2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2002
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 extern int winbindd_fd;
33 static char winbind_separator(void)
35 struct winbindd_response response;
42 ZERO_STRUCT(response);
44 /* Send off request */
46 if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
48 d_printf("could not obtain winbind separator!\n");
49 /* HACK: (this module should not call lp_ funtions) */
50 return *lp_winbind_separator();
53 sep = response.data.info.winbind_separator;
57 d_printf("winbind separator was NULL!\n");
58 /* HACK: (this module should not call lp_ funtions) */
59 sep = *lp_winbind_separator();
65 static char *get_winbind_domain(void)
67 struct winbindd_response response;
68 static fstring winbind_domain;
70 ZERO_STRUCT(response);
72 /* Send off request */
74 if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
76 d_printf("could not obtain winbind domain name!\n");
78 /* HACK: (this module should not call lp_ funtions) */
79 return lp_workgroup();
82 fstrcpy(winbind_domain, response.data.domain_name);
84 return winbind_domain;
88 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
89 form DOMAIN/user into a domain and a user */
91 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain,
95 char *p = strchr(domuser,winbind_separator());
98 fstrcpy(user, domuser);
99 fstrcpy(domain, get_winbind_domain());
104 fstrcpy(domain, domuser);
105 domain[PTR_DIFF(p, domuser)] = 0;
111 /* List groups a user is a member of */
113 static BOOL wbinfo_get_usergroups(char *user)
115 struct winbindd_request request;
116 struct winbindd_response response;
120 ZERO_STRUCT(response);
124 fstrcpy(request.data.username, user);
126 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
128 if (result != NSS_STATUS_SUCCESS)
131 for (i = 0; i < response.data.num_entries; i++)
132 d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
134 SAFE_FREE(response.extra_data);
139 /* Convert NetBIOS name to IP */
141 static BOOL wbinfo_wins_byname(char *name)
143 struct winbindd_request request;
144 struct winbindd_response response;
146 ZERO_STRUCT(request);
147 ZERO_STRUCT(response);
151 fstrcpy(request.data.winsreq, name);
153 if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
154 NSS_STATUS_SUCCESS) {
158 /* Display response */
160 printf("%s\n", response.data.winsresp);
165 /* Convert IP to NetBIOS name */
167 static BOOL wbinfo_wins_byip(char *ip)
169 struct winbindd_request request;
170 struct winbindd_response response;
172 ZERO_STRUCT(request);
173 ZERO_STRUCT(response);
177 fstrcpy(request.data.winsreq, ip);
179 if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
180 NSS_STATUS_SUCCESS) {
184 /* Display response */
186 printf("%s\n", response.data.winsresp);
191 /* List trusted domains */
193 static BOOL wbinfo_list_domains(void)
195 struct winbindd_response response;
198 ZERO_STRUCT(response);
202 if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
206 /* Display response */
208 if (response.extra_data) {
209 char *extra_data = (char *)response.extra_data;
211 while(next_token(&extra_data, name, ",", sizeof(fstring)))
212 d_printf("%s\n", name);
214 SAFE_FREE(response.extra_data);
221 /* show sequence numbers */
222 static BOOL wbinfo_show_sequence(void)
224 struct winbindd_response response;
226 ZERO_STRUCT(response);
230 if (winbindd_request(WINBINDD_SHOW_SEQUENCE, NULL, &response) !=
234 /* Display response */
236 if (response.extra_data) {
237 char *extra_data = (char *)response.extra_data;
238 d_printf("%s", extra_data);
239 SAFE_FREE(response.extra_data);
245 /* Check trust account password */
247 static BOOL wbinfo_check_secret(void)
249 struct winbindd_response response;
252 ZERO_STRUCT(response);
254 result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
256 d_printf("checking the trust secret via RPC calls %s\n",
257 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
259 if (result != NSS_STATUS_SUCCESS)
260 d_printf("error code was %s (0x%x)\n",
261 response.data.auth.nt_status_string,
262 response.data.auth.nt_status);
264 return result == NSS_STATUS_SUCCESS;
267 /* Convert uid to sid */
269 static BOOL wbinfo_uid_to_sid(uid_t uid)
271 struct winbindd_request request;
272 struct winbindd_response response;
274 ZERO_STRUCT(request);
275 ZERO_STRUCT(response);
279 request.data.uid = uid;
281 if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
285 /* Display response */
287 d_printf("%s\n", response.data.sid.sid);
292 /* Convert gid to sid */
294 static BOOL wbinfo_gid_to_sid(gid_t gid)
296 struct winbindd_request request;
297 struct winbindd_response response;
299 ZERO_STRUCT(request);
300 ZERO_STRUCT(response);
304 request.data.gid = gid;
306 if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
310 /* Display response */
312 d_printf("%s\n", response.data.sid.sid);
317 /* Convert sid to uid */
319 static BOOL wbinfo_sid_to_uid(char *sid)
321 struct winbindd_request request;
322 struct winbindd_response response;
324 ZERO_STRUCT(request);
325 ZERO_STRUCT(response);
329 fstrcpy(request.data.sid, sid);
331 if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
335 /* Display response */
337 d_printf("%d\n", (int)response.data.uid);
342 static BOOL wbinfo_sid_to_gid(char *sid)
344 struct winbindd_request request;
345 struct winbindd_response response;
347 ZERO_STRUCT(request);
348 ZERO_STRUCT(response);
352 fstrcpy(request.data.sid, sid);
354 if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
358 /* Display response */
360 d_printf("%d\n", (int)response.data.gid);
365 /* Convert sid to string */
367 static BOOL wbinfo_lookupsid(char *sid)
369 struct winbindd_request request;
370 struct winbindd_response response;
372 ZERO_STRUCT(request);
373 ZERO_STRUCT(response);
375 /* Send off request */
377 fstrcpy(request.data.sid, sid);
379 if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
383 /* Display response */
385 d_printf("%s%c%s %d\n", response.data.name.dom_name,
386 winbind_separator(), response.data.name.name,
387 response.data.name.type);
392 /* Convert string to sid */
394 static BOOL wbinfo_lookupname(char *name)
396 struct winbindd_request request;
397 struct winbindd_response response;
399 /* Send off request */
401 ZERO_STRUCT(request);
402 ZERO_STRUCT(response);
404 parse_wbinfo_domain_user(name, request.data.name.dom_name,
405 request.data.name.name);
407 if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
411 /* Display response */
413 d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type);
418 /* Authenticate a user with a plaintext password */
420 static BOOL wbinfo_auth(char *username)
422 struct winbindd_request request;
423 struct winbindd_response response;
425 fstring name_user, name_domain;
428 /* Send off request */
430 ZERO_STRUCT(request);
431 ZERO_STRUCT(response);
433 p = strchr(username, '%');
437 fstrcpy(request.data.auth.pass, p + 1);
440 parse_wbinfo_domain_user(username, name_domain, name_user);
445 fstrcpy(request.data.auth.user, name_user);
446 fstrcpy(request.data.auth.domain, name_domain);
448 result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
450 /* Display response */
452 d_printf("plaintext password authentication %s\n",
453 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
455 if (response.data.auth.nt_status)
456 d_printf("error code was %s (0x%x)\n",
457 response.data.auth.nt_status_string,
458 response.data.auth.nt_status);
460 return result == NSS_STATUS_SUCCESS;
463 /* Authenticate a user with a challenge/response */
465 static BOOL wbinfo_auth_crap(char *username)
467 struct winbindd_request request;
468 struct winbindd_response response;
475 /* Send off request */
477 ZERO_STRUCT(request);
478 ZERO_STRUCT(response);
480 p = strchr(username, '%');
484 fstrcpy(pass, p + 1);
487 parse_wbinfo_domain_user(username, name_domain, name_user);
492 fstrcpy(request.data.auth_crap.user, name_user);
493 fstrcpy(request.data.auth_crap.domain, name_domain);
495 generate_random_buffer(request.data.auth_crap.chal, 8, False);
497 SMBencrypt(pass, request.data.auth_crap.chal,
498 (uchar *)request.data.auth_crap.lm_resp);
499 SMBNTencrypt(pass, request.data.auth_crap.chal,
500 (uchar *)request.data.auth_crap.nt_resp);
502 request.data.auth_crap.lm_resp_len = 24;
503 request.data.auth_crap.nt_resp_len = 24;
505 result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
507 /* Display response */
509 d_printf("challenge/response password authentication %s\n",
510 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
512 if (response.data.auth.nt_status)
513 d_printf("error code was %s (0x%x)\n",
514 response.data.auth.nt_status_string,
515 response.data.auth.nt_status);
517 return result == NSS_STATUS_SUCCESS;
520 /* Print domain users */
522 static BOOL print_domain_users(void)
524 struct winbindd_response response;
528 /* Send request to winbind daemon */
530 ZERO_STRUCT(response);
532 if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response) !=
536 /* Look through extra data */
538 if (!response.extra_data)
541 extra_data = (char *)response.extra_data;
543 while(next_token(&extra_data, name, ",", sizeof(fstring)))
544 d_printf("%s\n", name);
546 SAFE_FREE(response.extra_data);
551 /* Print domain groups */
553 static BOOL print_domain_groups(void)
555 struct winbindd_response response;
559 ZERO_STRUCT(response);
561 if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response) !=
565 /* Look through extra data */
567 if (!response.extra_data)
570 extra_data = (char *)response.extra_data;
572 while(next_token(&extra_data, name, ",", sizeof(fstring)))
573 d_printf("%s\n", name);
575 SAFE_FREE(response.extra_data);
580 /* Set the authorised user for winbindd access in secrets.tdb */
582 static BOOL wbinfo_set_auth_user(char *username)
585 fstring user, domain;
587 /* Separate into user and password */
589 parse_wbinfo_domain_user(username, domain, user);
591 password = strchr(user, '%');
599 /* Store in secrets.tdb */
601 if (!secrets_store(SECRETS_AUTH_USER, user,
603 !secrets_store(SECRETS_AUTH_DOMAIN, domain,
604 strlen(domain) + 1) ||
605 !secrets_store(SECRETS_AUTH_PASSWORD, password,
606 strlen(password) + 1)) {
607 d_fprintf(stderr, "error storing authenticated user info\n");
614 static BOOL wbinfo_ping(void)
618 result = winbindd_request(WINBINDD_PING, NULL, NULL);
620 /* Display response */
622 d_printf("'ping' to winbindd %s on fd %d\n",
623 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
625 return result == NSS_STATUS_SUCCESS;
631 OPT_SET_AUTH_USER = 1000,
635 int main(int argc, char **argv)
637 extern pstring global_myname;
641 static char *string_arg;
643 BOOL got_command = False;
646 struct poptOption long_options[] = {
649 /* longName, shortName, argInfo, argPtr, value, descrip,
652 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
653 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
654 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)" },
655 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)" },
656 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid" },
657 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name" },
658 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" },
659 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid" },
660 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid" },
661 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid" },
662 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
663 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
664 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" },
665 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups" },
666 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
667 { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
668 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
672 /* Samba client initialisation */
674 if (!*global_myname) {
677 fstrcpy(global_myname, myhostname());
678 p = strchr(global_myname, '.');
683 if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
684 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
685 dyn_CONFIGFILE, strerror(errno));
693 pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
695 /* Parse command line options */
698 poptPrintHelp(pc, stderr, 0);
702 while((opt = poptGetNextOpt(pc)) != -1) {
704 d_fprintf(stderr, "No more than one command may be specified at once.\n");
712 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
713 POPT_CONTEXT_KEEP_FIRST);
715 while((opt = poptGetNextOpt(pc)) != -1) {
718 if (!print_domain_users()) {
719 d_printf("Error looking up domain users\n");
724 if (!print_domain_groups()) {
725 d_printf("Error looking up domain groups\n");
730 if (!wbinfo_lookupsid(string_arg)) {
731 d_printf("Could not lookup sid %s\n", string_arg);
736 if (!wbinfo_lookupname(string_arg)) {
737 d_printf("Could not lookup name %s\n", string_arg);
742 if (!wbinfo_wins_byname(string_arg)) {
743 d_printf("Could not lookup WINS by name %s\n", string_arg);
748 if (!wbinfo_wins_byip(string_arg)) {
749 d_printf("Could not lookup WINS by IP %s\n", string_arg);
754 if (!wbinfo_uid_to_sid(int_arg)) {
755 d_printf("Could not convert uid %d to sid\n", int_arg);
760 if (!wbinfo_gid_to_sid(int_arg)) {
761 d_printf("Could not convert gid %d to sid\n",
767 if (!wbinfo_sid_to_uid(string_arg)) {
768 d_printf("Could not convert sid %s to uid\n",
774 if (!wbinfo_sid_to_gid(string_arg)) {
775 d_printf("Could not convert sid %s to gid\n",
781 if (!wbinfo_check_secret()) {
782 d_printf("Could not check secret\n");
787 if (!wbinfo_list_domains()) {
788 d_printf("Could not list trusted domains\n");
793 if (!wbinfo_show_sequence()) {
794 d_printf("Could not show sequence numbers\n");
799 if (!wbinfo_get_usergroups(string_arg)) {
800 d_printf("Could not get groups for user %s\n",
806 BOOL got_error = False;
808 if (!wbinfo_auth(string_arg)) {
809 d_printf("Could not authenticate user %s with "
810 "plaintext password\n", string_arg);
814 if (!wbinfo_auth_crap(string_arg)) {
815 d_printf("Could not authenticate user %s with "
816 "challenge/response\n", string_arg);
826 if (!wbinfo_ping()) {
827 d_printf("could not ping winbindd!\n");
832 case OPT_SET_AUTH_USER:
833 if (!(wbinfo_set_auth_user(string_arg)))
837 d_fprintf(stderr, "Invalid option\n");
838 poptPrintHelp(pc, stderr, 0);
git.samba.org / sfrench / samba-autobuild / .git / blob