This might not be used a lot and might not survive for long, but at least it
[samba.git] / source3 / nsswitch / wbinfo.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 2 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program; if not, write to the Free Software
21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25 #include "winbindd.h"
26 #include "debug.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_WINBIND
30
31 extern int winbindd_fd;
32
33 static char winbind_separator(void)
34 {
35         struct winbindd_response response;
36         static BOOL got_sep;
37         static char sep;
38
39         if (got_sep)
40                 return sep;
41
42         ZERO_STRUCT(response);
43
44         /* Send off request */
45
46         if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
47             NSS_STATUS_SUCCESS) {
48                 d_printf("could not obtain winbind separator!\n");
49                 /* HACK: (this module should not call lp_ funtions) */
50                 return *lp_winbind_separator();
51         }
52
53         sep = response.data.info.winbind_separator;
54         got_sep = True;
55
56         if (!sep) {
57                 d_printf("winbind separator was NULL!\n");
58                 /* HACK: (this module should not call lp_ funtions) */
59                 sep = *lp_winbind_separator();
60         }
61         
62         return sep;
63 }
64
65 static const char *get_winbind_domain(void)
66 {
67         struct winbindd_response response;
68         static fstring winbind_domain;
69
70         ZERO_STRUCT(response);
71
72         /* Send off request */
73
74         if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
75             NSS_STATUS_SUCCESS) {
76                 d_printf("could not obtain winbind domain name!\n");
77                 
78                 /* HACK: (this module should not call lp_ funtions) */
79                 return lp_workgroup();
80         }
81
82         fstrcpy(winbind_domain, response.data.domain_name);
83
84         return winbind_domain;
85
86 }
87
88 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
89    form DOMAIN/user into a domain and a user */
90
91 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain, 
92                                      fstring user)
93 {
94
95         char *p = strchr(domuser,winbind_separator());
96
97         if (!p) {
98                 fstrcpy(user, domuser);
99                 fstrcpy(domain, get_winbind_domain());
100                 return True;
101         }
102         
103         fstrcpy(user, p+1);
104         fstrcpy(domain, domuser);
105         domain[PTR_DIFF(p, domuser)] = 0;
106         strupper_m(domain);
107
108         return True;
109 }
110
111 /* List groups a user is a member of */
112
113 static BOOL wbinfo_get_usergroups(char *user)
114 {
115         struct winbindd_request request;
116         struct winbindd_response response;
117         NSS_STATUS result;
118         int i;
119         
120         ZERO_STRUCT(response);
121
122         /* Send request */
123
124         fstrcpy(request.data.username, user);
125
126         result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
127
128         if (result != NSS_STATUS_SUCCESS)
129                 return False;
130
131         for (i = 0; i < response.data.num_entries; i++)
132                 d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
133
134         SAFE_FREE(response.extra_data);
135
136         return True;
137 }
138
139
140 /* List group SIDs a user SID is a member of */
141 static BOOL wbinfo_get_usersids(char *user_sid)
142 {
143         struct winbindd_request request;
144         struct winbindd_response response;
145         NSS_STATUS result;
146         int i;
147         const char *s;
148
149         ZERO_STRUCT(response);
150
151         /* Send request */
152         fstrcpy(request.data.sid, user_sid);
153
154         result = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
155
156         if (result != NSS_STATUS_SUCCESS)
157                 return False;
158
159         s = response.extra_data;
160         for (i = 0; i < response.data.num_entries; i++) {
161                 d_printf("%s\n", s);
162                 s += strlen(s) + 1;
163         }
164
165         SAFE_FREE(response.extra_data);
166
167         return True;
168 }
169
170 /* Convert NetBIOS name to IP */
171
172 static BOOL wbinfo_wins_byname(char *name)
173 {
174         struct winbindd_request request;
175         struct winbindd_response response;
176
177         ZERO_STRUCT(request);
178         ZERO_STRUCT(response);
179
180         /* Send request */
181
182         fstrcpy(request.data.winsreq, name);
183
184         if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
185             NSS_STATUS_SUCCESS) {
186                 return False;
187         }
188
189         /* Display response */
190
191         printf("%s\n", response.data.winsresp);
192
193         return True;
194 }
195
196 /* Convert IP to NetBIOS name */
197
198 static BOOL wbinfo_wins_byip(char *ip)
199 {
200         struct winbindd_request request;
201         struct winbindd_response response;
202
203         ZERO_STRUCT(request);
204         ZERO_STRUCT(response);
205
206         /* Send request */
207
208         fstrcpy(request.data.winsreq, ip);
209
210         if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
211             NSS_STATUS_SUCCESS) {
212                 return False;
213         }
214
215         /* Display response */
216
217         printf("%s\n", response.data.winsresp);
218
219         return True;
220 }
221
222 /* List trusted domains */
223
224 static BOOL wbinfo_list_domains(void)
225 {
226         struct winbindd_response response;
227         fstring name;
228
229         ZERO_STRUCT(response);
230
231         /* Send request */
232
233         if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
234             NSS_STATUS_SUCCESS)
235                 return False;
236
237         /* Display response */
238
239         if (response.extra_data) {
240                 const char *extra_data = (char *)response.extra_data;
241
242                 while(next_token(&extra_data, name, ",", sizeof(fstring)))
243                         d_printf("%s\n", name);
244
245                 SAFE_FREE(response.extra_data);
246         }
247
248         return True;
249 }
250
251
252 /* show sequence numbers */
253 static BOOL wbinfo_show_sequence(const char *domain)
254 {
255         struct winbindd_request  request;
256         struct winbindd_response response;
257
258         ZERO_STRUCT(response);
259         ZERO_STRUCT(request);
260
261         if ( domain )
262                 fstrcpy( request.domain_name, domain );
263
264         /* Send request */
265
266         if (winbindd_request(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
267             NSS_STATUS_SUCCESS)
268                 return False;
269
270         /* Display response */
271
272         if (response.extra_data) {
273                 char *extra_data = (char *)response.extra_data;
274                 d_printf("%s", extra_data);
275                 SAFE_FREE(response.extra_data);
276         }
277
278         return True;
279 }
280
281 /* Show domain info */
282
283 static BOOL wbinfo_domain_info(const char *domain_name)
284 {
285         struct winbindd_request request;
286         struct winbindd_response response;
287
288         ZERO_STRUCT(request);
289         ZERO_STRUCT(response);
290
291         fstrcpy(request.domain_name, domain_name);
292
293         /* Send request */
294
295         if (winbindd_request(WINBINDD_DOMAIN_INFO, &request, &response) !=
296             NSS_STATUS_SUCCESS)
297                 return False;
298
299         /* Display response */
300
301         d_printf("Name              : %s\n", response.data.domain_info.name);
302         d_printf("Alt_Name          : %s\n", response.data.domain_info.alt_name);
303
304         d_printf("SID               : %s\n", response.data.domain_info.sid);
305
306         d_printf("Active Directory  : %s\n",
307                  response.data.domain_info.active_directory ? "Yes" : "No");
308         d_printf("Native            : %s\n",
309                  response.data.domain_info.native_mode ? "Yes" : "No");
310
311         d_printf("Primary           : %s\n",
312                  response.data.domain_info.primary ? "Yes" : "No");
313
314         d_printf("Sequence          : %d\n", response.data.domain_info.sequence_number);
315
316         return True;
317 }
318
319 /* Check trust account password */
320
321 static BOOL wbinfo_check_secret(void)
322 {
323         struct winbindd_response response;
324         NSS_STATUS result;
325
326         ZERO_STRUCT(response);
327
328         result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
329                 
330         d_printf("checking the trust secret via RPC calls %s\n", 
331                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
332
333         if (result != NSS_STATUS_SUCCESS)       
334                 d_printf("error code was %s (0x%x)\n", 
335                          response.data.auth.nt_status_string, 
336                          response.data.auth.nt_status);
337         
338         return result == NSS_STATUS_SUCCESS;    
339 }
340
341 /* Convert uid to sid */
342
343 static BOOL wbinfo_uid_to_sid(uid_t uid)
344 {
345         struct winbindd_request request;
346         struct winbindd_response response;
347
348         ZERO_STRUCT(request);
349         ZERO_STRUCT(response);
350
351         /* Send request */
352
353         request.data.uid = uid;
354
355         if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
356             NSS_STATUS_SUCCESS)
357                 return False;
358
359         /* Display response */
360
361         d_printf("%s\n", response.data.sid.sid);
362
363         return True;
364 }
365
366 /* Convert gid to sid */
367
368 static BOOL wbinfo_gid_to_sid(gid_t gid)
369 {
370         struct winbindd_request request;
371         struct winbindd_response response;
372
373         ZERO_STRUCT(request);
374         ZERO_STRUCT(response);
375
376         /* Send request */
377
378         request.data.gid = gid;
379
380         if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
381             NSS_STATUS_SUCCESS)
382                 return False;
383
384         /* Display response */
385
386         d_printf("%s\n", response.data.sid.sid);
387
388         return True;
389 }
390
391 /* Convert sid to uid */
392
393 static BOOL wbinfo_sid_to_uid(char *sid)
394 {
395         struct winbindd_request request;
396         struct winbindd_response response;
397
398         ZERO_STRUCT(request);
399         ZERO_STRUCT(response);
400
401         /* Send request */
402
403         fstrcpy(request.data.sid, sid);
404
405         if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
406             NSS_STATUS_SUCCESS)
407                 return False;
408
409         /* Display response */
410
411         d_printf("%d\n", (int)response.data.uid);
412
413         return True;
414 }
415
416 static BOOL wbinfo_sid_to_gid(char *sid)
417 {
418         struct winbindd_request request;
419         struct winbindd_response response;
420
421         ZERO_STRUCT(request);
422         ZERO_STRUCT(response);
423
424         /* Send request */
425
426         fstrcpy(request.data.sid, sid);
427
428         if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
429             NSS_STATUS_SUCCESS)
430                 return False;
431
432         /* Display response */
433
434         d_printf("%d\n", (int)response.data.gid);
435
436         return True;
437 }
438
439 /* Convert sid to string */
440
441 static BOOL wbinfo_lookupsid(char *sid)
442 {
443         struct winbindd_request request;
444         struct winbindd_response response;
445
446         ZERO_STRUCT(request);
447         ZERO_STRUCT(response);
448
449         /* Send off request */
450
451         fstrcpy(request.data.sid, sid);
452
453         if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
454             NSS_STATUS_SUCCESS)
455                 return False;
456
457         /* Display response */
458
459         d_printf("%s%c%s %d\n", response.data.name.dom_name, 
460                  winbind_separator(), response.data.name.name, 
461                  response.data.name.type);
462
463         return True;
464 }
465
466 /* Convert string to sid */
467
468 static BOOL wbinfo_lookupname(char *name)
469 {
470         struct winbindd_request request;
471         struct winbindd_response response;
472
473         /* Send off request */
474
475         ZERO_STRUCT(request);
476         ZERO_STRUCT(response);
477
478         parse_wbinfo_domain_user(name, request.data.name.dom_name, 
479                                  request.data.name.name);
480
481         if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
482             NSS_STATUS_SUCCESS)
483                 return False;
484
485         /* Display response */
486
487         d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
488
489         return True;
490 }
491
492 /* Authenticate a user with a plaintext password */
493
494 static BOOL wbinfo_auth(char *username)
495 {
496         struct winbindd_request request;
497         struct winbindd_response response;
498         NSS_STATUS result;
499         char *p;
500
501         /* Send off request */
502
503         ZERO_STRUCT(request);
504         ZERO_STRUCT(response);
505
506         p = strchr(username, '%');
507
508         if (p) {
509                 *p = 0;
510                 fstrcpy(request.data.auth.user, username);
511                 fstrcpy(request.data.auth.pass, p + 1);
512                 *p = '%';
513         } else
514                 fstrcpy(request.data.auth.user, username);
515
516         result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
517
518         /* Display response */
519
520         d_printf("plaintext password authentication %s\n", 
521                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
522
523         if (response.data.auth.nt_status)
524                 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
525                          response.data.auth.nt_status_string, 
526                          response.data.auth.nt_status,
527                          response.data.auth.error_string);
528
529         return result == NSS_STATUS_SUCCESS;
530 }
531
532 /* Authenticate a user with a challenge/response */
533
534 static BOOL wbinfo_auth_crap(char *username)
535 {
536         struct winbindd_request request;
537         struct winbindd_response response;
538         NSS_STATUS result;
539         fstring name_user;
540         fstring name_domain;
541         fstring pass;
542         char *p;
543
544         /* Send off request */
545
546         ZERO_STRUCT(request);
547         ZERO_STRUCT(response);
548
549         p = strchr(username, '%');
550
551         if (p) {
552                 *p = 0;
553                 fstrcpy(pass, p + 1);
554         }
555                 
556         parse_wbinfo_domain_user(username, name_domain, name_user);
557
558         if (push_utf8_fstring(request.data.auth_crap.user, name_user) == -1) {
559                 d_printf("unable to create utf8 string for '%s'\n",
560                          name_user);
561                 return False;
562         }
563
564         if (push_utf8_fstring(request.data.auth_crap.domain, 
565                               name_domain) == -1) {
566                 d_printf("unable to create utf8 string for '%s'\n",
567                          name_domain);
568                 return False;
569         }
570
571         generate_random_buffer(request.data.auth_crap.chal, 8, False);
572         
573         SMBencrypt(pass, request.data.auth_crap.chal, 
574                    (uchar *)request.data.auth_crap.lm_resp);
575         SMBNTencrypt(pass, request.data.auth_crap.chal,
576                      (uchar *)request.data.auth_crap.nt_resp);
577
578         request.data.auth_crap.lm_resp_len = 24;
579         request.data.auth_crap.nt_resp_len = 24;
580
581         result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
582
583         /* Display response */
584
585         d_printf("challenge/response password authentication %s\n", 
586                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
587
588         if (response.data.auth.nt_status)
589                 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
590                          response.data.auth.nt_status_string, 
591                          response.data.auth.nt_status,
592                          response.data.auth.error_string);
593
594         return result == NSS_STATUS_SUCCESS;
595 }
596
597 /******************************************************************
598  create a winbindd user
599 ******************************************************************/
600
601 static BOOL wbinfo_create_user(char *username)
602 {
603         struct winbindd_request request;
604         struct winbindd_response response;
605         NSS_STATUS result;
606
607         /* Send off request */
608
609         ZERO_STRUCT(request);
610         ZERO_STRUCT(response);
611
612         request.flags = WBFLAG_ALLOCATE_RID;
613         fstrcpy(request.data.acct_mgt.username, username);
614
615         result = winbindd_request(WINBINDD_CREATE_USER, &request, &response);
616         
617         if ( result == NSS_STATUS_SUCCESS )
618                 d_printf("New RID is %d\n", response.data.rid);
619         
620         return result == NSS_STATUS_SUCCESS;
621 }
622
623 /******************************************************************
624  remove a winbindd user
625 ******************************************************************/
626
627 static BOOL wbinfo_delete_user(char *username)
628 {
629         struct winbindd_request request;
630         struct winbindd_response response;
631         NSS_STATUS result;
632
633         /* Send off request */
634
635         ZERO_STRUCT(request);
636         ZERO_STRUCT(response);
637
638         fstrcpy(request.data.acct_mgt.username, username);
639
640         result = winbindd_request(WINBINDD_DELETE_USER, &request, &response);
641         
642         return result == NSS_STATUS_SUCCESS;
643 }
644
645 /******************************************************************
646  create a winbindd group
647 ******************************************************************/
648
649 static BOOL wbinfo_create_group(char *groupname)
650 {
651         struct winbindd_request request;
652         struct winbindd_response response;
653         NSS_STATUS result;
654
655         /* Send off request */
656
657         ZERO_STRUCT(request);
658         ZERO_STRUCT(response);
659
660         fstrcpy(request.data.acct_mgt.groupname, groupname);
661
662         result = winbindd_request(WINBINDD_CREATE_GROUP, &request, &response);
663         
664         return result == NSS_STATUS_SUCCESS;
665 }
666
667 /******************************************************************
668  remove a winbindd group
669 ******************************************************************/
670
671 static BOOL wbinfo_delete_group(char *groupname)
672 {
673         struct winbindd_request request;
674         struct winbindd_response response;
675         NSS_STATUS result;
676
677         /* Send off request */
678
679         ZERO_STRUCT(request);
680         ZERO_STRUCT(response);
681
682         fstrcpy(request.data.acct_mgt.groupname, groupname);
683
684         result = winbindd_request(WINBINDD_DELETE_GROUP, &request, &response);
685         
686         return result == NSS_STATUS_SUCCESS;
687 }
688
689 /******************************************************************
690  parse a string in the form user:group
691 ******************************************************************/
692
693 static BOOL parse_user_group( const char *string, fstring user, fstring group )
694 {
695         char *p;
696         
697         if ( !string )
698                 return False;
699         
700         if ( !(p = strchr( string, ':' )) )
701                 return False;
702                 
703         *p = '\0';
704         p++;
705         
706         fstrcpy( user, string );
707         fstrcpy( group, p );
708         
709         return True;
710 }
711
712 /******************************************************************
713  add a user to a winbindd group
714 ******************************************************************/
715
716 static BOOL wbinfo_add_user_to_group(char *string)
717 {
718         struct winbindd_request request;
719         struct winbindd_response response;
720         NSS_STATUS result;
721
722         /* Send off request */
723
724         ZERO_STRUCT(request);
725         ZERO_STRUCT(response);
726
727         if ( !parse_user_group( string, request.data.acct_mgt.username,
728                 request.data.acct_mgt.groupname))
729         {
730                 d_printf("Can't parse user:group from %s\n", string);
731                 return False;
732         }
733
734         result = winbindd_request(WINBINDD_ADD_USER_TO_GROUP, &request, &response);
735         
736         return result == NSS_STATUS_SUCCESS;
737 }
738
739 /******************************************************************
740  remove a user from a winbindd group
741 ******************************************************************/
742
743 static BOOL wbinfo_remove_user_from_group(char *string)
744 {
745         struct winbindd_request request;
746         struct winbindd_response response;
747         NSS_STATUS result;
748
749         /* Send off request */
750
751         ZERO_STRUCT(request);
752         ZERO_STRUCT(response);
753
754         if ( !parse_user_group( string, request.data.acct_mgt.username,
755                 request.data.acct_mgt.groupname))
756         {
757                 d_printf("Can't parse user:group from %s\n", string);
758                 return False;
759         }
760
761         result = winbindd_request(WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
762         
763         return result == NSS_STATUS_SUCCESS;
764 }
765
766 /* Print domain users */
767
768 static BOOL print_domain_users(const char *domain)
769 {
770         struct winbindd_request request;
771         struct winbindd_response response;
772         const char *extra_data;
773         fstring name;
774
775         /* Send request to winbind daemon */
776
777         ZERO_STRUCT(request);
778         ZERO_STRUCT(response);
779         
780         if (domain) {
781                 /* '.' is the special sign for our own domwin */
782                 if ( strequal(domain, ".") )
783                         fstrcpy( request.domain_name, lp_workgroup() );
784                 else
785                         fstrcpy( request.domain_name, domain );
786         }
787
788         if (winbindd_request(WINBINDD_LIST_USERS, &request, &response) !=
789             NSS_STATUS_SUCCESS)
790                 return False;
791
792         /* Look through extra data */
793
794         if (!response.extra_data)
795                 return False;
796
797         extra_data = (const char *)response.extra_data;
798
799         while(next_token(&extra_data, name, ",", sizeof(fstring)))
800                 d_printf("%s\n", name);
801         
802         SAFE_FREE(response.extra_data);
803
804         return True;
805 }
806
807 /* Print domain groups */
808
809 static BOOL print_domain_groups(const char *domain)
810 {
811         struct winbindd_request  request;
812         struct winbindd_response response;
813         const char *extra_data;
814         fstring name;
815
816         ZERO_STRUCT(request);
817         ZERO_STRUCT(response);
818
819         if (domain) {
820                 if ( strequal(domain, ".") )
821                         fstrcpy( request.domain_name, lp_workgroup() );
822                 else
823                         fstrcpy( request.domain_name, domain );
824         }
825
826         if (winbindd_request(WINBINDD_LIST_GROUPS, &request, &response) !=
827             NSS_STATUS_SUCCESS)
828                 return False;
829
830         /* Look through extra data */
831
832         if (!response.extra_data)
833                 return False;
834
835         extra_data = (const char *)response.extra_data;
836
837         while(next_token(&extra_data, name, ",", sizeof(fstring)))
838                 d_printf("%s\n", name);
839
840         SAFE_FREE(response.extra_data);
841         
842         return True;
843 }
844
845 /* Set the authorised user for winbindd access in secrets.tdb */
846
847 static BOOL wbinfo_set_auth_user(char *username)
848 {
849         char *password;
850         fstring user, domain;
851
852         /* Separate into user and password */
853
854         parse_wbinfo_domain_user(username, domain, user);
855
856         password = strchr(user, '%');
857
858         if (password) {
859                 *password = 0;
860                 password++;
861         } else {
862                 char *thepass = getpass("Password: ");
863                 if (thepass) {
864                         password = thepass;     
865                 } else
866                         password = "";
867         }
868
869         /* Store or remove DOMAIN\username%password in secrets.tdb */
870
871         secrets_init();
872
873         if (user[0]) {
874
875                 if (!secrets_store(SECRETS_AUTH_USER, user,
876                                    strlen(user) + 1)) {
877                         d_fprintf(stderr, "error storing username\n");
878                         return False;
879                 }
880
881                 /* We always have a domain name added by the
882                    parse_wbinfo_domain_user() function. */
883
884                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
885                                    strlen(domain) + 1)) {
886                         d_fprintf(stderr, "error storing domain name\n");
887                         return False;
888                 }
889
890         } else {
891                 secrets_delete(SECRETS_AUTH_USER);
892                 secrets_delete(SECRETS_AUTH_DOMAIN);
893         }
894
895         if (password[0]) {
896
897                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
898                                    strlen(password) + 1)) {
899                         d_fprintf(stderr, "error storing password\n");
900                         return False;
901                 }
902
903         } else
904                 secrets_delete(SECRETS_AUTH_PASSWORD);
905
906         return True;
907 }
908
909 static void wbinfo_get_auth_user(void)
910 {
911         char *user, *domain, *password;
912
913         /* Lift data from secrets file */
914         
915         secrets_fetch_ipc_userpass(&user, &domain, &password);
916
917         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
918
919                 SAFE_FREE(user);
920                 SAFE_FREE(domain);
921                 SAFE_FREE(password);
922                 d_printf("No authorised user configured\n");
923                 return;
924         }
925
926         /* Pretty print authorised user info */
927
928         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
929                  user, password ? "%" : "", password ? password : "");
930
931         SAFE_FREE(user);
932         SAFE_FREE(domain);
933         SAFE_FREE(password);
934 }
935
936 static BOOL wbinfo_ping(void)
937 {
938         NSS_STATUS result;
939
940         result = winbindd_request(WINBINDD_PING, NULL, NULL);
941
942         /* Display response */
943
944         d_printf("Ping to winbindd %s on fd %d\n", 
945                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
946
947         return result == NSS_STATUS_SUCCESS;
948 }
949
950 /* Main program */
951
952 enum {
953         OPT_SET_AUTH_USER = 1000,
954         OPT_GET_AUTH_USER,
955         OPT_DOMAIN_NAME,
956         OPT_SEQUENCE,
957         OPT_USERSIDS
958 };
959
960 int main(int argc, char **argv)
961 {
962         int opt;
963
964         poptContext pc;
965         static char *string_arg;
966         static char *opt_domain_name;
967         static int int_arg;
968         int result = 1;
969
970         struct poptOption long_options[] = {
971                 POPT_AUTOHELP
972
973                 /* longName, shortName, argInfo, argPtr, value, descrip, 
974                    argDesc */
975
976                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
977                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
978                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
979                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
980                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
981                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
982                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
983                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
984                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
985                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
986                 { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" },
987                 { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" },
988                 { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" },
989                 { "delete-group", 'X', POPT_ARG_STRING, &string_arg, 'X', "Delete a local group", "name" },
990                 { "add-to-group", 'o', POPT_ARG_STRING, &string_arg, 'o', "Add user to group", "user:group" },
991                 { "del-from-group", 'O', POPT_ARG_STRING, &string_arg, 'O', "Remove user from group", "user:group" },
992                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
993                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
994                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
995                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
996                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
997                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
998                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
999                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1000                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1001                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1002                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1003                 POPT_COMMON_VERSION
1004                 POPT_TABLEEND
1005         };
1006
1007         /* Samba client initialisation */
1008
1009         if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
1010                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1011                         dyn_CONFIGFILE, strerror(errno));
1012                 exit(1);
1013         }
1014
1015         if (!init_names())
1016                 return 1;
1017
1018         load_interfaces();
1019
1020         /* Parse options */
1021
1022         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1023
1024         /* Parse command line options */
1025
1026         if (argc == 1) {
1027                 poptPrintHelp(pc, stderr, 0);
1028                 return 1;
1029         }
1030
1031         while((opt = poptGetNextOpt(pc)) != -1) {
1032                 /* get the generic configuration parameters like --domain */
1033         }
1034
1035         poptFreeContext(pc);
1036
1037         pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
1038                             POPT_CONTEXT_KEEP_FIRST);
1039
1040         while((opt = poptGetNextOpt(pc)) != -1) {
1041                 switch (opt) {
1042                 case 'u':
1043                         if (!print_domain_users(opt_domain_name)) {
1044                                 d_printf("Error looking up domain users\n");
1045                                 goto done;
1046                         }
1047                         break;
1048                 case 'g':
1049                         if (!print_domain_groups(opt_domain_name)) {
1050                                 d_printf("Error looking up domain groups\n");
1051                                 goto done;
1052                         }
1053                         break;
1054                 case 's':
1055                         if (!wbinfo_lookupsid(string_arg)) {
1056                                 d_printf("Could not lookup sid %s\n", string_arg);
1057                                 goto done;
1058                         }
1059                         break;
1060                 case 'n':
1061                         if (!wbinfo_lookupname(string_arg)) {
1062                                 d_printf("Could not lookup name %s\n", string_arg);
1063                                 goto done;
1064                         }
1065                         break;
1066                 case 'N':
1067                         if (!wbinfo_wins_byname(string_arg)) {
1068                                 d_printf("Could not lookup WINS by name %s\n", string_arg);
1069                                 goto done;
1070                         }
1071                         break;
1072                 case 'I':
1073                         if (!wbinfo_wins_byip(string_arg)) {
1074                                 d_printf("Could not lookup WINS by IP %s\n", string_arg);
1075                                 goto done;
1076                         }
1077                         break;
1078                 case 'U':
1079                         if (!wbinfo_uid_to_sid(int_arg)) {
1080                                 d_printf("Could not convert uid %d to sid\n", int_arg);
1081                                 goto done;
1082                         }
1083                         break;
1084                 case 'G':
1085                         if (!wbinfo_gid_to_sid(int_arg)) {
1086                                 d_printf("Could not convert gid %d to sid\n",
1087                                        int_arg);
1088                                 goto done;
1089                         }
1090                         break;
1091                 case 'S':
1092                         if (!wbinfo_sid_to_uid(string_arg)) {
1093                                 d_printf("Could not convert sid %s to uid\n",
1094                                        string_arg);
1095                                 goto done;
1096                         }
1097                         break;
1098                 case 'Y':
1099                         if (!wbinfo_sid_to_gid(string_arg)) {
1100                                 d_printf("Could not convert sid %s to gid\n",
1101                                        string_arg);
1102                                 goto done;
1103                         }
1104                         break;
1105                 case 't':
1106                         if (!wbinfo_check_secret()) {
1107                                 d_printf("Could not check secret\n");
1108                                 goto done;
1109                         }
1110                         break;
1111                 case 'm':
1112                         if (!wbinfo_list_domains()) {
1113                                 d_printf("Could not list trusted domains\n");
1114                                 goto done;
1115                         }
1116                         break;
1117                 case OPT_SEQUENCE:
1118                         if (!wbinfo_show_sequence(opt_domain_name)) {
1119                                 d_printf("Could not show sequence numbers\n");
1120                                 goto done;
1121                         }
1122                         break;
1123                 case 'D':
1124                         if (!wbinfo_domain_info(string_arg)) {
1125                                 d_printf("Could not get domain info\n");
1126                                 goto done;
1127                         }
1128                         break;
1129                 case 'r':
1130                         if (!wbinfo_get_usergroups(string_arg)) {
1131                                 d_printf("Could not get groups for user %s\n", 
1132                                        string_arg);
1133                                 goto done;
1134                         }
1135                         break;
1136                 case OPT_USERSIDS:
1137                         if (!wbinfo_get_usersids(string_arg)) {
1138                                 d_printf("Could not get group SIDs for user SID %s\n", 
1139                                        string_arg);
1140                                 goto done;
1141                         }
1142                         break;
1143                 case 'a': {
1144                                 BOOL got_error = False;
1145
1146                                 if (!wbinfo_auth(string_arg)) {
1147                                         d_printf("Could not authenticate user %s with "
1148                                                 "plaintext password\n", string_arg);
1149                                         got_error = True;
1150                                 }
1151
1152                                 if (!wbinfo_auth_crap(string_arg)) {
1153                                         d_printf("Could not authenticate user %s with "
1154                                                 "challenge/response\n", string_arg);
1155                                         got_error = True;
1156                                 }
1157
1158                                 if (got_error)
1159                                         goto done;
1160                                 break;
1161                         }
1162                 case 'c':
1163                         if ( !wbinfo_create_user(string_arg) ) {
1164                                 d_printf("Could not create user account\n");
1165                                 goto done;
1166                         }
1167                         break;
1168                 case 'C':
1169                         if ( !wbinfo_create_group(string_arg) ) {
1170                                 d_printf("Could not create group\n");
1171                                 goto done;
1172                         }
1173                         break;
1174                 case 'o':
1175                         if ( !wbinfo_add_user_to_group(string_arg) ) {
1176                                 d_printf("Could not add user to group\n");
1177                                 goto done;
1178                         }
1179                         break;
1180                 case 'O':
1181                         if ( !wbinfo_remove_user_from_group(string_arg) ) {
1182                                 d_printf("Could not remove user from group\n");
1183                                 goto done;
1184                         }
1185                         break;
1186                 case 'x':
1187                         if ( !wbinfo_delete_user(string_arg) ) {
1188                                 d_printf("Could not delete user account\n");
1189                                 goto done;
1190                         }
1191                         break;
1192                 case 'X':
1193                         if ( !wbinfo_delete_group(string_arg) ) {
1194                                 d_printf("Could not delete group\n");
1195                                 goto done;
1196                         }
1197                         break;
1198                 case 'p':
1199                         if (!wbinfo_ping()) {
1200                                 d_printf("could not ping winbindd!\n");
1201                                 goto done;
1202                         }
1203                         break;
1204                 case OPT_SET_AUTH_USER:
1205                         wbinfo_set_auth_user(string_arg);
1206                         break;
1207                 case OPT_GET_AUTH_USER:
1208                         wbinfo_get_auth_user();
1209                         break;
1210                 /* generic configuration options */
1211                 case OPT_DOMAIN_NAME:
1212                         break;
1213                 default:
1214                         d_fprintf(stderr, "Invalid option\n");
1215                         poptPrintHelp(pc, stderr, 0);
1216                         goto done;
1217                 }
1218         }
1219
1220         result = 0;
1221
1222         /* Exit code */
1223
1224  done:
1225         poptFreeContext(pc);
1226         return result;
1227 }