Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
[ira/wip.git] / source3 / nsswitch / wbinfo.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "winbind_client.h"
25 #include "libwbclient/wbclient.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_WINBIND
29
30 extern int winbindd_fd;
31
32 static char winbind_separator_int(bool strict)
33 {
34         struct winbindd_response response;
35         static bool got_sep;
36         static char sep;
37
38         if (got_sep)
39                 return sep;
40
41         ZERO_STRUCT(response);
42
43         /* Send off request */
44
45         if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
46             NSS_STATUS_SUCCESS) {
47                 d_fprintf(stderr, "could not obtain winbind separator!\n");
48                 if (strict) {
49                         return 0;
50                 }
51                 /* HACK: (this module should not call lp_ funtions) */
52                 return *lp_winbind_separator();
53         }
54
55         sep = response.data.info.winbind_separator;
56         got_sep = True;
57
58         if (!sep) {
59                 d_fprintf(stderr, "winbind separator was NULL!\n");
60                 if (strict) {
61                         return 0;
62                 }
63                 /* HACK: (this module should not call lp_ funtions) */
64                 sep = *lp_winbind_separator();
65         }
66         
67         return sep;
68 }
69
70 static char winbind_separator(void)
71 {
72         return winbind_separator_int(False);
73 }
74
75 static const char *get_winbind_domain(void)
76 {
77         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;    
78         struct wbcDomainInfo *dinfo = NULL;
79         static fstring winbind_domain;
80
81         ZERO_STRUCT(dinfo);
82         
83         wbc_status = wbcDomainInfo(".", &dinfo);
84
85         if (!WBC_ERROR_IS_OK(wbc_status)) {
86                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
87                 
88                 /* HACK: (this module should not call lp_ funtions) */
89                 return lp_workgroup();
90         }
91
92         fstrcpy(winbind_domain, dinfo->short_name);     
93
94         wbcFreeMemory(dinfo);
95
96         return winbind_domain;
97 }
98
99 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
100    form DOMAIN/user into a domain and a user */
101
102 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, 
103                                      fstring user)
104 {
105
106         char *p = strchr(domuser,winbind_separator());
107
108         if (!p) {
109                 /* Maybe it was a UPN? */
110                 if ((p = strchr(domuser, '@')) != NULL) {
111                         fstrcpy(domain, "");
112                         fstrcpy(user, domuser);
113                         return True;
114                 }
115                 
116                 fstrcpy(user, domuser);
117                 fstrcpy(domain, get_winbind_domain());
118                 return True;
119         }
120         
121         fstrcpy(user, p+1);
122         fstrcpy(domain, domuser);
123         domain[PTR_DIFF(p, domuser)] = 0;
124         strupper_m(domain);
125
126         return True;
127 }
128
129 /* pull pwent info for a given user */
130
131 static bool wbinfo_get_userinfo(char *user)
132 {
133         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
134         struct passwd *pwd = NULL;      
135
136         wbc_status = wbcGetpwnam(user, &pwd);
137         if (!WBC_ERROR_IS_OK(wbc_status)) {
138                 return false;
139         }
140         
141         d_printf("%s:%s:%d:%d:%s:%s:%s\n",
142                  pwd->pw_name,
143                  pwd->pw_passwd,
144                  pwd->pw_uid,
145                  pwd->pw_gid,
146                  pwd->pw_gecos,
147                  pwd->pw_dir,
148                  pwd->pw_shell);
149         
150         return true;
151 }
152
153 /* pull pwent info for a given uid */
154 static bool wbinfo_get_uidinfo(int uid)
155 {
156         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
157         struct passwd *pwd = NULL;      
158
159         wbc_status = wbcGetpwuid(uid, &pwd);
160         if (!WBC_ERROR_IS_OK(wbc_status)) {
161                 return false;
162         }
163         
164         d_printf("%s:%s:%d:%d:%s:%s:%s\n",
165                  pwd->pw_name,
166                  pwd->pw_passwd,
167                  pwd->pw_uid,
168                  pwd->pw_gid,
169                  pwd->pw_gecos,
170                  pwd->pw_dir,
171                  pwd->pw_shell);
172         
173         return true;
174 }
175
176 /* pull grent for a given group */
177 static bool wbinfo_get_groupinfo(char *group)
178 {
179         struct winbindd_request request;
180         struct winbindd_response response;
181         NSS_STATUS result;
182
183         ZERO_STRUCT(request);
184         ZERO_STRUCT(response);
185
186         /* Send request */
187
188         fstrcpy(request.data.groupname, group);
189
190         result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
191                                            &response);
192
193         if ( result != NSS_STATUS_SUCCESS)
194                 return False;
195
196         d_printf( "%s:%s:%d\n",
197                   response.data.gr.gr_name,
198                   response.data.gr.gr_passwd,
199                   response.data.gr.gr_gid );
200         
201         return True;
202 }
203
204 /* List groups a user is a member of */
205
206 static bool wbinfo_get_usergroups(char *user)
207 {
208         struct winbindd_request request;
209         struct winbindd_response response;
210         NSS_STATUS result;
211         int i;
212         
213         ZERO_STRUCT(request);
214         ZERO_STRUCT(response);
215
216         /* Send request */
217
218         fstrcpy(request.data.username, user);
219
220         result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
221
222         if (result != NSS_STATUS_SUCCESS)
223                 return False;
224
225         for (i = 0; i < response.data.num_entries; i++)
226                 d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
227
228         SAFE_FREE(response.extra_data.data);
229
230         return True;
231 }
232
233
234 /* List group SIDs a user SID is a member of */
235 static bool wbinfo_get_usersids(char *user_sid)
236 {
237         struct winbindd_request request;
238         struct winbindd_response response;
239         NSS_STATUS result;
240         int i;
241         const char *s;
242
243         ZERO_STRUCT(request);
244         ZERO_STRUCT(response);
245
246         /* Send request */
247         fstrcpy(request.data.sid, user_sid);
248
249         result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
250
251         if (result != NSS_STATUS_SUCCESS)
252                 return False;
253
254         s = (const char *)response.extra_data.data;
255         for (i = 0; i < response.data.num_entries; i++) {
256                 d_printf("%s\n", s);
257                 s += strlen(s) + 1;
258         }
259
260         SAFE_FREE(response.extra_data.data);
261
262         return True;
263 }
264
265 static bool wbinfo_get_userdomgroups(const char *user_sid)
266 {
267         struct winbindd_request request;
268         struct winbindd_response response;
269         NSS_STATUS result;
270
271         ZERO_STRUCT(request);
272         ZERO_STRUCT(response);
273
274         /* Send request */
275         fstrcpy(request.data.sid, user_sid);
276
277         result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
278                                   &response);
279
280         if (result != NSS_STATUS_SUCCESS)
281                 return False;
282
283         if (response.data.num_entries != 0)
284                 printf("%s", (char *)response.extra_data.data);
285         
286         SAFE_FREE(response.extra_data.data);
287
288         return True;
289 }
290
291 /* Convert NetBIOS name to IP */
292
293 static bool wbinfo_wins_byname(char *name)
294 {
295         struct winbindd_request request;
296         struct winbindd_response response;
297
298         ZERO_STRUCT(request);
299         ZERO_STRUCT(response);
300
301         /* Send request */
302
303         fstrcpy(request.data.winsreq, name);
304
305         if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
306             NSS_STATUS_SUCCESS) {
307                 return False;
308         }
309
310         /* Display response */
311
312         d_printf("%s\n", response.data.winsresp);
313
314         return True;
315 }
316
317 /* Convert IP to NetBIOS name */
318
319 static bool wbinfo_wins_byip(char *ip)
320 {
321         struct winbindd_request request;
322         struct winbindd_response response;
323
324         ZERO_STRUCT(request);
325         ZERO_STRUCT(response);
326
327         /* Send request */
328
329         fstrcpy(request.data.winsreq, ip);
330
331         if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
332             NSS_STATUS_SUCCESS) {
333                 return False;
334         }
335
336         /* Display response */
337
338         d_printf("%s\n", response.data.winsresp);
339
340         return True;
341 }
342
343 /* List trusted domains */
344
345 static bool wbinfo_list_domains(bool list_all_domains)
346 {
347         struct winbindd_request request;
348         struct winbindd_response response;
349
350         ZERO_STRUCT(request);
351         ZERO_STRUCT(response);
352
353         /* Send request */
354
355         request.data.list_all_domains = list_all_domains;
356
357         if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
358             NSS_STATUS_SUCCESS)
359                 return False;
360
361         /* Display response */
362
363         if (response.extra_data.data) {
364                 const char *extra_data = (char *)response.extra_data.data;
365                 char *name;
366                 char *p;
367                 TALLOC_CTX *frame = talloc_stackframe();
368
369                 while(next_token_talloc(frame,&extra_data,&name,"\n")) {
370                         p = strchr(name, '\\');
371                         if (p == 0) {
372                                 d_fprintf(stderr, "Got invalid response: %s\n",
373                                          extra_data);
374                                 TALLOC_FREE(frame);
375                                 SAFE_FREE(response.extra_data.data);
376                                 return False;
377                         }
378                         *p = 0;
379                         d_printf("%s\n", name);
380                 }
381                 TALLOC_FREE(frame);
382                 SAFE_FREE(response.extra_data.data);
383         }
384
385         return True;
386 }
387
388 /* List own domain */
389
390 static bool wbinfo_list_own_domain(void)
391 {
392         d_printf("%s\n", get_winbind_domain());
393
394         return True;
395 }
396
397 /* show sequence numbers */
398 static bool wbinfo_show_sequence(const char *domain)
399 {
400         struct winbindd_request  request;
401         struct winbindd_response response;
402
403         ZERO_STRUCT(response);
404         ZERO_STRUCT(request);
405
406         if ( domain )
407                 fstrcpy( request.domain_name, domain );
408
409         /* Send request */
410
411         if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
412             NSS_STATUS_SUCCESS)
413                 return False;
414
415         /* Display response */
416
417         if (domain) {
418                 d_printf("%s : ", domain);
419                 if (response.data.sequence_number == (uint32_t)-1) {
420                         d_printf("DISCONNECTED\n");
421                 } else {
422                         d_printf("%d\n", response.data.sequence_number);
423                 }
424         } else if (response.extra_data.data) {
425                 char *extra_data = (char *)response.extra_data.data;
426                 d_printf("%s", extra_data);
427                 SAFE_FREE(response.extra_data.data);
428         }
429
430         return True;
431 }
432
433 /* Show domain info */
434
435 static bool wbinfo_domain_info(const char *domain_name)
436 {
437         struct winbindd_request request;
438         struct winbindd_response response;
439
440         ZERO_STRUCT(request);
441         ZERO_STRUCT(response);
442
443         if ((strequal(domain_name, ".")) || (domain_name[0] == '\0'))
444                 fstrcpy(request.domain_name, get_winbind_domain());
445         else
446                 fstrcpy(request.domain_name, domain_name);
447
448         /* Send request */
449
450         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
451             NSS_STATUS_SUCCESS)
452                 return False;
453
454         /* Display response */
455
456         d_printf("Name              : %s\n", response.data.domain_info.name);
457         d_printf("Alt_Name          : %s\n", response.data.domain_info.alt_name);
458
459         d_printf("SID               : %s\n", response.data.domain_info.sid);
460
461         d_printf("Active Directory  : %s\n",
462                  response.data.domain_info.active_directory ? "Yes" : "No");
463         d_printf("Native            : %s\n",
464                  response.data.domain_info.native_mode ? "Yes" : "No");
465
466         d_printf("Primary           : %s\n",
467                  response.data.domain_info.primary ? "Yes" : "No");
468
469         return True;
470 }
471
472 /* Get a foreign DC's name */
473 static bool wbinfo_getdcname(const char *domain_name)
474 {
475         struct winbindd_request request;
476         struct winbindd_response response;
477
478         ZERO_STRUCT(request);
479         ZERO_STRUCT(response);
480
481         fstrcpy(request.domain_name, domain_name);
482
483         /* Send request */
484
485         if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
486             NSS_STATUS_SUCCESS) {
487                 d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
488                 return False;
489         }
490
491         /* Display response */
492
493         d_printf("%s\n", response.data.dc_name);
494
495         return True;
496 }
497
498 /* Find a DC */
499 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
500 {
501         struct winbindd_request request;
502         struct winbindd_response response;
503
504         ZERO_STRUCT(request);
505         ZERO_STRUCT(response);
506
507         fstrcpy(request.domain_name, domain_name);
508         request.flags = flags;
509
510         request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
511
512         /* Send request */
513
514         if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
515             NSS_STATUS_SUCCESS) {
516                 d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
517                 return False;
518         }
519
520         /* Display response */
521
522         d_printf("%s\n", response.data.dc_name);
523
524         return True;
525 }
526
527 /* Check trust account password */
528
529 static bool wbinfo_check_secret(void)
530 {
531         struct winbindd_response response;
532         NSS_STATUS result;
533
534         ZERO_STRUCT(response);
535
536         result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
537                 
538         d_printf("checking the trust secret via RPC calls %s\n", 
539                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
540
541         if (result != NSS_STATUS_SUCCESS)       
542                 d_fprintf(stderr, "error code was %s (0x%x)\n", 
543                          response.data.auth.nt_status_string, 
544                          response.data.auth.nt_status);
545         
546         return result == NSS_STATUS_SUCCESS;    
547 }
548
549 /* Convert uid to sid */
550
551 static bool wbinfo_uid_to_sid(uid_t uid)
552 {
553         struct winbindd_request request;
554         struct winbindd_response response;
555
556         ZERO_STRUCT(request);
557         ZERO_STRUCT(response);
558
559         /* Send request */
560
561         request.data.uid = uid;
562
563         if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
564             NSS_STATUS_SUCCESS)
565                 return False;
566
567         /* Display response */
568
569         d_printf("%s\n", response.data.sid.sid);
570
571         return True;
572 }
573
574 /* Convert gid to sid */
575
576 static bool wbinfo_gid_to_sid(gid_t gid)
577 {
578         struct winbindd_request request;
579         struct winbindd_response response;
580
581         ZERO_STRUCT(request);
582         ZERO_STRUCT(response);
583
584         /* Send request */
585
586         request.data.gid = gid;
587
588         if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
589             NSS_STATUS_SUCCESS)
590                 return False;
591
592         /* Display response */
593
594         d_printf("%s\n", response.data.sid.sid);
595
596         return True;
597 }
598
599 /* Convert sid to uid */
600
601 static bool wbinfo_sid_to_uid(char *sid)
602 {
603         struct winbindd_request request;
604         struct winbindd_response response;
605
606         ZERO_STRUCT(request);
607         ZERO_STRUCT(response);
608
609         /* Send request */
610
611         fstrcpy(request.data.sid, sid);
612
613         if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
614             NSS_STATUS_SUCCESS)
615                 return False;
616
617         /* Display response */
618
619         d_printf("%d\n", (int)response.data.uid);
620
621         return True;
622 }
623
624 static bool wbinfo_sid_to_gid(char *sid)
625 {
626         struct winbindd_request request;
627         struct winbindd_response response;
628
629         ZERO_STRUCT(request);
630         ZERO_STRUCT(response);
631
632         /* Send request */
633
634         fstrcpy(request.data.sid, sid);
635
636         if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
637             NSS_STATUS_SUCCESS)
638                 return False;
639
640         /* Display response */
641
642         d_printf("%d\n", (int)response.data.gid);
643
644         return True;
645 }
646
647 static bool wbinfo_allocate_uid(void)
648 {
649         uid_t uid;
650
651         if (!winbind_allocate_uid(&uid))
652                 return False;
653
654         d_printf("New uid: %d\n", uid);
655
656         return True;
657 }
658
659 static bool wbinfo_allocate_gid(void)
660 {
661         gid_t gid;
662
663         if (!winbind_allocate_gid(&gid))
664                 return False;
665
666         d_printf("New gid: %d\n", gid);
667
668         return True;
669 }
670
671 /* Convert sid to string */
672
673 static bool wbinfo_lookupsid(char *sid)
674 {
675         struct winbindd_request request;
676         struct winbindd_response response;
677
678         ZERO_STRUCT(request);
679         ZERO_STRUCT(response);
680
681         /* Send off request */
682
683         fstrcpy(request.data.sid, sid);
684
685         if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
686             NSS_STATUS_SUCCESS)
687                 return False;
688
689         /* Display response */
690
691         d_printf("%s%c%s %d\n", response.data.name.dom_name, 
692                  winbind_separator(), response.data.name.name, 
693                  response.data.name.type);
694
695         return True;
696 }
697
698 /* Lookup a list of RIDs */
699
700 static bool wbinfo_lookuprids(char *domain, char *arg)
701 {
702         size_t i;
703         DOM_SID sid;
704         int num_rids;
705         uint32 *rids;
706         const char *p;
707         char *ridstr;
708         const char **names;
709         enum lsa_SidType *types;
710         const char *domain_name;
711         TALLOC_CTX *mem_ctx;
712         struct winbindd_request request;
713         struct winbindd_response response;
714
715         ZERO_STRUCT(request);
716         ZERO_STRUCT(response);
717
718         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0'))
719                 fstrcpy(request.domain_name, get_winbind_domain());
720         else
721                 fstrcpy(request.domain_name, domain);
722
723         /* Send request */
724
725         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
726             NSS_STATUS_SUCCESS) {
727                 d_printf("Could not get domain sid for %s\n", request.domain_name);
728                 return False;
729         }
730
731         if (!string_to_sid(&sid, response.data.domain_info.sid)) {
732                 d_printf("Could not convert %s to sid\n", response.data.domain_info.sid);
733                 return False;
734         }
735
736         mem_ctx = talloc_new(NULL);
737         if (mem_ctx == NULL) {
738                 d_printf("talloc_new failed\n");
739                 return False;
740         }
741
742         num_rids = 0;
743         rids = NULL;
744         p = arg;
745
746         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
747                 uint32 rid = strtoul(ridstr, NULL, 10);
748                 ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
749         }
750
751         if (rids == NULL) {
752                 TALLOC_FREE(mem_ctx);
753                 return False;
754         }
755
756         if (!winbind_lookup_rids(mem_ctx, &sid, num_rids, rids,
757                                  &domain_name, &names, &types)) {
758                 d_printf("winbind_lookup_rids failed\n");
759                 TALLOC_FREE(mem_ctx);
760                 return False;
761         }
762
763         d_printf("Domain: %s\n", domain_name);
764
765         for (i=0; i<num_rids; i++) {
766                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
767                          sid_type_lookup(types[i]));
768         }
769
770         TALLOC_FREE(mem_ctx);
771         return True;
772 }
773
774 /* Convert string to sid */
775
776 static bool wbinfo_lookupname(char *name)
777 {
778         struct winbindd_request request;
779         struct winbindd_response response;
780
781         /* Send off request */
782
783         ZERO_STRUCT(request);
784         ZERO_STRUCT(response);
785
786         parse_wbinfo_domain_user(name, request.data.name.dom_name, 
787                                  request.data.name.name);
788
789         if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
790             NSS_STATUS_SUCCESS)
791                 return False;
792
793         /* Display response */
794
795         d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
796
797         return True;
798 }
799
800 /* Authenticate a user with a plaintext password */
801
802 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
803 {
804         struct winbindd_request request;
805         struct winbindd_response response;
806         NSS_STATUS result;
807         char *p;
808
809         /* Send off request */
810
811         ZERO_STRUCT(request);
812         ZERO_STRUCT(response);
813
814         p = strchr(username, '%');
815
816         if (p) {
817                 *p = 0;
818                 fstrcpy(request.data.auth.user, username);
819                 fstrcpy(request.data.auth.pass, p + 1);
820                 *p = '%';
821         } else
822                 fstrcpy(request.data.auth.user, username);
823
824         request.flags = flags;
825
826         fstrcpy(request.data.auth.krb5_cc_type, cctype);
827
828         request.data.auth.uid = geteuid();
829
830         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
831
832         /* Display response */
833
834         d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", 
835                 username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
836
837         if (response.data.auth.nt_status)
838                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
839                          response.data.auth.nt_status_string, 
840                          response.data.auth.nt_status,
841                          response.data.auth.error_string);
842
843         if (result == NSS_STATUS_SUCCESS) {
844
845                 if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
846                         if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
847                                 d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
848                         }
849                 }
850
851                 if (response.data.auth.krb5ccname[0] != '\0') {
852                         d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
853                 } else {
854                         d_printf("no credentials cached\n");
855                 }
856         }
857
858         return result == NSS_STATUS_SUCCESS;
859 }
860
861 /* Authenticate a user with a plaintext password */
862
863 static bool wbinfo_auth(char *username)
864 {
865         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
866         char *s = NULL; 
867         char *p = NULL; 
868         char *password = NULL;
869         char *name = NULL;      
870
871         if ((s = SMB_STRDUP(username)) == NULL) {
872                 return false;
873         }
874
875         if ((p = strchr(s, '%')) != NULL) {
876                 *p = 0;
877                 p++;
878         }
879
880         name = s;
881         password = p;   
882
883         wbc_status = wbcAuthenticateUser(name, password);
884
885         d_printf("plaintext password authentication %s\n", 
886                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
887
888 #if 0
889         if (response.data.auth.nt_status)
890                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
891                          response.data.auth.nt_status_string, 
892                          response.data.auth.nt_status,
893                          response.data.auth.error_string);
894 #endif
895
896         SAFE_FREE(s);
897
898         return WBC_ERROR_IS_OK(wbc_status);
899 }
900
901 /* Authenticate a user with a challenge/response */
902
903 static bool wbinfo_auth_crap(char *username)
904 {
905         struct winbindd_request request;
906         struct winbindd_response response;
907         NSS_STATUS result;
908         fstring name_user;
909         fstring name_domain;
910         fstring pass;
911         char *p;
912
913         /* Send off request */
914
915         ZERO_STRUCT(request);
916         ZERO_STRUCT(response);
917
918         p = strchr(username, '%');
919
920         if (p) {
921                 *p = 0;
922                 fstrcpy(pass, p + 1);
923         }
924                 
925         parse_wbinfo_domain_user(username, name_domain, name_user);
926
927         request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
928
929         fstrcpy(request.data.auth_crap.user, name_user);
930
931         fstrcpy(request.data.auth_crap.domain, 
932                               name_domain);
933
934         generate_random_buffer(request.data.auth_crap.chal, 8);
935         
936         if (lp_client_ntlmv2_auth()) {
937                 DATA_BLOB server_chal;
938                 DATA_BLOB names_blob;   
939
940                 DATA_BLOB lm_response;
941                 DATA_BLOB nt_response;
942
943                 server_chal = data_blob(request.data.auth_crap.chal, 8); 
944                 
945                 /* Pretend this is a login to 'us', for blob purposes */
946                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
947                 
948                 if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, 
949                                       &names_blob,
950                                       &lm_response, &nt_response, NULL)) {
951                         data_blob_free(&names_blob);
952                         data_blob_free(&server_chal);
953                         return False;
954                 }
955                 data_blob_free(&names_blob);
956                 data_blob_free(&server_chal);
957
958                 memcpy(request.data.auth_crap.nt_resp, nt_response.data, 
959                        MIN(nt_response.length, 
960                            sizeof(request.data.auth_crap.nt_resp)));
961                 request.data.auth_crap.nt_resp_len = nt_response.length;
962
963                 memcpy(request.data.auth_crap.lm_resp, lm_response.data, 
964                        MIN(lm_response.length, 
965                            sizeof(request.data.auth_crap.lm_resp)));
966                 request.data.auth_crap.lm_resp_len = lm_response.length;
967                        
968                 data_blob_free(&nt_response);
969                 data_blob_free(&lm_response);
970
971         } else {
972                 if (lp_client_lanman_auth() 
973                     && SMBencrypt(pass, request.data.auth_crap.chal, 
974                                (uchar *)request.data.auth_crap.lm_resp)) {
975                         request.data.auth_crap.lm_resp_len = 24;
976                 } else {
977                         request.data.auth_crap.lm_resp_len = 0;
978                 }
979                 SMBNTencrypt(pass, request.data.auth_crap.chal,
980                              (uchar *)request.data.auth_crap.nt_resp);
981
982                 request.data.auth_crap.nt_resp_len = 24;
983         }
984
985         result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
986
987         /* Display response */
988
989         d_printf("challenge/response password authentication %s\n", 
990                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
991
992         if (response.data.auth.nt_status)
993                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
994                          response.data.auth.nt_status_string, 
995                          response.data.auth.nt_status,
996                          response.data.auth.error_string);
997
998         return result == NSS_STATUS_SUCCESS;
999 }
1000
1001 /* Authenticate a user with a plaintext password and set a token */
1002
1003 static bool wbinfo_klog(char *username)
1004 {
1005         struct winbindd_request request;
1006         struct winbindd_response response;
1007         NSS_STATUS result;
1008         char *p;
1009
1010         /* Send off request */
1011
1012         ZERO_STRUCT(request);
1013         ZERO_STRUCT(response);
1014
1015         p = strchr(username, '%');
1016
1017         if (p) {
1018                 *p = 0;
1019                 fstrcpy(request.data.auth.user, username);
1020                 fstrcpy(request.data.auth.pass, p + 1);
1021                 *p = '%';
1022         } else {
1023                 fstrcpy(request.data.auth.user, username);
1024                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1025         }
1026
1027         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1028
1029         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1030
1031         /* Display response */
1032
1033         d_printf("plaintext password authentication %s\n", 
1034                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1035
1036         if (response.data.auth.nt_status)
1037                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1038                          response.data.auth.nt_status_string, 
1039                          response.data.auth.nt_status,
1040                          response.data.auth.error_string);
1041
1042         if (result != NSS_STATUS_SUCCESS)
1043                 return False;
1044
1045         if (response.extra_data.data == NULL) {
1046                 d_fprintf(stderr, "Did not get token data\n");
1047                 return False;
1048         }
1049
1050         if (!afs_settoken_str((char *)response.extra_data.data)) {
1051                 d_fprintf(stderr, "Could not set token\n");
1052                 return False;
1053         }
1054
1055         d_printf("Successfully created AFS token\n");
1056         return True;
1057 }
1058
1059 /* Print domain users */
1060
1061 static bool print_domain_users(const char *domain)
1062 {
1063         struct winbindd_request request;
1064         struct winbindd_response response;
1065         const char *extra_data;
1066         char *name;
1067         TALLOC_CTX *frame = NULL;
1068
1069         /* Send request to winbind daemon */
1070
1071         ZERO_STRUCT(request);
1072         ZERO_STRUCT(response);
1073
1074         if (domain) {
1075                 /* '.' is the special sign for our own domain */
1076                 if ( strequal(domain, ".") )
1077                         fstrcpy( request.domain_name, get_winbind_domain() );
1078                 else
1079                         fstrcpy( request.domain_name, domain );
1080         }
1081
1082         if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
1083             NSS_STATUS_SUCCESS)
1084                 return False;
1085
1086         /* Look through extra data */
1087
1088         if (!response.extra_data.data)
1089                 return False;
1090
1091         extra_data = (const char *)response.extra_data.data;
1092
1093         frame = talloc_stackframe();
1094         while(next_token_talloc(frame,&extra_data,&name, ","))
1095                 d_printf("%s\n", name);
1096         TALLOC_FREE(frame);
1097
1098         SAFE_FREE(response.extra_data.data);
1099
1100         return True;
1101 }
1102
1103 /* Print domain groups */
1104
1105 static bool print_domain_groups(const char *domain)
1106 {
1107         struct winbindd_request  request;
1108         struct winbindd_response response;
1109         const char *extra_data;
1110         TALLOC_CTX *frame = NULL;
1111         char *name;
1112
1113         ZERO_STRUCT(request);
1114         ZERO_STRUCT(response);
1115
1116         if (domain) {
1117                 if ( strequal(domain, ".") )
1118                         fstrcpy( request.domain_name, get_winbind_domain() );
1119                 else
1120                         fstrcpy( request.domain_name, domain );
1121         }
1122
1123         if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
1124             NSS_STATUS_SUCCESS)
1125                 return False;
1126
1127         /* Look through extra data */
1128
1129         if (!response.extra_data.data)
1130                 return False;
1131
1132         extra_data = (const char *)response.extra_data.data;
1133
1134         frame = talloc_stackframe();
1135         while(next_token_talloc(frame,&extra_data,&name, ","))
1136                 d_printf("%s\n", name);
1137         TALLOC_FREE(frame);
1138
1139         SAFE_FREE(response.extra_data.data);
1140
1141         return True;
1142 }
1143
1144 /* Set the authorised user for winbindd access in secrets.tdb */
1145
1146 static bool wbinfo_set_auth_user(char *username)
1147 {
1148         const char *password;
1149         char *p;
1150         fstring user, domain;
1151
1152         /* Separate into user and password */
1153
1154         parse_wbinfo_domain_user(username, domain, user);
1155
1156         p = strchr(user, '%');
1157
1158         if (p != NULL) {
1159                 *p = 0;
1160                 password = p+1;
1161         } else {
1162                 char *thepass = getpass("Password: ");
1163                 if (thepass) {
1164                         password = thepass;     
1165                 } else
1166                         password = "";
1167         }
1168
1169         /* Store or remove DOMAIN\username%password in secrets.tdb */
1170
1171         secrets_init();
1172
1173         if (user[0]) {
1174
1175                 if (!secrets_store(SECRETS_AUTH_USER, user,
1176                                    strlen(user) + 1)) {
1177                         d_fprintf(stderr, "error storing username\n");
1178                         return False;
1179                 }
1180
1181                 /* We always have a domain name added by the
1182                    parse_wbinfo_domain_user() function. */
1183
1184                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
1185                                    strlen(domain) + 1)) {
1186                         d_fprintf(stderr, "error storing domain name\n");
1187                         return False;
1188                 }
1189
1190         } else {
1191                 secrets_delete(SECRETS_AUTH_USER);
1192                 secrets_delete(SECRETS_AUTH_DOMAIN);
1193         }
1194
1195         if (password[0]) {
1196
1197                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
1198                                    strlen(password) + 1)) {
1199                         d_fprintf(stderr, "error storing password\n");
1200                         return False;
1201                 }
1202
1203         } else
1204                 secrets_delete(SECRETS_AUTH_PASSWORD);
1205
1206         return True;
1207 }
1208
1209 static void wbinfo_get_auth_user(void)
1210 {
1211         char *user, *domain, *password;
1212
1213         /* Lift data from secrets file */
1214         
1215         secrets_fetch_ipc_userpass(&user, &domain, &password);
1216
1217         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
1218
1219                 SAFE_FREE(user);
1220                 SAFE_FREE(domain);
1221                 SAFE_FREE(password);
1222                 d_printf("No authorised user configured\n");
1223                 return;
1224         }
1225
1226         /* Pretty print authorised user info */
1227
1228         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
1229                  user, password ? "%" : "", password ? password : "");
1230
1231         SAFE_FREE(user);
1232         SAFE_FREE(domain);
1233         SAFE_FREE(password);
1234 }
1235
1236 static bool wbinfo_ping(void)
1237 {
1238         NSS_STATUS result;
1239
1240         result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
1241
1242         /* Display response */
1243
1244         d_printf("Ping to winbindd %s on fd %d\n", 
1245                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
1246
1247         return result == NSS_STATUS_SUCCESS;
1248 }
1249
1250 /* Main program */
1251
1252 enum {
1253         OPT_SET_AUTH_USER = 1000,
1254         OPT_GET_AUTH_USER,
1255         OPT_DOMAIN_NAME,
1256         OPT_SEQUENCE,
1257         OPT_GETDCNAME,
1258         OPT_DSGETDCNAME,
1259         OPT_USERDOMGROUPS,
1260         OPT_USERSIDS,
1261         OPT_ALLOCATE_UID,
1262         OPT_ALLOCATE_GID,
1263         OPT_SEPARATOR,
1264         OPT_LIST_ALL_DOMAINS,
1265         OPT_LIST_OWN_DOMAIN,
1266         OPT_UID_INFO,
1267         OPT_GROUP_INFO,
1268 };
1269
1270 int main(int argc, char **argv, char **envp)
1271 {
1272         int opt;
1273         TALLOC_CTX *frame = talloc_stackframe();        
1274         poptContext pc;
1275         static char *string_arg;
1276         static char *opt_domain_name;
1277         static int int_arg;
1278         int result = 1;
1279
1280         struct poptOption long_options[] = {
1281                 POPT_AUTOHELP
1282
1283                 /* longName, shortName, argInfo, argPtr, value, descrip, 
1284                    argDesc */
1285
1286                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1287                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1288                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1289                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1290                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1291                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1292                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1293                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1294                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1295                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1296                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1297                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1298                   "Get a new UID out of idmap" },
1299                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1300                   "Get a new GID out of idmap" },
1301                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1302                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1303                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1304                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1305                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1306                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1307                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1308                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1309                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1310                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1311                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1312                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1313                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1314                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1315                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1316                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1317                   "Get a DC name for a foreign domain", "domainname" },
1318                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1319                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1320                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1321                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1322 #ifdef WITH_FAKE_KASERVER
1323                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1324 #endif
1325 #ifdef HAVE_KRB5
1326                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1327                         /* destroys wbinfo --help output */
1328                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1329 #endif
1330                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1331                 POPT_COMMON_CONFIGFILE
1332                 POPT_COMMON_VERSION
1333                 POPT_TABLEEND
1334         };
1335
1336         /* Samba client initialisation */
1337         load_case_tables();
1338
1339
1340         /* Parse options */
1341
1342         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1343
1344         /* Parse command line options */
1345
1346         if (argc == 1) {
1347                 poptPrintHelp(pc, stderr, 0);
1348                 return 1;
1349         }
1350
1351         while((opt = poptGetNextOpt(pc)) != -1) {
1352                 /* get the generic configuration parameters like --domain */
1353         }
1354
1355         poptFreeContext(pc);
1356
1357         if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
1358                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1359                         get_dyn_CONFIGFILE(), strerror(errno));
1360                 exit(1);
1361         }
1362
1363         if (!init_names())
1364                 return 1;
1365
1366         load_interfaces();
1367
1368         pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
1369                             POPT_CONTEXT_KEEP_FIRST);
1370
1371         while((opt = poptGetNextOpt(pc)) != -1) {
1372                 switch (opt) {
1373                 case 'u':
1374                         if (!print_domain_users(opt_domain_name)) {
1375                                 d_fprintf(stderr, "Error looking up domain users\n");
1376                                 goto done;
1377                         }
1378                         break;
1379                 case 'g':
1380                         if (!print_domain_groups(opt_domain_name)) {
1381                                 d_fprintf(stderr, "Error looking up domain groups\n");
1382                                 goto done;
1383                         }
1384                         break;
1385                 case 's':
1386                         if (!wbinfo_lookupsid(string_arg)) {
1387                                 d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
1388                                 goto done;
1389                         }
1390                         break;
1391                 case 'R':
1392                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1393                                 d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
1394                                 goto done;
1395                         }
1396                         break;
1397                 case 'n':
1398                         if (!wbinfo_lookupname(string_arg)) {
1399                                 d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
1400                                 goto done;
1401                         }
1402                         break;
1403                 case 'N':
1404                         if (!wbinfo_wins_byname(string_arg)) {
1405                                 d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
1406                                 goto done;
1407                         }
1408                         break;
1409                 case 'I':
1410                         if (!wbinfo_wins_byip(string_arg)) {
1411                                 d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
1412                                 goto done;
1413                         }
1414                         break;
1415                 case 'U':
1416                         if (!wbinfo_uid_to_sid(int_arg)) {
1417                                 d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
1418                                 goto done;
1419                         }
1420                         break;
1421                 case 'G':
1422                         if (!wbinfo_gid_to_sid(int_arg)) {
1423                                 d_fprintf(stderr, "Could not convert gid %d to sid\n",
1424                                        int_arg);
1425                                 goto done;
1426                         }
1427                         break;
1428                 case 'S':
1429                         if (!wbinfo_sid_to_uid(string_arg)) {
1430                                 d_fprintf(stderr, "Could not convert sid %s to uid\n",
1431                                        string_arg);
1432                                 goto done;
1433                         }
1434                         break;
1435                 case 'Y':
1436                         if (!wbinfo_sid_to_gid(string_arg)) {
1437                                 d_fprintf(stderr, "Could not convert sid %s to gid\n",
1438                                        string_arg);
1439                                 goto done;
1440                         }
1441                         break;
1442                 case OPT_ALLOCATE_UID:
1443                         if (!wbinfo_allocate_uid()) {
1444                                 d_fprintf(stderr, "Could not allocate a uid\n");
1445                                 goto done;
1446                         }
1447                         break;
1448                 case OPT_ALLOCATE_GID:
1449                         if (!wbinfo_allocate_gid()) {
1450                                 d_fprintf(stderr, "Could not allocate a gid\n");
1451                                 goto done;
1452                         }
1453                         break;
1454                 case 't':
1455                         if (!wbinfo_check_secret()) {
1456                                 d_fprintf(stderr, "Could not check secret\n");
1457                                 goto done;
1458                         }
1459                         break;
1460                 case 'm':
1461                         if (!wbinfo_list_domains(False)) {
1462                                 d_fprintf(stderr, "Could not list trusted domains\n");
1463                                 goto done;
1464                         }
1465                         break;
1466                 case OPT_SEQUENCE:
1467                         if (!wbinfo_show_sequence(opt_domain_name)) {
1468                                 d_fprintf(stderr, "Could not show sequence numbers\n");
1469                                 goto done;
1470                         }
1471                         break;
1472                 case 'D':
1473                         if (!wbinfo_domain_info(string_arg)) {
1474                                 d_fprintf(stderr, "Could not get domain info\n");
1475                                 goto done;
1476                         }
1477                         break;
1478                 case 'i':
1479                         if (!wbinfo_get_userinfo(string_arg)) {
1480                                 d_fprintf(stderr, "Could not get info for user %s\n",
1481                                                   string_arg);
1482                                 goto done;
1483                         }
1484                         break;
1485                 case OPT_UID_INFO:
1486                         if ( !wbinfo_get_uidinfo(int_arg)) {
1487                                 d_fprintf(stderr, "Could not get info for uid "
1488                                                 "%d\n", int_arg);
1489                                 goto done;
1490                         }
1491                         break;
1492                 case OPT_GROUP_INFO:
1493                         if ( !wbinfo_get_groupinfo(string_arg)) {
1494                                 d_fprintf(stderr, "Could not get info for "
1495                                           "group %s\n", string_arg);
1496                                 goto done;
1497                         }
1498                         break;
1499                 case 'r':
1500                         if (!wbinfo_get_usergroups(string_arg)) {
1501                                 d_fprintf(stderr, "Could not get groups for user %s\n", 
1502                                        string_arg);
1503                                 goto done;
1504                         }
1505                         break;
1506                 case OPT_USERSIDS:
1507                         if (!wbinfo_get_usersids(string_arg)) {
1508                                 d_fprintf(stderr, "Could not get group SIDs for user SID %s\n", 
1509                                        string_arg);
1510                                 goto done;
1511                         }
1512                         break;
1513                 case OPT_USERDOMGROUPS:
1514                         if (!wbinfo_get_userdomgroups(string_arg)) {
1515                                 d_fprintf(stderr, "Could not get user's domain groups "
1516                                          "for user SID %s\n", string_arg);
1517                                 goto done;
1518                         }
1519                         break;
1520                 case 'a': {
1521                                 bool got_error = False;
1522
1523                                 if (!wbinfo_auth(string_arg)) {
1524                                         d_fprintf(stderr, "Could not authenticate user %s with "
1525                                                 "plaintext password\n", string_arg);
1526                                         got_error = True;
1527                                 }
1528
1529                                 if (!wbinfo_auth_crap(string_arg)) {
1530                                         d_fprintf(stderr, "Could not authenticate user %s with "
1531                                                 "challenge/response\n", string_arg);
1532                                         got_error = True;
1533                                 }
1534
1535                                 if (got_error)
1536                                         goto done;
1537                                 break;
1538                         }
1539                 case 'K': {
1540                                 uint32 flags =  WBFLAG_PAM_KRB5 |
1541                                                 WBFLAG_PAM_CACHED_LOGIN |
1542                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
1543                                                 WBFLAG_PAM_INFO3_TEXT;
1544
1545                                 if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
1546                                         d_fprintf(stderr, "Could not authenticate user [%s] with "
1547                                                 "Kerberos (ccache: %s)\n", string_arg, "FILE");
1548                                         goto done;
1549                                 }
1550                                 break;
1551                         }
1552                 case 'k':
1553                         if (!wbinfo_klog(string_arg)) {
1554                                 d_fprintf(stderr, "Could not klog user\n");
1555                                 goto done;
1556                         }
1557                         break;
1558                 case 'p':
1559                         if (!wbinfo_ping()) {
1560                                 d_fprintf(stderr, "could not ping winbindd!\n");
1561                                 goto done;
1562                         }
1563                         break;
1564                 case OPT_SET_AUTH_USER:
1565                         if (!wbinfo_set_auth_user(string_arg)) {
1566                                 goto done;
1567                         }
1568                         break;
1569                 case OPT_GET_AUTH_USER:
1570                         wbinfo_get_auth_user();
1571                         break;
1572                 case OPT_GETDCNAME:
1573                         if (!wbinfo_getdcname(string_arg)) {
1574                                 goto done;
1575                         }
1576                         break;
1577                 case OPT_DSGETDCNAME:
1578                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
1579                                 goto done;
1580                         }
1581                         break;
1582                 case OPT_SEPARATOR: {
1583                         const char sep = winbind_separator_int(True);
1584                         if ( !sep ) {
1585                                 goto done;
1586                         }
1587                         d_printf("%c\n", sep);
1588                         break;
1589                 }
1590                 case OPT_LIST_ALL_DOMAINS:
1591                         if (!wbinfo_list_domains(True)) {
1592                                 goto done;
1593                         }
1594                         break;
1595                 case OPT_LIST_OWN_DOMAIN:
1596                         if (!wbinfo_list_own_domain()) {
1597                                 goto done;
1598                         }
1599                         break;
1600                 /* generic configuration options */
1601                 case OPT_DOMAIN_NAME:
1602                         break;
1603                 default:
1604                         d_fprintf(stderr, "Invalid option\n");
1605                         poptPrintHelp(pc, stderr, 0);
1606                         goto done;
1607                 }
1608         }
1609
1610         result = 0;
1611
1612         /* Exit code */
1613
1614  done:
1615         talloc_destroy(frame);
1616
1617         poptFreeContext(pc);
1618         return result;
1619 }