Generate pkgconfig files for at least lib{smbclient,smbsharemodes,netapi}.
[ira/wip.git] / source3 / nsswitch / wbinfo.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "winbind_client.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_WINBIND
28
29 extern int winbindd_fd;
30
31 static char winbind_separator_int(bool strict)
32 {
33         struct winbindd_response response;
34         static bool got_sep;
35         static char sep;
36
37         if (got_sep)
38                 return sep;
39
40         ZERO_STRUCT(response);
41
42         /* Send off request */
43
44         if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
45             NSS_STATUS_SUCCESS) {
46                 d_fprintf(stderr, "could not obtain winbind separator!\n");
47                 if (strict) {
48                         return 0;
49                 }
50                 /* HACK: (this module should not call lp_ funtions) */
51                 return *lp_winbind_separator();
52         }
53
54         sep = response.data.info.winbind_separator;
55         got_sep = True;
56
57         if (!sep) {
58                 d_fprintf(stderr, "winbind separator was NULL!\n");
59                 if (strict) {
60                         return 0;
61                 }
62                 /* HACK: (this module should not call lp_ funtions) */
63                 sep = *lp_winbind_separator();
64         }
65         
66         return sep;
67 }
68
69 static char winbind_separator(void)
70 {
71         return winbind_separator_int(False);
72 }
73
74 static const char *get_winbind_domain(void)
75 {
76         struct winbindd_response response;
77         static fstring winbind_domain;
78
79         ZERO_STRUCT(response);
80
81         /* Send off request */
82
83         if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
84             NSS_STATUS_SUCCESS) {
85                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
86                 
87                 /* HACK: (this module should not call lp_ funtions) */
88                 return lp_workgroup();
89         }
90
91         fstrcpy(winbind_domain, response.data.domain_name);
92
93         return winbind_domain;
94
95 }
96
97 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
98    form DOMAIN/user into a domain and a user */
99
100 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, 
101                                      fstring user)
102 {
103
104         char *p = strchr(domuser,winbind_separator());
105
106         if (!p) {
107                 /* Maybe it was a UPN? */
108                 if ((p = strchr(domuser, '@')) != NULL) {
109                         fstrcpy(domain, "");
110                         fstrcpy(user, domuser);
111                         return True;
112                 }
113                 
114                 fstrcpy(user, domuser);
115                 fstrcpy(domain, get_winbind_domain());
116                 return True;
117         }
118         
119         fstrcpy(user, p+1);
120         fstrcpy(domain, domuser);
121         domain[PTR_DIFF(p, domuser)] = 0;
122         strupper_m(domain);
123
124         return True;
125 }
126
127 /* pull pwent info for a given user */
128
129 static bool wbinfo_get_userinfo(char *user)
130 {
131         struct winbindd_request request;
132         struct winbindd_response response;
133         NSS_STATUS result;
134         
135         ZERO_STRUCT(request);
136         ZERO_STRUCT(response);
137
138         /* Send request */
139         
140         fstrcpy(request.data.username, user);
141
142         result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
143         
144         if (result != NSS_STATUS_SUCCESS)
145                 return False;
146         
147         d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
148                           response.data.pw.pw_name,
149                           response.data.pw.pw_passwd,
150                           response.data.pw.pw_uid,
151                           response.data.pw.pw_gid,
152                           response.data.pw.pw_gecos,
153                           response.data.pw.pw_dir,
154                           response.data.pw.pw_shell );
155         
156         return True;
157 }
158
159 /* pull pwent info for a given uid */
160 static bool wbinfo_get_uidinfo(int uid)
161 {
162         struct winbindd_request request;
163         struct winbindd_response response;
164         NSS_STATUS result;
165
166         ZERO_STRUCT(request);
167         ZERO_STRUCT(response);
168
169         request.data.uid = uid;
170
171         result = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
172
173         if (result != NSS_STATUS_SUCCESS)
174                 return False;
175
176         d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
177                 response.data.pw.pw_name,
178                 response.data.pw.pw_passwd,
179                 response.data.pw.pw_uid,
180                 response.data.pw.pw_gid,
181                 response.data.pw.pw_gecos,
182                 response.data.pw.pw_dir,
183                 response.data.pw.pw_shell );
184
185         return True;
186 }
187
188 /* pull grent for a given group */
189 static bool wbinfo_get_groupinfo(char *group)
190 {
191         struct winbindd_request request;
192         struct winbindd_response response;
193         NSS_STATUS result;
194
195         ZERO_STRUCT(request);
196         ZERO_STRUCT(response);
197
198         /* Send request */
199
200         fstrcpy(request.data.groupname, group);
201
202         result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
203                                            &response);
204
205         if ( result != NSS_STATUS_SUCCESS)
206                 return False;
207
208         d_printf( "%s:%s:%d\n",
209                   response.data.gr.gr_name,
210                   response.data.gr.gr_passwd,
211                   response.data.gr.gr_gid );
212         
213         return True;
214 }
215
216 /* List groups a user is a member of */
217
218 static bool wbinfo_get_usergroups(char *user)
219 {
220         struct winbindd_request request;
221         struct winbindd_response response;
222         NSS_STATUS result;
223         int i;
224         
225         ZERO_STRUCT(request);
226         ZERO_STRUCT(response);
227
228         /* Send request */
229
230         fstrcpy(request.data.username, user);
231
232         result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
233
234         if (result != NSS_STATUS_SUCCESS)
235                 return False;
236
237         for (i = 0; i < response.data.num_entries; i++)
238                 d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
239
240         SAFE_FREE(response.extra_data.data);
241
242         return True;
243 }
244
245
246 /* List group SIDs a user SID is a member of */
247 static bool wbinfo_get_usersids(char *user_sid)
248 {
249         struct winbindd_request request;
250         struct winbindd_response response;
251         NSS_STATUS result;
252         int i;
253         const char *s;
254
255         ZERO_STRUCT(request);
256         ZERO_STRUCT(response);
257
258         /* Send request */
259         fstrcpy(request.data.sid, user_sid);
260
261         result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
262
263         if (result != NSS_STATUS_SUCCESS)
264                 return False;
265
266         s = (const char *)response.extra_data.data;
267         for (i = 0; i < response.data.num_entries; i++) {
268                 d_printf("%s\n", s);
269                 s += strlen(s) + 1;
270         }
271
272         SAFE_FREE(response.extra_data.data);
273
274         return True;
275 }
276
277 static bool wbinfo_get_userdomgroups(const char *user_sid)
278 {
279         struct winbindd_request request;
280         struct winbindd_response response;
281         NSS_STATUS result;
282
283         ZERO_STRUCT(request);
284         ZERO_STRUCT(response);
285
286         /* Send request */
287         fstrcpy(request.data.sid, user_sid);
288
289         result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
290                                   &response);
291
292         if (result != NSS_STATUS_SUCCESS)
293                 return False;
294
295         if (response.data.num_entries != 0)
296                 printf("%s", (char *)response.extra_data.data);
297         
298         SAFE_FREE(response.extra_data.data);
299
300         return True;
301 }
302
303 /* Convert NetBIOS name to IP */
304
305 static bool wbinfo_wins_byname(char *name)
306 {
307         struct winbindd_request request;
308         struct winbindd_response response;
309
310         ZERO_STRUCT(request);
311         ZERO_STRUCT(response);
312
313         /* Send request */
314
315         fstrcpy(request.data.winsreq, name);
316
317         if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
318             NSS_STATUS_SUCCESS) {
319                 return False;
320         }
321
322         /* Display response */
323
324         d_printf("%s\n", response.data.winsresp);
325
326         return True;
327 }
328
329 /* Convert IP to NetBIOS name */
330
331 static bool wbinfo_wins_byip(char *ip)
332 {
333         struct winbindd_request request;
334         struct winbindd_response response;
335
336         ZERO_STRUCT(request);
337         ZERO_STRUCT(response);
338
339         /* Send request */
340
341         fstrcpy(request.data.winsreq, ip);
342
343         if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
344             NSS_STATUS_SUCCESS) {
345                 return False;
346         }
347
348         /* Display response */
349
350         d_printf("%s\n", response.data.winsresp);
351
352         return True;
353 }
354
355 /* List trusted domains */
356
357 static bool wbinfo_list_domains(bool list_all_domains)
358 {
359         struct winbindd_request request;
360         struct winbindd_response response;
361
362         ZERO_STRUCT(request);
363         ZERO_STRUCT(response);
364
365         /* Send request */
366
367         request.data.list_all_domains = list_all_domains;
368
369         if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
370             NSS_STATUS_SUCCESS)
371                 return False;
372
373         /* Display response */
374
375         if (response.extra_data.data) {
376                 const char *extra_data = (char *)response.extra_data.data;
377                 char *name;
378                 char *p;
379                 TALLOC_CTX *frame = talloc_stackframe();
380
381                 while(next_token_talloc(frame,&extra_data,&name,"\n")) {
382                         p = strchr(name, '\\');
383                         if (p == 0) {
384                                 d_fprintf(stderr, "Got invalid response: %s\n",
385                                          extra_data);
386                                 TALLOC_FREE(frame);
387                                 SAFE_FREE(response.extra_data.data);
388                                 return False;
389                         }
390                         *p = 0;
391                         d_printf("%s\n", name);
392                 }
393                 TALLOC_FREE(frame);
394                 SAFE_FREE(response.extra_data.data);
395         }
396
397         return True;
398 }
399
400 /* List own domain */
401
402 static bool wbinfo_list_own_domain(void)
403 {
404         d_printf("%s\n", get_winbind_domain());
405
406         return True;
407 }
408
409 /* show sequence numbers */
410 static bool wbinfo_show_sequence(const char *domain)
411 {
412         struct winbindd_request  request;
413         struct winbindd_response response;
414
415         ZERO_STRUCT(response);
416         ZERO_STRUCT(request);
417
418         if ( domain )
419                 fstrcpy( request.domain_name, domain );
420
421         /* Send request */
422
423         if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
424             NSS_STATUS_SUCCESS)
425                 return False;
426
427         /* Display response */
428
429         if (domain) {
430                 d_printf("%s : ", domain);
431                 if (response.data.sequence_number == (uint32_t)-1) {
432                         d_printf("DISCONNECTED\n");
433                 } else {
434                         d_printf("%d\n", response.data.sequence_number);
435                 }
436         } else if (response.extra_data.data) {
437                 char *extra_data = (char *)response.extra_data.data;
438                 d_printf("%s", extra_data);
439                 SAFE_FREE(response.extra_data.data);
440         }
441
442         return True;
443 }
444
445 /* Show domain info */
446
447 static bool wbinfo_domain_info(const char *domain_name)
448 {
449         struct winbindd_request request;
450         struct winbindd_response response;
451
452         ZERO_STRUCT(request);
453         ZERO_STRUCT(response);
454
455         if ((strequal(domain_name, ".")) || (domain_name[0] == '\0'))
456                 fstrcpy(request.domain_name, get_winbind_domain());
457         else
458                 fstrcpy(request.domain_name, domain_name);
459
460         /* Send request */
461
462         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
463             NSS_STATUS_SUCCESS)
464                 return False;
465
466         /* Display response */
467
468         d_printf("Name              : %s\n", response.data.domain_info.name);
469         d_printf("Alt_Name          : %s\n", response.data.domain_info.alt_name);
470
471         d_printf("SID               : %s\n", response.data.domain_info.sid);
472
473         d_printf("Active Directory  : %s\n",
474                  response.data.domain_info.active_directory ? "Yes" : "No");
475         d_printf("Native            : %s\n",
476                  response.data.domain_info.native_mode ? "Yes" : "No");
477
478         d_printf("Primary           : %s\n",
479                  response.data.domain_info.primary ? "Yes" : "No");
480
481         return True;
482 }
483
484 /* Get a foreign DC's name */
485 static bool wbinfo_getdcname(const char *domain_name)
486 {
487         struct winbindd_request request;
488         struct winbindd_response response;
489
490         ZERO_STRUCT(request);
491         ZERO_STRUCT(response);
492
493         fstrcpy(request.domain_name, domain_name);
494
495         /* Send request */
496
497         if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
498             NSS_STATUS_SUCCESS) {
499                 d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
500                 return False;
501         }
502
503         /* Display response */
504
505         d_printf("%s\n", response.data.dc_name);
506
507         return True;
508 }
509
510 /* Find a DC */
511 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
512 {
513         struct winbindd_request request;
514         struct winbindd_response response;
515
516         ZERO_STRUCT(request);
517         ZERO_STRUCT(response);
518
519         fstrcpy(request.domain_name, domain_name);
520         request.flags = flags;
521
522         request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
523
524         /* Send request */
525
526         if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
527             NSS_STATUS_SUCCESS) {
528                 d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
529                 return False;
530         }
531
532         /* Display response */
533
534         d_printf("%s\n", response.data.dc_name);
535
536         return True;
537 }
538
539 /* Check trust account password */
540
541 static bool wbinfo_check_secret(void)
542 {
543         struct winbindd_response response;
544         NSS_STATUS result;
545
546         ZERO_STRUCT(response);
547
548         result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
549                 
550         d_printf("checking the trust secret via RPC calls %s\n", 
551                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
552
553         if (result != NSS_STATUS_SUCCESS)       
554                 d_fprintf(stderr, "error code was %s (0x%x)\n", 
555                          response.data.auth.nt_status_string, 
556                          response.data.auth.nt_status);
557         
558         return result == NSS_STATUS_SUCCESS;    
559 }
560
561 /* Convert uid to sid */
562
563 static bool wbinfo_uid_to_sid(uid_t uid)
564 {
565         struct winbindd_request request;
566         struct winbindd_response response;
567
568         ZERO_STRUCT(request);
569         ZERO_STRUCT(response);
570
571         /* Send request */
572
573         request.data.uid = uid;
574
575         if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
576             NSS_STATUS_SUCCESS)
577                 return False;
578
579         /* Display response */
580
581         d_printf("%s\n", response.data.sid.sid);
582
583         return True;
584 }
585
586 /* Convert gid to sid */
587
588 static bool wbinfo_gid_to_sid(gid_t gid)
589 {
590         struct winbindd_request request;
591         struct winbindd_response response;
592
593         ZERO_STRUCT(request);
594         ZERO_STRUCT(response);
595
596         /* Send request */
597
598         request.data.gid = gid;
599
600         if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
601             NSS_STATUS_SUCCESS)
602                 return False;
603
604         /* Display response */
605
606         d_printf("%s\n", response.data.sid.sid);
607
608         return True;
609 }
610
611 /* Convert sid to uid */
612
613 static bool wbinfo_sid_to_uid(char *sid)
614 {
615         struct winbindd_request request;
616         struct winbindd_response response;
617
618         ZERO_STRUCT(request);
619         ZERO_STRUCT(response);
620
621         /* Send request */
622
623         fstrcpy(request.data.sid, sid);
624
625         if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
626             NSS_STATUS_SUCCESS)
627                 return False;
628
629         /* Display response */
630
631         d_printf("%d\n", (int)response.data.uid);
632
633         return True;
634 }
635
636 static bool wbinfo_sid_to_gid(char *sid)
637 {
638         struct winbindd_request request;
639         struct winbindd_response response;
640
641         ZERO_STRUCT(request);
642         ZERO_STRUCT(response);
643
644         /* Send request */
645
646         fstrcpy(request.data.sid, sid);
647
648         if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
649             NSS_STATUS_SUCCESS)
650                 return False;
651
652         /* Display response */
653
654         d_printf("%d\n", (int)response.data.gid);
655
656         return True;
657 }
658
659 static bool wbinfo_allocate_uid(void)
660 {
661         uid_t uid;
662
663         if (!winbind_allocate_uid(&uid))
664                 return False;
665
666         d_printf("New uid: %d\n", uid);
667
668         return True;
669 }
670
671 static bool wbinfo_allocate_gid(void)
672 {
673         gid_t gid;
674
675         if (!winbind_allocate_gid(&gid))
676                 return False;
677
678         d_printf("New gid: %d\n", gid);
679
680         return True;
681 }
682
683 /* Convert sid to string */
684
685 static bool wbinfo_lookupsid(char *sid)
686 {
687         struct winbindd_request request;
688         struct winbindd_response response;
689
690         ZERO_STRUCT(request);
691         ZERO_STRUCT(response);
692
693         /* Send off request */
694
695         fstrcpy(request.data.sid, sid);
696
697         if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
698             NSS_STATUS_SUCCESS)
699                 return False;
700
701         /* Display response */
702
703         d_printf("%s%c%s %d\n", response.data.name.dom_name, 
704                  winbind_separator(), response.data.name.name, 
705                  response.data.name.type);
706
707         return True;
708 }
709
710 /* Lookup a list of RIDs */
711
712 static bool wbinfo_lookuprids(char *domain, char *arg)
713 {
714         size_t i;
715         DOM_SID sid;
716         int num_rids;
717         uint32 *rids;
718         const char *p;
719         char *ridstr;
720         const char **names;
721         enum lsa_SidType *types;
722         const char *domain_name;
723         TALLOC_CTX *mem_ctx;
724         struct winbindd_request request;
725         struct winbindd_response response;
726
727         ZERO_STRUCT(request);
728         ZERO_STRUCT(response);
729
730         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0'))
731                 fstrcpy(request.domain_name, get_winbind_domain());
732         else
733                 fstrcpy(request.domain_name, domain);
734
735         /* Send request */
736
737         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
738             NSS_STATUS_SUCCESS) {
739                 d_printf("Could not get domain sid for %s\n", request.domain_name);
740                 return False;
741         }
742
743         if (!string_to_sid(&sid, response.data.domain_info.sid)) {
744                 d_printf("Could not convert %s to sid\n", response.data.domain_info.sid);
745                 return False;
746         }
747
748         mem_ctx = talloc_new(NULL);
749         if (mem_ctx == NULL) {
750                 d_printf("talloc_new failed\n");
751                 return False;
752         }
753
754         num_rids = 0;
755         rids = NULL;
756         p = arg;
757
758         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
759                 uint32 rid = strtoul(ridstr, NULL, 10);
760                 ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
761         }
762
763         if (rids == NULL) {
764                 TALLOC_FREE(mem_ctx);
765                 return False;
766         }
767
768         if (!winbind_lookup_rids(mem_ctx, &sid, num_rids, rids,
769                                  &domain_name, &names, &types)) {
770                 d_printf("winbind_lookup_rids failed\n");
771                 TALLOC_FREE(mem_ctx);
772                 return False;
773         }
774
775         d_printf("Domain: %s\n", domain_name);
776
777         for (i=0; i<num_rids; i++) {
778                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
779                          sid_type_lookup(types[i]));
780         }
781
782         TALLOC_FREE(mem_ctx);
783         return True;
784 }
785
786 /* Convert string to sid */
787
788 static bool wbinfo_lookupname(char *name)
789 {
790         struct winbindd_request request;
791         struct winbindd_response response;
792
793         /* Send off request */
794
795         ZERO_STRUCT(request);
796         ZERO_STRUCT(response);
797
798         parse_wbinfo_domain_user(name, request.data.name.dom_name, 
799                                  request.data.name.name);
800
801         if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
802             NSS_STATUS_SUCCESS)
803                 return False;
804
805         /* Display response */
806
807         d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
808
809         return True;
810 }
811
812 /* Authenticate a user with a plaintext password */
813
814 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
815 {
816         struct winbindd_request request;
817         struct winbindd_response response;
818         NSS_STATUS result;
819         char *p;
820
821         /* Send off request */
822
823         ZERO_STRUCT(request);
824         ZERO_STRUCT(response);
825
826         p = strchr(username, '%');
827
828         if (p) {
829                 *p = 0;
830                 fstrcpy(request.data.auth.user, username);
831                 fstrcpy(request.data.auth.pass, p + 1);
832                 *p = '%';
833         } else
834                 fstrcpy(request.data.auth.user, username);
835
836         request.flags = flags;
837
838         fstrcpy(request.data.auth.krb5_cc_type, cctype);
839
840         request.data.auth.uid = geteuid();
841
842         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
843
844         /* Display response */
845
846         d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", 
847                 username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
848
849         if (response.data.auth.nt_status)
850                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
851                          response.data.auth.nt_status_string, 
852                          response.data.auth.nt_status,
853                          response.data.auth.error_string);
854
855         if (result == NSS_STATUS_SUCCESS) {
856
857                 if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
858                         if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
859                                 d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
860                         }
861                 }
862
863                 if (response.data.auth.krb5ccname[0] != '\0') {
864                         d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
865                 } else {
866                         d_printf("no credentials cached\n");
867                 }
868         }
869
870         return result == NSS_STATUS_SUCCESS;
871 }
872
873 /* Authenticate a user with a plaintext password */
874
875 static bool wbinfo_auth(char *username)
876 {
877         struct winbindd_request request;
878         struct winbindd_response response;
879         NSS_STATUS result;
880         char *p;
881
882         /* Send off request */
883
884         ZERO_STRUCT(request);
885         ZERO_STRUCT(response);
886
887         p = strchr(username, '%');
888
889         if (p) {
890                 *p = 0;
891                 fstrcpy(request.data.auth.user, username);
892                 fstrcpy(request.data.auth.pass, p + 1);
893                 *p = '%';
894         } else
895                 fstrcpy(request.data.auth.user, username);
896
897         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
898
899         /* Display response */
900
901         d_printf("plaintext password authentication %s\n", 
902                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
903
904         if (response.data.auth.nt_status)
905                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
906                          response.data.auth.nt_status_string, 
907                          response.data.auth.nt_status,
908                          response.data.auth.error_string);
909
910         return result == NSS_STATUS_SUCCESS;
911 }
912
913 /* Authenticate a user with a challenge/response */
914
915 static bool wbinfo_auth_crap(char *username)
916 {
917         struct winbindd_request request;
918         struct winbindd_response response;
919         NSS_STATUS result;
920         fstring name_user;
921         fstring name_domain;
922         fstring pass;
923         char *p;
924
925         /* Send off request */
926
927         ZERO_STRUCT(request);
928         ZERO_STRUCT(response);
929
930         p = strchr(username, '%');
931
932         if (p) {
933                 *p = 0;
934                 fstrcpy(pass, p + 1);
935         }
936                 
937         parse_wbinfo_domain_user(username, name_domain, name_user);
938
939         request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
940
941         fstrcpy(request.data.auth_crap.user, name_user);
942
943         fstrcpy(request.data.auth_crap.domain, 
944                               name_domain);
945
946         generate_random_buffer(request.data.auth_crap.chal, 8);
947         
948         if (lp_client_ntlmv2_auth()) {
949                 DATA_BLOB server_chal;
950                 DATA_BLOB names_blob;   
951
952                 DATA_BLOB lm_response;
953                 DATA_BLOB nt_response;
954
955                 server_chal = data_blob(request.data.auth_crap.chal, 8); 
956                 
957                 /* Pretend this is a login to 'us', for blob purposes */
958                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
959                 
960                 if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, 
961                                       &names_blob,
962                                       &lm_response, &nt_response, NULL)) {
963                         data_blob_free(&names_blob);
964                         data_blob_free(&server_chal);
965                         return False;
966                 }
967                 data_blob_free(&names_blob);
968                 data_blob_free(&server_chal);
969
970                 memcpy(request.data.auth_crap.nt_resp, nt_response.data, 
971                        MIN(nt_response.length, 
972                            sizeof(request.data.auth_crap.nt_resp)));
973                 request.data.auth_crap.nt_resp_len = nt_response.length;
974
975                 memcpy(request.data.auth_crap.lm_resp, lm_response.data, 
976                        MIN(lm_response.length, 
977                            sizeof(request.data.auth_crap.lm_resp)));
978                 request.data.auth_crap.lm_resp_len = lm_response.length;
979                        
980                 data_blob_free(&nt_response);
981                 data_blob_free(&lm_response);
982
983         } else {
984                 if (lp_client_lanman_auth() 
985                     && SMBencrypt(pass, request.data.auth_crap.chal, 
986                                (uchar *)request.data.auth_crap.lm_resp)) {
987                         request.data.auth_crap.lm_resp_len = 24;
988                 } else {
989                         request.data.auth_crap.lm_resp_len = 0;
990                 }
991                 SMBNTencrypt(pass, request.data.auth_crap.chal,
992                              (uchar *)request.data.auth_crap.nt_resp);
993
994                 request.data.auth_crap.nt_resp_len = 24;
995         }
996
997         result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
998
999         /* Display response */
1000
1001         d_printf("challenge/response password authentication %s\n", 
1002                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1003
1004         if (response.data.auth.nt_status)
1005                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1006                          response.data.auth.nt_status_string, 
1007                          response.data.auth.nt_status,
1008                          response.data.auth.error_string);
1009
1010         return result == NSS_STATUS_SUCCESS;
1011 }
1012
1013 /* Authenticate a user with a plaintext password and set a token */
1014
1015 static bool wbinfo_klog(char *username)
1016 {
1017         struct winbindd_request request;
1018         struct winbindd_response response;
1019         NSS_STATUS result;
1020         char *p;
1021
1022         /* Send off request */
1023
1024         ZERO_STRUCT(request);
1025         ZERO_STRUCT(response);
1026
1027         p = strchr(username, '%');
1028
1029         if (p) {
1030                 *p = 0;
1031                 fstrcpy(request.data.auth.user, username);
1032                 fstrcpy(request.data.auth.pass, p + 1);
1033                 *p = '%';
1034         } else {
1035                 fstrcpy(request.data.auth.user, username);
1036                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1037         }
1038
1039         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1040
1041         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1042
1043         /* Display response */
1044
1045         d_printf("plaintext password authentication %s\n", 
1046                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1047
1048         if (response.data.auth.nt_status)
1049                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1050                          response.data.auth.nt_status_string, 
1051                          response.data.auth.nt_status,
1052                          response.data.auth.error_string);
1053
1054         if (result != NSS_STATUS_SUCCESS)
1055                 return False;
1056
1057         if (response.extra_data.data == NULL) {
1058                 d_fprintf(stderr, "Did not get token data\n");
1059                 return False;
1060         }
1061
1062         if (!afs_settoken_str((char *)response.extra_data.data)) {
1063                 d_fprintf(stderr, "Could not set token\n");
1064                 return False;
1065         }
1066
1067         d_printf("Successfully created AFS token\n");
1068         return True;
1069 }
1070
1071 /* Print domain users */
1072
1073 static bool print_domain_users(const char *domain)
1074 {
1075         struct winbindd_request request;
1076         struct winbindd_response response;
1077         const char *extra_data;
1078         char *name;
1079         TALLOC_CTX *frame = NULL;
1080
1081         /* Send request to winbind daemon */
1082
1083         ZERO_STRUCT(request);
1084         ZERO_STRUCT(response);
1085
1086         if (domain) {
1087                 /* '.' is the special sign for our own domain */
1088                 if ( strequal(domain, ".") )
1089                         fstrcpy( request.domain_name, get_winbind_domain() );
1090                 else
1091                         fstrcpy( request.domain_name, domain );
1092         }
1093
1094         if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
1095             NSS_STATUS_SUCCESS)
1096                 return False;
1097
1098         /* Look through extra data */
1099
1100         if (!response.extra_data.data)
1101                 return False;
1102
1103         extra_data = (const char *)response.extra_data.data;
1104
1105         frame = talloc_stackframe();
1106         while(next_token_talloc(frame,&extra_data,&name, ","))
1107                 d_printf("%s\n", name);
1108         TALLOC_FREE(frame);
1109
1110         SAFE_FREE(response.extra_data.data);
1111
1112         return True;
1113 }
1114
1115 /* Print domain groups */
1116
1117 static bool print_domain_groups(const char *domain)
1118 {
1119         struct winbindd_request  request;
1120         struct winbindd_response response;
1121         const char *extra_data;
1122         TALLOC_CTX *frame = NULL;
1123         char *name;
1124
1125         ZERO_STRUCT(request);
1126         ZERO_STRUCT(response);
1127
1128         if (domain) {
1129                 if ( strequal(domain, ".") )
1130                         fstrcpy( request.domain_name, get_winbind_domain() );
1131                 else
1132                         fstrcpy( request.domain_name, domain );
1133         }
1134
1135         if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
1136             NSS_STATUS_SUCCESS)
1137                 return False;
1138
1139         /* Look through extra data */
1140
1141         if (!response.extra_data.data)
1142                 return False;
1143
1144         extra_data = (const char *)response.extra_data.data;
1145
1146         frame = talloc_stackframe();
1147         while(next_token_talloc(frame,&extra_data,&name, ","))
1148                 d_printf("%s\n", name);
1149         TALLOC_FREE(frame);
1150
1151         SAFE_FREE(response.extra_data.data);
1152
1153         return True;
1154 }
1155
1156 /* Set the authorised user for winbindd access in secrets.tdb */
1157
1158 static bool wbinfo_set_auth_user(char *username)
1159 {
1160         const char *password;
1161         char *p;
1162         fstring user, domain;
1163
1164         /* Separate into user and password */
1165
1166         parse_wbinfo_domain_user(username, domain, user);
1167
1168         p = strchr(user, '%');
1169
1170         if (p != NULL) {
1171                 *p = 0;
1172                 password = p+1;
1173         } else {
1174                 char *thepass = getpass("Password: ");
1175                 if (thepass) {
1176                         password = thepass;     
1177                 } else
1178                         password = "";
1179         }
1180
1181         /* Store or remove DOMAIN\username%password in secrets.tdb */
1182
1183         secrets_init();
1184
1185         if (user[0]) {
1186
1187                 if (!secrets_store(SECRETS_AUTH_USER, user,
1188                                    strlen(user) + 1)) {
1189                         d_fprintf(stderr, "error storing username\n");
1190                         return False;
1191                 }
1192
1193                 /* We always have a domain name added by the
1194                    parse_wbinfo_domain_user() function. */
1195
1196                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
1197                                    strlen(domain) + 1)) {
1198                         d_fprintf(stderr, "error storing domain name\n");
1199                         return False;
1200                 }
1201
1202         } else {
1203                 secrets_delete(SECRETS_AUTH_USER);
1204                 secrets_delete(SECRETS_AUTH_DOMAIN);
1205         }
1206
1207         if (password[0]) {
1208
1209                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
1210                                    strlen(password) + 1)) {
1211                         d_fprintf(stderr, "error storing password\n");
1212                         return False;
1213                 }
1214
1215         } else
1216                 secrets_delete(SECRETS_AUTH_PASSWORD);
1217
1218         return True;
1219 }
1220
1221 static void wbinfo_get_auth_user(void)
1222 {
1223         char *user, *domain, *password;
1224
1225         /* Lift data from secrets file */
1226         
1227         secrets_fetch_ipc_userpass(&user, &domain, &password);
1228
1229         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
1230
1231                 SAFE_FREE(user);
1232                 SAFE_FREE(domain);
1233                 SAFE_FREE(password);
1234                 d_printf("No authorised user configured\n");
1235                 return;
1236         }
1237
1238         /* Pretty print authorised user info */
1239
1240         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
1241                  user, password ? "%" : "", password ? password : "");
1242
1243         SAFE_FREE(user);
1244         SAFE_FREE(domain);
1245         SAFE_FREE(password);
1246 }
1247
1248 static bool wbinfo_ping(void)
1249 {
1250         NSS_STATUS result;
1251
1252         result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
1253
1254         /* Display response */
1255
1256         d_printf("Ping to winbindd %s on fd %d\n", 
1257                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
1258
1259         return result == NSS_STATUS_SUCCESS;
1260 }
1261
1262 /* Main program */
1263
1264 enum {
1265         OPT_SET_AUTH_USER = 1000,
1266         OPT_GET_AUTH_USER,
1267         OPT_DOMAIN_NAME,
1268         OPT_SEQUENCE,
1269         OPT_GETDCNAME,
1270         OPT_DSGETDCNAME,
1271         OPT_USERDOMGROUPS,
1272         OPT_USERSIDS,
1273         OPT_ALLOCATE_UID,
1274         OPT_ALLOCATE_GID,
1275         OPT_SEPARATOR,
1276         OPT_LIST_ALL_DOMAINS,
1277         OPT_LIST_OWN_DOMAIN,
1278         OPT_UID_INFO,
1279         OPT_GROUP_INFO,
1280 };
1281
1282 int main(int argc, char **argv, char **envp)
1283 {
1284         int opt;
1285         TALLOC_CTX *frame = talloc_stackframe();        
1286         poptContext pc;
1287         static char *string_arg;
1288         static char *opt_domain_name;
1289         static int int_arg;
1290         int result = 1;
1291
1292         struct poptOption long_options[] = {
1293                 POPT_AUTOHELP
1294
1295                 /* longName, shortName, argInfo, argPtr, value, descrip, 
1296                    argDesc */
1297
1298                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1299                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1300                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1301                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1302                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1303                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1304                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1305                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1306                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1307                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1308                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1309                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1310                   "Get a new UID out of idmap" },
1311                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1312                   "Get a new GID out of idmap" },
1313                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1314                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1315                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1316                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1317                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1318                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1319                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1320                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1321                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1322                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1323                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1324                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1325                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1326                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1327                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1328                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1329                   "Get a DC name for a foreign domain", "domainname" },
1330                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1331                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1332                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1333                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1334 #ifdef WITH_FAKE_KASERVER
1335                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1336 #endif
1337 #ifdef HAVE_KRB5
1338                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1339                         /* destroys wbinfo --help output */
1340                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1341 #endif
1342                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1343                 POPT_COMMON_CONFIGFILE
1344                 POPT_COMMON_VERSION
1345                 POPT_TABLEEND
1346         };
1347
1348         /* Samba client initialisation */
1349         load_case_tables();
1350
1351
1352         /* Parse options */
1353
1354         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1355
1356         /* Parse command line options */
1357
1358         if (argc == 1) {
1359                 poptPrintHelp(pc, stderr, 0);
1360                 return 1;
1361         }
1362
1363         while((opt = poptGetNextOpt(pc)) != -1) {
1364                 /* get the generic configuration parameters like --domain */
1365         }
1366
1367         poptFreeContext(pc);
1368
1369         if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
1370                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1371                         get_dyn_CONFIGFILE(), strerror(errno));
1372                 exit(1);
1373         }
1374
1375         if (!init_names())
1376                 return 1;
1377
1378         load_interfaces();
1379
1380         pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
1381                             POPT_CONTEXT_KEEP_FIRST);
1382
1383         while((opt = poptGetNextOpt(pc)) != -1) {
1384                 switch (opt) {
1385                 case 'u':
1386                         if (!print_domain_users(opt_domain_name)) {
1387                                 d_fprintf(stderr, "Error looking up domain users\n");
1388                                 goto done;
1389                         }
1390                         break;
1391                 case 'g':
1392                         if (!print_domain_groups(opt_domain_name)) {
1393                                 d_fprintf(stderr, "Error looking up domain groups\n");
1394                                 goto done;
1395                         }
1396                         break;
1397                 case 's':
1398                         if (!wbinfo_lookupsid(string_arg)) {
1399                                 d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
1400                                 goto done;
1401                         }
1402                         break;
1403                 case 'R':
1404                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1405                                 d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
1406                                 goto done;
1407                         }
1408                         break;
1409                 case 'n':
1410                         if (!wbinfo_lookupname(string_arg)) {
1411                                 d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
1412                                 goto done;
1413                         }
1414                         break;
1415                 case 'N':
1416                         if (!wbinfo_wins_byname(string_arg)) {
1417                                 d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
1418                                 goto done;
1419                         }
1420                         break;
1421                 case 'I':
1422                         if (!wbinfo_wins_byip(string_arg)) {
1423                                 d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
1424                                 goto done;
1425                         }
1426                         break;
1427                 case 'U':
1428                         if (!wbinfo_uid_to_sid(int_arg)) {
1429                                 d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
1430                                 goto done;
1431                         }
1432                         break;
1433                 case 'G':
1434                         if (!wbinfo_gid_to_sid(int_arg)) {
1435                                 d_fprintf(stderr, "Could not convert gid %d to sid\n",
1436                                        int_arg);
1437                                 goto done;
1438                         }
1439                         break;
1440                 case 'S':
1441                         if (!wbinfo_sid_to_uid(string_arg)) {
1442                                 d_fprintf(stderr, "Could not convert sid %s to uid\n",
1443                                        string_arg);
1444                                 goto done;
1445                         }
1446                         break;
1447                 case 'Y':
1448                         if (!wbinfo_sid_to_gid(string_arg)) {
1449                                 d_fprintf(stderr, "Could not convert sid %s to gid\n",
1450                                        string_arg);
1451                                 goto done;
1452                         }
1453                         break;
1454                 case OPT_ALLOCATE_UID:
1455                         if (!wbinfo_allocate_uid()) {
1456                                 d_fprintf(stderr, "Could not allocate a uid\n");
1457                                 goto done;
1458                         }
1459                         break;
1460                 case OPT_ALLOCATE_GID:
1461                         if (!wbinfo_allocate_gid()) {
1462                                 d_fprintf(stderr, "Could not allocate a gid\n");
1463                                 goto done;
1464                         }
1465                         break;
1466                 case 't':
1467                         if (!wbinfo_check_secret()) {
1468                                 d_fprintf(stderr, "Could not check secret\n");
1469                                 goto done;
1470                         }
1471                         break;
1472                 case 'm':
1473                         if (!wbinfo_list_domains(False)) {
1474                                 d_fprintf(stderr, "Could not list trusted domains\n");
1475                                 goto done;
1476                         }
1477                         break;
1478                 case OPT_SEQUENCE:
1479                         if (!wbinfo_show_sequence(opt_domain_name)) {
1480                                 d_fprintf(stderr, "Could not show sequence numbers\n");
1481                                 goto done;
1482                         }
1483                         break;
1484                 case 'D':
1485                         if (!wbinfo_domain_info(string_arg)) {
1486                                 d_fprintf(stderr, "Could not get domain info\n");
1487                                 goto done;
1488                         }
1489                         break;
1490                 case 'i':
1491                         if (!wbinfo_get_userinfo(string_arg)) {
1492                                 d_fprintf(stderr, "Could not get info for user %s\n",
1493                                                   string_arg);
1494                                 goto done;
1495                         }
1496                         break;
1497                 case OPT_UID_INFO:
1498                         if ( !wbinfo_get_uidinfo(int_arg)) {
1499                                 d_fprintf(stderr, "Could not get info for uid "
1500                                                 "%d\n", int_arg);
1501                                 goto done;
1502                         }
1503                         break;
1504                 case OPT_GROUP_INFO:
1505                         if ( !wbinfo_get_groupinfo(string_arg)) {
1506                                 d_fprintf(stderr, "Could not get info for "
1507                                           "group %s\n", string_arg);
1508                                 goto done;
1509                         }
1510                         break;
1511                 case 'r':
1512                         if (!wbinfo_get_usergroups(string_arg)) {
1513                                 d_fprintf(stderr, "Could not get groups for user %s\n", 
1514                                        string_arg);
1515                                 goto done;
1516                         }
1517                         break;
1518                 case OPT_USERSIDS:
1519                         if (!wbinfo_get_usersids(string_arg)) {
1520                                 d_fprintf(stderr, "Could not get group SIDs for user SID %s\n", 
1521                                        string_arg);
1522                                 goto done;
1523                         }
1524                         break;
1525                 case OPT_USERDOMGROUPS:
1526                         if (!wbinfo_get_userdomgroups(string_arg)) {
1527                                 d_fprintf(stderr, "Could not get user's domain groups "
1528                                          "for user SID %s\n", string_arg);
1529                                 goto done;
1530                         }
1531                         break;
1532                 case 'a': {
1533                                 bool got_error = False;
1534
1535                                 if (!wbinfo_auth(string_arg)) {
1536                                         d_fprintf(stderr, "Could not authenticate user %s with "
1537                                                 "plaintext password\n", string_arg);
1538                                         got_error = True;
1539                                 }
1540
1541                                 if (!wbinfo_auth_crap(string_arg)) {
1542                                         d_fprintf(stderr, "Could not authenticate user %s with "
1543                                                 "challenge/response\n", string_arg);
1544                                         got_error = True;
1545                                 }
1546
1547                                 if (got_error)
1548                                         goto done;
1549                                 break;
1550                         }
1551                 case 'K': {
1552                                 uint32 flags =  WBFLAG_PAM_KRB5 |
1553                                                 WBFLAG_PAM_CACHED_LOGIN |
1554                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
1555                                                 WBFLAG_PAM_INFO3_TEXT;
1556
1557                                 if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
1558                                         d_fprintf(stderr, "Could not authenticate user [%s] with "
1559                                                 "Kerberos (ccache: %s)\n", string_arg, "FILE");
1560                                         goto done;
1561                                 }
1562                                 break;
1563                         }
1564                 case 'k':
1565                         if (!wbinfo_klog(string_arg)) {
1566                                 d_fprintf(stderr, "Could not klog user\n");
1567                                 goto done;
1568                         }
1569                         break;
1570                 case 'p':
1571                         if (!wbinfo_ping()) {
1572                                 d_fprintf(stderr, "could not ping winbindd!\n");
1573                                 goto done;
1574                         }
1575                         break;
1576                 case OPT_SET_AUTH_USER:
1577                         if (!wbinfo_set_auth_user(string_arg)) {
1578                                 goto done;
1579                         }
1580                         break;
1581                 case OPT_GET_AUTH_USER:
1582                         wbinfo_get_auth_user();
1583                         break;
1584                 case OPT_GETDCNAME:
1585                         if (!wbinfo_getdcname(string_arg)) {
1586                                 goto done;
1587                         }
1588                         break;
1589                 case OPT_DSGETDCNAME:
1590                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
1591                                 goto done;
1592                         }
1593                         break;
1594                 case OPT_SEPARATOR: {
1595                         const char sep = winbind_separator_int(True);
1596                         if ( !sep ) {
1597                                 goto done;
1598                         }
1599                         d_printf("%c\n", sep);
1600                         break;
1601                 }
1602                 case OPT_LIST_ALL_DOMAINS:
1603                         if (!wbinfo_list_domains(True)) {
1604                                 goto done;
1605                         }
1606                         break;
1607                 case OPT_LIST_OWN_DOMAIN:
1608                         if (!wbinfo_list_own_domain()) {
1609                                 goto done;
1610                         }
1611                         break;
1612                 /* generic configuration options */
1613                 case OPT_DOMAIN_NAME:
1614                         break;
1615                 default:
1616                         d_fprintf(stderr, "Invalid option\n");
1617                         poptPrintHelp(pc, stderr, 0);
1618                         goto done;
1619                 }
1620         }
1621
1622         result = 0;
1623
1624         /* Exit code */
1625
1626  done:
1627         talloc_destroy(frame);
1628
1629         poptFreeContext(pc);
1630         return result;
1631 }