Fix handling of unexpected failures in subunithelper.

[obnox/samba/samba-obnox.git] / nsswitch / wbinfo.c

diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index b96b73c2bfa5c037577c781d7045fefe20b1aa86..2c9f4de92e710c270821821d253c2406d2069967 100644 (file)
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -24,13 +24,9 @@
 #include "includes.h"
 #include "winbind_client.h"
 #include "libwbclient/wbclient.h"
-#include "lib/popt/popt.h"
 #include "../libcli/auth/libcli_auth.h"
-#if (_SAMBA_BUILD_) >= 4
 #include "lib/cmdline/popt_common.h"
-#else
-#include "popt_common.h"
-#endif
+#include "lib/afs/afs_settoken.h"
 
 #ifdef DBGC_CLASS
 #undef DBGC_CLASS
@@ -243,6 +239,8 @@ static bool wbinfo_get_user_sidinfo(const char *sid_str)
                 pwd->pw_dir,
                 pwd->pw_shell);
 
+       wbcFreeMemory(pwd);
+
        return true;
 }
 
@@ -828,18 +826,28 @@ static bool wbinfo_change_secret(const char *domain)
 
 /* Check DC connection */
 
-static bool wbinfo_ping_dc(void)
+static bool wbinfo_ping_dc(const char *domain)
 {
        wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
        struct wbcAuthErrorInfo *error = NULL;
        char *dcname = NULL;
 
-       wbc_status = wbcPingDc2(NULL, &error, &dcname);
+       const char *domain_name;
+
+       if (domain) {
+               domain_name = domain;
+       } else {
+               domain_name = get_winbind_domain();
+       }
+
+       wbc_status = wbcPingDc2(domain_name, &error, &dcname);
 
-       d_printf("checking the NETLOGON dc connection to \"%s\" %s\n",
+       d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
+                domain_name ? domain_name : "",
                 dcname ? dcname : "",
                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
+       wbcFreeMemory(dcname);
        if (wbc_status == WBC_ERR_AUTH_ERROR) {
                d_fprintf(stderr, "error code was %s (0x%x)\n",
                          error->nt_string, error->nt_status);
@@ -1224,8 +1232,15 @@ static bool wbinfo_lookupsid(const char *sid_str)
 
        /* Display response */
 
-       d_printf("%s%c%s %d\n",
-                domain, winbind_separator(), name, type);
+       if (type == WBC_SID_NAME_DOMAIN) {
+               d_printf("%s %d\n", domain, type);
+       } else {
+               d_printf("%s%c%s %d\n",
+                        domain, winbind_separator(), name, type);
+       }
+
+       wbcFreeMemory(domain);
+       wbcFreeMemory(name);
 
        return true;
 }
@@ -1261,6 +1276,9 @@ static bool wbinfo_lookupsid_fullname(const char *sid_str)
        d_printf("%s%c%s %d\n",
                 domain, winbind_separator(), name, type);
 
+       wbcFreeMemory(domain);
+       wbcFreeMemory(name);
+
        return true;
 }
 
@@ -1320,13 +1338,14 @@ static bool wbinfo_lookuprids(const char *domain, const char *arg)
        }
 
        wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
-                                  (const char **)&domain_name, &names, &types);
+                                  &p, &names, &types);
        if (!WBC_ERROR_IS_OK(wbc_status)) {
                d_printf("winbind_lookup_rids failed: %s\n",
                         wbcErrorString(wbc_status));
                goto done;
        }
 
+       domain_name = discard_const_p(char, p);
        d_printf("Domain: %s\n", domain_name);
 
        for (i=0; i<num_rids; i++) {
@@ -1387,11 +1406,28 @@ static bool wbinfo_lookup_sids(const char *arg)
        }
 
        for (i=0; i<num_sids; i++) {
+               const char *domain = NULL;
+
                wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
 
-               d_printf("%s -> %s\\%s %d\n", sidstr,
-                        domains[names[i].domain_index].short_name,
-                        names[i].name, names[i].type);
+               if (names[i].domain_index >= num_domains) {
+                       domain = "<none>";
+               } else if (names[i].domain_index < 0) {
+                       domain = "<none>";
+               } else {
+                       domain = domains[names[i].domain_index].short_name;
+               }
+
+               if (names[i].type == WBC_SID_NAME_DOMAIN) {
+                       d_printf("%s -> %s %d\n", sidstr,
+                                domain,
+                                names[i].type);
+               } else {
+                       d_printf("%s -> %s%c%s %d\n", sidstr,
+                                domain,
+                                winbind_separator(),
+                                names[i].name, names[i].type);
+               }
        }
        wbcFreeMemory(names);
        wbcFreeMemory(domains);
@@ -1741,7 +1777,7 @@ static bool wbinfo_pam_logon(char *username)
 {
        wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
        struct wbcLogonUserParams params;
-       struct wbcAuthErrorInfo *error;
+       struct wbcAuthErrorInfo *error = NULL;
        char *s = NULL;
        char *p = NULL;
        TALLOC_CTX *frame = talloc_tos();
@@ -1792,16 +1828,15 @@ static bool wbinfo_pam_logon(char *username)
        d_printf("plaintext password authentication %s\n",
                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
-       if (!WBC_ERROR_IS_OK(wbc_status)) {
+       if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
                d_fprintf(stderr,
                          "error code was %s (0x%x)\nerror message was: %s\n",
                          error->nt_string,
                          (int)error->nt_status,
                          error->display_string);
                wbcFreeMemory(error);
-               return false;
        }
-       return true;
+       return WBC_ERROR_IS_OK(wbc_status);
 }
 
 /* Save creds with winbind */
@@ -1923,9 +1958,16 @@ static bool print_domain_users(const char *domain)
 
        /* Send request to winbind daemon */
 
-       /* '.' is the special sign for our own domain */
-       if (domain && strcmp(domain, ".") == 0) {
+       if (domain == NULL) {
                domain = get_winbind_domain();
+       } else {
+               /* '.' is the special sign for our own domain */
+               if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
+                       domain = get_winbind_domain();
+               /* '*' is the special sign for all domains */
+               } else if (strcmp(domain, "*") == 0) {
+                       domain = NULL;
+               }
        }
 
        wbc_status = wbcListUsers(domain, &num_users, &users);
@@ -1953,9 +1995,16 @@ static bool print_domain_groups(const char *domain)
 
        /* Send request to winbind daemon */
 
-       /* '.' is the special sign for our own domain */
-       if (domain && strcmp(domain, ".") == 0) {
+       if (domain == NULL) {
                domain = get_winbind_domain();
+       } else {
+               /* '.' is the special sign for our own domain */
+               if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
+                       domain = get_winbind_domain();
+               /* '*' is the special sign for all domains */
+               } else if (strcmp(domain, "*") == 0) {
+                       domain = NULL;
+               }
        }
 
        wbc_status = wbcListGroups(domain, &num_groups, &groups);
@@ -2061,10 +2110,11 @@ enum {
        OPT_LOGOFF,
        OPT_LOGOFF_USER,
        OPT_LOGOFF_UID,
-       OPT_LANMAN
+       OPT_LANMAN,
+       OPT_KRB5CCNAME
 };
 
-int main(int argc, char **argv, char **envp)
+int main(int argc, const char **argv, char **envp)
 {
        int opt;
        TALLOC_CTX *frame = talloc_stackframe();
@@ -2080,6 +2130,7 @@ int main(int argc, char **argv, char **envp)
        bool use_lanman = false;
        char *logoff_user = getenv("USER");
        int logoff_uid = geteuid();
+       const char *opt_krb5ccname = "FILE";
 
        struct poptOption long_options[] = {
                POPT_AUTOHELP
@@ -2161,6 +2212,7 @@ int main(int argc, char **argv, char **envp)
                { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
                        /* destroys wbinfo --help output */
                        /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
+               { "krb5ccname", 0, POPT_ARG_STRING, &opt_krb5ccname, OPT_KRB5CCNAME, "authenticate user using Kerberos and specific credential cache type", "krb5ccname" },
 #endif
                { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
                { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
@@ -2177,7 +2229,7 @@ int main(int argc, char **argv, char **envp)
 
        /* Parse options */
 
-       pc = poptGetContext("wbinfo", argc, (const char **)argv,
+       pc = poptGetContext("wbinfo", argc, argv,
                            long_options, 0);
 
        /* Parse command line options */
@@ -2381,7 +2433,7 @@ int main(int argc, char **argv, char **envp)
                        }
                        break;
                case 'P':
-                       if (!wbinfo_ping_dc()) {
+                       if (!wbinfo_ping_dc(opt_domain_name)) {
                                goto done;
                        }
                        break;
@@ -2530,13 +2582,13 @@ int main(int argc, char **argv, char **envp)
                                                 WBFLAG_PAM_INFO3_TEXT |
                                                 WBFLAG_PAM_CONTACT_TRUSTDOM;
 
-                               if (!wbinfo_auth_krb5(string_arg, "FILE",
+                               if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
                                                      flags)) {
                                        d_fprintf(stderr,
                                                "Could not authenticate user "
                                                "[%s] with Kerberos "
                                                "(ccache: %s)\n", string_arg,
-                                               "FILE");
+                                               opt_krb5ccname);
                                        goto done;
                                }
                                break;
@@ -2616,6 +2668,7 @@ int main(int argc, char **argv, char **envp)
                case OPT_LANMAN:
                case OPT_LOGOFF_USER:
                case OPT_LOGOFF_UID:
+               case OPT_KRB5CCNAME:
                        break;
                default:
                        d_fprintf(stderr, "Invalid option\n");