Revert "nsswitch: libwbclient has vnum 1 now."
[samba.git] / nsswitch / wbinfo.c
1 /*
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002-2007
8    Copyright (C) Volker Lendecke 2009
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "popt_common.h"
26 #include "winbind_client.h"
27 #include "libwbclient/wbclient.h"
28 #include "lib/popt/popt.h"
29 #include "../libcli/auth/libcli_auth.h"
30 #if (_SAMBA_BUILD_) >= 4
31 #include "lib/cmdline/popt_common.h"
32 #endif
33
34 #ifdef DBGC_CLASS
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_WINBIND
37 #endif
38
39 static struct wbcInterfaceDetails *init_interface_details(void)
40 {
41         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
42         static struct wbcInterfaceDetails *details;
43
44         if (details) {
45                 return details;
46         }
47
48         wbc_status = wbcInterfaceDetails(&details);
49         if (!WBC_ERROR_IS_OK(wbc_status)) {
50                 d_fprintf(stderr, "could not obtain winbind interface "
51                                   "details: %s\n", wbcErrorString(wbc_status));
52         }
53
54         return details;
55 }
56
57 static char winbind_separator(void)
58 {
59         struct wbcInterfaceDetails *details;
60         static bool got_sep;
61         static char sep;
62
63         if (got_sep)
64                 return sep;
65
66         details = init_interface_details();
67
68         if (!details) {
69                 d_fprintf(stderr, "could not obtain winbind separator!\n");
70                 return 0;
71         }
72
73         sep = details->winbind_separator;
74         got_sep = true;
75
76         if (!sep) {
77                 d_fprintf(stderr, "winbind separator was NULL!\n");
78                 return 0;
79         }
80
81         return sep;
82 }
83
84 static const char *get_winbind_domain(void)
85 {
86         static struct wbcInterfaceDetails *details;
87
88         details = init_interface_details();
89
90         if (!details) {
91                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
92                 return 0;
93         }
94
95         return details->netbios_domain;
96 }
97
98 static const char *get_winbind_netbios_name(void)
99 {
100         static struct wbcInterfaceDetails *details;
101
102         details = init_interface_details();
103
104         if (!details) {
105                 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
106                 return 0;
107         }
108
109         return details->netbios_name;
110 }
111
112 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
113    form DOMAIN/user into a domain and a user */
114
115 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
116                                      fstring user)
117 {
118
119         char *p = strchr(domuser,winbind_separator());
120
121         if (!p) {
122                 /* Maybe it was a UPN? */
123                 if ((p = strchr(domuser, '@')) != NULL) {
124                         fstrcpy(domain, "");
125                         fstrcpy(user, domuser);
126                         return true;
127                 }
128
129                 fstrcpy(user, domuser);
130                 fstrcpy(domain, get_winbind_domain());
131                 return true;
132         }
133
134         fstrcpy(user, p+1);
135         fstrcpy(domain, domuser);
136         domain[PTR_DIFF(p, domuser)] = 0;
137         strupper_m(domain);
138
139         return true;
140 }
141
142 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
143  * Return true if input was valid, false otherwise. */
144 static bool parse_mapping_arg(char *arg, int *id, char **sid)
145 {
146         char *tmp, *endptr;
147
148         if (!arg || !*arg)
149                 return false;
150
151         tmp = strtok(arg, ",");
152         *sid = strtok(NULL, ",");
153
154         if (!tmp || !*tmp || !*sid || !**sid)
155                 return false;
156
157         /* Because atoi() can return 0 on invalid input, which would be a valid
158          * UID/GID we must use strtoul() and do error checking */
159         *id = strtoul(tmp, &endptr, 10);
160
161         if (endptr[0] != '\0')
162                 return false;
163
164         return true;
165 }
166
167 /* pull pwent info for a given user */
168
169 static bool wbinfo_get_userinfo(char *user)
170 {
171         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
172         struct passwd *pwd = NULL;
173
174         wbc_status = wbcGetpwnam(user, &pwd);
175         if (!WBC_ERROR_IS_OK(wbc_status)) {
176                 d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
177                           wbcErrorString(wbc_status));
178                 return false;
179         }
180
181         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
182                  pwd->pw_name,
183                  pwd->pw_passwd,
184                  (unsigned int)pwd->pw_uid,
185                  (unsigned int)pwd->pw_gid,
186                  pwd->pw_gecos,
187                  pwd->pw_dir,
188                  pwd->pw_shell);
189
190         return true;
191 }
192
193 /* pull pwent info for a given uid */
194 static bool wbinfo_get_uidinfo(int uid)
195 {
196         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
197         struct passwd *pwd = NULL;
198
199         wbc_status = wbcGetpwuid(uid, &pwd);
200         if (!WBC_ERROR_IS_OK(wbc_status)) {
201                 d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
202                           wbcErrorString(wbc_status));
203                 return false;
204         }
205
206         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
207                  pwd->pw_name,
208                  pwd->pw_passwd,
209                  (unsigned int)pwd->pw_uid,
210                  (unsigned int)pwd->pw_gid,
211                  pwd->pw_gecos,
212                  pwd->pw_dir,
213                  pwd->pw_shell);
214
215         return true;
216 }
217
218 static bool wbinfo_get_user_sidinfo(const char *sid_str)
219 {
220         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
221         struct passwd *pwd = NULL;
222         struct wbcDomainSid sid;
223
224         wbc_status = wbcStringToSid(sid_str, &sid);
225         wbc_status = wbcGetpwsid(&sid, &pwd);
226         if (!WBC_ERROR_IS_OK(wbc_status)) {
227                 d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
228                           wbcErrorString(wbc_status));
229                 return false;
230         }
231
232         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
233                  pwd->pw_name,
234                  pwd->pw_passwd,
235                  (unsigned int)pwd->pw_uid,
236                  (unsigned int)pwd->pw_gid,
237                  pwd->pw_gecos,
238                  pwd->pw_dir,
239                  pwd->pw_shell);
240
241         return true;
242 }
243
244
245 /* pull grent for a given group */
246 static bool wbinfo_get_groupinfo(const char *group)
247 {
248         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
249         struct group *grp;
250         char **mem;
251
252         wbc_status = wbcGetgrnam(group, &grp);
253         if (!WBC_ERROR_IS_OK(wbc_status)) {
254                 d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
255                           wbcErrorString(wbc_status));
256                 return false;
257         }
258
259         d_printf("%s:%s:%u:",
260                  grp->gr_name,
261                  grp->gr_passwd,
262                  (unsigned int)grp->gr_gid);
263
264         mem = grp->gr_mem;
265         while (*mem != NULL) {
266                 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
267                 mem += 1;
268         }
269         d_printf("\n");
270
271         wbcFreeMemory(grp);
272
273         return true;
274 }
275
276 /* pull grent for a given gid */
277 static bool wbinfo_get_gidinfo(int gid)
278 {
279         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
280         struct group *grp;
281         char **mem;
282
283         wbc_status = wbcGetgrgid(gid, &grp);
284         if (!WBC_ERROR_IS_OK(wbc_status)) {
285                 d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
286                           wbcErrorString(wbc_status));
287                 return false;
288         }
289
290         d_printf("%s:%s:%u:",
291                  grp->gr_name,
292                  grp->gr_passwd,
293                  (unsigned int)grp->gr_gid);
294
295         mem = grp->gr_mem;
296         while (*mem != NULL) {
297                 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
298                 mem += 1;
299         }
300         d_printf("\n");
301
302         wbcFreeMemory(grp);
303
304         return true;
305 }
306
307 /* List groups a user is a member of */
308
309 static bool wbinfo_get_usergroups(const char *user)
310 {
311         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
312         uint32_t num_groups;
313         uint32_t i;
314         gid_t *groups = NULL;
315
316         /* Send request */
317
318         wbc_status = wbcGetGroups(user, &num_groups, &groups);
319         if (!WBC_ERROR_IS_OK(wbc_status)) {
320                 d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
321                           wbcErrorString(wbc_status));
322                 return false;
323         }
324
325         for (i = 0; i < num_groups; i++) {
326                 d_printf("%d\n", (int)groups[i]);
327         }
328
329         wbcFreeMemory(groups);
330
331         return true;
332 }
333
334
335 /* List group SIDs a user SID is a member of */
336 static bool wbinfo_get_usersids(const char *user_sid_str)
337 {
338         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
339         uint32_t num_sids;
340         uint32_t i;
341         struct wbcDomainSid user_sid, *sids = NULL;
342
343         /* Send request */
344
345         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
346         if (!WBC_ERROR_IS_OK(wbc_status)) {
347                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
348                           wbcErrorString(wbc_status));
349                 return false;
350         }
351
352         wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
353         if (!WBC_ERROR_IS_OK(wbc_status)) {
354                 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
355                           wbcErrorString(wbc_status));
356                 return false;
357         }
358
359         for (i = 0; i < num_sids; i++) {
360                 char *str = NULL;
361                 wbc_status = wbcSidToString(&sids[i], &str);
362                 if (!WBC_ERROR_IS_OK(wbc_status)) {
363                         d_fprintf(stderr, "failed to call wbcSidToString: "
364                                   "%s\n", wbcErrorString(wbc_status));
365                         wbcFreeMemory(sids);
366                         return false;
367                 }
368                 d_printf("%s\n", str);
369                 wbcFreeMemory(str);
370         }
371
372         wbcFreeMemory(sids);
373
374         return true;
375 }
376
377 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
378 {
379         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
380         uint32_t num_sids;
381         uint32_t i;
382         struct wbcDomainSid user_sid, *sids = NULL;
383
384         /* Send request */
385
386         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
387         if (!WBC_ERROR_IS_OK(wbc_status)) {
388                 d_fprintf(stderr, "failed to call wbcSidToString: %s\n",
389                           wbcErrorString(wbc_status));
390                 return false;
391         }
392
393         wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
394         if (!WBC_ERROR_IS_OK(wbc_status)) {
395                 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
396                           wbcErrorString(wbc_status));
397                 return false;
398         }
399
400         for (i = 0; i < num_sids; i++) {
401                 char *str = NULL;
402                 wbc_status = wbcSidToString(&sids[i], &str);
403                 if (!WBC_ERROR_IS_OK(wbc_status)) {
404                         d_fprintf(stderr, "failed to call wbcSidToString: "
405                                   "%s\n", wbcErrorString(wbc_status));
406                         wbcFreeMemory(sids);
407                         return false;
408                 }
409                 d_printf("%s\n", str);
410                 wbcFreeMemory(str);
411         }
412
413         wbcFreeMemory(sids);
414
415         return true;
416 }
417
418 static bool wbinfo_get_sidaliases(const char *domain,
419                                   const char *user_sid_str)
420 {
421         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
422         struct wbcDomainInfo *dinfo = NULL;
423         uint32_t i;
424         struct wbcDomainSid user_sid;
425         uint32_t *alias_rids = NULL;
426         uint32_t num_alias_rids;
427         char *domain_sid_str = NULL;
428
429         /* Send request */
430         if ((domain == NULL) || (strequal(domain, ".")) ||
431            (domain[0] == '\0')) {
432                 domain = get_winbind_domain();
433         }
434
435         /* Send request */
436
437         wbc_status = wbcDomainInfo(domain, &dinfo);
438         if (!WBC_ERROR_IS_OK(wbc_status)) {
439                 d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
440                           wbcErrorString(wbc_status));
441                 goto done;
442         }
443         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
444         if (!WBC_ERROR_IS_OK(wbc_status)) {
445                 goto done;
446         }
447
448         wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
449             &alias_rids, &num_alias_rids);
450         if (!WBC_ERROR_IS_OK(wbc_status)) {
451                 goto done;
452         }
453
454         wbc_status = wbcSidToString(&dinfo->sid, &domain_sid_str);
455         if (!WBC_ERROR_IS_OK(wbc_status)) {
456                 goto done;
457         }
458
459         for (i = 0; i < num_alias_rids; i++) {
460                 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
461         }
462
463         wbcFreeMemory(alias_rids);
464
465 done:
466         if (domain_sid_str) {
467                 wbcFreeMemory(domain_sid_str);
468         }
469         if (dinfo) {
470                 wbcFreeMemory(dinfo);
471         }
472         return (WBC_ERR_SUCCESS == wbc_status);
473 }
474
475
476 /* Convert NetBIOS name to IP */
477
478 static bool wbinfo_wins_byname(const char *name)
479 {
480         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
481         char *ip = NULL;
482
483         wbc_status = wbcResolveWinsByName(name, &ip);
484         if (!WBC_ERROR_IS_OK(wbc_status)) {
485                 d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
486                           wbcErrorString(wbc_status));
487                 return false;
488         }
489
490         /* Display response */
491
492         d_printf("%s\n", ip);
493
494         wbcFreeMemory(ip);
495
496         return true;
497 }
498
499 /* Convert IP to NetBIOS name */
500
501 static bool wbinfo_wins_byip(const char *ip)
502 {
503         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
504         char *name = NULL;
505
506         wbc_status = wbcResolveWinsByIP(ip, &name);
507         if (!WBC_ERROR_IS_OK(wbc_status)) {
508                 d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
509                           wbcErrorString(wbc_status));
510                 return false;
511         }
512
513         /* Display response */
514
515         d_printf("%s\n", name);
516
517         wbcFreeMemory(name);
518
519         return true;
520 }
521
522 /* List all/trusted domains */
523
524 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
525 {
526         struct wbcDomainInfo *domain_list = NULL;
527         size_t num_domains;
528         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
529         bool print_all = !list_all_domains && verbose;
530         int i;
531
532         wbc_status = wbcListTrusts(&domain_list, &num_domains);
533         if (!WBC_ERROR_IS_OK(wbc_status)) {
534                 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
535                           wbcErrorString(wbc_status));
536                 return false;
537         }
538
539         if (print_all) {
540                 d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
541                          "Domain Name", "DNS Domain", "Trust Type",
542                          "Transitive", "In", "Out");
543         }
544
545         for (i=0; i<num_domains; i++) {
546                 if (print_all) {
547                         d_printf("%-16s", domain_list[i].short_name);
548                 } else {
549                         d_printf("%s", domain_list[i].short_name);
550                         d_printf("\n");
551                         continue;
552                 }
553
554                 d_printf("%-24s", domain_list[i].dns_name);
555
556                 switch(domain_list[i].trust_type) {
557                 case WBC_DOMINFO_TRUSTTYPE_NONE:
558                         d_printf("None        ");
559                         break;
560                 case WBC_DOMINFO_TRUSTTYPE_FOREST:
561                         d_printf("Forest      ");
562                         break;
563                 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
564                         d_printf("External    ");
565                         break;
566                 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
567                         d_printf("In-Forest   ");
568                         break;
569                 }
570
571                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
572                         d_printf("Yes         ");
573                 } else {
574                         d_printf("No          ");
575                 }
576
577                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
578                         d_printf("Yes  ");
579                 } else {
580                         d_printf("No   ");
581                 }
582
583                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
584                         d_printf("Yes  ");
585                 } else {
586                         d_printf("No   ");
587                 }
588
589                 d_printf("\n");
590         }
591
592         return true;
593 }
594
595 /* List own domain */
596
597 static bool wbinfo_list_own_domain(void)
598 {
599         d_printf("%s\n", get_winbind_domain());
600
601         return true;
602 }
603
604 /* show sequence numbers */
605 static bool wbinfo_show_sequence(const char *domain)
606 {
607         d_printf("This command has been deprecated.  Please use the "
608                  "--online-status option instead.\n");
609         return false;
610 }
611
612 /* show sequence numbers */
613 static bool wbinfo_show_onlinestatus(const char *domain)
614 {
615         struct wbcDomainInfo *domain_list = NULL;
616         size_t num_domains;
617         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
618         int i;
619
620         wbc_status = wbcListTrusts(&domain_list, &num_domains);
621         if (!WBC_ERROR_IS_OK(wbc_status)) {
622                 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
623                           wbcErrorString(wbc_status));
624                 return false;
625         }
626
627         for (i=0; i<num_domains; i++) {
628                 bool is_offline;
629
630                 if (domain) {
631                         if (!strequal(domain_list[i].short_name, domain)) {
632                                 continue;
633                         }
634                 }
635
636                 is_offline = (domain_list[i].domain_flags &
637                               WBC_DOMINFO_DOMAIN_OFFLINE);
638
639                 d_printf("%s : %s\n",
640                          domain_list[i].short_name,
641                          is_offline ? "offline" : "online" );
642         }
643
644         return true;
645 }
646
647
648 /* Show domain info */
649
650 static bool wbinfo_domain_info(const char *domain)
651 {
652         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
653         struct wbcDomainInfo *dinfo = NULL;
654         char *sid_str = NULL;
655
656         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
657                 domain = get_winbind_domain();
658         }
659
660         /* Send request */
661
662         wbc_status = wbcDomainInfo(domain, &dinfo);
663         if (!WBC_ERROR_IS_OK(wbc_status)) {
664                 d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
665                           wbcErrorString(wbc_status));
666                 return false;
667         }
668
669         wbc_status = wbcSidToString(&dinfo->sid, &sid_str);
670         if (!WBC_ERROR_IS_OK(wbc_status)) {
671                 d_fprintf(stderr, "failed to call wbcSidToString: %s\n",
672                           wbcErrorString(wbc_status));
673                 wbcFreeMemory(dinfo);
674                 return false;
675         }
676
677         /* Display response */
678
679         d_printf("Name              : %s\n", dinfo->short_name);
680         d_printf("Alt_Name          : %s\n", dinfo->dns_name);
681
682         d_printf("SID               : %s\n", sid_str);
683
684         d_printf("Active Directory  : %s\n",
685                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
686         d_printf("Native            : %s\n",
687                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
688                  "Yes" : "No");
689
690         d_printf("Primary           : %s\n",
691                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
692                  "Yes" : "No");
693
694         wbcFreeMemory(sid_str);
695         wbcFreeMemory(dinfo);
696
697         return true;
698 }
699
700 /* Get a foreign DC's name */
701 static bool wbinfo_getdcname(const char *domain_name)
702 {
703         struct winbindd_request request;
704         struct winbindd_response response;
705
706         ZERO_STRUCT(request);
707         ZERO_STRUCT(response);
708
709         fstrcpy(request.domain_name, domain_name);
710
711         /* Send request */
712
713         if (winbindd_request_response(WINBINDD_GETDCNAME, &request,
714                                       &response) != NSS_STATUS_SUCCESS) {
715                 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
716                 return false;
717         }
718
719         /* Display response */
720
721         d_printf("%s\n", response.data.dc_name);
722
723         return true;
724 }
725
726 /* Find a DC */
727 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
728 {
729         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
730         struct wbcDomainControllerInfoEx *dc_info;
731         char *str = NULL;
732
733         wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
734                                                  flags | DS_DIRECTORY_SERVICE_REQUIRED,
735                                                  &dc_info);
736         if (!WBC_ERROR_IS_OK(wbc_status)) {
737                 printf("Could not find dc for %s\n", domain_name);
738                 return false;
739         }
740
741         wbcGuidToString(dc_info->domain_guid, &str);
742
743         d_printf("%s\n", dc_info->dc_unc);
744         d_printf("%s\n", dc_info->dc_address);
745         d_printf("%d\n", dc_info->dc_address_type);
746         d_printf("%s\n", str);
747         d_printf("%s\n", dc_info->domain_name);
748         d_printf("%s\n", dc_info->forest_name);
749         d_printf("0x%08x\n", dc_info->dc_flags);
750         d_printf("%s\n", dc_info->dc_site_name);
751         d_printf("%s\n", dc_info->client_site_name);
752
753         return true;
754 }
755
756 /* Check trust account password */
757
758 static bool wbinfo_check_secret(const char *domain)
759 {
760         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
761         struct wbcAuthErrorInfo *error = NULL;
762         const char *domain_name;
763
764         if (domain) {
765                 domain_name = domain;
766         } else {
767                 domain_name = get_winbind_domain();
768         }
769
770         wbc_status = wbcCheckTrustCredentials(domain_name, &error);
771
772         d_printf("checking the trust secret for domain %s via RPC calls %s\n",
773                 domain_name,
774                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
775
776         if (wbc_status == WBC_ERR_AUTH_ERROR) {
777                 d_fprintf(stderr, "error code was %s (0x%x)\n",
778                           error->nt_string, error->nt_status);
779                 wbcFreeMemory(error);
780         }
781         if (!WBC_ERROR_IS_OK(wbc_status)) {
782                 d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
783                           "%s\n", wbcErrorString(wbc_status));
784                 return false;
785         }
786
787         return true;
788 }
789
790 /* Find the currently connected DCs */
791
792 static bool wbinfo_dc_info(const char *domain_name)
793 {
794         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
795         size_t i, num_dcs;
796         const char **dc_names, **dc_ips;
797
798         wbc_status = wbcDcInfo(domain_name, &num_dcs,
799                                &dc_names, &dc_ips);
800         if (!WBC_ERROR_IS_OK(wbc_status)) {
801                 printf("Could not find dc info %s\n",
802                        domain_name ? domain_name : "our domain");
803                 return false;
804         }
805
806         for (i=0; i<num_dcs; i++) {
807                 printf("%s (%s)\n", dc_names[i], dc_ips[i]);
808         }
809         wbcFreeMemory(dc_names);
810         wbcFreeMemory(dc_ips);
811
812         return true;
813 }
814
815 /* Change trust account password */
816
817 static bool wbinfo_change_secret(const char *domain)
818 {
819         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
820         struct wbcAuthErrorInfo *error = NULL;
821         const char *domain_name;
822
823         if (domain) {
824                 domain_name = domain;
825         } else {
826                 domain_name = get_winbind_domain();
827         }
828
829         wbc_status = wbcChangeTrustCredentials(domain_name, &error);
830
831         d_printf("changing the trust secret for domain %s via RPC calls %s\n",
832                 domain_name,
833                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
834
835         if (wbc_status == WBC_ERR_AUTH_ERROR) {
836                 d_fprintf(stderr, "error code was %s (0x%x)\n",
837                           error->nt_string, error->nt_status);
838                 wbcFreeMemory(error);
839         }
840         if (!WBC_ERROR_IS_OK(wbc_status)) {
841                 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
842                           "%s\n", wbcErrorString(wbc_status));
843                 return false;
844         }
845
846         return true;
847 }
848
849 /* Check DC connection */
850
851 static bool wbinfo_ping_dc(void)
852 {
853         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
854         struct wbcAuthErrorInfo *error = NULL;
855
856         wbc_status = wbcPingDc(NULL, &error);
857
858         d_printf("checking the NETLOGON dc connection %s\n",
859                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
860
861         if (wbc_status == WBC_ERR_AUTH_ERROR) {
862                 d_fprintf(stderr, "error code was %s (0x%x)\n",
863                           error->nt_string, error->nt_status);
864                 wbcFreeMemory(error);
865         }
866         if (!WBC_ERROR_IS_OK(wbc_status)) {
867                 d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
868                           wbcErrorString(wbc_status));
869                 return false;
870         }
871
872         return true;
873 }
874
875 /* Convert uid to sid */
876
877 static bool wbinfo_uid_to_sid(uid_t uid)
878 {
879         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
880         struct wbcDomainSid sid;
881         char *sid_str = NULL;
882
883         /* Send request */
884
885         wbc_status = wbcUidToSid(uid, &sid);
886         if (!WBC_ERROR_IS_OK(wbc_status)) {
887                 d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
888                           wbcErrorString(wbc_status));
889                 return false;
890         }
891
892         wbc_status = wbcSidToString(&sid, &sid_str);
893         if (!WBC_ERROR_IS_OK(wbc_status)) {
894                 d_fprintf(stderr, "failed to call wbcSidToString: %s\n",
895                           wbcErrorString(wbc_status));
896                 return false;
897         }
898
899         /* Display response */
900
901         d_printf("%s\n", sid_str);
902
903         wbcFreeMemory(sid_str);
904
905         return true;
906 }
907
908 /* Convert gid to sid */
909
910 static bool wbinfo_gid_to_sid(gid_t gid)
911 {
912         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
913         struct wbcDomainSid sid;
914         char *sid_str = NULL;
915
916         /* Send request */
917
918         wbc_status = wbcGidToSid(gid, &sid);
919         if (!WBC_ERROR_IS_OK(wbc_status)) {
920                 d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
921                           wbcErrorString(wbc_status));
922                 return false;
923         }
924
925         wbc_status = wbcSidToString(&sid, &sid_str);
926         if (!WBC_ERROR_IS_OK(wbc_status)) {
927                 d_fprintf(stderr, "failed to call wbcSidToString: %s\n",
928                           wbcErrorString(wbc_status));
929                 return false;
930         }
931
932         /* Display response */
933
934         d_printf("%s\n", sid_str);
935
936         wbcFreeMemory(sid_str);
937
938         return true;
939 }
940
941 /* Convert sid to uid */
942
943 static bool wbinfo_sid_to_uid(const char *sid_str)
944 {
945         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
946         struct wbcDomainSid sid;
947         uid_t uid;
948
949         /* Send request */
950
951         wbc_status = wbcStringToSid(sid_str, &sid);
952         if (!WBC_ERROR_IS_OK(wbc_status)) {
953                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
954                           wbcErrorString(wbc_status));
955                 return false;
956         }
957
958         wbc_status = wbcSidToUid(&sid, &uid);
959         if (!WBC_ERROR_IS_OK(wbc_status)) {
960                 d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
961                           wbcErrorString(wbc_status));
962                 return false;
963         }
964
965         /* Display response */
966
967         d_printf("%d\n", (int)uid);
968
969         return true;
970 }
971
972 static bool wbinfo_sid_to_gid(const char *sid_str)
973 {
974         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
975         struct wbcDomainSid sid;
976         gid_t gid;
977
978         /* Send request */
979
980         wbc_status = wbcStringToSid(sid_str, &sid);
981         if (!WBC_ERROR_IS_OK(wbc_status)) {
982                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
983                           wbcErrorString(wbc_status));
984                 return false;
985         }
986
987         wbc_status = wbcSidToGid(&sid, &gid);
988         if (!WBC_ERROR_IS_OK(wbc_status)) {
989                 d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
990                           wbcErrorString(wbc_status));
991                 return false;
992         }
993
994         /* Display response */
995
996         d_printf("%d\n", (int)gid);
997
998         return true;
999 }
1000
1001 static bool wbinfo_allocate_uid(void)
1002 {
1003         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1004         uid_t uid;
1005
1006         /* Send request */
1007
1008         wbc_status = wbcAllocateUid(&uid);
1009         if (!WBC_ERROR_IS_OK(wbc_status)) {
1010                 d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
1011                           wbcErrorString(wbc_status));
1012                 return false;
1013         }
1014
1015         /* Display response */
1016
1017         d_printf("New uid: %u\n", (unsigned int)uid);
1018
1019         return true;
1020 }
1021
1022 static bool wbinfo_allocate_gid(void)
1023 {
1024         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1025         gid_t gid;
1026
1027         /* Send request */
1028
1029         wbc_status = wbcAllocateGid(&gid);
1030         if (!WBC_ERROR_IS_OK(wbc_status)) {
1031                 d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
1032                           wbcErrorString(wbc_status));
1033                 return false;
1034         }
1035
1036         /* Display response */
1037
1038         d_printf("New gid: %u\n", (unsigned int)gid);
1039
1040         return true;
1041 }
1042
1043 /* Convert sid to string */
1044
1045 static bool wbinfo_lookupsid(const char *sid_str)
1046 {
1047         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1048         struct wbcDomainSid sid;
1049         char *domain;
1050         char *name;
1051         enum wbcSidType type;
1052
1053         /* Send off request */
1054
1055         wbc_status = wbcStringToSid(sid_str, &sid);
1056         if (!WBC_ERROR_IS_OK(wbc_status)) {
1057                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1058                           wbcErrorString(wbc_status));
1059                 return false;
1060         }
1061
1062         wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1063         if (!WBC_ERROR_IS_OK(wbc_status)) {
1064                 d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
1065                           wbcErrorString(wbc_status));
1066                 return false;
1067         }
1068
1069         /* Display response */
1070
1071         d_printf("%s%c%s %d\n",
1072                  domain, winbind_separator(), name, type);
1073
1074         return true;
1075 }
1076
1077 /* Convert sid to fullname */
1078
1079 static bool wbinfo_lookupsid_fullname(const char *sid_str)
1080 {
1081         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1082         struct wbcDomainSid sid;
1083         char *domain;
1084         char *name;
1085         enum wbcSidType type;
1086
1087         /* Send off request */
1088
1089         wbc_status = wbcStringToSid(sid_str, &sid);
1090         if (!WBC_ERROR_IS_OK(wbc_status)) {
1091                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
1092                           wbcErrorString(wbc_status));
1093                 return false;
1094         }
1095
1096         wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1097         if (!WBC_ERROR_IS_OK(wbc_status)) {
1098                 d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
1099                           wbcErrorString(wbc_status));
1100                 return false;
1101         }
1102
1103         /* Display response */
1104
1105         d_printf("%s%c%s %d\n",
1106                  domain, winbind_separator(), name, type);
1107
1108         return true;
1109 }
1110
1111 /* Lookup a list of RIDs */
1112
1113 static bool wbinfo_lookuprids(const char *domain, const char *arg)
1114 {
1115         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1116         struct wbcDomainInfo *dinfo = NULL;
1117         char *domain_name = NULL;
1118         const char **names = NULL;
1119         enum wbcSidType *types = NULL;
1120         size_t i;
1121         int num_rids;
1122         uint32_t *rids = NULL;
1123         const char *p;
1124         char *ridstr;
1125         TALLOC_CTX *mem_ctx = NULL;
1126         bool ret = false;
1127
1128         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1129                 domain = get_winbind_domain();
1130         }
1131
1132         /* Send request */
1133
1134         wbc_status = wbcDomainInfo(domain, &dinfo);
1135         if (!WBC_ERROR_IS_OK(wbc_status)) {
1136                 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1137                          wbcErrorString(wbc_status));
1138                 goto done;
1139         }
1140
1141         mem_ctx = talloc_new(NULL);
1142         if (mem_ctx == NULL) {
1143                 d_printf("talloc_new failed\n");
1144                 goto done;
1145         }
1146
1147         num_rids = 0;
1148         rids = NULL;
1149         p = arg;
1150
1151         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1152                 uint32_t rid = strtoul(ridstr, NULL, 10);
1153                 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1154                 if (rids == NULL) {
1155                         d_printf("talloc_realloc failed\n");
1156                 }
1157                 rids[num_rids] = rid;
1158                 num_rids += 1;
1159         }
1160
1161         if (rids == NULL) {
1162                 d_printf("no rids\n");
1163                 goto done;
1164         }
1165
1166         wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
1167                                    (const char **)&domain_name, &names, &types);
1168         if (!WBC_ERROR_IS_OK(wbc_status)) {
1169                 d_printf("winbind_lookup_rids failed: %s\n",
1170                          wbcErrorString(wbc_status));
1171                 goto done;
1172         }
1173
1174         d_printf("Domain: %s\n", domain_name);
1175
1176         for (i=0; i<num_rids; i++) {
1177                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1178                          wbcSidTypeString(types[i]));
1179         }
1180
1181         ret = true;
1182 done:
1183         if (dinfo) {
1184                 wbcFreeMemory(dinfo);
1185         }
1186         if (domain_name) {
1187                 wbcFreeMemory(domain_name);
1188         }
1189         if (names) {
1190                 wbcFreeMemory(names);
1191         }
1192         if (types) {
1193                 wbcFreeMemory(types);
1194         }
1195         TALLOC_FREE(mem_ctx);
1196         return ret;
1197 }
1198
1199 /* Convert string to sid */
1200
1201 static bool wbinfo_lookupname(const char *full_name)
1202 {
1203         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1204         struct wbcDomainSid sid;
1205         char *sid_str;
1206         enum wbcSidType type;
1207         fstring domain_name;
1208         fstring account_name;
1209
1210         /* Send off request */
1211
1212         parse_wbinfo_domain_user(full_name, domain_name,
1213                                  account_name);
1214
1215         wbc_status = wbcLookupName(domain_name, account_name,
1216                                    &sid, &type);
1217         if (!WBC_ERROR_IS_OK(wbc_status)) {
1218                 d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
1219                           wbcErrorString(wbc_status));
1220                 return false;
1221         }
1222
1223         wbc_status = wbcSidToString(&sid, &sid_str);
1224         if (!WBC_ERROR_IS_OK(wbc_status)) {
1225                 d_fprintf(stderr, "failed to call wbcSidToString: %s\n",
1226                           wbcErrorString(wbc_status));
1227                 return false;
1228         }
1229
1230         /* Display response */
1231
1232         d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1233
1234         wbcFreeMemory(sid_str);
1235
1236         return true;
1237 }
1238
1239 static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1240                                 const char *prefix,
1241                                 const char *username)
1242 {
1243         char *prompt;
1244         const char *ret = NULL;
1245
1246         prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1247         if (!prompt) {
1248                 return NULL;
1249         }
1250         if (prefix) {
1251                 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1252                 if (!prompt) {
1253                         return NULL;
1254                 }
1255         }
1256         prompt = talloc_asprintf_append(prompt, "password: ");
1257         if (!prompt) {
1258                 return NULL;
1259         }
1260
1261         ret = getpass(prompt);
1262         TALLOC_FREE(prompt);
1263
1264         return talloc_strdup(mem_ctx, ret);
1265 }
1266
1267 /* Authenticate a user with a plaintext password */
1268
1269 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1270 {
1271         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1272         char *s = NULL;
1273         char *p = NULL;
1274         char *password = NULL;
1275         char *name = NULL;
1276         char *local_cctype = NULL;
1277         uid_t uid;
1278         struct wbcLogonUserParams params;
1279         struct wbcLogonUserInfo *info;
1280         struct wbcAuthErrorInfo *error;
1281         struct wbcUserPasswordPolicyInfo *policy;
1282         TALLOC_CTX *frame = talloc_tos();
1283
1284         if ((s = talloc_strdup(frame, username)) == NULL) {
1285                 return false;
1286         }
1287
1288         if ((p = strchr(s, '%')) != NULL) {
1289                 *p = 0;
1290                 p++;
1291                 password = talloc_strdup(frame, p);
1292         } else {
1293                 password = wbinfo_prompt_pass(frame, NULL, username);
1294         }
1295
1296         local_cctype = talloc_strdup(frame, cctype);
1297
1298         name = s;
1299
1300         uid = geteuid();
1301
1302         params.username = name;
1303         params.password = password;
1304         params.num_blobs = 0;
1305         params.blobs = NULL;
1306
1307         wbc_status = wbcAddNamedBlob(&params.num_blobs,
1308                                      &params.blobs,
1309                                      "flags",
1310                                      0,
1311                                      (uint8_t *)&flags,
1312                                      sizeof(flags));
1313         if (!WBC_ERROR_IS_OK(wbc_status)) {
1314                 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1315                           wbcErrorString(wbc_status));
1316                 goto done;
1317         }
1318
1319         wbc_status = wbcAddNamedBlob(&params.num_blobs,
1320                                      &params.blobs,
1321                                      "user_uid",
1322                                      0,
1323                                      (uint8_t *)&uid,
1324                                      sizeof(uid));
1325         if (!WBC_ERROR_IS_OK(wbc_status)) {
1326                 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1327                           wbcErrorString(wbc_status));
1328                 goto done;
1329         }
1330
1331         wbc_status = wbcAddNamedBlob(&params.num_blobs,
1332                                      &params.blobs,
1333                                      "krb5_cc_type",
1334                                      0,
1335                                      (uint8_t *)local_cctype,
1336                                      strlen(cctype)+1);
1337         if (!WBC_ERROR_IS_OK(wbc_status)) {
1338                 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
1339                           wbcErrorString(wbc_status));
1340                 goto done;
1341         }
1342
1343         wbc_status = wbcLogonUser(&params, &info, &error, &policy);
1344
1345         d_printf("plaintext kerberos password authentication for [%s] %s "
1346                  "(requesting cctype: %s)\n",
1347                  username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1348                  cctype);
1349
1350         if (error) {
1351                 d_fprintf(stderr,
1352                          "error code was %s (0x%x)\nerror message was: %s\n",
1353                          error->nt_string,
1354                          error->nt_status,
1355                          error->display_string);
1356         }
1357
1358         if (WBC_ERROR_IS_OK(wbc_status)) {
1359                 if (flags & WBFLAG_PAM_INFO3_TEXT) {
1360                         if (info && info->info && info->info->user_flags &
1361                             NETLOGON_CACHED_ACCOUNT) {
1362                                 d_printf("user_flgs: "
1363                                          "NETLOGON_CACHED_ACCOUNT\n");
1364                         }
1365                 }
1366
1367                 if (info) {
1368                         int i;
1369                         for (i=0; i < info->num_blobs; i++) {
1370                                 if (strequal(info->blobs[i].name,
1371                                              "krb5ccname")) {
1372                                         d_printf("credentials were put "
1373                                                  "in: %s\n",
1374                                                 (const char *)
1375                                                       info->blobs[i].blob.data);
1376                                         break;
1377                                 }
1378                         }
1379                 } else {
1380                         d_printf("no credentials cached\n");
1381                 }
1382         }
1383  done:
1384
1385         wbcFreeMemory(params.blobs);
1386
1387         return WBC_ERROR_IS_OK(wbc_status);
1388 }
1389
1390 /* Authenticate a user with a plaintext password */
1391
1392 static bool wbinfo_auth(char *username)
1393 {
1394         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1395         char *s = NULL;
1396         char *p = NULL;
1397         char *password = NULL;
1398         char *name = NULL;
1399         TALLOC_CTX *frame = talloc_tos();
1400
1401         if ((s = talloc_strdup(frame, username)) == NULL) {
1402                 return false;
1403         }
1404
1405         if ((p = strchr(s, '%')) != NULL) {
1406                 *p = 0;
1407                 p++;
1408                 password = talloc_strdup(frame, p);
1409         } else {
1410                 password = wbinfo_prompt_pass(frame, NULL, username);
1411         }
1412
1413         name = s;
1414
1415         wbc_status = wbcAuthenticateUser(name, password);
1416
1417         d_printf("plaintext password authentication %s\n",
1418                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1419
1420 #if 0
1421         if (response.data.auth.nt_status)
1422                 d_fprintf(stderr,
1423                          "error code was %s (0x%x)\nerror message was: %s\n",
1424                          response.data.auth.nt_status_string,
1425                          response.data.auth.nt_status,
1426                          response.data.auth.error_string);
1427 #endif
1428
1429         return WBC_ERROR_IS_OK(wbc_status);
1430 }
1431
1432 /* Authenticate a user with a challenge/response */
1433
1434 static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1435 {
1436         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1437         struct wbcAuthUserParams params;
1438         struct wbcAuthUserInfo *info = NULL;
1439         struct wbcAuthErrorInfo *err = NULL;
1440         DATA_BLOB lm = data_blob_null;
1441         DATA_BLOB nt = data_blob_null;
1442         fstring name_user;
1443         fstring name_domain;
1444         char *pass;
1445         char *p;
1446         TALLOC_CTX *frame = talloc_tos();
1447
1448         p = strchr(username, '%');
1449
1450         if (p) {
1451                 *p = 0;
1452                 pass = talloc_strdup(frame, p + 1);
1453         } else {
1454                 pass = wbinfo_prompt_pass(frame, NULL, username);
1455         }
1456
1457         parse_wbinfo_domain_user(username, name_domain, name_user);
1458
1459         params.account_name     = name_user;
1460         params.domain_name      = name_domain;
1461         params.workstation_name = NULL;
1462
1463         params.flags            = 0;
1464         params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1465                                   WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1466
1467         params.level            = WBC_AUTH_USER_LEVEL_RESPONSE;
1468
1469         generate_random_buffer(params.password.response.challenge, 8);
1470
1471         if (use_ntlmv2) {
1472                 DATA_BLOB server_chal;
1473                 DATA_BLOB names_blob;
1474
1475                 server_chal = data_blob(params.password.response.challenge, 8);
1476
1477                 /* Pretend this is a login to 'us', for blob purposes */
1478                 names_blob = NTLMv2_generate_names_blob(NULL,
1479                                                 get_winbind_netbios_name(),
1480                                                 get_winbind_domain());
1481
1482                 if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1483                                       &server_chal,
1484                                       &names_blob,
1485                                       &lm, &nt, NULL, NULL)) {
1486                         data_blob_free(&names_blob);
1487                         data_blob_free(&server_chal);
1488                         TALLOC_FREE(pass);
1489                         return false;
1490                 }
1491                 data_blob_free(&names_blob);
1492                 data_blob_free(&server_chal);
1493
1494         } else {
1495                 if (use_lanman) {
1496                         bool ok;
1497                         lm = data_blob(NULL, 24);
1498                         ok = SMBencrypt(pass,
1499                                         params.password.response.challenge,
1500                                         lm.data);
1501                         if (!ok) {
1502                                 data_blob_free(&lm);
1503                         }
1504                 }
1505                 nt = data_blob(NULL, 24);
1506                 SMBNTencrypt(pass, params.password.response.challenge,
1507                              nt.data);
1508         }
1509
1510         params.password.response.nt_length      = nt.length;
1511         params.password.response.nt_data        = nt.data;
1512         params.password.response.lm_length      = lm.length;
1513         params.password.response.lm_data        = lm.data;
1514
1515         wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1516
1517         /* Display response */
1518
1519         d_printf("challenge/response password authentication %s\n",
1520                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1521
1522         if (wbc_status == WBC_ERR_AUTH_ERROR) {
1523                 d_fprintf(stderr,
1524                          "error code was %s (0x%x)\nerror message was: %s\n",
1525                          err->nt_string,
1526                          err->nt_status,
1527                          err->display_string);
1528                 wbcFreeMemory(err);
1529         } else if (WBC_ERROR_IS_OK(wbc_status)) {
1530                 wbcFreeMemory(info);
1531         }
1532
1533         data_blob_free(&nt);
1534         data_blob_free(&lm);
1535
1536         return WBC_ERROR_IS_OK(wbc_status);
1537 }
1538
1539 /* Authenticate a user with a plaintext password */
1540
1541 static bool wbinfo_pam_logon(char *username)
1542 {
1543         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1544         struct wbcLogonUserParams params;
1545         struct wbcAuthErrorInfo *error;
1546         char *s = NULL;
1547         char *p = NULL;
1548         TALLOC_CTX *frame = talloc_tos();
1549         uint32_t flags;
1550         uint32_t uid;
1551
1552         ZERO_STRUCT(params);
1553
1554         if ((s = talloc_strdup(frame, username)) == NULL) {
1555                 return false;
1556         }
1557
1558         if ((p = strchr(s, '%')) != NULL) {
1559                 *p = 0;
1560                 p++;
1561                 params.password = talloc_strdup(frame, p);
1562         } else {
1563                 params.password = wbinfo_prompt_pass(frame, NULL, username);
1564         }
1565         params.username = s;
1566
1567         flags = WBFLAG_PAM_CACHED_LOGIN;
1568
1569         wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1570                                      "flags", 0,
1571                                      (uint8_t *)&flags, sizeof(flags));
1572         if (!WBC_ERROR_IS_OK(wbc_status)) {
1573                 d_printf("wbcAddNamedBlob failed: %s\n",
1574                          wbcErrorString(wbc_status));
1575                 return false;
1576         }
1577
1578         uid = getuid();
1579
1580         wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
1581                                      "user_uid", 0,
1582                                      (uint8_t *)&uid, sizeof(uid));
1583         if (!WBC_ERROR_IS_OK(wbc_status)) {
1584                 d_printf("wbcAddNamedBlob failed: %s\n",
1585                          wbcErrorString(wbc_status));
1586                 return false;
1587         }
1588
1589         wbc_status = wbcLogonUser(&params, NULL, &error, NULL);
1590
1591         wbcFreeMemory(params.blobs);
1592
1593         d_printf("plaintext password authentication %s\n",
1594                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1595
1596         if (!WBC_ERROR_IS_OK(wbc_status)) {
1597                 d_fprintf(stderr,
1598                           "error code was %s (0x%x)\nerror message was: %s\n",
1599                           error->nt_string,
1600                           (int)error->nt_status,
1601                           error->display_string);
1602                 wbcFreeMemory(error);
1603                 return false;
1604         }
1605         return true;
1606 }
1607
1608 /* Save creds with winbind */
1609
1610 static bool wbinfo_ccache_save(char *username)
1611 {
1612         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1613         char *s = NULL;
1614         char *p = NULL;
1615         char *password = NULL;
1616         char *name = NULL;
1617         TALLOC_CTX *frame = talloc_stackframe();
1618
1619         s = talloc_strdup(frame, username);
1620         if (s == NULL) {
1621                 return false;
1622         }
1623
1624         p = strchr(s, '%');
1625         if (p != NULL) {
1626                 *p = 0;
1627                 p++;
1628                 password = talloc_strdup(frame, p);
1629         } else {
1630                 password = wbinfo_prompt_pass(frame, NULL, username);
1631         }
1632
1633         name = s;
1634
1635         wbc_status = wbcCredentialSave(name, password);
1636
1637         d_printf("saving creds %s\n",
1638                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1639
1640         TALLOC_FREE(frame);
1641
1642         return WBC_ERROR_IS_OK(wbc_status);
1643 }
1644
1645 #ifdef WITH_FAKE_KASERVER
1646 /* Authenticate a user with a plaintext password and set a token */
1647
1648 static bool wbinfo_klog(char *username)
1649 {
1650         struct winbindd_request request;
1651         struct winbindd_response response;
1652         NSS_STATUS result;
1653         char *p;
1654
1655         /* Send off request */
1656
1657         ZERO_STRUCT(request);
1658         ZERO_STRUCT(response);
1659
1660         p = strchr(username, '%');
1661
1662         if (p) {
1663                 *p = 0;
1664                 fstrcpy(request.data.auth.user, username);
1665                 fstrcpy(request.data.auth.pass, p + 1);
1666                 *p = '%';
1667         } else {
1668                 fstrcpy(request.data.auth.user, username);
1669                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1670         }
1671
1672         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1673
1674         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request,
1675                                            &response);
1676
1677         /* Display response */
1678
1679         d_printf("plaintext password authentication %s\n",
1680                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1681
1682         if (response.data.auth.nt_status)
1683                 d_fprintf(stderr,
1684                          "error code was %s (0x%x)\nerror message was: %s\n",
1685                          response.data.auth.nt_status_string,
1686                          response.data.auth.nt_status,
1687                          response.data.auth.error_string);
1688
1689         if (result != NSS_STATUS_SUCCESS)
1690                 return false;
1691
1692         if (response.extra_data.data == NULL) {
1693                 d_fprintf(stderr, "Did not get token data\n");
1694                 return false;
1695         }
1696
1697         if (!afs_settoken_str((char *)response.extra_data.data)) {
1698                 d_fprintf(stderr, "Could not set token\n");
1699                 return false;
1700         }
1701
1702         d_printf("Successfully created AFS token\n");
1703         return true;
1704 }
1705 #else
1706 static bool wbinfo_klog(char *username)
1707 {
1708         d_fprintf(stderr, "No AFS support compiled in.\n");
1709         return false;
1710 }
1711 #endif
1712
1713 /* Print domain users */
1714
1715 static bool print_domain_users(const char *domain)
1716 {
1717         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1718         uint32_t i;
1719         uint32_t num_users = 0;
1720         const char **users = NULL;
1721
1722         /* Send request to winbind daemon */
1723
1724         /* '.' is the special sign for our own domain */
1725         if (domain && strcmp(domain, ".") == 0) {
1726                 domain = get_winbind_domain();
1727         }
1728
1729         wbc_status = wbcListUsers(domain, &num_users, &users);
1730         if (!WBC_ERROR_IS_OK(wbc_status)) {
1731                 return false;
1732         }
1733
1734         for (i=0; i < num_users; i++) {
1735                 d_printf("%s\n", users[i]);
1736         }
1737
1738         wbcFreeMemory(users);
1739
1740         return true;
1741 }
1742
1743 /* Print domain groups */
1744
1745 static bool print_domain_groups(const char *domain)
1746 {
1747         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1748         uint32_t i;
1749         uint32_t num_groups = 0;
1750         const char **groups = NULL;
1751
1752         /* Send request to winbind daemon */
1753
1754         /* '.' is the special sign for our own domain */
1755         if (domain && strcmp(domain, ".") == 0) {
1756                 domain = get_winbind_domain();
1757         }
1758
1759         wbc_status = wbcListGroups(domain, &num_groups, &groups);
1760         if (!WBC_ERROR_IS_OK(wbc_status)) {
1761                 d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
1762                           wbcErrorString(wbc_status));
1763                 return false;
1764         }
1765
1766         for (i=0; i < num_groups; i++) {
1767                 d_printf("%s\n", groups[i]);
1768         }
1769
1770         wbcFreeMemory(groups);
1771
1772         return true;
1773 }
1774
1775 /* Set the authorised user for winbindd access in secrets.tdb */
1776
1777 static bool wbinfo_set_auth_user(char *username)
1778 {
1779         d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
1780                           "See 'net help setauthuser' for details.\n");
1781         return false;
1782 }
1783
1784 static void wbinfo_get_auth_user(void)
1785 {
1786         d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
1787                           "See 'net help getauthuser' for details.\n");
1788 }
1789
1790 static bool wbinfo_ping(void)
1791 {
1792         wbcErr wbc_status;
1793
1794         wbc_status = wbcPing();
1795
1796         /* Display response */
1797
1798         d_printf("Ping to winbindd %s\n",
1799                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1800
1801         return WBC_ERROR_IS_OK(wbc_status);
1802 }
1803
1804 static bool wbinfo_change_user_password(const char *username)
1805 {
1806         wbcErr wbc_status;
1807         char *old_password = NULL;
1808         char *new_password = NULL;
1809         TALLOC_CTX *frame = talloc_tos();
1810
1811         old_password = wbinfo_prompt_pass(frame, "old", username);
1812         new_password = wbinfo_prompt_pass(frame, "new", username);
1813
1814         wbc_status = wbcChangeUserPassword(username, old_password,new_password);
1815
1816         /* Display response */
1817
1818         d_printf("Password change for user %s %s\n", username,
1819                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1820
1821         return WBC_ERROR_IS_OK(wbc_status);
1822 }
1823
1824 /* Main program */
1825
1826 enum {
1827         OPT_SET_AUTH_USER = 1000,
1828         OPT_GET_AUTH_USER,
1829         OPT_DOMAIN_NAME,
1830         OPT_SEQUENCE,
1831         OPT_GETDCNAME,
1832         OPT_DSGETDCNAME,
1833         OPT_DC_INFO,
1834         OPT_USERDOMGROUPS,
1835         OPT_SIDALIASES,
1836         OPT_USERSIDS,
1837         OPT_ALLOCATE_UID,
1838         OPT_ALLOCATE_GID,
1839         OPT_SEPARATOR,
1840         OPT_LIST_ALL_DOMAINS,
1841         OPT_LIST_OWN_DOMAIN,
1842         OPT_UID_INFO,
1843         OPT_USER_SIDINFO,
1844         OPT_GROUP_INFO,
1845         OPT_GID_INFO,
1846         OPT_VERBOSE,
1847         OPT_ONLINESTATUS,
1848         OPT_CHANGE_USER_PASSWORD,
1849         OPT_CCACHE_SAVE,
1850         OPT_SID_TO_FULLNAME,
1851         OPT_NTLMV2,
1852         OPT_PAM_LOGON,
1853         OPT_LOGOFF,
1854         OPT_LOGOFF_USER,
1855         OPT_LOGOFF_UID,
1856         OPT_LANMAN
1857 };
1858
1859 int main(int argc, char **argv, char **envp)
1860 {
1861         int opt;
1862         TALLOC_CTX *frame = talloc_stackframe();
1863         poptContext pc;
1864         static char *string_arg;
1865         char *string_subarg = NULL;
1866         static char *opt_domain_name;
1867         static int int_arg;
1868         int int_subarg = -1;
1869         int result = 1;
1870         bool verbose = false;
1871         bool use_ntlmv2 = false;
1872         bool use_lanman = false;
1873         char *logoff_user = getenv("USER");
1874         int logoff_uid = geteuid();
1875
1876         struct poptOption long_options[] = {
1877                 POPT_AUTOHELP
1878
1879                 /* longName, shortName, argInfo, argPtr, value, descrip,
1880                    argDesc */
1881
1882                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1883                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1884                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1885                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1886                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1887                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1888                 { "sid-to-fullname", 0, POPT_ARG_STRING, &string_arg,
1889                   OPT_SID_TO_FULLNAME, "Converts sid to fullname", "SID" },
1890                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1891                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1892                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1893                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1894                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1895                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1896                   "Get a new UID out of idmap" },
1897                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1898                   "Get a new GID out of idmap" },
1899                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1900                 { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" },
1901                 { "ping-dc", 'P', POPT_ARG_NONE, 0, 'P',
1902                   "Check the NETLOGON connection" },
1903                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1904                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1905                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1906                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Deprecated command, see --online-status" },
1907                 { "online-status", 0, POPT_ARG_NONE, 0, OPT_ONLINESTATUS, "Show whether domains are marked as online or offline"},
1908                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1909                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1910                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1911                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1912                 { "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" },
1913                 { "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" },
1914                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1915                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1916                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1917                 { "sid-aliases", 0, POPT_ARG_STRING, &string_arg, OPT_SIDALIASES, "Get sid aliases", "SID" },
1918                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1919                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1920                 { "pam-logon", 0, POPT_ARG_STRING, &string_arg, OPT_PAM_LOGON,
1921                   "do a pam logon equivalent", "user%password" },
1922                 { "logoff", 0, POPT_ARG_NONE, NULL, OPT_LOGOFF,
1923                   "log off user", "uid" },
1924                 { "logoff-user", 0, POPT_ARG_STRING, &logoff_user,
1925                   OPT_LOGOFF_USER, "username to log off" },
1926                 { "logoff-uid", 0, POPT_ARG_INT, &logoff_uid,
1927                   OPT_LOGOFF_UID, "uid to log off" },
1928                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1929                 { "ccache-save", 0, POPT_ARG_STRING, &string_arg,
1930                   OPT_CCACHE_SAVE, "Store user and password for ccache "
1931                   "operation", "user%password" },
1932                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1933                   "Get a DC name for a foreign domain", "domainname" },
1934                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1935                 { "dc-info", 0, POPT_ARG_STRING, &string_arg, OPT_DC_INFO,
1936                   "Find the currently known DCs", "domainname" },
1937                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1938                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1939                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1940 #ifdef WITH_FAKE_KASERVER
1941                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1942 #endif
1943 #ifdef HAVE_KRB5
1944                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1945                         /* destroys wbinfo --help output */
1946                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1947 #endif
1948                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1949                 { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
1950                 { "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
1951                 { "ntlmv2", 0, POPT_ARG_NONE, 0, OPT_NTLMV2, "Use NTLMv2 cryptography for user authentication", NULL},
1952                 { "lanman", 0, POPT_ARG_NONE, 0, OPT_LANMAN, "Use lanman cryptography for user authentication", NULL},
1953                 POPT_COMMON_VERSION
1954                 POPT_TABLEEND
1955         };
1956
1957         /* Samba client initialisation */
1958         load_case_tables();
1959
1960
1961         /* Parse options */
1962
1963         pc = poptGetContext("wbinfo", argc, (const char **)argv,
1964                             long_options, 0);
1965
1966         /* Parse command line options */
1967
1968         if (argc == 1) {
1969                 poptPrintHelp(pc, stderr, 0);
1970                 return 1;
1971         }
1972
1973         while((opt = poptGetNextOpt(pc)) != -1) {
1974                 /* get the generic configuration parameters like --domain */
1975                 switch (opt) {
1976                 case OPT_VERBOSE:
1977                         verbose = true;
1978                         break;
1979                 case OPT_NTLMV2:
1980                         use_ntlmv2 = true;
1981                         break;
1982                 case OPT_LANMAN:
1983                         use_lanman = true;
1984                         break;
1985                 }
1986         }
1987
1988         poptFreeContext(pc);
1989
1990         pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
1991                             POPT_CONTEXT_KEEP_FIRST);
1992
1993         while((opt = poptGetNextOpt(pc)) != -1) {
1994                 switch (opt) {
1995                 case 'u':
1996                         if (!print_domain_users(opt_domain_name)) {
1997                                 d_fprintf(stderr,
1998                                           "Error looking up domain users\n");
1999                                 goto done;
2000                         }
2001                         break;
2002                 case 'g':
2003                         if (!print_domain_groups(opt_domain_name)) {
2004                                 d_fprintf(stderr,
2005                                           "Error looking up domain groups\n");
2006                                 goto done;
2007                         }
2008                         break;
2009                 case 's':
2010                         if (!wbinfo_lookupsid(string_arg)) {
2011                                 d_fprintf(stderr,
2012                                           "Could not lookup sid %s\n",
2013                                           string_arg);
2014                                 goto done;
2015                         }
2016                         break;
2017                 case OPT_SID_TO_FULLNAME:
2018                         if (!wbinfo_lookupsid_fullname(string_arg)) {
2019                                 d_fprintf(stderr, "Could not lookup sid %s\n",
2020                                           string_arg);
2021                                 goto done;
2022                         }
2023                         break;
2024                 case 'R':
2025                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
2026                                 d_fprintf(stderr, "Could not lookup RIDs %s\n",
2027                                           string_arg);
2028                                 goto done;
2029                         }
2030                         break;
2031                 case 'n':
2032                         if (!wbinfo_lookupname(string_arg)) {
2033                                 d_fprintf(stderr, "Could not lookup name %s\n",
2034                                           string_arg);
2035                                 goto done;
2036                         }
2037                         break;
2038                 case 'N':
2039                         if (!wbinfo_wins_byname(string_arg)) {
2040                                 d_fprintf(stderr,
2041                                           "Could not lookup WINS by name %s\n",
2042                                           string_arg);
2043                                 goto done;
2044                         }
2045                         break;
2046                 case 'I':
2047                         if (!wbinfo_wins_byip(string_arg)) {
2048                                 d_fprintf(stderr,
2049                                           "Could not lookup WINS by IP %s\n",
2050                                           string_arg);
2051                                 goto done;
2052                         }
2053                         break;
2054                 case 'U':
2055                         if (!wbinfo_uid_to_sid(int_arg)) {
2056                                 d_fprintf(stderr,
2057                                           "Could not convert uid %d to sid\n",
2058                                           int_arg);
2059                                 goto done;
2060                         }
2061                         break;
2062                 case 'G':
2063                         if (!wbinfo_gid_to_sid(int_arg)) {
2064                                 d_fprintf(stderr,
2065                                           "Could not convert gid %d to sid\n",
2066                                           int_arg);
2067                                 goto done;
2068                         }
2069                         break;
2070                 case 'S':
2071                         if (!wbinfo_sid_to_uid(string_arg)) {
2072                                 d_fprintf(stderr,
2073                                           "Could not convert sid %s to uid\n",
2074                                           string_arg);
2075                                 goto done;
2076                         }
2077                         break;
2078                 case 'Y':
2079                         if (!wbinfo_sid_to_gid(string_arg)) {
2080                                 d_fprintf(stderr,
2081                                           "Could not convert sid %s to gid\n",
2082                                           string_arg);
2083                                 goto done;
2084                         }
2085                         break;
2086                 case OPT_ALLOCATE_UID:
2087                         if (!wbinfo_allocate_uid()) {
2088                                 d_fprintf(stderr, "Could not allocate a uid\n");
2089                                 goto done;
2090                         }
2091                         break;
2092                 case OPT_ALLOCATE_GID:
2093                         if (!wbinfo_allocate_gid()) {
2094                                 d_fprintf(stderr, "Could not allocate a gid\n");
2095                                 goto done;
2096                         }
2097                         break;
2098                 case 't':
2099                         if (!wbinfo_check_secret(opt_domain_name)) {
2100                                 d_fprintf(stderr, "Could not check secret\n");
2101                                 goto done;
2102                         }
2103                         break;
2104                 case 'c':
2105                         if (!wbinfo_change_secret(opt_domain_name)) {
2106                                 d_fprintf(stderr, "Could not change secret\n");
2107                                 goto done;
2108                         }
2109                         break;
2110                 case 'P':
2111                         if (!wbinfo_ping_dc()) {
2112                                 d_fprintf(stderr, "Could not ping our DC\n");
2113                                 goto done;
2114                         }
2115                         break;
2116                 case 'm':
2117                         if (!wbinfo_list_domains(false, verbose)) {
2118                                 d_fprintf(stderr,
2119                                           "Could not list trusted domains\n");
2120                                 goto done;
2121                         }
2122                         break;
2123                 case OPT_SEQUENCE:
2124                         if (!wbinfo_show_sequence(opt_domain_name)) {
2125                                 d_fprintf(stderr,
2126                                           "Could not show sequence numbers\n");
2127                                 goto done;
2128                         }
2129                         break;
2130                 case OPT_ONLINESTATUS:
2131                         if (!wbinfo_show_onlinestatus(opt_domain_name)) {
2132                                 d_fprintf(stderr,
2133                                           "Could not show online-status\n");
2134                                 goto done;
2135                         }
2136                         break;
2137                 case 'D':
2138                         if (!wbinfo_domain_info(string_arg)) {
2139                                 d_fprintf(stderr,
2140                                           "Could not get domain info\n");
2141                                 goto done;
2142                         }
2143                         break;
2144                 case 'i':
2145                         if (!wbinfo_get_userinfo(string_arg)) {
2146                                 d_fprintf(stderr,
2147                                           "Could not get info for user %s\n",
2148                                           string_arg);
2149                                 goto done;
2150                         }
2151                         break;
2152                 case OPT_USER_SIDINFO:
2153                         if ( !wbinfo_get_user_sidinfo(string_arg)) {
2154                                 d_fprintf(stderr,
2155                                           "Could not get info for user "
2156                                           "sid %s\n", string_arg);
2157                                 goto done;
2158                         }
2159                         break;
2160                 case OPT_UID_INFO:
2161                         if ( !wbinfo_get_uidinfo(int_arg)) {
2162                                 d_fprintf(stderr, "Could not get info for uid "
2163                                                 "%d\n", int_arg);
2164                                 goto done;
2165                         }
2166                         break;
2167                 case OPT_GROUP_INFO:
2168                         if ( !wbinfo_get_groupinfo(string_arg)) {
2169                                 d_fprintf(stderr, "Could not get info for "
2170                                           "group %s\n", string_arg);
2171                                 goto done;
2172                         }
2173                         break;
2174                 case OPT_GID_INFO:
2175                         if ( !wbinfo_get_gidinfo(int_arg)) {
2176                                 d_fprintf(stderr, "Could not get info for gid "
2177                                                 "%d\n", int_arg);
2178                                 goto done;
2179                         }
2180                         break;
2181                 case 'r':
2182                         if (!wbinfo_get_usergroups(string_arg)) {
2183                                 d_fprintf(stderr,
2184                                           "Could not get groups for user %s\n",
2185                                           string_arg);
2186                                 goto done;
2187                         }
2188                         break;
2189                 case OPT_USERSIDS:
2190                         if (!wbinfo_get_usersids(string_arg)) {
2191                                 d_fprintf(stderr, "Could not get group SIDs "
2192                                           "for user SID %s\n",
2193                                           string_arg);
2194                                 goto done;
2195                         }
2196                         break;
2197                 case OPT_USERDOMGROUPS:
2198                         if (!wbinfo_get_userdomgroups(string_arg)) {
2199                                 d_fprintf(stderr, "Could not get user's domain "
2200                                          "groups for user SID %s\n",
2201                                          string_arg);
2202                                 goto done;
2203                         }
2204                         break;
2205                 case OPT_SIDALIASES:
2206                         if (!wbinfo_get_sidaliases(opt_domain_name,
2207                                                    string_arg)) {
2208                                 d_fprintf(stderr, "Could not get sid aliases "
2209                                          "for user SID %s\n", string_arg);
2210                                 goto done;
2211                         }
2212                         break;
2213                 case 'a': {
2214                                 bool got_error = false;
2215
2216                                 if (!wbinfo_auth(string_arg)) {
2217                                         d_fprintf(stderr,
2218                                                   "Could not authenticate user "
2219                                                   "%s with plaintext "
2220                                                   "password\n", string_arg);
2221                                         got_error = true;
2222                                 }
2223
2224                                 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
2225                                                       use_lanman)) {
2226                                         d_fprintf(stderr,
2227                                                 "Could not authenticate user "
2228                                                 "%s with challenge/response\n",
2229                                                 string_arg);
2230                                         got_error = true;
2231                                 }
2232
2233                                 if (got_error)
2234                                         goto done;
2235                                 break;
2236                         }
2237                 case OPT_PAM_LOGON:
2238                         if (!wbinfo_pam_logon(string_arg)) {
2239                                 d_fprintf(stderr, "pam_logon failed for %s\n",
2240                                           string_arg);
2241                                 goto done;
2242                         }
2243                         break;
2244                 case OPT_LOGOFF:
2245                 {
2246                         wbcErr wbc_status;
2247
2248                         wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
2249                                                    "");
2250                         d_printf("Logoff %s (%d): %s\n", logoff_user,
2251                                  logoff_uid, wbcErrorString(wbc_status));
2252                         break;
2253                 }
2254                 case 'K': {
2255                                 uint32_t flags = WBFLAG_PAM_KRB5 |
2256                                                  WBFLAG_PAM_CACHED_LOGIN |
2257                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
2258                                                  WBFLAG_PAM_INFO3_TEXT |
2259                                                  WBFLAG_PAM_CONTACT_TRUSTDOM;
2260
2261                                 if (!wbinfo_auth_krb5(string_arg, "FILE",
2262                                                       flags)) {
2263                                         d_fprintf(stderr,
2264                                                 "Could not authenticate user "
2265                                                 "[%s] with Kerberos "
2266                                                 "(ccache: %s)\n", string_arg,
2267                                                 "FILE");
2268                                         goto done;
2269                                 }
2270                                 break;
2271                         }
2272                 case 'k':
2273                         if (!wbinfo_klog(string_arg)) {
2274                                 d_fprintf(stderr, "Could not klog user\n");
2275                                 goto done;
2276                         }
2277                         break;
2278                 case 'p':
2279                         if (!wbinfo_ping()) {
2280                                 d_fprintf(stderr, "could not ping winbindd!\n");
2281                                 goto done;
2282                         }
2283                         break;
2284                 case OPT_SET_AUTH_USER:
2285                         if (!wbinfo_set_auth_user(string_arg)) {
2286                                 goto done;
2287                         }
2288                         break;
2289                 case OPT_GET_AUTH_USER:
2290                         wbinfo_get_auth_user();
2291                         goto done;
2292                         break;
2293                 case OPT_CCACHE_SAVE:
2294                         if (!wbinfo_ccache_save(string_arg)) {
2295                                 goto done;
2296                         }
2297                         break;
2298                 case OPT_GETDCNAME:
2299                         if (!wbinfo_getdcname(string_arg)) {
2300                                 goto done;
2301                         }
2302                         break;
2303                 case OPT_DSGETDCNAME:
2304                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
2305                                 goto done;
2306                         }
2307                         break;
2308                 case OPT_DC_INFO:
2309                         if (!wbinfo_dc_info(string_arg)) {
2310                                 goto done;
2311                         }
2312                         break;
2313                 case OPT_SEPARATOR: {
2314                         const char sep = winbind_separator();
2315                         if ( !sep ) {
2316                                 goto done;
2317                         }
2318                         d_printf("%c\n", sep);
2319                         break;
2320                 }
2321                 case OPT_LIST_ALL_DOMAINS:
2322                         if (!wbinfo_list_domains(true, verbose)) {
2323                                 goto done;
2324                         }
2325                         break;
2326                 case OPT_LIST_OWN_DOMAIN:
2327                         if (!wbinfo_list_own_domain()) {
2328                                 goto done;
2329                         }
2330                         break;
2331                 case OPT_CHANGE_USER_PASSWORD:
2332                         if (!wbinfo_change_user_password(string_arg)) {
2333                                 d_fprintf(stderr,
2334                                         "Could not change user password "
2335                                          "for user %s\n", string_arg);
2336                                 goto done;
2337                         }
2338                         break;
2339
2340                 /* generic configuration options */
2341                 case OPT_DOMAIN_NAME:
2342                 case OPT_VERBOSE:
2343                 case OPT_NTLMV2:
2344                 case OPT_LANMAN:
2345                 case OPT_LOGOFF_USER:
2346                 case OPT_LOGOFF_UID:
2347                         break;
2348                 default:
2349                         d_fprintf(stderr, "Invalid option\n");
2350                         poptPrintHelp(pc, stderr, 0);
2351                         goto done;
2352                 }
2353         }
2354
2355         result = 0;
2356
2357         /* Exit code */
2358
2359  done:
2360         talloc_free(frame);
2361
2362         poptFreeContext(pc);
2363         return result;
2364 }