2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2002
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 extern int winbindd_fd;
33 static char winbind_separator(void)
35 struct winbindd_response response;
42 ZERO_STRUCT(response);
44 /* Send off request */
46 if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
48 d_printf("could not obtain winbind separator!\n");
49 /* HACK: (this module should not call lp_ funtions) */
50 return *lp_winbind_separator();
53 sep = response.data.info.winbind_separator;
57 d_printf("winbind separator was NULL!\n");
58 /* HACK: (this module should not call lp_ funtions) */
59 sep = *lp_winbind_separator();
65 static char *get_winbind_domain(void)
67 struct winbindd_response response;
68 static fstring winbind_domain;
70 ZERO_STRUCT(response);
72 /* Send off request */
74 if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
76 d_printf("could not obtain winbind domain name!\n");
78 /* HACK: (this module should not call lp_ funtions) */
79 return lp_workgroup();
82 fstrcpy(winbind_domain, response.data.domain_name);
84 return winbind_domain;
88 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
89 form DOMAIN/user into a domain and a user */
91 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain,
95 char *p = strchr(domuser,winbind_separator());
98 fstrcpy(user, domuser);
99 fstrcpy(domain, get_winbind_domain());
104 fstrcpy(domain, domuser);
105 domain[PTR_DIFF(p, domuser)] = 0;
111 /* List groups a user is a member of */
113 static BOOL wbinfo_get_usergroups(char *user)
115 struct winbindd_request request;
116 struct winbindd_response response;
120 ZERO_STRUCT(response);
124 fstrcpy(request.data.username, user);
126 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
128 if (result != NSS_STATUS_SUCCESS)
131 for (i = 0; i < response.data.num_entries; i++)
132 d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
134 SAFE_FREE(response.extra_data);
139 /* Convert NetBIOS name to IP */
141 static BOOL wbinfo_wins_byname(char *name)
143 struct winbindd_request request;
144 struct winbindd_response response;
146 ZERO_STRUCT(request);
147 ZERO_STRUCT(response);
151 fstrcpy(request.data.winsreq, name);
153 if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
154 NSS_STATUS_SUCCESS) {
158 /* Display response */
160 printf("%s\n", response.data.winsresp);
165 /* Convert IP to NetBIOS name */
167 static BOOL wbinfo_wins_byip(char *ip)
169 struct winbindd_request request;
170 struct winbindd_response response;
172 ZERO_STRUCT(request);
173 ZERO_STRUCT(response);
177 fstrcpy(request.data.winsreq, ip);
179 if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
180 NSS_STATUS_SUCCESS) {
184 /* Display response */
186 printf("%s\n", response.data.winsresp);
191 /* List trusted domains */
193 static BOOL wbinfo_list_domains(void)
195 struct winbindd_response response;
198 ZERO_STRUCT(response);
202 if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
206 /* Display response */
208 if (response.extra_data) {
209 char *extra_data = (char *)response.extra_data;
211 while(next_token(&extra_data, name, ",", sizeof(fstring)))
212 d_printf("%s\n", name);
214 SAFE_FREE(response.extra_data);
221 /* show sequence numbers */
222 static BOOL wbinfo_show_sequence(void)
224 struct winbindd_response response;
226 ZERO_STRUCT(response);
230 if (winbindd_request(WINBINDD_SHOW_SEQUENCE, NULL, &response) !=
234 /* Display response */
236 if (response.extra_data) {
237 char *extra_data = (char *)response.extra_data;
238 d_printf("%s", extra_data);
239 SAFE_FREE(response.extra_data);
245 /* Check trust account password */
247 static BOOL wbinfo_check_secret(void)
249 struct winbindd_response response;
252 ZERO_STRUCT(response);
254 result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
256 d_printf("checking the trust secret via RPC calls %s\n",
257 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
259 if (result != NSS_STATUS_SUCCESS)
260 d_printf("error code was %s (0x%x)\n",
261 response.data.auth.nt_status_string,
262 response.data.auth.nt_status);
264 return result == NSS_STATUS_SUCCESS;
267 /* Convert uid to sid */
269 static BOOL wbinfo_uid_to_sid(uid_t uid)
271 struct winbindd_request request;
272 struct winbindd_response response;
274 ZERO_STRUCT(request);
275 ZERO_STRUCT(response);
279 request.data.uid = uid;
281 if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
285 /* Display response */
287 d_printf("%s\n", response.data.sid.sid);
292 /* Convert gid to sid */
294 static BOOL wbinfo_gid_to_sid(gid_t gid)
296 struct winbindd_request request;
297 struct winbindd_response response;
299 ZERO_STRUCT(request);
300 ZERO_STRUCT(response);
304 request.data.gid = gid;
306 if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
310 /* Display response */
312 d_printf("%s\n", response.data.sid.sid);
317 /* Convert sid to uid */
319 static BOOL wbinfo_sid_to_uid(char *sid)
321 struct winbindd_request request;
322 struct winbindd_response response;
324 ZERO_STRUCT(request);
325 ZERO_STRUCT(response);
329 fstrcpy(request.data.sid, sid);
331 if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
335 /* Display response */
337 d_printf("%d\n", (int)response.data.uid);
342 static BOOL wbinfo_sid_to_gid(char *sid)
344 struct winbindd_request request;
345 struct winbindd_response response;
347 ZERO_STRUCT(request);
348 ZERO_STRUCT(response);
352 fstrcpy(request.data.sid, sid);
354 if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
358 /* Display response */
360 d_printf("%d\n", (int)response.data.gid);
365 /* Convert sid to string */
367 static BOOL wbinfo_lookupsid(char *sid)
369 struct winbindd_request request;
370 struct winbindd_response response;
372 ZERO_STRUCT(request);
373 ZERO_STRUCT(response);
375 /* Send off request */
377 fstrcpy(request.data.sid, sid);
379 if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
383 /* Display response */
385 d_printf("%s%c%s %d\n", response.data.name.dom_name,
386 winbind_separator(), response.data.name.name,
387 response.data.name.type);
392 /* Convert string to sid */
394 static BOOL wbinfo_lookupname(char *name)
396 struct winbindd_request request;
397 struct winbindd_response response;
399 /* Send off request */
401 ZERO_STRUCT(request);
402 ZERO_STRUCT(response);
404 parse_wbinfo_domain_user(name, request.data.name.dom_name,
405 request.data.name.name);
407 if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
411 /* Display response */
413 d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type);
418 /* Authenticate a user with a plaintext password */
420 static BOOL wbinfo_auth(char *username)
422 struct winbindd_request request;
423 struct winbindd_response response;
427 /* Send off request */
429 ZERO_STRUCT(request);
430 ZERO_STRUCT(response);
432 p = strchr(username, '%');
436 fstrcpy(request.data.auth.user, username);
437 fstrcpy(request.data.auth.pass, p + 1);
440 fstrcpy(request.data.auth.user, username);
442 result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
444 /* Display response */
446 d_printf("plaintext password authentication %s\n",
447 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
449 if (response.data.auth.nt_status)
450 d_printf("error code was %s (0x%x)\n",
451 response.data.auth.nt_status_string,
452 response.data.auth.nt_status);
454 return result == NSS_STATUS_SUCCESS;
457 /* Authenticate a user with a challenge/response */
459 static BOOL wbinfo_auth_crap(char *username)
461 struct winbindd_request request;
462 struct winbindd_response response;
469 /* Send off request */
471 ZERO_STRUCT(request);
472 ZERO_STRUCT(response);
474 p = strchr(username, '%');
478 fstrcpy(pass, p + 1);
481 parse_wbinfo_domain_user(username, name_domain, name_user);
483 fstrcpy(request.data.auth_crap.user, name_user);
485 fstrcpy(request.data.auth_crap.domain, name_domain);
487 generate_random_buffer(request.data.auth_crap.chal, 8, False);
489 SMBencrypt(pass, request.data.auth_crap.chal,
490 (uchar *)request.data.auth_crap.lm_resp);
491 SMBNTencrypt(pass, request.data.auth_crap.chal,
492 (uchar *)request.data.auth_crap.nt_resp);
494 request.data.auth_crap.lm_resp_len = 24;
495 request.data.auth_crap.nt_resp_len = 24;
497 result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
499 /* Display response */
501 d_printf("challenge/response password authentication %s\n",
502 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
504 if (response.data.auth.nt_status)
505 d_printf("error code was %s (0x%x)\n",
506 response.data.auth.nt_status_string,
507 response.data.auth.nt_status);
509 return result == NSS_STATUS_SUCCESS;
512 /* Print domain users */
514 static BOOL print_domain_users(void)
516 struct winbindd_response response;
520 /* Send request to winbind daemon */
522 ZERO_STRUCT(response);
524 if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response) !=
528 /* Look through extra data */
530 if (!response.extra_data)
533 extra_data = (char *)response.extra_data;
535 while(next_token(&extra_data, name, ",", sizeof(fstring)))
536 d_printf("%s\n", name);
538 SAFE_FREE(response.extra_data);
543 /* Print domain groups */
545 static BOOL print_domain_groups(void)
547 struct winbindd_response response;
551 ZERO_STRUCT(response);
553 if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response) !=
557 /* Look through extra data */
559 if (!response.extra_data)
562 extra_data = (char *)response.extra_data;
564 while(next_token(&extra_data, name, ",", sizeof(fstring)))
565 d_printf("%s\n", name);
567 SAFE_FREE(response.extra_data);
572 /* Set the authorised user for winbindd access in secrets.tdb */
574 static BOOL wbinfo_set_auth_user(char *username)
577 fstring user, domain;
579 /* Separate into user and password */
581 parse_wbinfo_domain_user(username, domain, user);
583 password = strchr(user, '%');
591 /* Store or remove DOMAIN\username%password in secrets.tdb */
597 if (!secrets_store(SECRETS_AUTH_USER, user,
599 d_fprintf(stderr, "error storing username\n");
603 /* We always have a domain name added by the
604 parse_wbinfo_domain_user() function. */
606 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
607 strlen(domain) + 1)) {
608 d_fprintf(stderr, "error storing domain name\n");
613 secrets_delete(SECRETS_AUTH_USER);
614 secrets_delete(SECRETS_AUTH_DOMAIN);
619 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
620 strlen(password) + 1)) {
621 d_fprintf(stderr, "error storing password\n");
626 secrets_delete(SECRETS_AUTH_PASSWORD);
631 static void wbinfo_get_auth_user(void)
633 char *user, *domain, *password;
635 /* Lift data from secrets file */
639 user = secrets_fetch(SECRETS_AUTH_USER, NULL);
640 domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
641 password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
643 if (!user && !domain && !password) {
644 d_printf("No authorised user configured\n");
648 /* Pretty print authorised user info */
650 d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? "\\" : "",
651 user, password ? "%" : "", password ? password : "");
658 static BOOL wbinfo_ping(void)
662 result = winbindd_request(WINBINDD_PING, NULL, NULL);
664 /* Display response */
666 d_printf("'ping' to winbindd %s on fd %d\n",
667 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
669 return result == NSS_STATUS_SUCCESS;
675 OPT_SET_AUTH_USER = 1000,
680 int main(int argc, char **argv)
682 extern pstring global_myname;
686 static char *string_arg;
688 BOOL got_command = False;
691 struct poptOption long_options[] = {
694 /* longName, shortName, argInfo, argPtr, value, descrip,
697 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
698 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
699 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)", "NETBIOS-NAME" },
700 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)", "IP" },
701 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
702 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
703 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
704 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
705 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
706 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
707 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
708 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
709 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" },
710 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
711 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
712 { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
713 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
714 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
718 /* Samba client initialisation */
720 if (!*global_myname) {
723 fstrcpy(global_myname, myhostname());
724 p = strchr(global_myname, '.');
729 if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
730 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
731 dyn_CONFIGFILE, strerror(errno));
739 pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
741 /* Parse command line options */
744 poptPrintHelp(pc, stderr, 0);
748 while((opt = poptGetNextOpt(pc)) != -1) {
750 d_fprintf(stderr, "No more than one command may be specified at once.\n");
758 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
759 POPT_CONTEXT_KEEP_FIRST);
761 while((opt = poptGetNextOpt(pc)) != -1) {
764 if (!print_domain_users()) {
765 d_printf("Error looking up domain users\n");
770 if (!print_domain_groups()) {
771 d_printf("Error looking up domain groups\n");
776 if (!wbinfo_lookupsid(string_arg)) {
777 d_printf("Could not lookup sid %s\n", string_arg);
782 if (!wbinfo_lookupname(string_arg)) {
783 d_printf("Could not lookup name %s\n", string_arg);
788 if (!wbinfo_wins_byname(string_arg)) {
789 d_printf("Could not lookup WINS by name %s\n", string_arg);
794 if (!wbinfo_wins_byip(string_arg)) {
795 d_printf("Could not lookup WINS by IP %s\n", string_arg);
800 if (!wbinfo_uid_to_sid(int_arg)) {
801 d_printf("Could not convert uid %d to sid\n", int_arg);
806 if (!wbinfo_gid_to_sid(int_arg)) {
807 d_printf("Could not convert gid %d to sid\n",
813 if (!wbinfo_sid_to_uid(string_arg)) {
814 d_printf("Could not convert sid %s to uid\n",
820 if (!wbinfo_sid_to_gid(string_arg)) {
821 d_printf("Could not convert sid %s to gid\n",
827 if (!wbinfo_check_secret()) {
828 d_printf("Could not check secret\n");
833 if (!wbinfo_list_domains()) {
834 d_printf("Could not list trusted domains\n");
839 if (!wbinfo_show_sequence()) {
840 d_printf("Could not show sequence numbers\n");
845 if (!wbinfo_get_usergroups(string_arg)) {
846 d_printf("Could not get groups for user %s\n",
852 BOOL got_error = False;
854 if (!wbinfo_auth(string_arg)) {
855 d_printf("Could not authenticate user %s with "
856 "plaintext password\n", string_arg);
860 if (!wbinfo_auth_crap(string_arg)) {
861 d_printf("Could not authenticate user %s with "
862 "challenge/response\n", string_arg);
871 if (!wbinfo_ping()) {
872 d_printf("could not ping winbindd!\n");
877 case OPT_SET_AUTH_USER:
878 wbinfo_set_auth_user(string_arg);
880 case OPT_GET_AUTH_USER:
881 wbinfo_get_auth_user();
884 d_fprintf(stderr, "Invalid option\n");
885 poptPrintHelp(pc, stderr, 0);