s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc
[ira/wip.git] / nsswitch / wbinfo.c
1 /*
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002-2007
8    Copyright (C) Volker Lendecke 2009
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "winbind_client.h"
26 #include "libwbclient/wbclient.h"
27 #include "lib/popt/popt.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #if !(_SAMBA_VERSION_) < 4
30 #include "lib/cmdline/popt_common.h"
31 #endif
32
33 #ifdef DBGC_CLASS
34 #undef DBGC_CLASS
35 #define DBGC_CLASS DBGC_WINBIND
36 #endif
37
38 static struct wbcInterfaceDetails *init_interface_details(void)
39 {
40         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
41         static struct wbcInterfaceDetails *details;
42
43         if (details) {
44                 return details;
45         }
46
47         wbc_status = wbcInterfaceDetails(&details);
48         if (!WBC_ERROR_IS_OK(wbc_status)) {
49                 d_fprintf(stderr, "could not obtain winbind interface "
50                                   "details!\n");
51         }
52
53         return details;
54 }
55
56 static char winbind_separator(void)
57 {
58         struct wbcInterfaceDetails *details;
59         static bool got_sep;
60         static char sep;
61
62         if (got_sep)
63                 return sep;
64
65         details = init_interface_details();
66
67         if (!details) {
68                 d_fprintf(stderr, "could not obtain winbind separator!\n");
69                 return 0;
70         }
71
72         sep = details->winbind_separator;
73         got_sep = true;
74
75         if (!sep) {
76                 d_fprintf(stderr, "winbind separator was NULL!\n");
77                 return 0;
78         }
79
80         return sep;
81 }
82
83 static const char *get_winbind_domain(void)
84 {
85         static struct wbcInterfaceDetails *details;
86
87         details = init_interface_details();
88
89         if (!details) {
90                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
91                 return 0;
92         }
93
94         return details->netbios_domain;
95 }
96
97 static const char *get_winbind_netbios_name(void)
98 {
99         static struct wbcInterfaceDetails *details;
100
101         details = init_interface_details();
102
103         if (!details) {
104                 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
105                 return 0;
106         }
107
108         return details->netbios_name;
109 }
110
111 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
112    form DOMAIN/user into a domain and a user */
113
114 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
115                                      fstring user)
116 {
117
118         char *p = strchr(domuser,winbind_separator());
119
120         if (!p) {
121                 /* Maybe it was a UPN? */
122                 if ((p = strchr(domuser, '@')) != NULL) {
123                         fstrcpy(domain, "");
124                         fstrcpy(user, domuser);
125                         return true;
126                 }
127
128                 fstrcpy(user, domuser);
129                 fstrcpy(domain, get_winbind_domain());
130                 return true;
131         }
132
133         fstrcpy(user, p+1);
134         fstrcpy(domain, domuser);
135         domain[PTR_DIFF(p, domuser)] = 0;
136         strupper_m(domain);
137
138         return true;
139 }
140
141 /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
142  * Return true if input was valid, false otherwise. */
143 static bool parse_mapping_arg(char *arg, int *id, char **sid)
144 {
145         char *tmp, *endptr;
146
147         if (!arg || !*arg)
148                 return false;
149
150         tmp = strtok(arg, ",");
151         *sid = strtok(NULL, ",");
152
153         if (!tmp || !*tmp || !*sid || !**sid)
154                 return false;
155
156         /* Because atoi() can return 0 on invalid input, which would be a valid
157          * UID/GID we must use strtoul() and do error checking */
158         *id = strtoul(tmp, &endptr, 10);
159
160         if (endptr[0] != '\0')
161                 return false;
162
163         return true;
164 }
165
166 /* pull pwent info for a given user */
167
168 static bool wbinfo_get_userinfo(char *user)
169 {
170         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
171         struct passwd *pwd = NULL;
172
173         wbc_status = wbcGetpwnam(user, &pwd);
174         if (!WBC_ERROR_IS_OK(wbc_status)) {
175                 return false;
176         }
177
178         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
179                  pwd->pw_name,
180                  pwd->pw_passwd,
181                  (unsigned int)pwd->pw_uid,
182                  (unsigned int)pwd->pw_gid,
183                  pwd->pw_gecos,
184                  pwd->pw_dir,
185                  pwd->pw_shell);
186
187         return true;
188 }
189
190 /* pull pwent info for a given uid */
191 static bool wbinfo_get_uidinfo(int uid)
192 {
193         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
194         struct passwd *pwd = NULL;
195
196         wbc_status = wbcGetpwuid(uid, &pwd);
197         if (!WBC_ERROR_IS_OK(wbc_status)) {
198                 return false;
199         }
200
201         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
202                  pwd->pw_name,
203                  pwd->pw_passwd,
204                  (unsigned int)pwd->pw_uid,
205                  (unsigned int)pwd->pw_gid,
206                  pwd->pw_gecos,
207                  pwd->pw_dir,
208                  pwd->pw_shell);
209
210         return true;
211 }
212
213 static bool wbinfo_get_user_sidinfo(const char *sid_str)
214 {
215         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
216         struct passwd *pwd = NULL;
217         struct wbcDomainSid sid;
218
219         wbc_status = wbcStringToSid(sid_str, &sid);
220         wbc_status = wbcGetpwsid(&sid, &pwd);
221         if (!WBC_ERROR_IS_OK(wbc_status)) {
222                 return false;
223         }
224
225         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
226                  pwd->pw_name,
227                  pwd->pw_passwd,
228                  (unsigned int)pwd->pw_uid,
229                  (unsigned int)pwd->pw_gid,
230                  pwd->pw_gecos,
231                  pwd->pw_dir,
232                  pwd->pw_shell);
233
234         return true;
235 }
236
237
238 /* pull grent for a given group */
239 static bool wbinfo_get_groupinfo(const char *group)
240 {
241         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
242         struct group *grp;
243         char **mem;
244
245         wbc_status = wbcGetgrnam(group, &grp);
246         if (!WBC_ERROR_IS_OK(wbc_status)) {
247                 return false;
248         }
249
250         d_printf("%s:%s:%u:",
251                  grp->gr_name,
252                  grp->gr_passwd,
253                  (unsigned int)grp->gr_gid);
254
255         mem = grp->gr_mem;
256         while (*mem != NULL) {
257                 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
258                 mem += 1;
259         }
260         d_printf("\n");
261
262         wbcFreeMemory(grp);
263
264         return true;
265 }
266
267 /* pull grent for a given gid */
268 static bool wbinfo_get_gidinfo(int gid)
269 {
270         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
271         struct group *grp;
272         char **mem;
273
274         wbc_status = wbcGetgrgid(gid, &grp);
275         if (!WBC_ERROR_IS_OK(wbc_status)) {
276                 return false;
277         }
278
279         d_printf("%s:%s:%u:",
280                  grp->gr_name,
281                  grp->gr_passwd,
282                  (unsigned int)grp->gr_gid);
283
284         mem = grp->gr_mem;
285         while (*mem != NULL) {
286                 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
287                 mem += 1;
288         }
289         d_printf("\n");
290
291         wbcFreeMemory(grp);
292
293         return true;
294 }
295
296 /* List groups a user is a member of */
297
298 static bool wbinfo_get_usergroups(const char *user)
299 {
300         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
301         uint32_t num_groups;
302         uint32_t i;
303         gid_t *groups = NULL;
304
305         /* Send request */
306
307         wbc_status = wbcGetGroups(user, &num_groups, &groups);
308         if (!WBC_ERROR_IS_OK(wbc_status)) {
309                 return false;
310         }
311
312         for (i = 0; i < num_groups; i++) {
313                 d_printf("%d\n", (int)groups[i]);
314         }
315
316         wbcFreeMemory(groups);
317
318         return true;
319 }
320
321
322 /* List group SIDs a user SID is a member of */
323 static bool wbinfo_get_usersids(const char *user_sid_str)
324 {
325         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
326         uint32_t num_sids;
327         uint32_t i;
328         struct wbcDomainSid user_sid, *sids = NULL;
329
330         /* Send request */
331
332         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
333         if (!WBC_ERROR_IS_OK(wbc_status)) {
334                 return false;
335         }
336
337         wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
338         if (!WBC_ERROR_IS_OK(wbc_status)) {
339                 return false;
340         }
341
342         for (i = 0; i < num_sids; i++) {
343                 char *str = NULL;
344                 wbc_status = wbcSidToString(&sids[i], &str);
345                 if (!WBC_ERROR_IS_OK(wbc_status)) {
346                         wbcFreeMemory(sids);
347                         return false;
348                 }
349                 d_printf("%s\n", str);
350                 wbcFreeMemory(str);
351         }
352
353         wbcFreeMemory(sids);
354
355         return true;
356 }
357
358 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
359 {
360         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
361         uint32_t num_sids;
362         uint32_t i;
363         struct wbcDomainSid user_sid, *sids = NULL;
364
365         /* Send request */
366
367         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
368         if (!WBC_ERROR_IS_OK(wbc_status)) {
369                 return false;
370         }
371
372         wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
373         if (!WBC_ERROR_IS_OK(wbc_status)) {
374                 return false;
375         }
376
377         for (i = 0; i < num_sids; i++) {
378                 char *str = NULL;
379                 wbc_status = wbcSidToString(&sids[i], &str);
380                 if (!WBC_ERROR_IS_OK(wbc_status)) {
381                         wbcFreeMemory(sids);
382                         return false;
383                 }
384                 d_printf("%s\n", str);
385                 wbcFreeMemory(str);
386         }
387
388         wbcFreeMemory(sids);
389
390         return true;
391 }
392
393 static bool wbinfo_get_sidaliases(const char *domain,
394                                   const char *user_sid_str)
395 {
396         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
397         struct wbcDomainInfo *dinfo = NULL;
398         uint32_t i;
399         struct wbcDomainSid user_sid;
400         uint32_t *alias_rids = NULL;
401         uint32_t num_alias_rids;
402         char *domain_sid_str = NULL;
403
404         /* Send request */
405         if ((domain == NULL) || (strequal(domain, ".")) ||
406            (domain[0] == '\0')) {
407                 domain = get_winbind_domain();
408         }
409
410         /* Send request */
411
412         wbc_status = wbcDomainInfo(domain, &dinfo);
413         if (!WBC_ERROR_IS_OK(wbc_status)) {
414                 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
415                          wbcErrorString(wbc_status));
416                 goto done;
417         }
418         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
419         if (!WBC_ERROR_IS_OK(wbc_status)) {
420                 goto done;
421         }
422
423         wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
424             &alias_rids, &num_alias_rids);
425         if (!WBC_ERROR_IS_OK(wbc_status)) {
426                 goto done;
427         }
428
429         wbc_status = wbcSidToString(&dinfo->sid, &domain_sid_str);
430         if (!WBC_ERROR_IS_OK(wbc_status)) {
431                 goto done;
432         }
433
434         for (i = 0; i < num_alias_rids; i++) {
435                 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
436         }
437
438         wbcFreeMemory(alias_rids);
439
440 done:
441         if (domain_sid_str) {
442                 wbcFreeMemory(domain_sid_str);
443         }
444         if (dinfo) {
445                 wbcFreeMemory(dinfo);
446         }
447         return (WBC_ERR_SUCCESS == wbc_status);
448 }
449
450
451 /* Convert NetBIOS name to IP */
452
453 static bool wbinfo_wins_byname(const char *name)
454 {
455         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
456         char *ip = NULL;
457
458         wbc_status = wbcResolveWinsByName(name, &ip);
459         if (!WBC_ERROR_IS_OK(wbc_status)) {
460                 return false;
461         }
462
463         /* Display response */
464
465         d_printf("%s\n", ip);
466
467         wbcFreeMemory(ip);
468
469         return true;
470 }
471
472 /* Convert IP to NetBIOS name */
473
474 static bool wbinfo_wins_byip(const char *ip)
475 {
476         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
477         char *name = NULL;
478
479         wbc_status = wbcResolveWinsByIP(ip, &name);
480         if (!WBC_ERROR_IS_OK(wbc_status)) {
481                 return false;
482         }
483
484         /* Display response */
485
486         d_printf("%s\n", name);
487
488         wbcFreeMemory(name);
489
490         return true;
491 }
492
493 /* List all/trusted domains */
494
495 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
496 {
497         struct wbcDomainInfo *domain_list = NULL;
498         size_t num_domains;
499         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
500         bool print_all = !list_all_domains && verbose;
501         int i;
502
503         wbc_status = wbcListTrusts(&domain_list, &num_domains);
504         if (!WBC_ERROR_IS_OK(wbc_status)) {
505                 return false;
506         }
507
508         if (print_all) {
509                 d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
510                          "Domain Name", "DNS Domain", "Trust Type",
511                          "Transitive", "In", "Out");
512         }
513
514         for (i=0; i<num_domains; i++) {
515                 if (print_all) {
516                         d_printf("%-16s", domain_list[i].short_name);
517                 } else {
518                         d_printf("%s", domain_list[i].short_name);
519                         d_printf("\n");
520                         continue;
521                 }
522
523                 d_printf("%-24s", domain_list[i].dns_name);
524
525                 switch(domain_list[i].trust_type) {
526                 case WBC_DOMINFO_TRUSTTYPE_NONE:
527                         d_printf("None        ");
528                         break;
529                 case WBC_DOMINFO_TRUSTTYPE_FOREST:
530                         d_printf("Forest      ");
531                         break;
532                 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
533                         d_printf("External    ");
534                         break;
535                 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
536                         d_printf("In-Forest   ");
537                         break;
538                 }
539
540                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
541                         d_printf("Yes         ");
542                 } else {
543                         d_printf("No          ");
544                 }
545
546                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
547                         d_printf("Yes  ");
548                 } else {
549                         d_printf("No   ");
550                 }
551
552                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
553                         d_printf("Yes  ");
554                 } else {
555                         d_printf("No   ");
556                 }
557
558                 d_printf("\n");
559         }
560
561         return true;
562 }
563
564 /* List own domain */
565
566 static bool wbinfo_list_own_domain(void)
567 {
568         d_printf("%s\n", get_winbind_domain());
569
570         return true;
571 }
572
573 /* show sequence numbers */
574 static bool wbinfo_show_sequence(const char *domain)
575 {
576         d_printf("This command has been deprecated.  Please use the "
577                  "--online-status option instead.\n");
578         return false;
579 }
580
581 /* show sequence numbers */
582 static bool wbinfo_show_onlinestatus(const char *domain)
583 {
584         struct wbcDomainInfo *domain_list = NULL;
585         size_t num_domains;
586         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
587         int i;
588
589         wbc_status = wbcListTrusts(&domain_list, &num_domains);
590         if (!WBC_ERROR_IS_OK(wbc_status)) {
591                 return false;
592         }
593
594         for (i=0; i<num_domains; i++) {
595                 bool is_offline;
596
597                 if (domain) {
598                         if (!strequal(domain_list[i].short_name, domain)) {
599                                 continue;
600                         }
601                 }
602
603                 is_offline = (domain_list[i].domain_flags &
604                               WBC_DOMINFO_DOMAIN_OFFLINE);
605
606                 d_printf("%s : %s\n",
607                          domain_list[i].short_name,
608                          is_offline ? "offline" : "online" );
609         }
610
611         return true;
612 }
613
614
615 /* Show domain info */
616
617 static bool wbinfo_domain_info(const char *domain)
618 {
619         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
620         struct wbcDomainInfo *dinfo = NULL;
621         char *sid_str = NULL;
622
623         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
624                 domain = get_winbind_domain();
625         }
626
627         /* Send request */
628
629         wbc_status = wbcDomainInfo(domain, &dinfo);
630         if (!WBC_ERROR_IS_OK(wbc_status)) {
631                 return false;
632         }
633
634         wbc_status = wbcSidToString(&dinfo->sid, &sid_str);
635         if (!WBC_ERROR_IS_OK(wbc_status)) {
636                 wbcFreeMemory(dinfo);
637                 return false;
638         }
639
640         /* Display response */
641
642         d_printf("Name              : %s\n", dinfo->short_name);
643         d_printf("Alt_Name          : %s\n", dinfo->dns_name);
644
645         d_printf("SID               : %s\n", sid_str);
646
647         d_printf("Active Directory  : %s\n",
648                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
649         d_printf("Native            : %s\n",
650                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
651                  "Yes" : "No");
652
653         d_printf("Primary           : %s\n",
654                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
655                  "Yes" : "No");
656
657         wbcFreeMemory(sid_str);
658         wbcFreeMemory(dinfo);
659
660         return true;
661 }
662
663 /* Get a foreign DC's name */
664 static bool wbinfo_getdcname(const char *domain_name)
665 {
666         struct winbindd_request request;
667         struct winbindd_response response;
668
669         ZERO_STRUCT(request);
670         ZERO_STRUCT(response);
671
672         fstrcpy(request.domain_name, domain_name);
673
674         /* Send request */
675
676         if (winbindd_request_response(WINBINDD_GETDCNAME, &request,
677                                       &response) != NSS_STATUS_SUCCESS) {
678                 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
679                 return false;
680         }
681
682         /* Display response */
683
684         d_printf("%s\n", response.data.dc_name);
685
686         return true;
687 }
688
689 /* Find a DC */
690 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
691 {
692         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
693         struct wbcDomainControllerInfoEx *dc_info;
694         char *str = NULL;
695
696         wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
697                                                  flags | DS_DIRECTORY_SERVICE_REQUIRED,
698                                                  &dc_info);
699         if (!WBC_ERROR_IS_OK(wbc_status)) {
700                 printf("Could not find dc for %s\n", domain_name);
701                 return false;
702         }
703
704         wbcGuidToString(dc_info->domain_guid, &str);
705
706         d_printf("%s\n", dc_info->dc_unc);
707         d_printf("%s\n", dc_info->dc_address);
708         d_printf("%d\n", dc_info->dc_address_type);
709         d_printf("%s\n", str);
710         d_printf("%s\n", dc_info->domain_name);
711         d_printf("%s\n", dc_info->forest_name);
712         d_printf("0x%08x\n", dc_info->dc_flags);
713         d_printf("%s\n", dc_info->dc_site_name);
714         d_printf("%s\n", dc_info->client_site_name);
715
716         return true;
717 }
718
719 /* Check trust account password */
720
721 static bool wbinfo_check_secret(const char *domain)
722 {
723         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
724         struct wbcAuthErrorInfo *error = NULL;
725         const char *domain_name;
726
727         if (domain) {
728                 domain_name = domain;
729         } else {
730                 domain_name = get_winbind_domain();
731         }
732
733         wbc_status = wbcCheckTrustCredentials(domain_name, &error);
734
735         d_printf("checking the trust secret for domain %s via RPC calls %s\n",
736                 domain_name,
737                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
738
739         if (wbc_status == WBC_ERR_AUTH_ERROR) {
740                 d_fprintf(stderr, "error code was %s (0x%x)\n",
741                           error->nt_string, error->nt_status);
742                 wbcFreeMemory(error);
743         }
744         if (!WBC_ERROR_IS_OK(wbc_status)) {
745                 return false;
746         }
747
748         return true;
749 }
750
751 /* Change trust account password */
752
753 static bool wbinfo_change_secret(const char *domain)
754 {
755         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
756         struct wbcAuthErrorInfo *error = NULL;
757         const char *domain_name;
758
759         if (domain) {
760                 domain_name = domain;
761         } else {
762                 domain_name = get_winbind_domain();
763         }
764
765         wbc_status = wbcChangeTrustCredentials(domain_name, &error);
766
767         d_printf("changing the trust secret for domain %s via RPC calls %s\n",
768                 domain_name,
769                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
770
771         if (wbc_status == WBC_ERR_AUTH_ERROR) {
772                 d_fprintf(stderr, "error code was %s (0x%x)\n",
773                           error->nt_string, error->nt_status);
774                 wbcFreeMemory(error);
775         }
776         if (!WBC_ERROR_IS_OK(wbc_status)) {
777                 return false;
778         }
779
780         return true;
781 }
782
783 /* Check DC connection */
784
785 static bool wbinfo_ping_dc(void)
786 {
787         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
788         struct wbcAuthErrorInfo *error = NULL;
789
790         wbc_status = wbcPingDc(NULL, &error);
791
792         d_printf("checking the NETLOGON dc connection %s\n",
793                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
794
795         if (wbc_status == WBC_ERR_AUTH_ERROR) {
796                 d_fprintf(stderr, "error code was %s (0x%x)\n",
797                           error->nt_string, error->nt_status);
798                 wbcFreeMemory(error);
799         }
800         if (!WBC_ERROR_IS_OK(wbc_status)) {
801                 return false;
802         }
803
804         return true;
805 }
806
807 /* Convert uid to sid */
808
809 static bool wbinfo_uid_to_sid(uid_t uid)
810 {
811         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
812         struct wbcDomainSid sid;
813         char *sid_str = NULL;
814
815         /* Send request */
816
817         wbc_status = wbcUidToSid(uid, &sid);
818         if (!WBC_ERROR_IS_OK(wbc_status)) {
819                 return false;
820         }
821
822         wbc_status = wbcSidToString(&sid, &sid_str);
823         if (!WBC_ERROR_IS_OK(wbc_status)) {
824                 return false;
825         }
826
827         /* Display response */
828
829         d_printf("%s\n", sid_str);
830
831         wbcFreeMemory(sid_str);
832
833         return true;
834 }
835
836 /* Convert gid to sid */
837
838 static bool wbinfo_gid_to_sid(gid_t gid)
839 {
840         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
841         struct wbcDomainSid sid;
842         char *sid_str = NULL;
843
844         /* Send request */
845
846         wbc_status = wbcGidToSid(gid, &sid);
847         if (!WBC_ERROR_IS_OK(wbc_status)) {
848                 return false;
849         }
850
851         wbc_status = wbcSidToString(&sid, &sid_str);
852         if (!WBC_ERROR_IS_OK(wbc_status)) {
853                 return false;
854         }
855
856         /* Display response */
857
858         d_printf("%s\n", sid_str);
859
860         wbcFreeMemory(sid_str);
861
862         return true;
863 }
864
865 /* Convert sid to uid */
866
867 static bool wbinfo_sid_to_uid(const char *sid_str)
868 {
869         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
870         struct wbcDomainSid sid;
871         uid_t uid;
872
873         /* Send request */
874
875         wbc_status = wbcStringToSid(sid_str, &sid);
876         if (!WBC_ERROR_IS_OK(wbc_status)) {
877                 return false;
878         }
879
880         wbc_status = wbcSidToUid(&sid, &uid);
881         if (!WBC_ERROR_IS_OK(wbc_status)) {
882                 return false;
883         }
884
885         /* Display response */
886
887         d_printf("%d\n", (int)uid);
888
889         return true;
890 }
891
892 static bool wbinfo_sid_to_gid(const char *sid_str)
893 {
894         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
895         struct wbcDomainSid sid;
896         gid_t gid;
897
898         /* Send request */
899
900         wbc_status = wbcStringToSid(sid_str, &sid);
901         if (!WBC_ERROR_IS_OK(wbc_status)) {
902                 return false;
903         }
904
905         wbc_status = wbcSidToGid(&sid, &gid);
906         if (!WBC_ERROR_IS_OK(wbc_status)) {
907                 return false;
908         }
909
910         /* Display response */
911
912         d_printf("%d\n", (int)gid);
913
914         return true;
915 }
916
917 static bool wbinfo_allocate_uid(void)
918 {
919         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
920         uid_t uid;
921
922         /* Send request */
923
924         wbc_status = wbcAllocateUid(&uid);
925         if (!WBC_ERROR_IS_OK(wbc_status)) {
926                 return false;
927         }
928
929         /* Display response */
930
931         d_printf("New uid: %u\n", (unsigned int)uid);
932
933         return true;
934 }
935
936 static bool wbinfo_allocate_gid(void)
937 {
938         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
939         gid_t gid;
940
941         /* Send request */
942
943         wbc_status = wbcAllocateGid(&gid);
944         if (!WBC_ERROR_IS_OK(wbc_status)) {
945                 return false;
946         }
947
948         /* Display response */
949
950         d_printf("New gid: %u\n", (unsigned int)gid);
951
952         return true;
953 }
954
955 static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
956 {
957         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
958         struct wbcDomainSid sid;
959
960         /* Send request */
961
962         wbc_status = wbcStringToSid(sid_str, &sid);
963         if (!WBC_ERROR_IS_OK(wbc_status)) {
964                 return false;
965         }
966
967         wbc_status = wbcSetUidMapping(uid, &sid);
968         if (!WBC_ERROR_IS_OK(wbc_status)) {
969                 return false;
970         }
971
972         /* Display response */
973
974         d_printf("uid %u now mapped to sid %s\n",
975                 (unsigned int)uid, sid_str);
976
977         return true;
978 }
979
980 static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
981 {
982         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
983         struct wbcDomainSid sid;
984
985         /* Send request */
986
987         wbc_status = wbcStringToSid(sid_str, &sid);
988         if (!WBC_ERROR_IS_OK(wbc_status)) {
989                 return false;
990         }
991
992         wbc_status = wbcSetGidMapping(gid, &sid);
993         if (!WBC_ERROR_IS_OK(wbc_status)) {
994                 return false;
995         }
996
997         /* Display response */
998
999         d_printf("gid %u now mapped to sid %s\n",
1000                 (unsigned int)gid, sid_str);
1001
1002         return true;
1003 }
1004
1005 static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
1006 {
1007         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1008         struct wbcDomainSid sid;
1009
1010         /* Send request */
1011
1012         wbc_status = wbcStringToSid(sid_str, &sid);
1013         if (!WBC_ERROR_IS_OK(wbc_status)) {
1014                 return false;
1015         }
1016
1017         wbc_status = wbcRemoveUidMapping(uid, &sid);
1018         if (!WBC_ERROR_IS_OK(wbc_status)) {
1019                 return false;
1020         }
1021
1022         /* Display response */
1023
1024         d_printf("Removed uid %u to sid %s mapping\n",
1025                 (unsigned int)uid, sid_str);
1026
1027         return true;
1028 }
1029
1030 static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
1031 {
1032         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1033         struct wbcDomainSid sid;
1034
1035         /* Send request */
1036
1037         wbc_status = wbcStringToSid(sid_str, &sid);
1038         if (!WBC_ERROR_IS_OK(wbc_status)) {
1039                 return false;
1040         }
1041
1042         wbc_status = wbcRemoveGidMapping(gid, &sid);
1043         if (!WBC_ERROR_IS_OK(wbc_status)) {
1044                 return false;
1045         }
1046
1047         /* Display response */
1048
1049         d_printf("Removed gid %u to sid %s mapping\n",
1050                 (unsigned int)gid, sid_str);
1051
1052         return true;
1053 }
1054
1055 /* Convert sid to string */
1056
1057 static bool wbinfo_lookupsid(const char *sid_str)
1058 {
1059         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1060         struct wbcDomainSid sid;
1061         char *domain;
1062         char *name;
1063         enum wbcSidType type;
1064
1065         /* Send off request */
1066
1067         wbc_status = wbcStringToSid(sid_str, &sid);
1068         if (!WBC_ERROR_IS_OK(wbc_status)) {
1069                 return false;
1070         }
1071
1072         wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
1073         if (!WBC_ERROR_IS_OK(wbc_status)) {
1074                 return false;
1075         }
1076
1077         /* Display response */
1078
1079         d_printf("%s%c%s %d\n",
1080                  domain, winbind_separator(), name, type);
1081
1082         return true;
1083 }
1084
1085 /* Convert sid to fullname */
1086
1087 static bool wbinfo_lookupsid_fullname(const char *sid_str)
1088 {
1089         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1090         struct wbcDomainSid sid;
1091         char *domain;
1092         char *name;
1093         enum wbcSidType type;
1094
1095         /* Send off request */
1096
1097         wbc_status = wbcStringToSid(sid_str, &sid);
1098         if (!WBC_ERROR_IS_OK(wbc_status)) {
1099                 return false;
1100         }
1101
1102         wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
1103         if (!WBC_ERROR_IS_OK(wbc_status)) {
1104                 return false;
1105         }
1106
1107         /* Display response */
1108
1109         d_printf("%s%c%s %d\n",
1110                  domain, winbind_separator(), name, type);
1111
1112         return true;
1113 }
1114
1115 /* Lookup a list of RIDs */
1116
1117 static bool wbinfo_lookuprids(const char *domain, const char *arg)
1118 {
1119         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1120         struct wbcDomainInfo *dinfo = NULL;
1121         char *domain_name = NULL;
1122         const char **names = NULL;
1123         enum wbcSidType *types = NULL;
1124         size_t i;
1125         int num_rids;
1126         uint32_t *rids = NULL;
1127         const char *p;
1128         char *ridstr;
1129         TALLOC_CTX *mem_ctx = NULL;
1130         bool ret = false;
1131
1132         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
1133                 domain = get_winbind_domain();
1134         }
1135
1136         /* Send request */
1137
1138         wbc_status = wbcDomainInfo(domain, &dinfo);
1139         if (!WBC_ERROR_IS_OK(wbc_status)) {
1140                 d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
1141                          wbcErrorString(wbc_status));
1142                 goto done;
1143         }
1144
1145         mem_ctx = talloc_new(NULL);
1146         if (mem_ctx == NULL) {
1147                 d_printf("talloc_new failed\n");
1148                 goto done;
1149         }
1150
1151         num_rids = 0;
1152         rids = NULL;
1153         p = arg;
1154
1155         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
1156                 uint32_t rid = strtoul(ridstr, NULL, 10);
1157                 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
1158                 if (rids == NULL) {
1159                         d_printf("talloc_realloc failed\n");
1160                 }
1161                 rids[num_rids] = rid;
1162                 num_rids += 1;
1163         }
1164
1165         if (rids == NULL) {
1166                 d_printf("no rids\n");
1167                 goto done;
1168         }
1169
1170         wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
1171                                    (const char **)&domain_name, &names, &types);
1172         if (!WBC_ERROR_IS_OK(wbc_status)) {
1173                 d_printf("winbind_lookup_rids failed: %s\n",
1174                          wbcErrorString(wbc_status));
1175                 goto done;
1176         }
1177
1178         d_printf("Domain: %s\n", domain_name);
1179
1180         for (i=0; i<num_rids; i++) {
1181                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
1182                          wbcSidTypeString(types[i]));
1183         }
1184
1185         ret = true;
1186 done:
1187         if (dinfo) {
1188                 wbcFreeMemory(dinfo);
1189         }
1190         if (domain_name) {
1191                 wbcFreeMemory(domain_name);
1192         }
1193         if (names) {
1194                 wbcFreeMemory(names);
1195         }
1196         if (types) {
1197                 wbcFreeMemory(types);
1198         }
1199         TALLOC_FREE(mem_ctx);
1200         return ret;
1201 }
1202
1203 /* Convert string to sid */
1204
1205 static bool wbinfo_lookupname(const char *full_name)
1206 {
1207         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1208         struct wbcDomainSid sid;
1209         char *sid_str;
1210         enum wbcSidType type;
1211         fstring domain_name;
1212         fstring account_name;
1213
1214         /* Send off request */
1215
1216         parse_wbinfo_domain_user(full_name, domain_name,
1217                                  account_name);
1218
1219         wbc_status = wbcLookupName(domain_name, account_name,
1220                                    &sid, &type);
1221         if (!WBC_ERROR_IS_OK(wbc_status)) {
1222                 return false;
1223         }
1224
1225         wbc_status = wbcSidToString(&sid, &sid_str);
1226         if (!WBC_ERROR_IS_OK(wbc_status)) {
1227                 return false;
1228         }
1229
1230         /* Display response */
1231
1232         d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
1233
1234         wbcFreeMemory(sid_str);
1235
1236         return true;
1237 }
1238
1239 static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
1240                                 const char *prefix,
1241                                 const char *username)
1242 {
1243         char *prompt;
1244         const char *ret = NULL;
1245
1246         prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
1247         if (!prompt) {
1248                 return NULL;
1249         }
1250         if (prefix) {
1251                 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
1252                 if (!prompt) {
1253                         return NULL;
1254                 }
1255         }
1256         prompt = talloc_asprintf_append(prompt, "password: ");
1257         if (!prompt) {
1258                 return NULL;
1259         }
1260
1261         ret = getpass(prompt);
1262         TALLOC_FREE(prompt);
1263
1264         return talloc_strdup(mem_ctx, ret);
1265 }
1266
1267 /* Authenticate a user with a plaintext password */
1268
1269 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
1270 {
1271         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1272         char *s = NULL;
1273         char *p = NULL;
1274         char *password = NULL;
1275         char *name = NULL;
1276         char *local_cctype = NULL;
1277         uid_t uid;
1278         struct wbcLogonUserParams params;
1279         struct wbcLogonUserInfo *info;
1280         struct wbcAuthErrorInfo *error;
1281         struct wbcUserPasswordPolicyInfo *policy;
1282         TALLOC_CTX *frame = talloc_tos();
1283
1284         if ((s = talloc_strdup(frame, username)) == NULL) {
1285                 return false;
1286         }
1287
1288         if ((p = strchr(s, '%')) != NULL) {
1289                 *p = 0;
1290                 p++;
1291                 password = talloc_strdup(frame, p);
1292         } else {
1293                 password = wbinfo_prompt_pass(frame, NULL, username);
1294         }
1295
1296         local_cctype = talloc_strdup(frame, cctype);
1297
1298         name = s;
1299
1300         uid = geteuid();
1301
1302         params.username = name;
1303         params.password = password;
1304         params.num_blobs = 0;
1305         params.blobs = NULL;
1306
1307         wbc_status = wbcAddNamedBlob(&params.num_blobs,
1308                                      &params.blobs,
1309                                      "flags",
1310                                      0,
1311                                      (uint8_t *)&flags,
1312                                      sizeof(flags));
1313         if (!WBC_ERROR_IS_OK(wbc_status)) {
1314                 goto done;
1315         }
1316
1317         wbc_status = wbcAddNamedBlob(&params.num_blobs,
1318                                      &params.blobs,
1319                                      "user_uid",
1320                                      0,
1321                                      (uint8_t *)&uid,
1322                                      sizeof(uid));
1323         if (!WBC_ERROR_IS_OK(wbc_status)) {
1324                 goto done;
1325         }
1326
1327         wbc_status = wbcAddNamedBlob(&params.num_blobs,
1328                                      &params.blobs,
1329                                      "krb5_cc_type",
1330                                      0,
1331                                      (uint8_t *)local_cctype,
1332                                      strlen(cctype)+1);
1333         if (!WBC_ERROR_IS_OK(wbc_status)) {
1334                 goto done;
1335         }
1336
1337         wbc_status = wbcLogonUser(&params, &info, &error, &policy);
1338
1339         d_printf("plaintext kerberos password authentication for [%s] %s "
1340                  "(requesting cctype: %s)\n",
1341                  username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
1342                  cctype);
1343
1344         if (error) {
1345                 d_fprintf(stderr,
1346                          "error code was %s (0x%x)\nerror messsage was: %s\n",
1347                          error->nt_string,
1348                          error->nt_status,
1349                          error->display_string);
1350         }
1351
1352         if (WBC_ERROR_IS_OK(wbc_status)) {
1353                 if (flags & WBFLAG_PAM_INFO3_TEXT) {
1354                         if (info && info->info && info->info->user_flags &
1355                             NETLOGON_CACHED_ACCOUNT) {
1356                                 d_printf("user_flgs: "
1357                                          "NETLOGON_CACHED_ACCOUNT\n");
1358                         }
1359                 }
1360
1361                 if (info) {
1362                         int i;
1363                         for (i=0; i < info->num_blobs; i++) {
1364                                 if (strequal(info->blobs[i].name,
1365                                              "krb5ccname")) {
1366                                         d_printf("credentials were put "
1367                                                  "in: %s\n",
1368                                                 (const char *)
1369                                                       info->blobs[i].blob.data);
1370                                         break;
1371                                 }
1372                         }
1373                 } else {
1374                         d_printf("no credentials cached\n");
1375                 }
1376         }
1377  done:
1378
1379         wbcFreeMemory(params.blobs);
1380
1381         return WBC_ERROR_IS_OK(wbc_status);
1382 }
1383
1384 /* Authenticate a user with a plaintext password */
1385
1386 static bool wbinfo_auth(char *username)
1387 {
1388         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1389         char *s = NULL;
1390         char *p = NULL;
1391         char *password = NULL;
1392         char *name = NULL;
1393         TALLOC_CTX *frame = talloc_tos();
1394
1395         if ((s = talloc_strdup(frame, username)) == NULL) {
1396                 return false;
1397         }
1398
1399         if ((p = strchr(s, '%')) != NULL) {
1400                 *p = 0;
1401                 p++;
1402                 password = talloc_strdup(frame, p);
1403         } else {
1404                 password = wbinfo_prompt_pass(frame, NULL, username);
1405         }
1406
1407         name = s;
1408
1409         wbc_status = wbcAuthenticateUser(name, password);
1410
1411         d_printf("plaintext password authentication %s\n",
1412                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1413
1414 #if 0
1415         if (response.data.auth.nt_status)
1416                 d_fprintf(stderr,
1417                          "error code was %s (0x%x)\nerror messsage was: %s\n",
1418                          response.data.auth.nt_status_string,
1419                          response.data.auth.nt_status,
1420                          response.data.auth.error_string);
1421 #endif
1422
1423         return WBC_ERROR_IS_OK(wbc_status);
1424 }
1425
1426 /* Authenticate a user with a challenge/response */
1427
1428 static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
1429 {
1430         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1431         struct wbcAuthUserParams params;
1432         struct wbcAuthUserInfo *info = NULL;
1433         struct wbcAuthErrorInfo *err = NULL;
1434         DATA_BLOB lm = data_blob_null;
1435         DATA_BLOB nt = data_blob_null;
1436         fstring name_user;
1437         fstring name_domain;
1438         char *pass;
1439         char *p;
1440         TALLOC_CTX *frame = talloc_tos();
1441
1442         p = strchr(username, '%');
1443
1444         if (p) {
1445                 *p = 0;
1446                 pass = talloc_strdup(frame, p + 1);
1447         } else {
1448                 pass = wbinfo_prompt_pass(frame, NULL, username);
1449         }
1450
1451         parse_wbinfo_domain_user(username, name_domain, name_user);
1452
1453         params.account_name     = name_user;
1454         params.domain_name      = name_domain;
1455         params.workstation_name = NULL;
1456
1457         params.flags            = 0;
1458         params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1459                                   WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1460
1461         params.level            = WBC_AUTH_USER_LEVEL_RESPONSE;
1462
1463         generate_random_buffer(params.password.response.challenge, 8);
1464
1465         if (use_ntlmv2) {
1466                 DATA_BLOB server_chal;
1467                 DATA_BLOB names_blob;
1468
1469                 server_chal = data_blob(params.password.response.challenge, 8);
1470
1471                 /* Pretend this is a login to 'us', for blob purposes */
1472                 names_blob = NTLMv2_generate_names_blob(NULL,
1473                                                 get_winbind_netbios_name(),
1474                                                 get_winbind_domain());
1475
1476                 if (!SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
1477                                       &server_chal,
1478                                       &names_blob,
1479                                       &lm, &nt, NULL, NULL)) {
1480                         data_blob_free(&names_blob);
1481                         data_blob_free(&server_chal);
1482                         TALLOC_FREE(pass);
1483                         return false;
1484                 }
1485                 data_blob_free(&names_blob);
1486                 data_blob_free(&server_chal);
1487
1488         } else {
1489                 if (use_lanman) {
1490                         bool ok;
1491                         lm = data_blob(NULL, 24);
1492                         ok = SMBencrypt(pass,
1493                                         params.password.response.challenge,
1494                                         lm.data);
1495                         if (!ok) {
1496                                 data_blob_free(&lm);
1497                         }
1498                 }
1499                 nt = data_blob(NULL, 24);
1500                 SMBNTencrypt(pass, params.password.response.challenge,
1501                              nt.data);
1502         }
1503
1504         params.password.response.nt_length      = nt.length;
1505         params.password.response.nt_data        = nt.data;
1506         params.password.response.lm_length      = lm.length;
1507         params.password.response.lm_data        = lm.data;
1508
1509         wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1510
1511         /* Display response */
1512
1513         d_printf("challenge/response password authentication %s\n",
1514                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1515
1516         if (wbc_status == WBC_ERR_AUTH_ERROR) {
1517                 d_fprintf(stderr,
1518                          "error code was %s (0x%x)\nerror messsage was: %s\n",
1519                          err->nt_string,
1520                          err->nt_status,
1521                          err->display_string);
1522                 wbcFreeMemory(err);
1523         } else if (WBC_ERROR_IS_OK(wbc_status)) {
1524                 wbcFreeMemory(info);
1525         }
1526
1527         data_blob_free(&nt);
1528         data_blob_free(&lm);
1529
1530         return WBC_ERROR_IS_OK(wbc_status);
1531 }
1532
1533 #ifdef WITH_FAKE_KASERVER
1534 /* Authenticate a user with a plaintext password and set a token */
1535
1536 static bool wbinfo_klog(char *username)
1537 {
1538         struct winbindd_request request;
1539         struct winbindd_response response;
1540         NSS_STATUS result;
1541         char *p;
1542
1543         /* Send off request */
1544
1545         ZERO_STRUCT(request);
1546         ZERO_STRUCT(response);
1547
1548         p = strchr(username, '%');
1549
1550         if (p) {
1551                 *p = 0;
1552                 fstrcpy(request.data.auth.user, username);
1553                 fstrcpy(request.data.auth.pass, p + 1);
1554                 *p = '%';
1555         } else {
1556                 fstrcpy(request.data.auth.user, username);
1557                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1558         }
1559
1560         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1561
1562         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request,
1563                                            &response);
1564
1565         /* Display response */
1566
1567         d_printf("plaintext password authentication %s\n",
1568                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1569
1570         if (response.data.auth.nt_status)
1571                 d_fprintf(stderr,
1572                          "error code was %s (0x%x)\nerror messsage was: %s\n",
1573                          response.data.auth.nt_status_string,
1574                          response.data.auth.nt_status,
1575                          response.data.auth.error_string);
1576
1577         if (result != NSS_STATUS_SUCCESS)
1578                 return false;
1579
1580         if (response.extra_data.data == NULL) {
1581                 d_fprintf(stderr, "Did not get token data\n");
1582                 return false;
1583         }
1584
1585         if (!afs_settoken_str((char *)response.extra_data.data)) {
1586                 d_fprintf(stderr, "Could not set token\n");
1587                 return false;
1588         }
1589
1590         d_printf("Successfully created AFS token\n");
1591         return true;
1592 }
1593 #else
1594 static bool wbinfo_klog(char *username)
1595 {
1596         d_fprintf(stderr, "No AFS support compiled in.\n");
1597         return false;
1598 }
1599 #endif
1600
1601 /* Print domain users */
1602
1603 static bool print_domain_users(const char *domain)
1604 {
1605         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1606         uint32_t i;
1607         uint32_t num_users = 0;
1608         const char **users = NULL;
1609
1610         /* Send request to winbind daemon */
1611
1612         /* '.' is the special sign for our own domain */
1613         if (domain && strcmp(domain, ".") == 0) {
1614                 domain = get_winbind_domain();
1615         }
1616
1617         wbc_status = wbcListUsers(domain, &num_users, &users);
1618         if (!WBC_ERROR_IS_OK(wbc_status)) {
1619                 return false;
1620         }
1621
1622         for (i=0; i < num_users; i++) {
1623                 d_printf("%s\n", users[i]);
1624         }
1625
1626         wbcFreeMemory(users);
1627
1628         return true;
1629 }
1630
1631 /* Print domain groups */
1632
1633 static bool print_domain_groups(const char *domain)
1634 {
1635         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1636         uint32_t i;
1637         uint32_t num_groups = 0;
1638         const char **groups = NULL;
1639
1640         /* Send request to winbind daemon */
1641
1642         /* '.' is the special sign for our own domain */
1643         if (domain && strcmp(domain, ".") == 0) {
1644                 domain = get_winbind_domain();
1645         }
1646
1647         wbc_status = wbcListGroups(domain, &num_groups, &groups);
1648         if (!WBC_ERROR_IS_OK(wbc_status)) {
1649                 return false;
1650         }
1651
1652         for (i=0; i < num_groups; i++) {
1653                 d_printf("%s\n", groups[i]);
1654         }
1655
1656         wbcFreeMemory(groups);
1657
1658         return true;
1659 }
1660
1661 /* Set the authorised user for winbindd access in secrets.tdb */
1662
1663 static bool wbinfo_set_auth_user(char *username)
1664 {
1665         d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
1666                           "See 'net help setauthuser' for details.\n");
1667         return false;
1668 }
1669
1670 static void wbinfo_get_auth_user(void)
1671 {
1672         d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
1673                           "See 'net help getauthuser' for details.\n");
1674 }
1675
1676 static bool wbinfo_ping(void)
1677 {
1678         wbcErr wbc_status;
1679
1680         wbc_status = wbcPing();
1681
1682         /* Display response */
1683
1684         d_printf("Ping to winbindd %s\n",
1685                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1686
1687         return WBC_ERROR_IS_OK(wbc_status);
1688 }
1689
1690 static bool wbinfo_change_user_password(const char *username)
1691 {
1692         wbcErr wbc_status;
1693         char *old_password = NULL;
1694         char *new_password = NULL;
1695         TALLOC_CTX *frame = talloc_tos();
1696
1697         old_password = wbinfo_prompt_pass(frame, "old", username);
1698         new_password = wbinfo_prompt_pass(frame, "new", username);
1699
1700         wbc_status = wbcChangeUserPassword(username, old_password,new_password);
1701
1702         /* Display response */
1703
1704         d_printf("Password change for user %s %s\n", username,
1705                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1706
1707         return WBC_ERROR_IS_OK(wbc_status);
1708 }
1709
1710 /* Main program */
1711
1712 enum {
1713         OPT_SET_AUTH_USER = 1000,
1714         OPT_GET_AUTH_USER,
1715         OPT_DOMAIN_NAME,
1716         OPT_SEQUENCE,
1717         OPT_GETDCNAME,
1718         OPT_DSGETDCNAME,
1719         OPT_USERDOMGROUPS,
1720         OPT_SIDALIASES,
1721         OPT_USERSIDS,
1722         OPT_ALLOCATE_UID,
1723         OPT_ALLOCATE_GID,
1724         OPT_SET_UID_MAPPING,
1725         OPT_SET_GID_MAPPING,
1726         OPT_REMOVE_UID_MAPPING,
1727         OPT_REMOVE_GID_MAPPING,
1728         OPT_SEPARATOR,
1729         OPT_LIST_ALL_DOMAINS,
1730         OPT_LIST_OWN_DOMAIN,
1731         OPT_UID_INFO,
1732         OPT_USER_SIDINFO,
1733         OPT_GROUP_INFO,
1734         OPT_GID_INFO,
1735         OPT_VERBOSE,
1736         OPT_ONLINESTATUS,
1737         OPT_CHANGE_USER_PASSWORD,
1738         OPT_PING_DC,
1739         OPT_SID_TO_FULLNAME,
1740         OPT_NTLMV2,
1741         OPT_LANMAN
1742 };
1743
1744 int main(int argc, char **argv, char **envp)
1745 {
1746         int opt;
1747         TALLOC_CTX *frame = talloc_stackframe();
1748         poptContext pc;
1749         static char *string_arg;
1750         char *string_subarg = NULL;
1751         static char *opt_domain_name;
1752         static int int_arg;
1753         int int_subarg = -1;
1754         int result = 1;
1755         bool verbose = false;
1756         bool use_ntlmv2 = false;
1757         bool use_lanman = false;
1758
1759         struct poptOption long_options[] = {
1760                 POPT_AUTOHELP
1761
1762                 /* longName, shortName, argInfo, argPtr, value, descrip,
1763                    argDesc */
1764
1765                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1766                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1767                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1768                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1769                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1770                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1771                 { "sid-to-fullname", 0, POPT_ARG_STRING, &string_arg,
1772                   OPT_SID_TO_FULLNAME, "Converts sid to fullname", "SID" },
1773                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1774                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1775                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1776                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1777                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1778                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1779                   "Get a new UID out of idmap" },
1780                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1781                   "Get a new GID out of idmap" },
1782                 { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" },
1783                 { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" },
1784                 { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" },
1785                 { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
1786                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1787                 { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" },
1788                 { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC,
1789                   "Check the NETLOGON connection" },
1790                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1791                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1792                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1793                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1794                 { "online-status", 0, POPT_ARG_NONE, 0, OPT_ONLINESTATUS, "Show whether domains are marked as online or offline"},
1795                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1796                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1797                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1798                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1799                 { "user-sidinfo", 0, POPT_ARG_STRING, &string_arg, OPT_USER_SIDINFO, "Get user info from sid", "SID" },
1800                 { "gid-info", 0, POPT_ARG_INT, &int_arg, OPT_GID_INFO, "Get group info from gid", "GID" },
1801                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1802                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1803                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1804                 { "sid-aliases", 0, POPT_ARG_STRING, &string_arg, OPT_SIDALIASES, "Get sid aliases", "SID" },
1805                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1806                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1807                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1808                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1809                   "Get a DC name for a foreign domain", "domainname" },
1810                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1811                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1812                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1813                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1814 #ifdef WITH_FAKE_KASERVER
1815                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1816 #endif
1817 #ifdef HAVE_KRB5
1818                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1819                         /* destroys wbinfo --help output */
1820                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1821 #endif
1822                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1823                 { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
1824                 { "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL },
1825                 { "ntlmv2", 0, POPT_ARG_NONE, 0, OPT_NTLMV2, "Use NTLMv2 cryptography for user authentication", NULL},
1826                 { "lanman", 0, POPT_ARG_NONE, 0, OPT_LANMAN, "Use lanman cryptography for user authentication", NULL},
1827                 POPT_COMMON_VERSION
1828                 POPT_TABLEEND
1829         };
1830
1831         /* Samba client initialisation */
1832         load_case_tables();
1833
1834
1835         /* Parse options */
1836
1837         pc = poptGetContext("wbinfo", argc, (const char **)argv,
1838                             long_options, 0);
1839
1840         /* Parse command line options */
1841
1842         if (argc == 1) {
1843                 poptPrintHelp(pc, stderr, 0);
1844                 return 1;
1845         }
1846
1847         while((opt = poptGetNextOpt(pc)) != -1) {
1848                 /* get the generic configuration parameters like --domain */
1849                 switch (opt) {
1850                 case OPT_VERBOSE:
1851                         verbose = true;
1852                         break;
1853                 case OPT_NTLMV2:
1854                         use_ntlmv2 = true;
1855                         break;
1856                 case OPT_LANMAN:
1857                         use_lanman = true;
1858                         break;
1859                 }
1860         }
1861
1862         poptFreeContext(pc);
1863
1864         pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
1865                             POPT_CONTEXT_KEEP_FIRST);
1866
1867         while((opt = poptGetNextOpt(pc)) != -1) {
1868                 switch (opt) {
1869                 case 'u':
1870                         if (!print_domain_users(opt_domain_name)) {
1871                                 d_fprintf(stderr,
1872                                           "Error looking up domain users\n");
1873                                 goto done;
1874                         }
1875                         break;
1876                 case 'g':
1877                         if (!print_domain_groups(opt_domain_name)) {
1878                                 d_fprintf(stderr,
1879                                           "Error looking up domain groups\n");
1880                                 goto done;
1881                         }
1882                         break;
1883                 case 's':
1884                         if (!wbinfo_lookupsid(string_arg)) {
1885                                 d_fprintf(stderr,
1886                                           "Could not lookup sid %s\n",
1887                                           string_arg);
1888                                 goto done;
1889                         }
1890                         break;
1891                 case OPT_SID_TO_FULLNAME:
1892                         if (!wbinfo_lookupsid_fullname(string_arg)) {
1893                                 d_fprintf(stderr, "Could not lookup sid %s\n",
1894                                           string_arg);
1895                                 goto done;
1896                         }
1897                         break;
1898                 case 'R':
1899                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1900                                 d_fprintf(stderr, "Could not lookup RIDs %s\n",
1901                                           string_arg);
1902                                 goto done;
1903                         }
1904                         break;
1905                 case 'n':
1906                         if (!wbinfo_lookupname(string_arg)) {
1907                                 d_fprintf(stderr, "Could not lookup name %s\n",
1908                                           string_arg);
1909                                 goto done;
1910                         }
1911                         break;
1912                 case 'N':
1913                         if (!wbinfo_wins_byname(string_arg)) {
1914                                 d_fprintf(stderr,
1915                                           "Could not lookup WINS by name %s\n",
1916                                           string_arg);
1917                                 goto done;
1918                         }
1919                         break;
1920                 case 'I':
1921                         if (!wbinfo_wins_byip(string_arg)) {
1922                                 d_fprintf(stderr,
1923                                           "Could not lookup WINS by IP %s\n",
1924                                           string_arg);
1925                                 goto done;
1926                         }
1927                         break;
1928                 case 'U':
1929                         if (!wbinfo_uid_to_sid(int_arg)) {
1930                                 d_fprintf(stderr,
1931                                           "Could not convert uid %d to sid\n",
1932                                           int_arg);
1933                                 goto done;
1934                         }
1935                         break;
1936                 case 'G':
1937                         if (!wbinfo_gid_to_sid(int_arg)) {
1938                                 d_fprintf(stderr,
1939                                           "Could not convert gid %d to sid\n",
1940                                           int_arg);
1941                                 goto done;
1942                         }
1943                         break;
1944                 case 'S':
1945                         if (!wbinfo_sid_to_uid(string_arg)) {
1946                                 d_fprintf(stderr,
1947                                           "Could not convert sid %s to uid\n",
1948                                           string_arg);
1949                                 goto done;
1950                         }
1951                         break;
1952                 case 'Y':
1953                         if (!wbinfo_sid_to_gid(string_arg)) {
1954                                 d_fprintf(stderr,
1955                                           "Could not convert sid %s to gid\n",
1956                                           string_arg);
1957                                 goto done;
1958                         }
1959                         break;
1960                 case OPT_ALLOCATE_UID:
1961                         if (!wbinfo_allocate_uid()) {
1962                                 d_fprintf(stderr, "Could not allocate a uid\n");
1963                                 goto done;
1964                         }
1965                         break;
1966                 case OPT_ALLOCATE_GID:
1967                         if (!wbinfo_allocate_gid()) {
1968                                 d_fprintf(stderr, "Could not allocate a gid\n");
1969                                 goto done;
1970                         }
1971                         break;
1972                 case OPT_SET_UID_MAPPING:
1973                         if (!parse_mapping_arg(string_arg, &int_subarg,
1974                                 &string_subarg) ||
1975                             !wbinfo_set_uid_mapping(int_subarg, string_subarg))
1976                         {
1977                                 d_fprintf(stderr, "Could not create or modify "
1978                                           "uid to sid mapping\n");
1979                                 goto done;
1980                         }
1981                         break;
1982                 case OPT_SET_GID_MAPPING:
1983                         if (!parse_mapping_arg(string_arg, &int_subarg,
1984                                 &string_subarg) ||
1985                             !wbinfo_set_gid_mapping(int_subarg, string_subarg))
1986                         {
1987                                 d_fprintf(stderr, "Could not create or modify "
1988                                           "gid to sid mapping\n");
1989                                 goto done;
1990                         }
1991                         break;
1992                 case OPT_REMOVE_UID_MAPPING:
1993                         if (!parse_mapping_arg(string_arg, &int_subarg,
1994                                 &string_subarg) ||
1995                             !wbinfo_remove_uid_mapping(int_subarg,
1996                                 string_subarg))
1997                         {
1998                                 d_fprintf(stderr, "Could not remove uid to sid "
1999                                     "mapping\n");
2000                                 goto done;
2001                         }
2002                         break;
2003                 case OPT_REMOVE_GID_MAPPING:
2004                         if (!parse_mapping_arg(string_arg, &int_subarg,
2005                                 &string_subarg) ||
2006                             !wbinfo_remove_gid_mapping(int_subarg,
2007                                 string_subarg))
2008                         {
2009                                 d_fprintf(stderr, "Could not remove gid to sid "
2010                                     "mapping\n");
2011                                 goto done;
2012                         }
2013                         break;
2014                 case 't':
2015                         if (!wbinfo_check_secret(opt_domain_name)) {
2016                                 d_fprintf(stderr, "Could not check secret\n");
2017                                 goto done;
2018                         }
2019                         break;
2020                 case 'c':
2021                         if (!wbinfo_change_secret(opt_domain_name)) {
2022                                 d_fprintf(stderr, "Could not change secret\n");
2023                                 goto done;
2024                         }
2025                         break;
2026                 case OPT_PING_DC:
2027                         if (!wbinfo_ping_dc()) {
2028                                 d_fprintf(stderr, "Could not ping our DC\n");
2029                                 goto done;
2030                         }
2031                         break;
2032                 case 'm':
2033                         if (!wbinfo_list_domains(false, verbose)) {
2034                                 d_fprintf(stderr,
2035                                           "Could not list trusted domains\n");
2036                                 goto done;
2037                         }
2038                         break;
2039                 case OPT_SEQUENCE:
2040                         if (!wbinfo_show_sequence(opt_domain_name)) {
2041                                 d_fprintf(stderr,
2042                                           "Could not show sequence numbers\n");
2043                                 goto done;
2044                         }
2045                         break;
2046                 case OPT_ONLINESTATUS:
2047                         if (!wbinfo_show_onlinestatus(opt_domain_name)) {
2048                                 d_fprintf(stderr,
2049                                           "Could not show online-status\n");
2050                                 goto done;
2051                         }
2052                         break;
2053                 case 'D':
2054                         if (!wbinfo_domain_info(string_arg)) {
2055                                 d_fprintf(stderr,
2056                                           "Could not get domain info\n");
2057                                 goto done;
2058                         }
2059                         break;
2060                 case 'i':
2061                         if (!wbinfo_get_userinfo(string_arg)) {
2062                                 d_fprintf(stderr,
2063                                           "Could not get info for user %s\n",
2064                                           string_arg);
2065                                 goto done;
2066                         }
2067                         break;
2068                 case OPT_USER_SIDINFO:
2069                         if ( !wbinfo_get_user_sidinfo(string_arg)) {
2070                                 d_fprintf(stderr,
2071                                           "Could not get info for user "
2072                                           "sid %s\n", string_arg);
2073                                 goto done;
2074                         }
2075                         break;
2076                 case OPT_UID_INFO:
2077                         if ( !wbinfo_get_uidinfo(int_arg)) {
2078                                 d_fprintf(stderr, "Could not get info for uid "
2079                                                 "%d\n", int_arg);
2080                                 goto done;
2081                         }
2082                         break;
2083                 case OPT_GROUP_INFO:
2084                         if ( !wbinfo_get_groupinfo(string_arg)) {
2085                                 d_fprintf(stderr, "Could not get info for "
2086                                           "group %s\n", string_arg);
2087                                 goto done;
2088                         }
2089                         break;
2090                 case OPT_GID_INFO:
2091                         if ( !wbinfo_get_gidinfo(int_arg)) {
2092                                 d_fprintf(stderr, "Could not get info for gid "
2093                                                 "%d\n", int_arg);
2094                                 goto done;
2095                         }
2096                         break;
2097                 case 'r':
2098                         if (!wbinfo_get_usergroups(string_arg)) {
2099                                 d_fprintf(stderr,
2100                                           "Could not get groups for user %s\n",
2101                                           string_arg);
2102                                 goto done;
2103                         }
2104                         break;
2105                 case OPT_USERSIDS:
2106                         if (!wbinfo_get_usersids(string_arg)) {
2107                                 d_fprintf(stderr, "Could not get group SIDs "
2108                                           "for user SID %s\n",
2109                                           string_arg);
2110                                 goto done;
2111                         }
2112                         break;
2113                 case OPT_USERDOMGROUPS:
2114                         if (!wbinfo_get_userdomgroups(string_arg)) {
2115                                 d_fprintf(stderr, "Could not get user's domain "
2116                                          "groups for user SID %s\n",
2117                                          string_arg);
2118                                 goto done;
2119                         }
2120                         break;
2121                 case OPT_SIDALIASES:
2122                         if (!wbinfo_get_sidaliases(opt_domain_name,
2123                                                    string_arg)) {
2124                                 d_fprintf(stderr, "Could not get sid aliases "
2125                                          "for user SID %s\n", string_arg);
2126                                 goto done;
2127                         }
2128                         break;
2129                 case 'a': {
2130                                 bool got_error = false;
2131
2132                                 if (!wbinfo_auth(string_arg)) {
2133                                         d_fprintf(stderr,
2134                                                   "Could not authenticate user "
2135                                                   "%s with plaintext "
2136                                                   "password\n", string_arg);
2137                                         got_error = true;
2138                                 }
2139
2140                                 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
2141                                                       use_lanman)) {
2142                                         d_fprintf(stderr,
2143                                                 "Could not authenticate user "
2144                                                 "%s with challenge/response\n",
2145                                                 string_arg);
2146                                         got_error = true;
2147                                 }
2148
2149                                 if (got_error)
2150                                         goto done;
2151                                 break;
2152                         }
2153                 case 'K': {
2154                                 uint32_t flags = WBFLAG_PAM_KRB5 |
2155                                                  WBFLAG_PAM_CACHED_LOGIN |
2156                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
2157                                                  WBFLAG_PAM_INFO3_TEXT |
2158                                                  WBFLAG_PAM_CONTACT_TRUSTDOM;
2159
2160                                 if (!wbinfo_auth_krb5(string_arg, "FILE",
2161                                                       flags)) {
2162                                         d_fprintf(stderr,
2163                                                 "Could not authenticate user "
2164                                                 "[%s] with Kerberos "
2165                                                 "(ccache: %s)\n", string_arg,
2166                                                 "FILE");
2167                                         goto done;
2168                                 }
2169                                 break;
2170                         }
2171                 case 'k':
2172                         if (!wbinfo_klog(string_arg)) {
2173                                 d_fprintf(stderr, "Could not klog user\n");
2174                                 goto done;
2175                         }
2176                         break;
2177                 case 'p':
2178                         if (!wbinfo_ping()) {
2179                                 d_fprintf(stderr, "could not ping winbindd!\n");
2180                                 goto done;
2181                         }
2182                         break;
2183                 case OPT_SET_AUTH_USER:
2184                         if (!wbinfo_set_auth_user(string_arg)) {
2185                                 goto done;
2186                         }
2187                         break;
2188                 case OPT_GET_AUTH_USER:
2189                         wbinfo_get_auth_user();
2190                         goto done;
2191                         break;
2192                 case OPT_GETDCNAME:
2193                         if (!wbinfo_getdcname(string_arg)) {
2194                                 goto done;
2195                         }
2196                         break;
2197                 case OPT_DSGETDCNAME:
2198                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
2199                                 goto done;
2200                         }
2201                         break;
2202                 case OPT_SEPARATOR: {
2203                         const char sep = winbind_separator();
2204                         if ( !sep ) {
2205                                 goto done;
2206                         }
2207                         d_printf("%c\n", sep);
2208                         break;
2209                 }
2210                 case OPT_LIST_ALL_DOMAINS:
2211                         if (!wbinfo_list_domains(true, verbose)) {
2212                                 goto done;
2213                         }
2214                         break;
2215                 case OPT_LIST_OWN_DOMAIN:
2216                         if (!wbinfo_list_own_domain()) {
2217                                 goto done;
2218                         }
2219                         break;
2220                 case OPT_CHANGE_USER_PASSWORD:
2221                         if (!wbinfo_change_user_password(string_arg)) {
2222                                 d_fprintf(stderr,
2223                                         "Could not change user password "
2224                                          "for user %s\n", string_arg);
2225                                 goto done;
2226                         }
2227                         break;
2228
2229                 /* generic configuration options */
2230                 case OPT_DOMAIN_NAME:
2231                         break;
2232                 case OPT_VERBOSE:
2233                         break;
2234                 case OPT_NTLMV2:
2235                         break;
2236                 case OPT_LANMAN:
2237                         break;
2238                 default:
2239                         d_fprintf(stderr, "Invalid option\n");
2240                         poptPrintHelp(pc, stderr, 0);
2241                         goto done;
2242                 }
2243         }
2244
2245         result = 0;
2246
2247         /* Exit code */
2248
2249  done:
2250         talloc_free(frame);
2251
2252         poptFreeContext(pc);
2253         return result;
2254 }