1111 2 : static bool wbinfo_xids_to_sids(const char *arg)
1112 : {
1113 0 : fstring idstr;
1114 2 : struct wbcUnixId *xids = NULL;
1115 0 : struct wbcDomainSid *sids;
1116 0 : wbcErr wbc_status;
1117 2 : int num_xids = 0;
1118 0 : const char *p;
1119 0 : int i;
1120 :
1121 2 : p = arg;
1122 :
1123 72 : while (next_token(&p, idstr, LIST_SEP, sizeof(idstr))) {
1124 70 : xids = talloc_realloc(talloc_tos(), xids, struct wbcUnixId,
1125 : num_xids+1);
1126 70 : if (xids == NULL) {
1127 0 : d_fprintf(stderr, "talloc failed\n");
1128 0 : return false;
1129 : }
1130 :
1131 70 : switch (idstr[0]) {
1132 0 : case 'u':
1133 0 : xids[num_xids] = (struct wbcUnixId) {
1134 : .type = WBC_ID_TYPE_UID,
1135 0 : .id.uid = atoi(&idstr[1])
1136 : };
1137 0 : break;
1138 70 : case 'g':
1139 70 : xids[num_xids] = (struct wbcUnixId) {
1140 : .type = WBC_ID_TYPE_GID,
1141 70 : .id.gid = atoi(&idstr[1])
1142 : };
1143 70 : break;
1144 0 : default:
1145 0 : d_fprintf(stderr, "%s is an invalid id\n", idstr);
1146 0 : TALLOC_FREE(xids);
1147 0 : return false;
1148 : }
1149 70 : num_xids += 1;
1150 : }
1151 :
1152 2 : sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_xids);
1153 2 : if (sids == NULL) {
1154 0 : d_fprintf(stderr, "talloc failed\n");
1155 0 : TALLOC_FREE(xids);
1156 0 : return false;
1157 : }
1158 :
1159 2 : wbc_status = wbcUnixIdsToSids(xids, num_xids, sids);
1160 2 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1161 0 : d_fprintf(stderr, "wbcUnixIdsToSids failed: %s\n",
1162 : wbcErrorString(wbc_status));
1163 0 : TALLOC_FREE(sids);
1164 0 : TALLOC_FREE(xids);
1165 0 : return false;
1166 : }
1167 :
1168 72 : for (i=0; i<num_xids; i++) {
1169 0 : char str[WBC_SID_STRING_BUFLEN];
1170 70 : struct wbcDomainSid null_sid = { 0 };
1171 :
1172 70 : if (memcmp(&null_sid, &sids[i], sizeof(struct wbcDomainSid)) == 0) {
1173 0 : d_printf("NOT MAPPED\n");
1174 0 : continue;
1175 : }
1176 70 : wbcSidToStringBuf(&sids[i], str, sizeof(str));
1177 70 : d_printf("%s\n", str);
1178 : }
1179 :
1180 2 : return true;
1181 : }
1182 :
1183 10 : static bool wbinfo_allocate_uid(void)
1184 : {
1185 10 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1186 0 : uid_t uid;
1187 :
1188 : /* Send request */
1189 :
1190 10 : wbc_status = wbcAllocateUid(&uid);
1191 10 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1192 4 : d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
1193 : wbcErrorString(wbc_status));
1194 4 : return false;
1195 : }
1196 :
1197 : /* Display response */
1198 :
1199 6 : d_printf("New uid: %u\n", (unsigned int)uid);
1200 :
1201 6 : return true;
1202 : }
1203 :
1204 10 : static bool wbinfo_allocate_gid(void)
1205 : {
1206 10 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1207 0 : gid_t gid;
1208 :
1209 : /* Send request */
1210 :
1211 10 : wbc_status = wbcAllocateGid(&gid);
1212 10 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1213 4 : d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
1214 : wbcErrorString(wbc_status));
1215 4 : return false;
1216 : }
1217 :
1218 : /* Display response */
1219 :
1220 6 : d_printf("New gid: %u\n", (unsigned int)gid);
1221 :
1222 6 : return true;
1223 : }
1224 :
1225 0 : static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
1226 : {
1227 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1228 0 : struct wbcDomainSid sid;
1229 :
1230 : /* Send request */
1231 :
1232 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1233 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1234 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1235 : wbcErrorString(wbc_status));
1236 0 : return false;
1237 : }
1238 :
1239 0 : wbc_status = wbcSetUidMapping(uid, &sid);
1240 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1241 0 : d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
1242 : wbcErrorString(wbc_status));
1243 0 : return false;
1244 : }
1245 :
1246 : /* Display response */
1247 :
1248 0 : d_printf("uid %u now mapped to sid %s\n",
1249 : (unsigned int)uid, sid_str);
1250 :
1251 0 : return true;
1252 : }
1253 :
1254 0 : static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
1255 : {
1256 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1257 0 : struct wbcDomainSid sid;
1258 :
1259 : /* Send request */
1260 :
1261 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1262 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1263 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1264 : wbcErrorString(wbc_status));
1265 0 : return false;
1266 : }
1267 :
1268 0 : wbc_status = wbcSetGidMapping(gid, &sid);
1269 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1270 0 : d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
1271 : wbcErrorString(wbc_status));
1272 0 : return false;
1273 : }
1274 :
1275 : /* Display response */
1276 :
1277 0 : d_printf("gid %u now mapped to sid %s\n",
1278 : (unsigned int)gid, sid_str);
1279 :
1280 0 : return true;
1281 : }
1282 :
1283 0 : static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1284 : {
1285 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1286 0 : struct wbcDomainSid sid;
1287 :
1288 : /* Send request */
1289 :
1290 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1291 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1292 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1293 : wbcErrorString(wbc_status));
1294 0 : return false;
1295 : }
1296 :
1297 0 : wbc_status = wbcRemoveUidMapping(uid, &sid);
1298 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1299 0 : d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
1300 : wbcErrorString(wbc_status));
1301 0 : return false;
1302 : }
1303 :
1304 : /* Display response */
1305 :
1306 0 : d_printf("Removed uid %u to sid %s mapping\n",
1307 : (unsigned int)uid, sid_str);
1308 :
1309 0 : return true;
1310 : }
1311 :
1312 0 : static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1313 : {
1314 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1315 0 : struct wbcDomainSid sid;
1316 :
1317 : /* Send request */
1318 :
1319 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1320 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1321 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1322 : wbcErrorString(wbc_status));
1323 0 : return false;
1324 : }
1325 :
1326 0 : wbc_status = wbcRemoveGidMapping(gid, &sid);
1327 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1328 0 : d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
1329 : wbcErrorString(wbc_status));
1330 0 : return false;
1331 : }
1332 :
1333 : /* Display response */
1334 :
1335 0 : d_printf("Removed gid %u to sid %s mapping\n",
1336 : (unsigned int)gid, sid_str);
1337 :
1338 0 : return true;
1339 : }
1340 :
1341 : /* Convert sid to string */
1342 :
1343 84 : static bool wbinfo_lookupsid(const char *sid_str)
1344 : {
1345 84 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1346 0 : struct wbcDomainSid sid;
1347 0 : char *domain;
1348 0 : char *name;
1349 0 : enum wbcSidType type;
1350 :
1351 : /* Send off request */
1352 :
1353 84 : wbc_status = wbcStringToSid(sid_str, &sid);
1354 84 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1355 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1356 : wbcErrorString(wbc_status));
1357 0 : return false;
1358 : }
1359 :
1360 84 : wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1361 84 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1362 6 : d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1363 : wbcErrorString(wbc_status));
1364 6 : return false;
1365 : }
1366 :
1367 : /* Display response */
1368 :
1369 78 : if (type == WBC_SID_NAME_DOMAIN) {
1370 0 : d_printf("%s %d\n", domain, type);
1371 : } else {
1372 78 : d_printf("%s%c%s %d\n",
1373 78 : domain, winbind_separator(), name, type);
1374 : }
1375 :
1376 78 : wbcFreeMemory(domain);
1377 78 : wbcFreeMemory(name);
1378 :
1379 78 : return true;
1380 : }
1381 :
1382 : /* Convert sid to fullname */
1383 :
1384 0 : static bool wbinfo_lookupsid_fullname(const char *sid_str)
1385 : {
1386 0 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1387 0 : struct wbcDomainSid sid;
1388 0 : char *domain;
1389 0 : char *name;
1390 0 : enum wbcSidType type;
1391 :
1392 : /* Send off request */
1393 :
1394 0 : wbc_status = wbcStringToSid(sid_str, &sid);
1395 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1396 0 : d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1397 : wbcErrorString(wbc_status));
1398 0 : return false;
1399 : }
1400 :
1401 0 : wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1402 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1403 0 : d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1404 : wbcErrorString(wbc_status));
1405 0 : return false;
1406 : }
1407 :
1408 : /* Display response */
1409 :
1410 0 : d_printf("%s%c%s %d\n",
1411 0 : domain, winbind_separator(), name, type);
1412 :
1413 0 : wbcFreeMemory(domain);
1414 0 : wbcFreeMemory(name);
1415 :
1416 0 : return true;
1417 : }
1418 :
1419 : /* Lookup a list of RIDs */
1420 :
1421 4 : static bool wbinfo_lookuprids(const char *domain, const char *arg)
1422 : {
1423 4 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1424 0 : struct wbcDomainSid dsid;
1425 4 : char *domain_name = NULL;
1426 4 : const char **names = NULL;
1427 4 : enum wbcSidType *types = NULL;
1428 0 : size_t i, num_rids;
1429 4 : uint32_t *rids = NULL;
1430 0 : const char *p;
1431 0 : char *ridstr;
1432 4 : TALLOC_CTX *mem_ctx = NULL;
1433 4 : bool ret = false;
1434 :
1435 4 : if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1436 4 : domain = get_winbind_domain();
1437 : }
1438 :
1439 4 : wbc_status = wbcStringToSid(domain, &dsid);
1440 4 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1441 4 : struct wbcDomainInfo *dinfo = NULL;
1442 :
1443 4 : wbc_status = wbcDomainInfo(domain, &dinfo);
1444 4 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1445 0 : d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1446 : wbcErrorString(wbc_status));
1447 0 : goto done;
1448 : }
1449 :
1450 4 : dsid = dinfo->sid;
1451 4 : wbcFreeMemory(dinfo);
1452 : }
1453 :
1454 4 : mem_ctx = talloc_new(NULL);
1455 4 : if (mem_ctx == NULL) {
1456 0 : d_printf("talloc_new failed\n");
1457 0 : goto done;
1458 : }
1459 :
1460 4 : num_rids = 0;
1461 4 : rids = NULL;
1462 4 : p = arg;
1463 :
1464 12 : while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1465 8 : int error = 0;
1466 0 : uint32_t rid;
1467 :
1468 8 : rid = smb_strtoul(ridstr, NULL, 10, &error, SMB_STR_STANDARD);
1469 8 : if (error != 0) {
1470 0 : d_printf("failed to convert rid\n");
1471 0 : goto done;
1472 : }
1473 8 : rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1474 8 : if (rids == NULL) {
1475 0 : d_printf("talloc_realloc failed\n");
1476 : }
1477 8 : rids[num_rids] = rid;
1478 8 : num_rids += 1;
1479 : }
1480 :
1481 4 : if (rids == NULL) {
1482 0 : d_printf("no rids\n");
1483 0 : goto done;
1484 : }
1485 :
1486 4 : wbc_status = wbcLookupRids(
1487 : &dsid, num_rids, rids, &p, &names, &types);
1488 4 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1489 0 : d_printf("winbind_lookup_rids failed: %s\n",
1490 : wbcErrorString(wbc_status));
1491 0 : goto done;
1492 : }
1493 :
1494 4 : domain_name = discard_const_p(char, p);
1495 4 : d_printf("Domain: %s\n", domain_name);
1496 :
1497 12 : for (i=0; i<num_rids; i++) {
1498 8 : d_printf("%8d: %s (%s)\n", rids[i], names[i],
1499 8 : wbcSidTypeString(types[i]));
1500 : }
1501 :
1502 4 : ret = true;
1503 4 : done:
1504 4 : wbcFreeMemory(domain_name);
1505 4 : wbcFreeMemory(names);
1506 4 : wbcFreeMemory(types);
1507 4 : TALLOC_FREE(mem_ctx);
1508 4 : return ret;
1509 : }
1510 :
1511 0 : static bool wbinfo_lookup_sids(const char *arg)
1512 : {
1513 0 : char sidstr[WBC_SID_STRING_BUFLEN];
1514 0 : struct wbcDomainSid *sids;
1515 0 : struct wbcDomainInfo *domains;
1516 0 : struct wbcTranslatedName *names;
1517 0 : int num_domains;
1518 0 : int i, num_sids;
1519 0 : const char *p;
1520 0 : wbcErr wbc_status;
1521 :
1522 :
1523 0 : num_sids = 0;
1524 0 : sids = NULL;
1525 0 : p = arg;
1526 :
1527 0 : while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
1528 0 : sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
1529 : num_sids+1);
1530 0 : if (sids == NULL) {
1531 0 : d_fprintf(stderr, "talloc failed\n");
1532 0 : return false;
1533 : }
1534 0 : wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
1535 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1536 0 : d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
1537 : sidstr, wbcErrorString(wbc_status));
1538 0 : TALLOC_FREE(sids);
1539 0 : return false;
1540 : }
1541 0 : num_sids += 1;
1542 : }
1543 :
1544 0 : wbc_status = wbcLookupSids(sids, num_sids, &domains, &num_domains,
1545 : &names);
1546 0 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1547 0 : d_fprintf(stderr, "wbcLookupSids failed: %s\n",
1548 : wbcErrorString(wbc_status));
1549 0 : TALLOC_FREE(sids);
1550 0 : return false;
1551 : }
1552 :
1553 0 : for (i=0; i<num_sids; i++) {
1554 0 : const char *domain = NULL;
1555 :
1556 0 : wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
1557 :
1558 0 : if (names[i].domain_index >= num_domains) {
1559 0 : domain = "<none>";
1560 0 : } else if (names[i].domain_index < 0) {
1561 0 : domain = "<none>";
1562 : } else {
1563 0 : domain = domains[names[i].domain_index].short_name;
1564 : }
1565 :
1566 0 : if (names[i].type == WBC_SID_NAME_DOMAIN) {
1567 0 : d_printf("%s -> %s %d\n", sidstr,
1568 : domain,
1569 0 : names[i].type);
1570 : } else {
1571 0 : d_printf("%s -> %s%c%s %d\n", sidstr,
1572 : domain,
1573 0 : winbind_separator(),
1574 0 : names[i].name, names[i].type);
1575 : }
1576 : }
1577 0 : wbcFreeMemory(names);
1578 0 : wbcFreeMemory(domains);
1579 0 : return true;
1580 : }
1581 :
1582 : /* Convert string to sid */
1583 :
1584 344 : static bool wbinfo_lookupname(const char *full_name)
1585 : {
1586 344 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1587 0 : struct wbcDomainSid sid;
1588 0 : char sid_str[WBC_SID_STRING_BUFLEN];
1589 0 : enum wbcSidType type;
1590 0 : fstring domain_name;
1591 0 : fstring account_name;
1592 :
1593 : /* Send off request */
1594 :
1595 344 : parse_wbinfo_domain_user(full_name, domain_name,
1596 : account_name);
1597 :
1598 344 : wbc_status = wbcLookupName(domain_name, account_name,
1599 : &sid, &type);
1600 344 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1601 20 : d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1602 : wbcErrorString(wbc_status));
1603 20 : return false;
1604 : }
1605 :
1606 324 : wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
1607 :
1608 : /* Display response */
1609 :
1610 324 : d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1611 :
1612 324 : return true;
1613 : }
1614 :
1615 0 : static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1616 : const char *prefix,
1617 : const char *username)
1618 : {
1619 0 : char *prompt;
1620 0 : char buf[1024] = {0};
1621 0 : int rc;
1622 :
1623 0 : prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1624 0 : if (!prompt) {
1625 0 : return NULL;
1626 : }
1627 0 : if (prefix) {
1628 0 : prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1629 0 : if (!prompt) {
1630 0 : return NULL;
1631 : }
1632 : }
1633 0 : prompt = talloc_asprintf_append(prompt, "password: ");
1634 0 : if (!prompt) {
1635 0 : return NULL;
1636 : }
1637 :
1638 0 : rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
1639 0 : TALLOC_FREE(prompt);
1640 0 : if (rc < 0) {
1641 0 : return NULL;
1642 : }
1643 :
1644 0 : return talloc_strdup(mem_ctx, buf);
1645 : }
1646 :
1647 : /* Authenticate a user with a plaintext password */
1648 :
1649 46 : static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1650 : {
1651 46 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1652 46 : char *s = NULL;
1653 46 : char *p = NULL;
1654 46 : char *password = NULL;
1655 46 : char *name = NULL;
1656 46 : char *local_cctype = NULL;
1657 0 : uid_t uid;
1658 0 : struct wbcLogonUserParams params;
1659 0 : struct wbcLogonUserInfo *info;
1660 0 : struct wbcAuthErrorInfo *error;
1661 0 : struct wbcUserPasswordPolicyInfo *policy;
1662 46 : TALLOC_CTX *frame = talloc_tos();
1663 :
1664 46 : if ((s = talloc_strdup(frame, username)) == NULL) {
1665 0 : return false;
1666 : }
1667 :
1668 46 : if ((p = strchr(s, '%')) != NULL) {
1669 46 : *p = 0;
1670 46 : p++;
1671 46 : password = talloc_strdup(frame, p);
1672 : } else {
1673 0 : password = wbinfo_prompt_pass(frame, NULL, username);
1674 : }
1675 :
1676 46 : local_cctype = talloc_strdup(frame, cctype);
1677 :
1678 46 : name = s;
1679 :
1680 46 : uid = geteuid();
1681 :
1682 46 : params.username = name;
1683 46 : params.password = password;
1684 46 : params.num_blobs = 0;
1685 46 : params.blobs = NULL;
1686 :
1687 46 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
1688 : ¶ms.blobs,
1689 : "flags",
1690 : 0,
1691 : (uint8_t *)&flags,
1692 : sizeof(flags));
1693 46 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1694 0 : d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1695 : wbcErrorString(wbc_status));
1696 0 : goto done;
1697 : }
1698 :
1699 46 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
1700 : ¶ms.blobs,
1701 : "user_uid",
1702 : 0,
1703 : (uint8_t *)&uid,
1704 : sizeof(uid));
1705 46 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1706 0 : d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1707 : wbcErrorString(wbc_status));
1708 0 : goto done;
1709 : }
1710 :
1711 46 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
1712 : ¶ms.blobs,
1713 : "krb5_cc_type",
1714 : 0,
1715 : (uint8_t *)local_cctype,
1716 46 : strlen(cctype)+1);
1717 46 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1718 0 : d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1719 : wbcErrorString(wbc_status));
1720 0 : goto done;
1721 : }
1722 :
1723 46 : wbc_status = wbcLogonUser(¶ms, &info, &error, &policy);
1724 :
1725 46 : d_printf("plaintext kerberos password authentication for [%s] %s "
1726 : "(requesting cctype: %s)\n",
1727 : name, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1728 : cctype);
1729 :
1730 46 : if (error) {
1731 8 : d_fprintf(stderr,
1732 : "wbcLogonUser(%s): error code was %s (0x%x)\n"
1733 : "error message was: %s\n",
1734 8 : params.username, error->nt_string,
1735 8 : error->nt_status,
1736 8 : error->display_string);
1737 : }
1738 :
1739 46 : if (WBC_ERROR_IS_OK(wbc_status)) {
1740 38 : if (flags & WBFLAG_PAM_INFO3_TEXT) {
1741 38 : if (info && info->info && info->info->user_flags &
1742 : NETLOGON_CACHED_ACCOUNT) {
1743 8 : d_printf("user_flgs: "
1744 : "NETLOGON_CACHED_ACCOUNT\n");
1745 : }
1746 : }
1747 :
1748 38 : if (info) {
1749 : size_t i;
1750 38 : for (i=0; i < info->num_blobs; i++) {
1751 8 : if (strequal(info->blobs[i].name,
1752 : "krb5ccname")) {
1753 8 : d_printf("credentials were put "
1754 : "in: %s\n",
1755 : (const char *)
1756 8 : info->blobs[i].blob.data);
1757 8 : break;
1758 : }
1759 : }
1760 : } else {
1761 0 : d_printf("no credentials cached\n");
1762 : }
1763 : }
1764 8 : done:
1765 :
1766 46 : wbcFreeMemory(params.blobs);
1767 :
1768 46 : return WBC_ERROR_IS_OK(wbc_status);
1769 : }
1770 :
1771 : /* Authenticate a user with a plaintext password */
1772 :
1773 124 : static bool wbinfo_auth(char *username)
1774 : {
1775 124 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1776 124 : char *s = NULL;
1777 124 : char *p = NULL;
1778 124 : char *password = NULL;
1779 124 : char *name = NULL;
1780 124 : TALLOC_CTX *frame = talloc_tos();
1781 :
1782 124 : if ((s = talloc_strdup(frame, username)) == NULL) {
1783 0 : return false;
1784 : }
1785 :
1786 124 : if ((p = strchr(s, '%')) != NULL) {
1787 124 : *p = 0;
1788 124 : p++;
1789 124 : password = talloc_strdup(frame, p);
1790 : } else {
1791 0 : password = wbinfo_prompt_pass(frame, NULL, username);
1792 : }
1793 :
1794 124 : name = s;
1795 :
1796 124 : wbc_status = wbcAuthenticateUser(name, password);
1797 :
1798 124 : d_printf("plaintext password authentication %s\n",
1799 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1800 :
1801 : #if 0
1802 : if (response.data.auth.nt_status)
1803 : d_fprintf(stderr,
1804 : "error code was %s (0x%x)\nerror message was: %s\n",
1805 : response.data.auth.nt_status_string,
1806 : response.data.auth.nt_status,
1807 : response.data.auth.error_string);
1808 : #endif
1809 :
1810 124 : return WBC_ERROR_IS_OK(wbc_status);
1811 : }
1812 :
1813 : /* Authenticate a user with a challenge/response */
1814 :
1815 124 : static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1816 : {
1817 124 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1818 0 : struct wbcAuthUserParams params;
1819 124 : struct wbcAuthUserInfo *info = NULL;
1820 124 : struct wbcAuthErrorInfo *err = NULL;
1821 124 : DATA_BLOB lm = data_blob_null;
1822 124 : DATA_BLOB nt = data_blob_null;
1823 0 : fstring name_user;
1824 0 : fstring name_domain;
1825 0 : char *pass;
1826 0 : char *p;
1827 124 : TALLOC_CTX *frame = talloc_tos();
1828 :
1829 124 : p = strchr(username, '%');
1830 :
1831 124 : if (p) {
1832 124 : *p = 0;
1833 124 : pass = talloc_strdup(frame, p + 1);
1834 : } else {
1835 0 : pass = wbinfo_prompt_pass(frame, NULL, username);
1836 : }
1837 :
1838 124 : parse_wbinfo_domain_user(username, name_domain, name_user);
1839 :
1840 124 : params.account_name = name_user;
1841 124 : params.domain_name = name_domain;
1842 124 : params.workstation_name = NULL;
1843 :
1844 124 : params.flags = 0;
1845 124 : params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1846 : WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1847 :
1848 124 : params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
1849 :
1850 124 : generate_random_buffer(params.password.response.challenge, 8);
1851 :
1852 124 : if (use_ntlmv2) {
1853 0 : DATA_BLOB server_chal;
1854 0 : DATA_BLOB names_blob;
1855 123 : const char *netbios_name = NULL;
1856 123 : const char *domain = NULL;
1857 :
1858 123 : netbios_name = get_winbind_netbios_name(),
1859 123 : domain = get_winbind_domain();
1860 123 : if (domain == NULL) {
1861 0 : d_fprintf(stderr, "Failed to get domain from winbindd\n");
1862 0 : return false;
1863 : }
1864 :
1865 123 : server_chal = data_blob(params.password.response.challenge, 8);
1866 :
1867 : /* Pretend this is a login to 'us', for blob purposes */
1868 123 : names_blob = NTLMv2_generate_names_blob(NULL,
1869 : netbios_name,
1870 : domain);
1871 :
1872 123 : if (pass != NULL &&
1873 123 : !SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1874 : &server_chal,
1875 : &names_blob,
1876 : &lm, &nt, NULL, NULL)) {
1877 0 : data_blob_free(&names_blob);
1878 0 : data_blob_free(&server_chal);
1879 0 : TALLOC_FREE(pass);
1880 0 : return false;
1881 : }
1882 123 : data_blob_free(&names_blob);
1883 123 : data_blob_free(&server_chal);
1884 :
1885 : } else {
1886 1 : if (use_lanman) {
1887 0 : bool ok;
1888 0 : lm = data_blob(NULL, 24);
1889 0 : ok = SMBencrypt(pass,
1890 : params.password.response.challenge,
1891 : lm.data);
1892 0 : if (!ok) {
1893 0 : data_blob_free(&lm);
1894 : }
1895 : }
1896 1 : nt = data_blob(NULL, 24);
1897 1 : SMBNTencrypt(pass, params.password.response.challenge,
1898 : nt.data);
1899 : }
1900 :
1901 124 : params.password.response.nt_length = nt.length;
1902 124 : params.password.response.nt_data = nt.data;
1903 124 : params.password.response.lm_length = lm.length;
1904 124 : params.password.response.lm_data = lm.data;
1905 :
1906 124 : wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
1907 :
1908 : /* Display response */
1909 :
1910 124 : d_printf("challenge/response password authentication %s\n",
1911 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1912 :
1913 124 : if (wbc_status == WBC_ERR_AUTH_ERROR) {
1914 34 : d_fprintf(stderr,
1915 : "wbcAuthenticateUserEx(%s%c%s): error code was "
1916 : "%s (0x%x, authoritative=%"PRIu8")\n"
1917 : "error message was: %s\n",
1918 : name_domain,
1919 34 : winbind_separator(),
1920 : name_user,
1921 34 : err->nt_string,
1922 34 : err->nt_status,
1923 34 : err->authoritative,
1924 34 : err->display_string);
1925 34 : wbcFreeMemory(err);
1926 90 : } else if (WBC_ERROR_IS_OK(wbc_status)) {
1927 90 : wbcFreeMemory(info);
1928 : }
1929 :
1930 124 : data_blob_free(&nt);
1931 124 : data_blob_free(&lm);
1932 :
1933 124 : return WBC_ERROR_IS_OK(wbc_status);
1934 : }
1935 :
1936 : /* Authenticate a user with a plaintext password */
1937 :
1938 24 : static bool wbinfo_pam_logon(char *username, bool verbose)
1939 : {
1940 24 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1941 0 : struct wbcLogonUserParams params;
1942 24 : struct wbcLogonUserInfo *info = NULL;
1943 24 : struct wbcAuthErrorInfo *error = NULL;
1944 24 : char *s = NULL;
1945 24 : char *p = NULL;
1946 24 : TALLOC_CTX *frame = talloc_tos();
1947 0 : uint32_t flags;
1948 0 : uint32_t uid;
1949 :
1950 24 : ZERO_STRUCT(params);
1951 :
1952 24 : if ((s = talloc_strdup(frame, username)) == NULL) {
1953 0 : return false;
1954 : }
1955 :
1956 24 : if ((p = strchr(s, '%')) != NULL) {
1957 24 : *p = 0;
1958 24 : p++;
1959 24 : params.password = talloc_strdup(frame, p);
1960 : } else {
1961 0 : params.password = wbinfo_prompt_pass(frame, NULL, username);
1962 : }
1963 24 : params.username = s;
1964 :
1965 24 : flags = WBFLAG_PAM_CACHED_LOGIN;
1966 :
1967 24 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
1968 : "flags", 0,
1969 : (uint8_t *)&flags, sizeof(flags));
1970 24 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1971 0 : d_printf("wbcAddNamedBlob failed: %s\n",
1972 : wbcErrorString(wbc_status));
1973 0 : return false;
1974 : }
1975 :
1976 24 : uid = getuid();
1977 :
1978 24 : wbc_status = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
1979 : "user_uid", 0,
1980 : (uint8_t *)&uid, sizeof(uid));
1981 24 : if (!WBC_ERROR_IS_OK(wbc_status)) {
1982 0 : d_printf("wbcAddNamedBlob failed: %s\n",
1983 : wbcErrorString(wbc_status));
1984 0 : return false;
1985 : }
1986 :
1987 24 : wbc_status = wbcLogonUser(¶ms, &info, &error, NULL);
1988 :
1989 24 : if (verbose && (info != NULL)) {
1990 0 : struct wbcAuthUserInfo *i = info->info;
1991 0 : uint32_t j;
1992 :
1993 0 : if (i->account_name != NULL) {
1994 0 : d_printf("account_name: %s\n", i->account_name);
1995 : }
1996 0 : if (i->user_principal != NULL) {
1997 0 : d_printf("user_principal: %s\n", i->user_principal);
1998 : }
1999 0 : if (i->full_name != NULL) {
2000 0 : d_printf("full_name: %s\n", i->full_name);
2001 : }
2002 0 : if (i->domain_name != NULL) {
2003 0 : d_printf("domain_name: %s\n", i->domain_name);
2004 : }
2005 0 : if (i->dns_domain_name != NULL) {
2006 0 : d_printf("dns_domain_name: %s\n", i->dns_domain_name);
2007 : }
2008 0 : if (i->logon_server != NULL) {
2009 0 : d_printf("logon_server: %s\n", i->logon_server);
2010 : }
2011 0 : if (i->logon_script != NULL) {
2012 0 : d_printf("logon_script: %s\n", i->logon_script);
2013 : }
2014 0 : if (i->profile_path != NULL) {
2015 0 : d_printf("profile_path: %s\n", i->profile_path);
2016 : }
2017 0 : if (i->home_directory != NULL) {
2018 0 : d_printf("home_directory: %s\n", i->home_directory);
2019 : }
2020 0 : if (i->home_drive != NULL) {
2021 0 : d_printf("home_drive: %s\n", i->home_drive);
2022 : }
2023 :
2024 0 : d_printf("sids:");
2025 :
2026 0 : for (j=0; j<i->num_sids; j++) {
2027 0 : char buf[WBC_SID_STRING_BUFLEN];
2028 0 : wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
2029 0 : d_printf(" %s", buf);
2030 : }
2031 0 : d_printf("\n");
2032 :
2033 0 : wbcFreeMemory(info);
2034 0 : info = NULL;
2035 : }
2036 :
2037 24 : wbcFreeMemory(params.blobs);
2038 :
2039 24 : d_printf("plaintext password authentication %s\n",
2040 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2041 :
2042 24 : if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
2043 8 : d_fprintf(stderr,
2044 : "wbcLogonUser(%s): error code was %s (0x%x)\n"
2045 : "error message was: %s\n",
2046 : params.username,
2047 8 : error->nt_string,
2048 8 : (int)error->nt_status,
2049 8 : error->display_string);
2050 8 : wbcFreeMemory(error);
2051 : }
2052 24 : return WBC_ERROR_IS_OK(wbc_status);
2053 : }
2054 :
2055 : /* Save creds with winbind */
2056 :
2057 66 : static bool wbinfo_ccache_save(char *username)
2058 : {
2059 66 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2060 66 : char *s = NULL;
2061 66 : char *p = NULL;
2062 66 : char *password = NULL;
2063 66 : char *name = NULL;
2064 66 : TALLOC_CTX *frame = talloc_stackframe();
2065 :
2066 66 : s = talloc_strdup(frame, username);
2067 66 : if (s == NULL) {
2068 0 : return false;
2069 : }
2070 :
2071 66 : p = strchr(s, '%');
2072 66 : if (p != NULL) {
2073 66 : *p = 0;
2074 66 : p++;
2075 66 : password = talloc_strdup(frame, p);
2076 : } else {
2077 0 : password = wbinfo_prompt_pass(frame, NULL, username);
2078 : }
2079 :
2080 66 : name = s;
2081 :
2082 66 : wbc_status = wbcCredentialSave(name, password);
2083 :
2084 66 : d_printf("saving creds %s\n",
2085 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2086 :
2087 66 : TALLOC_FREE(frame);
2088 :
2089 66 : return WBC_ERROR_IS_OK(wbc_status);
2090 : }
2091 :
2092 : #ifdef WITH_FAKE_KASERVER
2093 : /* Authenticate a user with a plaintext password and set a token */
2094 :
2095 : static bool wbinfo_klog(char *username)
2096 : {
2097 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2098 : struct winbindd_request request;
2099 : struct winbindd_response response;
2100 : char *p;
2101 :
2102 : /* Send off request */
2103 :
2104 : ZERO_STRUCT(request);
2105 : ZERO_STRUCT(response);
2106 :
2107 : p = strchr(username, '%');
2108 :
2109 : if (p) {
2110 : *p = 0;
2111 : fstrcpy(request.data.auth.user, username);
2112 : fstrcpy(request.data.auth.pass, p + 1);
2113 : *p = '%';
2114 : } else {
2115 : fstrcpy(request.data.auth.user, username);
2116 : (void) samba_getpass("Password: ",
2117 : request.data.auth.pass,
2118 : sizeof(request.data.auth.pass),
2119 : false, false);
2120 : }
2121 :
2122 : request.flags |= WBFLAG_PAM_AFS_TOKEN;
2123 :
2124 : wbc_status = wbcRequestResponse(NULL, WINBINDD_PAM_AUTH,
2125 : &request, &response);
2126 :
2127 : /* Display response */
2128 :
2129 : d_printf("plaintext password authentication %s\n",
2130 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2131 :
2132 : if (response.data.auth.nt_status)
2133 : d_fprintf(stderr,
2134 : "error code was %s (0x%x)\nerror message was: %s\n",
2135 : response.data.auth.nt_status_string,
2136 : response.data.auth.nt_status,
2137 : response.data.auth.error_string);
2138 :
2139 : if (!WBC_ERROR_IS_OK(wbc_status))
2140 : return false;
2141 :
2142 : if (response.extra_data.data == NULL) {
2143 : d_fprintf(stderr, "Did not get token data\n");
2144 : return false;
2145 : }
2146 :
2147 : if (!afs_settoken_str((char *)response.extra_data.data)) {
2148 : winbindd_free_response(&response);
2149 : d_fprintf(stderr, "Could not set token\n");
2150 : return false;
2151 : }
2152 :
2153 : winbindd_free_response(&response);
2154 : d_printf("Successfully created AFS token\n");
2155 : return true;
2156 : }
2157 : #else
2158 0 : static bool wbinfo_klog(char *username)
2159 : {
2160 0 : d_fprintf(stderr, "No AFS support compiled in.\n");
2161 0 : return false;
2162 : }
2163 : #endif
2164 :
2165 : /* Print domain users */
2166 :
2167 20 : static bool print_domain_users(const char *domain)
2168 : {
2169 20 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2170 0 : uint32_t i;
2171 20 : uint32_t num_users = 0;
2172 20 : const char **users = NULL;
2173 :
2174 : /* Send request to winbind daemon */
2175 :
2176 20 : if (domain == NULL) {
2177 20 : domain = get_winbind_domain();
2178 : } else {
2179 : /* '.' is the special sign for our own domain */
2180 0 : if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2181 0 : domain = get_winbind_domain();
2182 : /* '*' is the special sign for all domains */
2183 0 : } else if (strcmp(domain, "*") == 0) {
2184 0 : domain = NULL;
2185 : }
2186 : }
2187 :
2188 20 : wbc_status = wbcListUsers(domain, &num_users, &users);
2189 20 : if (!WBC_ERROR_IS_OK(wbc_status)) {
2190 0 : return false;
2191 : }
2192 :
2193 3328 : for (i=0; i < num_users; i++) {
2194 3308 : d_printf("%s\n", users[i]);
2195 : }
2196 :
2197 20 : wbcFreeMemory(users);
2198 :
2199 20 : return true;
2200 : }
2201 :
2202 : /* Print domain groups */
2203 :
2204 18 : static bool print_domain_groups(const char *domain)
2205 : {
2206 18 : wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
2207 0 : uint32_t i;
2208 18 : uint32_t num_groups = 0;
2209 18 : const char **groups = NULL;
2210 :
2211 : /* Send request to winbind daemon */
2212 :
2213 18 : if (domain == NULL) {
2214 18 : domain = get_winbind_domain();
2215 : } else {
2216 : /* '.' is the special sign for our own domain */
2217 0 : if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
2218 0 : domain = get_winbind_domain();
2219 : /* '*' is the special sign for all domains */
2220 0 : } else if (strcmp(domain, "*") == 0) {
2221 0 : domain = NULL;
2222 : }
2223 : }
2224 :
2225 18 : wbc_status = wbcListGroups(domain, &num_groups, &groups);
2226 18 : if (!WBC_ERROR_IS_OK(wbc_status)) {
2227 0 : d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
2228 : wbcErrorString(wbc_status));
2229 0 : return false;
2230 : }
2231 :
2232 878 : for (i=0; i < num_groups; i++) {
2233 860 : d_printf("%s\n", groups[i]);
2234 : }
2235 :
2236 18 : wbcFreeMemory(groups);
2237 :
2238 18 : return true;
2239 : }
2240 :
2241 : /* Set the authorised user for winbindd access in secrets.tdb */
2242 :
2243 0 : static bool wbinfo_set_auth_user(char *username)
2244 : {
2245 0 : d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2246 : "See 'net help setauthuser' for details.\n");
2247 0 : return false;
2248 : }
2249 :
2250 0 : static void wbinfo_get_auth_user(void)
2251 : {
2252 0 : d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
2253 : "See 'net help getauthuser' for details.\n");
2254 0 : }
2255 :
2256 36 : static bool wbinfo_ping(void)
2257 : {
2258 0 : wbcErr wbc_status;
2259 :
2260 36 : wbc_status = wbcPing();
2261 :
2262 : /* Display response */
2263 :
2264 36 : d_printf("Ping to winbindd %s\n",
2265 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2266 :
2267 36 : return WBC_ERROR_IS_OK(wbc_status);
2268 : }
2269 :
2270 0 : static bool wbinfo_change_user_password(const char *username)
2271 : {
2272 0 : wbcErr wbc_status;
2273 0 : char *old_password = NULL;
2274 0 : char *new_password = NULL;
2275 0 : TALLOC_CTX *frame = talloc_tos();
2276 :
2277 0 : old_password = wbinfo_prompt_pass(frame, "old", username);
2278 0 : new_password = wbinfo_prompt_pass(frame, "new", username);
2279 :
2280 0 : wbc_status = wbcChangeUserPassword(username, old_password,new_password);
2281 :
2282 : /* Display response */
2283 :
2284 0 : d_printf("Password change for user %s %s\n", username,
2285 : WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
2286 :
2287 0 : return WBC_ERROR_IS_OK(wbc_status);
2288 : }
2289 :
2290 : /* Main program */
2291 :
2292 : enum {
2293 : OPT_SET_AUTH_USER = 1000,
2294 : OPT_GET_AUTH_USER,
2295 : OPT_DOMAIN_NAME,
2296 : OPT_SEQUENCE,
2297 : OPT_GETDCNAME,
2298 : OPT_DSGETDCNAME,
2299 : OPT_DC_INFO,
2300 : OPT_USERDOMGROUPS,
2301 : OPT_SIDALIASES,
2302 : OPT_USERSIDS,
2303 : OPT_LOOKUP_SIDS,
2304 : OPT_ALLOCATE_UID,
2305 : OPT_ALLOCATE_GID,
2306 : OPT_SET_UID_MAPPING,
2307 : OPT_SET_GID_MAPPING,
2308 : OPT_REMOVE_UID_MAPPING,
2309 : OPT_REMOVE_GID_MAPPING,
2310 : OPT_SIDS_TO_XIDS,
2311 : OPT_XIDS_TO_SIDS,
2312 : OPT_SEPARATOR,
2313 : OPT_LIST_ALL_DOMAINS,
2314 : OPT_LIST_OWN_DOMAIN,
2315 : OPT_UID_INFO,
2316 : OPT_USER_SIDINFO,
2317 : OPT_GROUP_INFO,
2318 : OPT_GID_INFO,
2319 : OPT_VERBOSE,
2320 : OPT_ONLINESTATUS,
2321 : OPT_CHANGE_USER_PASSWORD,
2322 : OPT_CCACHE_SAVE,
2323 : OPT_SID_TO_FULLNAME,
2324 : OPT_NTLMV1,
2325 : OPT_NTLMV2,
2326 : OPT_PAM_LOGON,
2327 : OPT_LOGOFF,
2328 : OPT_LOGOFF_USER,
2329 : OPT_LOGOFF_UID,
2330 : OPT_LANMAN,
2331 : OPT_KRB5CCNAME,
2332 : OPT_CHANGE_SECRET_AT
2333 : };
2334 :
2335 1780 : int main(int argc, const char **argv, char **envp)
2336 : {
2337 2 : int opt;
2338 1780 : TALLOC_CTX *frame = talloc_stackframe();
2339 2 : poptContext pc;
2340 2 : static char *string_arg;
2341 1780 : char *string_subarg = NULL;
2342 2 : static char *opt_domain_name;
2343 2 : static int int_arg;
2344 1780 : int int_subarg = -1;
2345 1780 : int result = 1;
2346 1780 : bool verbose = false;
2347 1780 : bool use_ntlmv2 = true;
2348 1780 : bool use_lanman = false;
2349 1780 : char *logoff_user = getenv("USER");
2350 1780 : int logoff_uid = geteuid();
2351 1780 : const char *opt_krb5ccname = "FILE";
2352 :
2353 3560 : struct poptOption long_options[] = {
2354 : POPT_AUTOHELP
2355 :
2356 : /* longName, shortName, argInfo, argPtr, value, descrip,
2357 : argDesc */
2358 :
2359 : {
2360 : .longName = "domain-users",
2361 : .shortName = 'u',
2362 : .argInfo = POPT_ARG_NONE,
2363 : .val = 'u',
2364 : .descrip = "Lists all domain users",
2365 : .argDescrip = "domain"
2366 : },
2367 : {
2368 : .longName = "domain-groups",
2369 : .shortName = 'g',
2370 : .argInfo = POPT_ARG_NONE,
2371 : .val = 'g',
2372 : .descrip = "Lists all domain groups",
2373 : .argDescrip = "domain"
2374 : },
2375 : {
2376 : .longName = "WINS-by-name",
2377 : .shortName = 'N',
2378 : .argInfo = POPT_ARG_STRING,
2379 : .arg = &string_arg,
2380 : .val = 'N',
2381 : .descrip = "Converts NetBIOS name to IP",
2382 : .argDescrip = "NETBIOS-NAME"
2383 : },
2384 : {
2385 : .longName = "WINS-by-ip",
2386 : .shortName = 'I',
2387 : .argInfo = POPT_ARG_STRING,
2388 : .arg = &string_arg,
2389 : .val = 'I',
2390 : .descrip = "Converts IP address to NetBIOS name",
2391 : .argDescrip = "IP"
2392 : },
2393 : {
2394 : .longName = "name-to-sid",
2395 : .shortName = 'n',
2396 : .argInfo = POPT_ARG_STRING,
2397 : .arg = &string_arg,
2398 : .val = 'n',
2399 : .descrip = "Converts name to sid",
2400 : .argDescrip = "NAME"
2401 : },
2402 : {
2403 : .longName = "sid-to-name",
2404 : .shortName = 's',
2405 : .argInfo = POPT_ARG_STRING,
2406 : .arg = &string_arg,
2407 : .val = 's',
2408 : .descrip = "Converts sid to name",
2409 : .argDescrip = "SID"
2410 : },
2411 : {
2412 : .longName = "sid-to-fullname",
2413 : .argInfo = POPT_ARG_STRING,
2414 : .arg = &string_arg,
2415 : .val = OPT_SID_TO_FULLNAME,
2416 : .descrip = "Converts sid to fullname",
2417 : .argDescrip = "SID"
2418 : },
2419 : {
2420 : .longName = "lookup-rids",
2421 : .shortName = 'R',
2422 : .argInfo = POPT_ARG_STRING,
2423 : .arg = &string_arg,
2424 : .val = 'R',
2425 : .descrip = "Converts RIDs to names",
2426 : .argDescrip = "RIDs"
2427 : },
2428 : {
2429 : .longName = "lookup-sids",
2430 : .argInfo = POPT_ARG_STRING,
2431 : .arg = &string_arg,
2432 : .val = OPT_LOOKUP_SIDS,
2433 : .descrip = "Converts SIDs to types and names",
2434 : .argDescrip = "Sid-List"
2435 : },
2436 : {
2437 : .longName = "uid-to-sid",
2438 : .shortName = 'U',
2439 : .argInfo = POPT_ARG_INT,
2440 : .arg = &int_arg,
2441 : .val = 'U',
2442 : .descrip = "Converts uid to sid",
2443 : .argDescrip = "UID"
2444 : },
2445 : {
2446 : .longName = "gid-to-sid",
2447 : .shortName = 'G',
2448 : .argInfo = POPT_ARG_INT,
2449 : .arg = &int_arg,
2450 : .val = 'G',
2451 : .descrip = "Converts gid to sid",
2452 : .argDescrip = "GID"
2453 : },
2454 : {
2455 : .longName = "sid-to-uid",
2456 : .shortName = 'S',
2457 : .argInfo = POPT_ARG_STRING,
2458 : .arg = &string_arg,
2459 : .val = 'S',
2460 : .descrip = "Converts sid to uid",
2461 : .argDescrip = "SID"
2462 : },
2463 : {
2464 : .longName = "sid-to-gid",
2465 : .shortName = 'Y',
2466 : .argInfo = POPT_ARG_STRING,
2467 : .arg = &string_arg,
2468 : .val = 'Y',
2469 : .descrip = "Converts sid to gid",
2470 : .argDescrip = "SID"
2471 : },
2472 : {
2473 : .longName = "allocate-uid",
2474 : .argInfo = POPT_ARG_NONE,
2475 : .val = OPT_ALLOCATE_UID,
2476 : .descrip = "Get a new UID out of idmap"
2477 : },
2478 : {
2479 : .longName = "allocate-gid",
2480 : .argInfo = POPT_ARG_NONE,
2481 : .val = OPT_ALLOCATE_GID,
2482 : .descrip = "Get a new GID out of idmap"
2483 : },
2484 : {
2485 : .longName = "set-uid-mapping",
2486 : .argInfo = POPT_ARG_STRING,
2487 : .arg = &string_arg,
2488 : .val = OPT_SET_UID_MAPPING,
2489 : .descrip = "Create or modify uid to sid mapping in "
2490 : "idmap",
2491 : .argDescrip = "UID,SID"
2492 : },
2493 : {
2494 : .longName = "set-gid-mapping",
2495 : .argInfo = POPT_ARG_STRING,
2496 : .arg = &string_arg,
2497 : .val = OPT_SET_GID_MAPPING,
2498 : .descrip = "Create or modify gid to sid mapping in "
2499 : "idmap",
2500 : .argDescrip = "GID,SID"
2501 : },
2502 : {
2503 : .longName = "remove-uid-mapping",
2504 : .argInfo = POPT_ARG_STRING,
2505 : .arg = &string_arg,
2506 : .val = OPT_REMOVE_UID_MAPPING,
2507 : .descrip = "Remove uid to sid mapping in idmap",
2508 : .argDescrip = "UID,SID"
2509 : },
2510 : {
2511 : .longName = "remove-gid-mapping",
2512 : .argInfo = POPT_ARG_STRING,
2513 : .arg = &string_arg,
2514 : .val = OPT_REMOVE_GID_MAPPING,
2515 : .descrip = "Remove gid to sid mapping in idmap",
2516 : .argDescrip = "GID,SID",
2517 : },
2518 : {
2519 : .longName = "sids-to-unix-ids",
2520 : .argInfo = POPT_ARG_STRING,
2521 : .arg = &string_arg,
2522 : .val = OPT_SIDS_TO_XIDS,
2523 : .descrip = "Translate SIDs to Unix IDs",
2524 : .argDescrip = "Sid-List",
2525 : },
2526 : {
2527 : .longName = "unix-ids-to-sids",
2528 : .argInfo = POPT_ARG_STRING,
2529 : .arg = &string_arg,
2530 : .val = OPT_XIDS_TO_SIDS,
2531 : .descrip = "Translate Unix IDs to SIDs",
2532 : .argDescrip = "ID-List (u<num> g<num>)",
2533 : },
2534 : {
2535 : .longName = "check-secret",
2536 : .shortName = 't',
2537 : .argInfo = POPT_ARG_NONE,
2538 : .val = 't',
2539 : .descrip = "Check shared secret",
2540 : },
2541 : {
2542 : .longName = "change-secret",
2543 : .shortName = 'c',
2544 : .argInfo = POPT_ARG_NONE,
2545 : .val = 'c',
2546 : .descrip = "Change shared secret",
2547 : },
2548 : {
2549 : .longName = "change-secret-at",
2550 : .shortName = 0,
2551 : .argInfo = POPT_ARG_STRING,
2552 : .arg = &string_arg,
2553 : .val = OPT_CHANGE_SECRET_AT,
2554 : .descrip = "Change shared secret at Domain Controller" },
2555 : {
2556 : .longName = "ping-dc",
2557 : .shortName = 'P',
2558 : .argInfo = POPT_ARG_NONE,
2559 : .val = 'P',
2560 : .descrip = "Check the NETLOGON connection",
2561 : },
2562 : {
2563 : .longName = "trusted-domains",
2564 : .shortName = 'm',
2565 : .argInfo = POPT_ARG_NONE,
2566 : .val = 'm',
2567 : .descrip = "List trusted domains",
2568 : },
2569 : {
2570 : .longName = "all-domains",
2571 : .argInfo = POPT_ARG_NONE,
2572 : .val = OPT_LIST_ALL_DOMAINS,
2573 : .descrip = "List all domains (trusted and own "
2574 : "domain)",
2575 : },
2576 : {
2577 : .longName = "own-domain",
2578 : .argInfo = POPT_ARG_NONE,
2579 : .val = OPT_LIST_OWN_DOMAIN,
2580 : .descrip = "List own domain",
2581 : },
2582 : {
2583 : .longName = "sequence",
2584 : .argInfo = POPT_ARG_NONE,
2585 : .val = OPT_SEQUENCE,
2586 : .descrip = "Deprecated command, see --online-status",
2587 : },
2588 : {
2589 : .longName = "online-status",
2590 : .argInfo = POPT_ARG_NONE,
2591 : .val = OPT_ONLINESTATUS,
2592 : .descrip = "Show whether domains maintain an active "
2593 : "connection",
2594 : },
2595 : {
2596 : .longName = "domain-info",
2597 : .shortName = 'D',
2598 : .argInfo = POPT_ARG_STRING,
2599 : .arg = &string_arg,
2600 : .val = 'D',
2601 : .descrip = "Show most of the info we have about the "
2602 : "domain",
2603 : },
2604 : {
2605 : .longName = "user-info",
2606 : .shortName = 'i',
2607 : .argInfo = POPT_ARG_STRING,
2608 : .arg = &string_arg,
2609 : .val = 'i',
2610 : .descrip = "Get user info",
2611 : .argDescrip = "USER",
2612 : },
2613 : {
2614 : .longName = "uid-info",
2615 : .argInfo = POPT_ARG_INT,
2616 : .arg = &int_arg,
2617 : .val = OPT_UID_INFO,
2618 : .descrip = "Get user info from uid",
2619 : .argDescrip = "UID",
2620 : },
2621 : {
2622 : .longName = "group-info",
2623 : .argInfo = POPT_ARG_STRING,
2624 : .arg = &string_arg,
2625 : .val = OPT_GROUP_INFO,
2626 : .descrip = "Get group info",
2627 : .argDescrip = "GROUP",
2628 : },
2629 : {
2630 : .longName = "user-sidinfo",
2631 : .argInfo = POPT_ARG_STRING,
2632 : .arg = &string_arg,
2633 : .val = OPT_USER_SIDINFO,
2634 : .descrip = "Get user info from sid",
2635 : .argDescrip = "SID",
2636 : },
2637 : {
2638 : .longName = "gid-info",
2639 : .argInfo = POPT_ARG_INT,
2640 : .arg = &int_arg,
2641 : .val = OPT_GID_INFO,
2642 : .descrip = "Get group info from gid",
2643 : .argDescrip = "GID",
2644 : },
2645 : {
2646 : .longName = "user-groups",
2647 : .shortName = 'r',
2648 : .argInfo = POPT_ARG_STRING,
2649 : .arg = &string_arg,
2650 : .val = 'r',
2651 : .descrip = "Get user groups",
2652 : .argDescrip = "USER",
2653 : },
2654 : {
2655 : .longName = "user-domgroups",
2656 : .argInfo = POPT_ARG_STRING,
2657 : .arg = &string_arg,
2658 : .val = OPT_USERDOMGROUPS,
2659 : .descrip = "Get user domain groups",
2660 : .argDescrip = "SID",
2661 : },
2662 : {
2663 : .longName = "sid-aliases",
2664 : .argInfo = POPT_ARG_STRING,
2665 : .arg = &string_arg,
2666 : .val = OPT_SIDALIASES,
2667 : .descrip = "Get sid aliases",
2668 : .argDescrip = "SID",
2669 : },
2670 : {
2671 : .longName = "user-sids",
2672 : .argInfo = POPT_ARG_STRING,
2673 : .arg = &string_arg,
2674 : .val = OPT_USERSIDS,
2675 : .descrip = "Get user group sids for user SID",
2676 : .argDescrip = "SID",
2677 : },
2678 : {
2679 : .longName = "authenticate",
2680 : .shortName = 'a',
2681 : .argInfo = POPT_ARG_STRING,
2682 : .arg = &string_arg,
2683 : .val = 'a',
2684 : .descrip = "authenticate user",
2685 : .argDescrip = "user%password",
2686 : },
2687 : {
2688 : .longName = "pam-logon",
2689 : .argInfo = POPT_ARG_STRING,
2690 : .arg = &string_arg,
2691 : .val = OPT_PAM_LOGON,
2692 : .descrip = "do a pam logon equivalent",
2693 : .argDescrip = "user%password",
2694 : },
2695 : {
2696 : .longName = "logoff",
2697 : .argInfo = POPT_ARG_NONE,
2698 : .val = OPT_LOGOFF,
2699 : .descrip = "log off user",
2700 : .argDescrip = "uid",
2701 : },
2702 : {
2703 : .longName = "logoff-user",
2704 : .argInfo = POPT_ARG_STRING,
2705 : .arg = &logoff_user,
2706 : .val = OPT_LOGOFF_USER,
2707 : .descrip = "username to log off"
2708 : },
2709 : {
2710 : .longName = "logoff-uid",
2711 : .argInfo = POPT_ARG_INT,
2712 : .arg = &logoff_uid,
2713 : .val = OPT_LOGOFF_UID,
2714 : .descrip = "uid to log off",
2715 : },
2716 : {
2717 : .longName = "set-auth-user",
2718 : .argInfo = POPT_ARG_STRING,
2719 : .arg = &string_arg,
2720 : .val = OPT_SET_AUTH_USER,
2721 : .descrip = "Store user and password used by "
2722 : "winbindd (root only)",
2723 : .argDescrip = "user%password",
2724 : },
2725 : {
2726 : .longName = "ccache-save",
2727 : .shortName = 0,
2728 : .argInfo = POPT_ARG_STRING,
2729 : .arg = &string_arg,
2730 : .val = OPT_CCACHE_SAVE,
2731 : .descrip = "Store user and password for ccache "
2732 : "operation",
2733 : .argDescrip = "user%password",
2734 : },
2735 : {
2736 : .longName = "getdcname",
2737 : .argInfo = POPT_ARG_STRING,
2738 : .arg = &string_arg,
2739 : .val = OPT_GETDCNAME,
2740 : .descrip = "Get a DC name for a foreign domain",
2741 : .argDescrip = "domainname",
2742 : },
2743 : {
2744 : .longName = "dsgetdcname",
2745 : .argInfo = POPT_ARG_STRING,
2746 : .arg = &string_arg,
2747 : .val = OPT_DSGETDCNAME,
2748 : .descrip = "Find a DC for a domain",
2749 : .argDescrip = "domainname",
2750 : },
2751 : {
2752 : .longName = "dc-info",
2753 : .argInfo = POPT_ARG_STRING,
2754 : .arg = &string_arg,
2755 : .val = OPT_DC_INFO,
2756 : .descrip = "Find the currently known DCs",
2757 : .argDescrip = "domainname",
2758 : },
2759 : {
2760 : .longName = "get-auth-user",
2761 : .argInfo = POPT_ARG_NONE,
2762 : .val = OPT_GET_AUTH_USER,
2763 : .descrip = "Retrieve user and password used by "
2764 : "winbindd (root only)",
2765 : },
2766 : {
2767 : .longName = "ping",
2768 : .shortName = 'p',
2769 : .argInfo = POPT_ARG_NONE,
2770 : .arg = 0,
2771 : .val = 'p',
2772 : .descrip = "Ping winbindd to see if it is alive",
2773 : },
2774 : {
2775 : .longName = "domain",
2776 : .shortName = 0,
2777 : .argInfo = POPT_ARG_STRING,
2778 : .arg = &opt_domain_name,
2779 : .val = OPT_DOMAIN_NAME,
2780 : .descrip = "Define to the domain to restrict "
2781 : "operation",
2782 : .argDescrip = "domain",
2783 : },
2784 : #ifdef WITH_FAKE_KASERVER
2785 : {
2786 : .longName = "klog",
2787 : .shortName = 'k',
2788 : .argInfo = POPT_ARG_STRING,
2789 : .arg = &string_arg,
2790 : .val = 'k',
2791 : .descrip = "set an AFS token from winbind",
2792 : .argDescrip = "user%password",
2793 : },
2794 : #endif
2795 : #ifdef HAVE_KRB5
2796 : {
2797 : .longName = "krb5auth",
2798 : .shortName = 'K',
2799 : .argInfo = POPT_ARG_STRING,
2800 : .arg = &string_arg,
2801 : .val = 'K',
2802 : .descrip = "authenticate user using Kerberos",
2803 : .argDescrip = "user%password",
2804 : },
2805 : /* destroys wbinfo --help output */
2806 : /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
2807 : */
2808 : {
2809 : .longName = "krb5ccname",
2810 : .argInfo = POPT_ARG_STRING,
2811 : .arg = &opt_krb5ccname,
2812 : .val = OPT_KRB5CCNAME,
2813 : .descrip = "authenticate user using Kerberos and "
2814 : "specific credential cache type",
2815 : .argDescrip = "krb5ccname",
2816 : },
2817 : #endif
2818 : {
2819 : .longName = "separator",
2820 : .argInfo = POPT_ARG_NONE,
2821 : .val = OPT_SEPARATOR,
2822 : .descrip = "Get the active winbind separator",
2823 : },
2824 : {
2825 : .longName = "verbose",
2826 : .argInfo = POPT_ARG_NONE,
2827 : .val = OPT_VERBOSE,
2828 : .descrip = "Print additional information per command",
2829 : },
2830 : {
2831 : .longName = "change-user-password",
2832 : .argInfo = POPT_ARG_STRING,
2833 : .arg = &string_arg,
2834 : .val = OPT_CHANGE_USER_PASSWORD,
2835 : .descrip = "Change the password for a user",
2836 : },
2837 : {
2838 : .longName = "ntlmv1",
2839 : .argInfo = POPT_ARG_NONE,
2840 : .val = OPT_NTLMV1,
2841 : .descrip = "Use NTLMv1 cryptography for user authentication",
2842 : },
2843 : {
2844 : .longName = "ntlmv2",
2845 : .argInfo = POPT_ARG_NONE,
2846 : .val = OPT_NTLMV2,
2847 : .descrip = "Use NTLMv2 cryptography for user authentication",
2848 : },
2849 : {
2850 : .longName = "lanman",
2851 : .argInfo = POPT_ARG_NONE,
2852 : .val = OPT_LANMAN,
2853 : .descrip = "Use lanman cryptography for user authentication",
2854 : },
2855 1780 : POPT_COMMON_VERSION
2856 : POPT_TABLEEND
2857 : };
2858 :
2859 : /* Samba client initialisation */
2860 1780 : smb_init_locale();
2861 :
2862 :
2863 : /* Parse options */
2864 :
2865 1780 : pc = samba_popt_get_context(getprogname(),
2866 : argc,
2867 : argv,
2868 : long_options,
2869 : 0);
2870 1780 : if (pc == NULL) {
2871 0 : DBG_ERR("Failed to setup popt context!\n");
2872 0 : exit(1);
2873 : }
2874 :
2875 : /* Parse command line options */
2876 :
2877 1780 : if (argc == 1) {
2878 0 : poptPrintHelp(pc, stderr, 0);
2879 0 : return 1;
2880 : }
2881 :
2882 3915 : while((opt = poptGetNextOpt(pc)) != -1) {
2883 : /* get the generic configuration parameters like --domain */
2884 2135 : switch (opt) {
2885 0 : case OPT_VERBOSE:
2886 0 : verbose = true;
2887 0 : break;
2888 1 : case OPT_NTLMV1:
2889 1 : use_ntlmv2 = false;
2890 1 : break;
2891 0 : case OPT_LANMAN:
2892 0 : use_lanman = true;
2893 0 : break;
2894 : }
2895 : }
2896 :
2897 1780 : poptFreeContext(pc);
2898 :
2899 1780 : pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
2900 : POPT_CONTEXT_KEEP_FIRST);
2901 :
2902 3750 : while((opt = poptGetNextOpt(pc)) != -1) {
2903 2135 : switch (opt) {
2904 20 : case 'u':
2905 20 : if (!print_domain_users(opt_domain_name)) {
2906 0 : d_fprintf(stderr,
2907 : "Error looking up domain users\n");
2908 0 : goto done;
2909 : }
2910 20 : break;
2911 18 : case 'g':
2912 18 : if (!print_domain_groups(opt_domain_name)) {
2913 0 : d_fprintf(stderr,
2914 : "Error looking up domain groups\n");
2915 0 : goto done;
2916 : }
2917 18 : break;
2918 84 : case 's':
2919 84 : if (!wbinfo_lookupsid(string_arg)) {
2920 6 : d_fprintf(stderr,
2921 : "Could not lookup sid %s\n",
2922 : string_arg);
2923 6 : goto done;
2924 : }
2925 78 : break;
2926 0 : case OPT_SID_TO_FULLNAME:
2927 0 : if (!wbinfo_lookupsid_fullname(string_arg)) {
2928 0 : d_fprintf(stderr, "Could not lookup sid %s\n",
2929 : string_arg);
2930 0 : goto done;
2931 : }
2932 0 : break;
2933 4 : case 'R':
2934 4 : if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2935 0 : d_fprintf(stderr, "Could not lookup RIDs %s\n",
2936 : string_arg);
2937 0 : goto done;
2938 : }
2939 4 : break;
2940 0 : case OPT_LOOKUP_SIDS:
2941 0 : if (!wbinfo_lookup_sids(string_arg)) {
2942 0 : d_fprintf(stderr, "Could not lookup SIDs %s\n",
2943 : string_arg);
2944 0 : goto done;
2945 : }
2946 0 : break;
2947 344 : case 'n':
2948 344 : if (!wbinfo_lookupname(string_arg)) {
2949 20 : d_fprintf(stderr, "Could not lookup name %s\n",
2950 : string_arg);
2951 20 : goto done;
2952 : }
2953 324 : break;
2954 8 : case 'N':
2955 8 : if (!wbinfo_wins_byname(string_arg)) {
2956 0 : d_fprintf(stderr,
2957 : "Could not lookup WINS by name %s\n",
2958 : string_arg);
2959 0 : goto done;
2960 : }
2961 8 : break;
2962 8 : case 'I':
2963 8 : if (!wbinfo_wins_byip(string_arg)) {
2964 0 : d_fprintf(stderr,
2965 : "Could not lookup WINS by IP %s\n",
2966 : string_arg);
2967 0 : goto done;
2968 : }
2969 8 : break;
2970 44 : case 'U':
2971 44 : if (!wbinfo_uid_to_sid(int_arg)) {
2972 4 : d_fprintf(stderr,
2973 : "Could not convert uid %d to sid\n",
2974 : int_arg);
2975 4 : goto done;
2976 : }
2977 40 : break;
2978 88 : case 'G':
2979 88 : if (!wbinfo_gid_to_sid(int_arg)) {
2980 4 : d_fprintf(stderr,
2981 : "Could not convert gid %d to sid\n",
2982 : int_arg);
2983 4 : goto done;
2984 : }
2985 84 : break;
2986 76 : case 'S':
2987 76 : if (!wbinfo_sid_to_uid(string_arg)) {
2988 12 : d_fprintf(stderr,
2989 : "Could not convert sid %s to uid\n",
2990 : string_arg);
2991 12 : goto done;
2992 : }
2993 64 : break;
2994 214 : case 'Y':
2995 214 : if (!wbinfo_sid_to_gid(string_arg)) {
2996 25 : d_fprintf(stderr,
2997 : "Could not convert sid %s to gid\n",
2998 : string_arg);
2999 25 : goto done;
3000 : }
3001 189 : break;
3002 10 : case OPT_ALLOCATE_UID:
3003 10 : if (!wbinfo_allocate_uid()) {
3004 4 : d_fprintf(stderr, "Could not allocate a uid\n");
3005 4 : goto done;
3006 : }
3007 6 : break;
3008 10 : case OPT_ALLOCATE_GID:
3009 10 : if (!wbinfo_allocate_gid()) {
3010 4 : d_fprintf(stderr, "Could not allocate a gid\n");
3011 4 : goto done;
3012 : }
3013 6 : break;
3014 0 : case OPT_SET_UID_MAPPING:
3015 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
3016 0 : &string_subarg) ||
3017 0 : !wbinfo_set_uid_mapping(int_subarg, string_subarg))
3018 : {
3019 0 : d_fprintf(stderr, "Could not create or modify "
3020 : "uid to sid mapping\n");
3021 0 : goto done;
3022 : }
3023 0 : break;
3024 0 : case OPT_SET_GID_MAPPING:
3025 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
3026 0 : &string_subarg) ||
3027 0 : !wbinfo_set_gid_mapping(int_subarg, string_subarg))
3028 : {
3029 0 : d_fprintf(stderr, "Could not create or modify "
3030 : "gid to sid mapping\n");
3031 0 : goto done;
3032 : }
3033 0 : break;
3034 0 : case OPT_REMOVE_UID_MAPPING:
3035 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
3036 0 : &string_subarg) ||
3037 0 : !wbinfo_remove_uid_mapping(int_subarg,
3038 : string_subarg))
3039 : {
3040 0 : d_fprintf(stderr, "Could not remove uid to sid "
3041 : "mapping\n");
3042 0 : goto done;
3043 : }
3044 0 : break;
3045 0 : case OPT_REMOVE_GID_MAPPING:
3046 0 : if (!parse_mapping_arg(string_arg, &int_subarg,
3047 0 : &string_subarg) ||
3048 0 : !wbinfo_remove_gid_mapping(int_subarg,
3049 : string_subarg))
3050 : {
3051 0 : d_fprintf(stderr, "Could not remove gid to sid "
3052 : "mapping\n");
3053 0 : goto done;
3054 : }
3055 0 : break;
3056 42 : case OPT_SIDS_TO_XIDS:
3057 42 : if (!wbinfo_sids_to_unix_ids(string_arg)) {
3058 0 : d_fprintf(stderr, "wbinfo_sids_to_unix_ids "
3059 : "failed\n");
3060 0 : goto done;
3061 : }
3062 42 : break;
3063 2 : case OPT_XIDS_TO_SIDS:
3064 2 : if (!wbinfo_xids_to_sids(string_arg)) {
3065 0 : d_fprintf(stderr, "wbinfo_xids_to_sids "
3066 : "failed\n");
3067 0 : goto done;
3068 : }
3069 2 : break;
3070 34 : case 't':
3071 34 : if (!wbinfo_check_secret(opt_domain_name)) {
3072 0 : d_fprintf(stderr, "Could not check secret\n");
3073 0 : goto done;
3074 : }
3075 34 : break;
3076 26 : case 'c':
3077 26 : if (!wbinfo_change_secret(opt_domain_name)) {
3078 0 : d_fprintf(stderr, "Could not change secret\n");
3079 0 : goto done;
3080 : }
3081 26 : break;
3082 2 : case OPT_CHANGE_SECRET_AT:
3083 2 : if (!wbinfo_change_secret_at(opt_domain_name, string_arg)) {
3084 0 : d_fprintf(stderr, "Could not change secret\n");
3085 0 : goto done;
3086 : }
3087 2 : break;
3088 114 : case 'P':
3089 114 : if (!wbinfo_ping_dc(opt_domain_name)) {
3090 10 : goto done;
3091 : }
3092 102 : break;
3093 18 : case 'm':
3094 18 : if (!wbinfo_list_domains(false, verbose)) {
3095 0 : d_fprintf(stderr,
3096 : "Could not list trusted domains\n");
3097 0 : goto done;
3098 : }
3099 18 : break;
3100 8 : case OPT_SEQUENCE:
3101 8 : if (!wbinfo_show_sequence(opt_domain_name)) {
3102 8 : d_fprintf(stderr,
3103 : "Could not show sequence numbers\n");
3104 8 : goto done;
3105 : }
3106 0 : break;
3107 40 : case OPT_ONLINESTATUS:
3108 40 : if (!wbinfo_show_onlinestatus(opt_domain_name)) {
3109 0 : d_fprintf(stderr,
3110 : "Could not show online-status\n");
3111 0 : goto done;
3112 : }
3113 40 : break;
3114 30 : case 'D':
3115 30 : if (!wbinfo_domain_info(string_arg)) {
3116 0 : d_fprintf(stderr,
3117 : "Could not get domain info\n");
3118 0 : goto done;
3119 : }
3120 30 : break;
3121 58 : case 'i':
3122 58 : if (!wbinfo_get_userinfo(string_arg)) {
3123 4 : d_fprintf(stderr,
3124 : "Could not get info for user %s\n",
3125 : string_arg);
3126 4 : goto done;
3127 : }
3128 54 : break;
3129 0 : case OPT_USER_SIDINFO:
3130 0 : if ( !wbinfo_get_user_sidinfo(string_arg)) {
3131 0 : d_fprintf(stderr,
3132 : "Could not get info for user "
3133 : "sid %s\n", string_arg);
3134 0 : goto done;
3135 : }
3136 0 : break;
3137 8 : case OPT_UID_INFO:
3138 8 : if ( !wbinfo_get_uidinfo(int_arg)) {
3139 0 : d_fprintf(stderr, "Could not get info for uid "
3140 : "%d\n", int_arg);
3141 0 : goto done;
3142 : }
3143 8 : break;
3144 26 : case OPT_GROUP_INFO:
3145 26 : if ( !wbinfo_get_groupinfo(string_arg)) {
3146 8 : d_fprintf(stderr, "Could not get info for "
3147 : "group %s\n", string_arg);
3148 8 : goto done;
3149 : }
3150 18 : break;
3151 8 : case OPT_GID_INFO:
3152 8 : if ( !wbinfo_get_gidinfo(int_arg)) {
3153 0 : d_fprintf(stderr, "Could not get info for gid "
3154 : "%d\n", int_arg);
3155 0 : goto done;
3156 : }
3157 8 : break;
3158 20 : case 'r':
3159 20 : if (!wbinfo_get_usergroups(string_arg)) {
3160 0 : d_fprintf(stderr,
3161 : "Could not get groups for user %s\n",
3162 : string_arg);
3163 0 : goto done;
3164 : }
3165 20 : break;
3166 8 : case OPT_USERSIDS:
3167 8 : if (!wbinfo_get_usersids(string_arg)) {
3168 0 : d_fprintf(stderr, "Could not get group SIDs "
3169 : "for user SID %s\n",
3170 : string_arg);
3171 0 : goto done;
3172 : }
3173 8 : break;
3174 8 : case OPT_USERDOMGROUPS:
3175 8 : if (!wbinfo_get_userdomgroups(string_arg)) {
3176 0 : d_fprintf(stderr, "Could not get user's domain "
3177 : "groups for user SID %s\n",
3178 : string_arg);
3179 0 : goto done;
3180 : }
3181 8 : break;
3182 0 : case OPT_SIDALIASES:
3183 0 : if (!wbinfo_get_sidaliases(opt_domain_name,
3184 : string_arg)) {
3185 0 : d_fprintf(stderr, "Could not get sid aliases "
3186 : "for user SID %s\n", string_arg);
3187 0 : goto done;
3188 : }
3189 0 : break;
3190 124 : case 'a': {
3191 124 : bool got_error = false;
3192 :
3193 124 : if (!wbinfo_auth(string_arg)) {
3194 38 : d_fprintf(stderr,
3195 : "Could not authenticate user "
3196 : "%s with plaintext "
3197 : "password\n", string_arg);
3198 38 : got_error = true;
3199 : }
3200 :
3201 124 : if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
3202 : use_lanman)) {
3203 34 : d_fprintf(stderr,
3204 : "Could not authenticate user "
3205 : "%s with challenge/response\n",
3206 : string_arg);
3207 34 : got_error = true;
3208 : }
3209 :
3210 124 : if (got_error)
3211 38 : goto done;
3212 86 : break;
3213 : }
3214 24 : case OPT_PAM_LOGON:
3215 24 : if (!wbinfo_pam_logon(string_arg, verbose)) {
3216 8 : d_fprintf(stderr, "pam_logon failed for %s\n",
3217 : string_arg);
3218 8 : goto done;
3219 : }
3220 16 : break;
3221 20 : case OPT_LOGOFF:
3222 : {
3223 0 : wbcErr wbc_status;
3224 :
3225 20 : wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
3226 : "");
3227 20 : d_printf("Logoff %s (%d): %s\n", logoff_user,
3228 : logoff_uid, wbcErrorString(wbc_status));
3229 20 : break;
3230 : }
3231 46 : case 'K': {
3232 46 : uint32_t flags = WBFLAG_PAM_KRB5 |
3233 : WBFLAG_PAM_CACHED_LOGIN |
3234 : WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
3235 : WBFLAG_PAM_INFO3_TEXT |
3236 : WBFLAG_PAM_CONTACT_TRUSTDOM;
3237 :
3238 46 : if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
3239 : flags)) {
3240 8 : d_fprintf(stderr,
3241 : "Could not authenticate user "
3242 : "[%s] with Kerberos "
3243 : "(ccache: %s)\n", string_arg,
3244 : opt_krb5ccname);
3245 8 : goto done;
3246 : }
3247 38 : break;
3248 : }
3249 0 : case 'k':
3250 0 : if (!wbinfo_klog(string_arg)) {
3251 0 : d_fprintf(stderr, "Could not klog user\n");
3252 0 : goto done;
3253 : }
3254 0 : break;
3255 36 : case 'p':
3256 36 : if (!wbinfo_ping()) {
3257 4 : d_fprintf(stderr, "could not ping winbindd!\n");
3258 4 : goto done;
3259 : }
3260 32 : break;
3261 0 : case OPT_SET_AUTH_USER:
3262 0 : if (!wbinfo_set_auth_user(string_arg)) {
3263 0 : goto done;
3264 : }
3265 0 : break;
3266 0 : case OPT_GET_AUTH_USER:
3267 0 : wbinfo_get_auth_user();
3268 0 : goto done;
3269 0 : break;
3270 66 : case OPT_CCACHE_SAVE:
3271 66 : if (!wbinfo_ccache_save(string_arg)) {
3272 0 : goto done;
3273 : }
3274 66 : break;
3275 8 : case OPT_GETDCNAME:
3276 8 : if (!wbinfo_getdcname(string_arg)) {
3277 0 : goto done;
3278 : }
3279 8 : break;
3280 0 : case OPT_DSGETDCNAME:
3281 0 : if (!wbinfo_dsgetdcname(string_arg, 0)) {
3282 0 : goto done;
3283 : }
3284 0 : break;
3285 4 : case OPT_DC_INFO:
3286 4 : if (!wbinfo_dc_info(string_arg)) {
3287 0 : goto done;
3288 : }
3289 4 : break;
3290 18 : case OPT_SEPARATOR: {
3291 18 : const char sep = winbind_separator();
3292 18 : if ( !sep ) {
3293 0 : goto done;
3294 : }
3295 18 : d_printf("%c\n", sep);
3296 18 : break;
3297 : }
3298 18 : case OPT_LIST_ALL_DOMAINS:
3299 18 : if (!wbinfo_list_domains(true, verbose)) {
3300 0 : goto done;
3301 : }
3302 18 : break;
3303 36 : case OPT_LIST_OWN_DOMAIN:
3304 36 : if (!wbinfo_list_own_domain()) {
3305 0 : goto done;
3306 : }
3307 36 : break;
3308 0 : case OPT_CHANGE_USER_PASSWORD:
3309 0 : if (!wbinfo_change_user_password(string_arg)) {
3310 0 : d_fprintf(stderr,
3311 : "Could not change user password "
3312 : "for user %s\n", string_arg);
3313 0 : goto done;
3314 : }
3315 0 : break;
3316 :
3317 : /* generic configuration options */
3318 355 : case OPT_DOMAIN_NAME:
3319 : case OPT_VERBOSE:
3320 : case OPT_NTLMV1:
3321 : case OPT_NTLMV2:
3322 : case OPT_LANMAN:
3323 : case OPT_LOGOFF_USER:
3324 : case OPT_LOGOFF_UID:
3325 : case OPT_KRB5CCNAME:
3326 355 : break;
3327 0 : default:
3328 0 : d_fprintf(stderr, "Invalid option\n");
3329 0 : poptPrintHelp(pc, stderr, 0);
3330 0 : goto done;
3331 : }
3332 : }
3333 :
3334 1611 : result = 0;
3335 :
3336 : /* Exit code */
3337 :
3338 1780 : done:
3339 1780 : talloc_free(frame);
3340 :
3341 1780 : poptFreeContext(pc);
3342 1780 : return result;
3343 : }
|