DIsplay the short domain name in "wbinfo -m " by default.
[ira/wip.git] / source3 / nsswitch / wbinfo.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "winbind_client.h"
25 #include "libwbclient/wbclient.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_WINBIND
29
30 static char winbind_separator_int(bool strict)
31 {
32         struct winbindd_response response;
33         static bool got_sep;
34         static char sep;
35
36         if (got_sep)
37                 return sep;
38
39         ZERO_STRUCT(response);
40
41         /* Send off request */
42
43         if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
44             NSS_STATUS_SUCCESS) {
45                 d_fprintf(stderr, "could not obtain winbind separator!\n");
46                 if (strict) {
47                         return 0;
48                 }
49                 /* HACK: (this module should not call lp_ funtions) */
50                 return *lp_winbind_separator();
51         }
52
53         sep = response.data.info.winbind_separator;
54         got_sep = true;
55
56         if (!sep) {
57                 d_fprintf(stderr, "winbind separator was NULL!\n");
58                 if (strict) {
59                         return 0;
60                 }
61                 /* HACK: (this module should not call lp_ funtions) */
62                 sep = *lp_winbind_separator();
63         }
64         
65         return sep;
66 }
67
68 static char winbind_separator(void)
69 {
70         return winbind_separator_int(false);
71 }
72
73 static const char *get_winbind_domain(void)
74 {
75         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
76         struct wbcDomainInfo *dinfo = NULL;
77         static fstring winbind_domain;
78
79         ZERO_STRUCT(dinfo);
80
81         wbc_status = wbcDomainInfo(".", &dinfo);
82
83         if (!WBC_ERROR_IS_OK(wbc_status)) {
84                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
85
86                 /* HACK: (this module should not call lp_ functions) */
87                 return lp_workgroup();
88         }
89
90         fstrcpy(winbind_domain, dinfo->short_name);
91
92         wbcFreeMemory(dinfo);
93
94         return winbind_domain;
95 }
96
97 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
98    form DOMAIN/user into a domain and a user */
99
100 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
101                                      fstring user)
102 {
103
104         char *p = strchr(domuser,winbind_separator());
105
106         if (!p) {
107                 /* Maybe it was a UPN? */
108                 if ((p = strchr(domuser, '@')) != NULL) {
109                         fstrcpy(domain, "");
110                         fstrcpy(user, domuser);
111                         return true;
112                 }
113
114                 fstrcpy(user, domuser);
115                 fstrcpy(domain, get_winbind_domain());
116                 return true;
117         }
118
119         fstrcpy(user, p+1);
120         fstrcpy(domain, domuser);
121         domain[PTR_DIFF(p, domuser)] = 0;
122         strupper_m(domain);
123
124         return true;
125 }
126
127 /* pull pwent info for a given user */
128
129 static bool wbinfo_get_userinfo(char *user)
130 {
131         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
132         struct passwd *pwd = NULL;
133
134         wbc_status = wbcGetpwnam(user, &pwd);
135         if (!WBC_ERROR_IS_OK(wbc_status)) {
136                 return false;
137         }
138
139         d_printf("%s:%s:%d:%d:%s:%s:%s\n",
140                  pwd->pw_name,
141                  pwd->pw_passwd,
142                  pwd->pw_uid,
143                  pwd->pw_gid,
144                  pwd->pw_gecos,
145                  pwd->pw_dir,
146                  pwd->pw_shell);
147
148         return true;
149 }
150
151 /* pull pwent info for a given uid */
152 static bool wbinfo_get_uidinfo(int uid)
153 {
154         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
155         struct passwd *pwd = NULL;
156
157         wbc_status = wbcGetpwuid(uid, &pwd);
158         if (!WBC_ERROR_IS_OK(wbc_status)) {
159                 return false;
160         }
161
162         d_printf("%s:%s:%d:%d:%s:%s:%s\n",
163                  pwd->pw_name,
164                  pwd->pw_passwd,
165                  pwd->pw_uid,
166                  pwd->pw_gid,
167                  pwd->pw_gecos,
168                  pwd->pw_dir,
169                  pwd->pw_shell);
170
171         return true;
172 }
173
174 /* pull grent for a given group */
175 static bool wbinfo_get_groupinfo(const char *group)
176 {
177         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
178         struct group *grp;
179
180         wbc_status = wbcGetgrnam(group, &grp);
181         if (!WBC_ERROR_IS_OK(wbc_status)) {
182                 return false;
183         }
184
185         d_printf("%s:%s:%d\n",
186                  grp->gr_name,
187                  grp->gr_passwd,
188                  grp->gr_gid);
189
190         wbcFreeMemory(grp);
191
192         return true;
193 }
194
195 /* List groups a user is a member of */
196
197 static bool wbinfo_get_usergroups(char *user)
198 {
199         struct winbindd_request request;
200         struct winbindd_response response;
201         NSS_STATUS result;
202         int i;
203
204         ZERO_STRUCT(request);
205         ZERO_STRUCT(response);
206
207         /* Send request */
208
209         fstrcpy(request.data.username, user);
210
211         result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
212
213         if (result != NSS_STATUS_SUCCESS)
214                 return false;
215
216         for (i = 0; i < response.data.num_entries; i++)
217                 d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
218
219         SAFE_FREE(response.extra_data.data);
220
221         return true;
222 }
223
224
225 /* List group SIDs a user SID is a member of */
226 static bool wbinfo_get_usersids(const char *user_sid_str)
227 {
228         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
229         uint32_t num_sids;
230         uint32_t i;
231         struct wbcDomainSid user_sid, *sids = NULL;
232
233         /* Send request */
234
235         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
236         if (!WBC_ERROR_IS_OK(wbc_status)) {
237                 return false;
238         }
239
240         wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
241         if (!WBC_ERROR_IS_OK(wbc_status)) {
242                 return false;
243         }
244
245         for (i = 0; i < num_sids; i++) {
246                 char *str = NULL;
247                 wbc_status = wbcSidToString(&sids[i], &str);
248                 if (!WBC_ERROR_IS_OK(wbc_status)) {
249                         wbcFreeMemory(sids);
250                         return false;
251                 }
252                 d_printf("%s\n", str);
253                 wbcFreeMemory(str);
254         }
255
256         wbcFreeMemory(sids);
257
258         return true;
259 }
260
261 static bool wbinfo_get_userdomgroups(const char *user_sid_str)
262 {
263         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
264         uint32_t num_sids;
265         uint32_t i;
266         struct wbcDomainSid user_sid, *sids = NULL;
267
268         /* Send request */
269
270         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
271         if (!WBC_ERROR_IS_OK(wbc_status)) {
272                 return false;
273         }
274
275         wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
276         if (!WBC_ERROR_IS_OK(wbc_status)) {
277                 return false;
278         }
279
280         for (i = 0; i < num_sids; i++) {
281                 char *str = NULL;
282                 wbc_status = wbcSidToString(&sids[i], &str);
283                 if (!WBC_ERROR_IS_OK(wbc_status)) {
284                         wbcFreeMemory(sids);
285                         return false;
286                 }
287                 d_printf("%s\n", str);
288                 wbcFreeMemory(str);
289         }
290
291         wbcFreeMemory(sids);
292
293         return true;
294 }
295
296 /* Convert NetBIOS name to IP */
297
298 static bool wbinfo_wins_byname(char *name)
299 {
300         struct winbindd_request request;
301         struct winbindd_response response;
302
303         ZERO_STRUCT(request);
304         ZERO_STRUCT(response);
305
306         /* Send request */
307
308         fstrcpy(request.data.winsreq, name);
309
310         if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
311             NSS_STATUS_SUCCESS) {
312                 return false;
313         }
314
315         /* Display response */
316
317         d_printf("%s\n", response.data.winsresp);
318
319         return true;
320 }
321
322 /* Convert IP to NetBIOS name */
323
324 static bool wbinfo_wins_byip(char *ip)
325 {
326         struct winbindd_request request;
327         struct winbindd_response response;
328
329         ZERO_STRUCT(request);
330         ZERO_STRUCT(response);
331
332         /* Send request */
333
334         fstrcpy(request.data.winsreq, ip);
335
336         if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
337             NSS_STATUS_SUCCESS) {
338                 return false;
339         }
340
341         /* Display response */
342
343         d_printf("%s\n", response.data.winsresp);
344
345         return true;
346 }
347
348 /* List all/trusted domains */
349
350 static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
351 {
352         struct winbindd_request request;
353         struct winbindd_response response;
354
355         bool print_all = !list_all_domains && verbose;
356
357         ZERO_STRUCT(request);
358         ZERO_STRUCT(response);
359
360         /* Send request */
361
362         request.data.list_all_domains = list_all_domains;
363
364         if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
365             NSS_STATUS_SUCCESS)
366                 return false;
367
368         /* Display response */
369
370         if (response.extra_data.data) {
371                 const char *extra_data = (char *)response.extra_data.data;
372                 char *name;
373                 char *beg, *end;
374                 TALLOC_CTX *frame = talloc_stackframe();
375
376                 if (print_all) {
377                         d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n", 
378                                  "Domain Name", "DNS Domain", "Trust Type", 
379                                  "Transitive", "In", "Out");
380                 }
381
382                 while(next_token_talloc(frame,&extra_data,&name,"\n")) {
383                         /* Print Domain Name */
384                         if ((beg = strchr(name, '\\')) == NULL)
385                                 goto error;
386                         *beg = 0;
387                         beg++;
388                         if ((end = strchr(beg, '\\')) == NULL)
389                                 goto error;
390                         *end = 0;
391
392                         /* Print short name */
393
394                         d_printf("%-16s", name);
395
396                         if (!print_all) {
397                                 d_printf("\n"); 
398                                 continue;
399                         }
400
401                         /* Print DNS domain */
402
403                         if (beg) {
404                                 d_printf("%-24s", beg);
405                         }
406
407                         /* Skip SID */
408                         beg = ++end;
409                         if ((end = strchr(beg, '\\')) == NULL)
410                                 goto error;
411
412                         /* Print Trust Type */
413                         beg = ++end;
414                         if ((end = strchr(beg, '\\')) == NULL)
415                                 goto error;
416                         *end = 0;
417                         d_printf("%-12s", beg);
418
419                         /* Print Transitive */
420                         beg = ++end;
421                         if ((end = strchr(beg, '\\')) == NULL)
422                                 goto error;
423                         *end = 0;
424                         d_printf("%-12s", beg);
425
426                         /* Print Incoming */
427                         beg = ++end;
428                         if ((end = strchr(beg, '\\')) == NULL)
429                                 goto error;
430                         *end = 0;
431                         d_printf("%-5s", beg);
432
433                         /* Print Outgoing */
434                         beg = ++end;
435                         d_printf("%-5s\n", beg);
436                 }
437                 goto out;
438
439 error:
440                 d_fprintf(stderr, "Got invalid response: %s\n", extra_data);
441                 TALLOC_FREE(frame);
442                 SAFE_FREE(response.extra_data.data);
443                 return false;
444 out:
445                 TALLOC_FREE(frame);
446                 SAFE_FREE(response.extra_data.data);
447         }
448
449         return true;
450 }
451
452 /* List own domain */
453
454 static bool wbinfo_list_own_domain(void)
455 {
456         d_printf("%s\n", get_winbind_domain());
457
458         return true;
459 }
460
461 /* show sequence numbers */
462 static bool wbinfo_show_sequence(const char *domain)
463 {
464         struct winbindd_request  request;
465         struct winbindd_response response;
466
467         ZERO_STRUCT(response);
468         ZERO_STRUCT(request);
469
470         if ( domain )
471                 fstrcpy( request.domain_name, domain );
472
473         /* Send request */
474
475         if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
476             NSS_STATUS_SUCCESS)
477                 return false;
478
479         /* Display response */
480
481         if (domain) {
482                 d_printf("%s : ", domain);
483                 if (response.data.sequence_number == (uint32_t)-1) {
484                         d_printf("DISCONNECTED\n");
485                 } else {
486                         d_printf("%d\n", response.data.sequence_number);
487                 }
488         } else if (response.extra_data.data) {
489                 char *extra_data = (char *)response.extra_data.data;
490                 d_printf("%s", extra_data);
491                 SAFE_FREE(response.extra_data.data);
492         }
493
494         return true;
495 }
496
497 /* Show domain info */
498
499 static bool wbinfo_domain_info(const char *domain)
500 {
501         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
502         struct wbcDomainInfo *dinfo = NULL;
503         char *sid_str = NULL;
504
505         if (strcmp(domain, ".") == 0 || domain[0] == '\0') {
506                 domain = get_winbind_domain();
507         }
508
509         /* Send request */
510
511         wbc_status = wbcDomainInfo(domain, &dinfo);
512         if (!WBC_ERROR_IS_OK(wbc_status)) {
513                 return false;
514         }
515
516         wbc_status = wbcSidToString(&dinfo->sid, &sid_str);
517         if (!WBC_ERROR_IS_OK(wbc_status)) {
518                 wbcFreeMemory(dinfo);
519                 return false;
520         }
521
522         /* Display response */
523
524         d_printf("Name              : %s\n", dinfo->short_name);
525         d_printf("Alt_Name          : %s\n", dinfo->dns_name);
526
527         d_printf("SID               : %s\n", sid_str);
528
529         d_printf("Active Directory  : %s\n",
530                  (dinfo->flags & WBC_DOMINFO_AD) ? "Yes" : "No");
531         d_printf("Native            : %s\n",
532                  (dinfo->flags & WBC_DOMINFO_NATIVE) ? "Yes" : "No");
533
534         d_printf("Primary           : %s\n",
535                  (dinfo->flags & WBC_DOMINFO_PRIMARY) ? "Yes" : "No");
536
537         wbcFreeMemory(sid_str);
538         wbcFreeMemory(dinfo);
539
540         return true;
541 }
542
543 /* Get a foreign DC's name */
544 static bool wbinfo_getdcname(const char *domain_name)
545 {
546         struct winbindd_request request;
547         struct winbindd_response response;
548
549         ZERO_STRUCT(request);
550         ZERO_STRUCT(response);
551
552         fstrcpy(request.domain_name, domain_name);
553
554         /* Send request */
555
556         if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
557             NSS_STATUS_SUCCESS) {
558                 d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
559                 return false;
560         }
561
562         /* Display response */
563
564         d_printf("%s\n", response.data.dc_name);
565
566         return true;
567 }
568
569 /* Find a DC */
570 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
571 {
572         struct winbindd_request request;
573         struct winbindd_response response;
574
575         ZERO_STRUCT(request);
576         ZERO_STRUCT(response);
577
578         fstrcpy(request.domain_name, domain_name);
579         request.flags = flags;
580
581         request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
582
583         /* Send request */
584
585         if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
586             NSS_STATUS_SUCCESS) {
587                 d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
588                 return false;
589         }
590
591         /* Display response */
592
593         d_printf("%s\n", response.data.dc_name);
594
595         return true;
596 }
597
598 /* Check trust account password */
599
600 static bool wbinfo_check_secret(void)
601 {
602         struct winbindd_response response;
603         NSS_STATUS result;
604
605         ZERO_STRUCT(response);
606
607         result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
608
609         d_printf("checking the trust secret via RPC calls %s\n",
610                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
611
612         if (result != NSS_STATUS_SUCCESS)
613                 d_fprintf(stderr, "error code was %s (0x%x)\n",
614                          response.data.auth.nt_status_string,
615                          response.data.auth.nt_status);
616
617         return result == NSS_STATUS_SUCCESS;    
618 }
619
620 /* Convert uid to sid */
621
622 static bool wbinfo_uid_to_sid(uid_t uid)
623 {
624         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
625         struct wbcDomainSid sid;
626         char *sid_str = NULL;
627
628         /* Send request */
629
630         wbc_status = wbcUidToSid(uid, &sid);
631         if (!WBC_ERROR_IS_OK(wbc_status)) {
632                 return false;
633         }
634
635         wbc_status = wbcSidToString(&sid, &sid_str);
636         if (!WBC_ERROR_IS_OK(wbc_status)) {
637                 return false;
638         }
639
640         /* Display response */
641
642         d_printf("%s\n", sid_str);
643
644         wbcFreeMemory(sid_str);
645
646         return true;
647 }
648
649 /* Convert gid to sid */
650
651 static bool wbinfo_gid_to_sid(gid_t gid)
652 {
653         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
654         struct wbcDomainSid sid;
655         char *sid_str = NULL;
656
657         /* Send request */
658
659         wbc_status = wbcGidToSid(gid, &sid);
660         if (!WBC_ERROR_IS_OK(wbc_status)) {
661                 return false;
662         }
663
664         wbc_status = wbcSidToString(&sid, &sid_str);
665         if (!WBC_ERROR_IS_OK(wbc_status)) {
666                 return false;
667         }
668
669         /* Display response */
670
671         d_printf("%s\n", sid_str);
672
673         wbcFreeMemory(sid_str);
674
675         return true;
676 }
677
678 /* Convert sid to uid */
679
680 static bool wbinfo_sid_to_uid(const char *sid_str)
681 {
682         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
683         struct wbcDomainSid sid;
684         uid_t uid;
685
686         /* Send request */
687
688         wbc_status = wbcStringToSid(sid_str, &sid);
689         if (!WBC_ERROR_IS_OK(wbc_status)) {
690                 return false;
691         }
692
693         wbc_status = wbcSidToUid(&sid, &uid);
694         if (!WBC_ERROR_IS_OK(wbc_status)) {
695                 return false;
696         }
697
698         /* Display response */
699
700         d_printf("%d\n", (int)uid);
701
702         return true;
703 }
704
705 static bool wbinfo_sid_to_gid(const char *sid_str)
706 {
707         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
708         struct wbcDomainSid sid;
709         gid_t gid;
710
711         /* Send request */
712
713         wbc_status = wbcStringToSid(sid_str, &sid);
714         if (!WBC_ERROR_IS_OK(wbc_status)) {
715                 return false;
716         }
717
718         wbc_status = wbcSidToGid(&sid, &gid);
719         if (!WBC_ERROR_IS_OK(wbc_status)) {
720                 return false;
721         }
722
723         /* Display response */
724
725         d_printf("%d\n", (int)gid);
726
727         return true;
728 }
729
730 static bool wbinfo_allocate_uid(void)
731 {
732         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
733         uid_t uid;
734
735         /* Send request */
736
737         wbc_status = wbcAllocateUid(&uid);
738         if (!WBC_ERROR_IS_OK(wbc_status)) {
739                 return false;
740         }
741
742         /* Display response */
743
744         d_printf("New uid: %d\n", uid);
745
746         return true;
747 }
748
749 static bool wbinfo_allocate_gid(void)
750 {
751         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
752         gid_t gid;
753
754         /* Send request */
755
756         wbc_status = wbcAllocateGid(&gid);
757         if (!WBC_ERROR_IS_OK(wbc_status)) {
758                 return false;
759         }
760
761         /* Display response */
762
763         d_printf("New gid: %d\n", gid);
764
765         return true;
766 }
767
768 /* Convert sid to string */
769
770 static bool wbinfo_lookupsid(char *sid)
771 {
772         struct winbindd_request request;
773         struct winbindd_response response;
774
775         ZERO_STRUCT(request);
776         ZERO_STRUCT(response);
777
778         /* Send off request */
779
780         fstrcpy(request.data.sid, sid);
781
782         if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
783             NSS_STATUS_SUCCESS)
784                 return false;
785
786         /* Display response */
787
788         d_printf("%s%c%s %d\n", response.data.name.dom_name,
789                  winbind_separator(), response.data.name.name,
790                  response.data.name.type);
791
792         return true;
793 }
794
795 /* Lookup a list of RIDs */
796
797 static bool wbinfo_lookuprids(char *domain, char *arg)
798 {
799         size_t i;
800         DOM_SID sid;
801         int num_rids;
802         uint32 *rids;
803         const char *p;
804         char *ridstr;
805         const char **names;
806         enum lsa_SidType *types;
807         const char *domain_name;
808         TALLOC_CTX *mem_ctx;
809         struct winbindd_request request;
810         struct winbindd_response response;
811
812         ZERO_STRUCT(request);
813         ZERO_STRUCT(response);
814
815         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0'))
816                 fstrcpy(request.domain_name, get_winbind_domain());
817         else
818                 fstrcpy(request.domain_name, domain);
819
820         /* Send request */
821
822         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
823             NSS_STATUS_SUCCESS) {
824                 d_printf("Could not get domain sid for %s\n", request.domain_name);
825                 return false;
826         }
827
828         if (!string_to_sid(&sid, response.data.domain_info.sid)) {
829                 d_printf("Could not convert %s to sid\n", response.data.domain_info.sid);
830                 return false;
831         }
832
833         mem_ctx = talloc_new(NULL);
834         if (mem_ctx == NULL) {
835                 d_printf("talloc_new failed\n");
836                 return false;
837         }
838
839         num_rids = 0;
840         rids = NULL;
841         p = arg;
842
843         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
844                 uint32 rid = strtoul(ridstr, NULL, 10);
845                 ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
846         }
847
848         if (rids == NULL) {
849                 TALLOC_FREE(mem_ctx);
850                 return false;
851         }
852
853         if (!winbind_lookup_rids(mem_ctx, &sid, num_rids, rids,
854                                  &domain_name, &names, &types)) {
855                 d_printf("winbind_lookup_rids failed\n");
856                 TALLOC_FREE(mem_ctx);
857                 return false;
858         }
859
860         d_printf("Domain: %s\n", domain_name);
861
862         for (i=0; i<num_rids; i++) {
863                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
864                          sid_type_lookup(types[i]));
865         }
866
867         TALLOC_FREE(mem_ctx);
868         return true;
869 }
870
871 /* Convert string to sid */
872
873 static bool wbinfo_lookupname(char *name)
874 {
875         struct winbindd_request request;
876         struct winbindd_response response;
877
878         /* Send off request */
879
880         ZERO_STRUCT(request);
881         ZERO_STRUCT(response);
882
883         parse_wbinfo_domain_user(name, request.data.name.dom_name,
884                                  request.data.name.name);
885
886         if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
887             NSS_STATUS_SUCCESS)
888                 return false;
889
890         /* Display response */
891
892         d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
893
894         return true;
895 }
896
897 /* Authenticate a user with a plaintext password */
898
899 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
900 {
901         struct winbindd_request request;
902         struct winbindd_response response;
903         NSS_STATUS result;
904         char *p;
905
906         /* Send off request */
907
908         ZERO_STRUCT(request);
909         ZERO_STRUCT(response);
910
911         p = strchr(username, '%');
912
913         if (p) {
914                 *p = 0;
915                 fstrcpy(request.data.auth.user, username);
916                 fstrcpy(request.data.auth.pass, p + 1);
917                 *p = '%';
918         } else
919                 fstrcpy(request.data.auth.user, username);
920
921         request.flags = flags;
922
923         fstrcpy(request.data.auth.krb5_cc_type, cctype);
924
925         request.data.auth.uid = geteuid();
926
927         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
928
929         /* Display response */
930
931         d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", 
932                 username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
933
934         if (response.data.auth.nt_status)
935                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
936                          response.data.auth.nt_status_string, 
937                          response.data.auth.nt_status,
938                          response.data.auth.error_string);
939
940         if (result == NSS_STATUS_SUCCESS) {
941
942                 if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
943                         if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
944                                 d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
945                         }
946                 }
947
948                 if (response.data.auth.krb5ccname[0] != '\0') {
949                         d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
950                 } else {
951                         d_printf("no credentials cached\n");
952                 }
953         }
954
955         return result == NSS_STATUS_SUCCESS;
956 }
957
958 /* Authenticate a user with a plaintext password */
959
960 static bool wbinfo_auth(char *username)
961 {
962         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
963         char *s = NULL;
964         char *p = NULL;
965         const char *password = NULL;
966         char *name = NULL;
967
968         if ((s = SMB_STRDUP(username)) == NULL) {
969                 return false;
970         }
971
972         if ((p = strchr(s, '%')) != NULL) {
973                 *p = 0;
974                 p++;
975                 password = p;
976         } else {
977                 password = "";
978         }
979
980         name = s;
981
982         wbc_status = wbcAuthenticateUser(name, password);
983
984         d_printf("plaintext password authentication %s\n",
985                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
986
987 #if 0
988         if (response.data.auth.nt_status)
989                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
990                          response.data.auth.nt_status_string,
991                          response.data.auth.nt_status,
992                          response.data.auth.error_string);
993 #endif
994
995         SAFE_FREE(s);
996
997         return WBC_ERROR_IS_OK(wbc_status);
998 }
999
1000 /* Authenticate a user with a challenge/response */
1001
1002 static bool wbinfo_auth_crap(char *username)
1003 {
1004         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1005         struct wbcAuthUserParams params;
1006         struct wbcAuthUserInfo *info = NULL;
1007         struct wbcAuthErrorInfo *err = NULL;
1008         DATA_BLOB lm = data_blob_null;
1009         DATA_BLOB nt = data_blob_null;
1010         fstring name_user;
1011         fstring name_domain;
1012         fstring pass;
1013         char *p;
1014
1015         p = strchr(username, '%');
1016
1017         if (p) {
1018                 *p = 0;
1019                 fstrcpy(pass, p + 1);
1020         }
1021                 
1022         parse_wbinfo_domain_user(username, name_domain, name_user);
1023
1024         params.account_name     = name_user;
1025         params.domain_name      = name_domain;
1026         params.workstation_name = NULL;
1027
1028         params.flags            = 0;
1029         params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
1030                                   WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
1031
1032         params.level            = WBC_AUTH_USER_LEVEL_RESPONSE;
1033
1034         generate_random_buffer(params.password.response.challenge, 8);
1035
1036         if (lp_client_ntlmv2_auth()) {
1037                 DATA_BLOB server_chal;
1038                 DATA_BLOB names_blob;
1039
1040                 server_chal = data_blob(params.password.response.challenge, 8);
1041
1042                 /* Pretend this is a login to 'us', for blob purposes */
1043                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
1044
1045                 if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
1046                                       &names_blob,
1047                                       &lm, &nt, NULL)) {
1048                         data_blob_free(&names_blob);
1049                         data_blob_free(&server_chal);
1050                         return false;
1051                 }
1052                 data_blob_free(&names_blob);
1053                 data_blob_free(&server_chal);
1054
1055         } else {
1056                 if (lp_client_lanman_auth()) {
1057                         bool ok;
1058                         lm = data_blob(NULL, 24);
1059                         ok = SMBencrypt(pass, params.password.response.challenge,
1060                                         lm.data);
1061                         if (!ok) {
1062                                 data_blob_free(&lm);
1063                         }
1064                 }
1065                 nt = data_blob(NULL, 24);
1066                 SMBNTencrypt(pass, params.password.response.challenge,
1067                              nt.data);
1068         }
1069
1070         params.password.response.nt_length      = nt.length;
1071         params.password.response.nt_data        = nt.data;
1072         params.password.response.lm_length      = lm.length;
1073         params.password.response.lm_data        = lm.data;
1074
1075         wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
1076
1077         /* Display response */
1078
1079         d_printf("challenge/response password authentication %s\n",
1080                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1081
1082         if (wbc_status == WBC_ERR_AUTH_ERROR) {
1083                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1084                          err->nt_string,
1085                          err->nt_status,
1086                          err->display_string);
1087                 wbcFreeMemory(err);
1088         } else if (WBC_ERROR_IS_OK(wbc_status)) {
1089                 wbcFreeMemory(info);
1090         }
1091
1092         data_blob_free(&nt);
1093         data_blob_free(&lm);
1094
1095         return WBC_ERROR_IS_OK(wbc_status);
1096 }
1097
1098 /* Authenticate a user with a plaintext password and set a token */
1099
1100 static bool wbinfo_klog(char *username)
1101 {
1102         struct winbindd_request request;
1103         struct winbindd_response response;
1104         NSS_STATUS result;
1105         char *p;
1106
1107         /* Send off request */
1108
1109         ZERO_STRUCT(request);
1110         ZERO_STRUCT(response);
1111
1112         p = strchr(username, '%');
1113
1114         if (p) {
1115                 *p = 0;
1116                 fstrcpy(request.data.auth.user, username);
1117                 fstrcpy(request.data.auth.pass, p + 1);
1118                 *p = '%';
1119         } else {
1120                 fstrcpy(request.data.auth.user, username);
1121                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1122         }
1123
1124         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1125
1126         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1127
1128         /* Display response */
1129
1130         d_printf("plaintext password authentication %s\n",
1131                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1132
1133         if (response.data.auth.nt_status)
1134                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1135                          response.data.auth.nt_status_string,
1136                          response.data.auth.nt_status,
1137                          response.data.auth.error_string);
1138
1139         if (result != NSS_STATUS_SUCCESS)
1140                 return false;
1141
1142         if (response.extra_data.data == NULL) {
1143                 d_fprintf(stderr, "Did not get token data\n");
1144                 return false;
1145         }
1146
1147         if (!afs_settoken_str((char *)response.extra_data.data)) {
1148                 d_fprintf(stderr, "Could not set token\n");
1149                 return false;
1150         }
1151
1152         d_printf("Successfully created AFS token\n");
1153         return true;
1154 }
1155
1156 /* Print domain users */
1157
1158 static bool print_domain_users(const char *domain)
1159 {
1160         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1161         uint32_t i;
1162         uint32_t num_users = 0;
1163         const char **users = NULL;
1164
1165         /* Send request to winbind daemon */
1166
1167         /* '.' is the special sign for our own domain */
1168         if (domain && strcmp(domain, ".") == 0) {
1169                 domain = get_winbind_domain();
1170         }
1171
1172         wbc_status = wbcListUsers(domain, &num_users, &users);
1173         if (!WBC_ERROR_IS_OK(wbc_status)) {
1174                 return false;
1175         }
1176
1177         for (i=0; i < num_users; i++) {
1178                 d_printf("%s\n", users[i]);
1179         }
1180
1181         wbcFreeMemory(users);
1182
1183         return true;
1184 }
1185
1186 /* Print domain groups */
1187
1188 static bool print_domain_groups(const char *domain)
1189 {
1190         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
1191         uint32_t i;
1192         uint32_t num_groups = 0;
1193         const char **groups = NULL;
1194
1195         /* Send request to winbind daemon */
1196
1197         /* '.' is the special sign for our own domain */
1198         if (domain && strcmp(domain, ".") == 0) {
1199                 domain = get_winbind_domain();
1200         }
1201
1202         wbc_status = wbcListGroups(domain, &num_groups, &groups);
1203         if (!WBC_ERROR_IS_OK(wbc_status)) {
1204                 return false;
1205         }
1206
1207         for (i=0; i < num_groups; i++) {
1208                 d_printf("%s\n", groups[i]);
1209         }
1210
1211         wbcFreeMemory(groups);
1212
1213         return true;
1214 }
1215
1216 /* Set the authorised user for winbindd access in secrets.tdb */
1217
1218 static bool wbinfo_set_auth_user(char *username)
1219 {
1220         const char *password;
1221         char *p;
1222         fstring user, domain;
1223
1224         /* Separate into user and password */
1225
1226         parse_wbinfo_domain_user(username, domain, user);
1227
1228         p = strchr(user, '%');
1229
1230         if (p != NULL) {
1231                 *p = 0;
1232                 password = p+1;
1233         } else {
1234                 char *thepass = getpass("Password: ");
1235                 if (thepass) {
1236                         password = thepass;
1237                 } else
1238                         password = "";
1239         }
1240
1241         /* Store or remove DOMAIN\username%password in secrets.tdb */
1242
1243         secrets_init();
1244
1245         if (user[0]) {
1246
1247                 if (!secrets_store(SECRETS_AUTH_USER, user,
1248                                    strlen(user) + 1)) {
1249                         d_fprintf(stderr, "error storing username\n");
1250                         return false;
1251                 }
1252
1253                 /* We always have a domain name added by the
1254                    parse_wbinfo_domain_user() function. */
1255
1256                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
1257                                    strlen(domain) + 1)) {
1258                         d_fprintf(stderr, "error storing domain name\n");
1259                         return false;
1260                 }
1261
1262         } else {
1263                 secrets_delete(SECRETS_AUTH_USER);
1264                 secrets_delete(SECRETS_AUTH_DOMAIN);
1265         }
1266
1267         if (password[0]) {
1268
1269                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
1270                                    strlen(password) + 1)) {
1271                         d_fprintf(stderr, "error storing password\n");
1272                         return false;
1273                 }
1274
1275         } else
1276                 secrets_delete(SECRETS_AUTH_PASSWORD);
1277
1278         return true;
1279 }
1280
1281 static void wbinfo_get_auth_user(void)
1282 {
1283         char *user, *domain, *password;
1284
1285         /* Lift data from secrets file */
1286
1287         secrets_fetch_ipc_userpass(&user, &domain, &password);
1288
1289         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
1290
1291                 SAFE_FREE(user);
1292                 SAFE_FREE(domain);
1293                 SAFE_FREE(password);
1294                 d_printf("No authorised user configured\n");
1295                 return;
1296         }
1297
1298         /* Pretty print authorised user info */
1299
1300         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
1301                  user, password ? "%" : "", password ? password : "");
1302
1303         SAFE_FREE(user);
1304         SAFE_FREE(domain);
1305         SAFE_FREE(password);
1306 }
1307
1308 static bool wbinfo_ping(void)
1309 {
1310         wbcErr wbc_status;
1311
1312         wbc_status = wbcPing();
1313
1314         /* Display response */
1315
1316         d_printf("Ping to winbindd %s\n",
1317                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
1318
1319         return WBC_ERROR_IS_OK(wbc_status);
1320 }
1321
1322 /* Main program */
1323
1324 enum {
1325         OPT_SET_AUTH_USER = 1000,
1326         OPT_GET_AUTH_USER,
1327         OPT_DOMAIN_NAME,
1328         OPT_SEQUENCE,
1329         OPT_GETDCNAME,
1330         OPT_DSGETDCNAME,
1331         OPT_USERDOMGROUPS,
1332         OPT_USERSIDS,
1333         OPT_ALLOCATE_UID,
1334         OPT_ALLOCATE_GID,
1335         OPT_SEPARATOR,
1336         OPT_LIST_ALL_DOMAINS,
1337         OPT_LIST_OWN_DOMAIN,
1338         OPT_UID_INFO,
1339         OPT_GROUP_INFO,
1340         OPT_VERBOSE
1341 };
1342
1343 int main(int argc, char **argv, char **envp)
1344 {
1345         int opt;
1346         TALLOC_CTX *frame = talloc_stackframe();
1347         poptContext pc;
1348         static char *string_arg;
1349         static char *opt_domain_name;
1350         static int int_arg;
1351         int result = 1;
1352         bool verbose = false;
1353
1354         struct poptOption long_options[] = {
1355                 POPT_AUTOHELP
1356
1357                 /* longName, shortName, argInfo, argPtr, value, descrip,
1358                    argDesc */
1359
1360                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1361                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1362                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1363                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1364                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1365                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1366                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1367                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1368                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1369                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1370                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1371                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1372                   "Get a new UID out of idmap" },
1373                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1374                   "Get a new GID out of idmap" },
1375                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1376                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1377                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1378                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1379                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1380                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1381                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1382                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1383                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1384                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1385                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1386                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1387                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1388                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1389                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1390                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1391                   "Get a DC name for a foreign domain", "domainname" },
1392                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1393                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1394                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1395                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1396 #ifdef WITH_FAKE_KASERVER
1397                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1398 #endif
1399 #ifdef HAVE_KRB5
1400                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1401                         /* destroys wbinfo --help output */
1402                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1403 #endif
1404                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1405                 { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
1406                 POPT_COMMON_CONFIGFILE
1407                 POPT_COMMON_VERSION
1408                 POPT_TABLEEND
1409         };
1410
1411         /* Samba client initialisation */
1412         load_case_tables();
1413
1414
1415         /* Parse options */
1416
1417         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1418
1419         /* Parse command line options */
1420
1421         if (argc == 1) {
1422                 poptPrintHelp(pc, stderr, 0);
1423                 return 1;
1424         }
1425
1426         while((opt = poptGetNextOpt(pc)) != -1) {
1427                 /* get the generic configuration parameters like --domain */
1428                 switch (opt) {
1429                 case OPT_VERBOSE:
1430                         verbose = True;
1431                         break;
1432                 }
1433         }
1434
1435         poptFreeContext(pc);
1436
1437         if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
1438                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1439                         get_dyn_CONFIGFILE(), strerror(errno));
1440                 exit(1);
1441         }
1442
1443         if (!init_names())
1444                 return 1;
1445
1446         load_interfaces();
1447
1448         pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
1449                             POPT_CONTEXT_KEEP_FIRST);
1450
1451         while((opt = poptGetNextOpt(pc)) != -1) {
1452                 switch (opt) {
1453                 case 'u':
1454                         if (!print_domain_users(opt_domain_name)) {
1455                                 d_fprintf(stderr, "Error looking up domain users\n");
1456                                 goto done;
1457                         }
1458                         break;
1459                 case 'g':
1460                         if (!print_domain_groups(opt_domain_name)) {
1461                                 d_fprintf(stderr, "Error looking up domain groups\n");
1462                                 goto done;
1463                         }
1464                         break;
1465                 case 's':
1466                         if (!wbinfo_lookupsid(string_arg)) {
1467                                 d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
1468                                 goto done;
1469                         }
1470                         break;
1471                 case 'R':
1472                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1473                                 d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
1474                                 goto done;
1475                         }
1476                         break;
1477                 case 'n':
1478                         if (!wbinfo_lookupname(string_arg)) {
1479                                 d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
1480                                 goto done;
1481                         }
1482                         break;
1483                 case 'N':
1484                         if (!wbinfo_wins_byname(string_arg)) {
1485                                 d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
1486                                 goto done;
1487                         }
1488                         break;
1489                 case 'I':
1490                         if (!wbinfo_wins_byip(string_arg)) {
1491                                 d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
1492                                 goto done;
1493                         }
1494                         break;
1495                 case 'U':
1496                         if (!wbinfo_uid_to_sid(int_arg)) {
1497                                 d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
1498                                 goto done;
1499                         }
1500                         break;
1501                 case 'G':
1502                         if (!wbinfo_gid_to_sid(int_arg)) {
1503                                 d_fprintf(stderr, "Could not convert gid %d to sid\n",
1504                                        int_arg);
1505                                 goto done;
1506                         }
1507                         break;
1508                 case 'S':
1509                         if (!wbinfo_sid_to_uid(string_arg)) {
1510                                 d_fprintf(stderr, "Could not convert sid %s to uid\n",
1511                                        string_arg);
1512                                 goto done;
1513                         }
1514                         break;
1515                 case 'Y':
1516                         if (!wbinfo_sid_to_gid(string_arg)) {
1517                                 d_fprintf(stderr, "Could not convert sid %s to gid\n",
1518                                        string_arg);
1519                                 goto done;
1520                         }
1521                         break;
1522                 case OPT_ALLOCATE_UID:
1523                         if (!wbinfo_allocate_uid()) {
1524                                 d_fprintf(stderr, "Could not allocate a uid\n");
1525                                 goto done;
1526                         }
1527                         break;
1528                 case OPT_ALLOCATE_GID:
1529                         if (!wbinfo_allocate_gid()) {
1530                                 d_fprintf(stderr, "Could not allocate a gid\n");
1531                                 goto done;
1532                         }
1533                         break;
1534                 case 't':
1535                         if (!wbinfo_check_secret()) {
1536                                 d_fprintf(stderr, "Could not check secret\n");
1537                                 goto done;
1538                         }
1539                         break;
1540                 case 'm':
1541                         if (!wbinfo_list_domains(false, verbose)) {
1542                                 d_fprintf(stderr, "Could not list trusted domains\n");
1543                                 goto done;
1544                         }
1545                         break;
1546                 case OPT_SEQUENCE:
1547                         if (!wbinfo_show_sequence(opt_domain_name)) {
1548                                 d_fprintf(stderr, "Could not show sequence numbers\n");
1549                                 goto done;
1550                         }
1551                         break;
1552                 case 'D':
1553                         if (!wbinfo_domain_info(string_arg)) {
1554                                 d_fprintf(stderr, "Could not get domain info\n");
1555                                 goto done;
1556                         }
1557                         break;
1558                 case 'i':
1559                         if (!wbinfo_get_userinfo(string_arg)) {
1560                                 d_fprintf(stderr, "Could not get info for user %s\n",
1561                                                   string_arg);
1562                                 goto done;
1563                         }
1564                         break;
1565                 case OPT_UID_INFO:
1566                         if ( !wbinfo_get_uidinfo(int_arg)) {
1567                                 d_fprintf(stderr, "Could not get info for uid "
1568                                                 "%d\n", int_arg);
1569                                 goto done;
1570                         }
1571                         break;
1572                 case OPT_GROUP_INFO:
1573                         if ( !wbinfo_get_groupinfo(string_arg)) {
1574                                 d_fprintf(stderr, "Could not get info for "
1575                                           "group %s\n", string_arg);
1576                                 goto done;
1577                         }
1578                         break;
1579                 case 'r':
1580                         if (!wbinfo_get_usergroups(string_arg)) {
1581                                 d_fprintf(stderr, "Could not get groups for user %s\n", 
1582                                        string_arg);
1583                                 goto done;
1584                         }
1585                         break;
1586                 case OPT_USERSIDS:
1587                         if (!wbinfo_get_usersids(string_arg)) {
1588                                 d_fprintf(stderr, "Could not get group SIDs for user SID %s\n", 
1589                                        string_arg);
1590                                 goto done;
1591                         }
1592                         break;
1593                 case OPT_USERDOMGROUPS:
1594                         if (!wbinfo_get_userdomgroups(string_arg)) {
1595                                 d_fprintf(stderr, "Could not get user's domain groups "
1596                                          "for user SID %s\n", string_arg);
1597                                 goto done;
1598                         }
1599                         break;
1600                 case 'a': {
1601                                 bool got_error = false;
1602
1603                                 if (!wbinfo_auth(string_arg)) {
1604                                         d_fprintf(stderr, "Could not authenticate user %s with "
1605                                                 "plaintext password\n", string_arg);
1606                                         got_error = true;
1607                                 }
1608
1609                                 if (!wbinfo_auth_crap(string_arg)) {
1610                                         d_fprintf(stderr, "Could not authenticate user %s with "
1611                                                 "challenge/response\n", string_arg);
1612                                         got_error = true;
1613                                 }
1614
1615                                 if (got_error)
1616                                         goto done;
1617                                 break;
1618                         }
1619                 case 'K': {
1620                                 uint32 flags =  WBFLAG_PAM_KRB5 |
1621                                                 WBFLAG_PAM_CACHED_LOGIN |
1622                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
1623                                                 WBFLAG_PAM_INFO3_TEXT;
1624
1625                                 if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
1626                                         d_fprintf(stderr, "Could not authenticate user [%s] with "
1627                                                 "Kerberos (ccache: %s)\n", string_arg, "FILE");
1628                                         goto done;
1629                                 }
1630                                 break;
1631                         }
1632                 case 'k':
1633                         if (!wbinfo_klog(string_arg)) {
1634                                 d_fprintf(stderr, "Could not klog user\n");
1635                                 goto done;
1636                         }
1637                         break;
1638                 case 'p':
1639                         if (!wbinfo_ping()) {
1640                                 d_fprintf(stderr, "could not ping winbindd!\n");
1641                                 goto done;
1642                         }
1643                         break;
1644                 case OPT_SET_AUTH_USER:
1645                         if (!wbinfo_set_auth_user(string_arg)) {
1646                                 goto done;
1647                         }
1648                         break;
1649                 case OPT_GET_AUTH_USER:
1650                         wbinfo_get_auth_user();
1651                         break;
1652                 case OPT_GETDCNAME:
1653                         if (!wbinfo_getdcname(string_arg)) {
1654                                 goto done;
1655                         }
1656                         break;
1657                 case OPT_DSGETDCNAME:
1658                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
1659                                 goto done;
1660                         }
1661                         break;
1662                 case OPT_SEPARATOR: {
1663                         const char sep = winbind_separator_int(true);
1664                         if ( !sep ) {
1665                                 goto done;
1666                         }
1667                         d_printf("%c\n", sep);
1668                         break;
1669                 }
1670                 case OPT_LIST_ALL_DOMAINS:
1671                         if (!wbinfo_list_domains(true, verbose)) {
1672                                 goto done;
1673                         }
1674                         break;
1675                 case OPT_LIST_OWN_DOMAIN:
1676                         if (!wbinfo_list_own_domain()) {
1677                                 goto done;
1678                         }
1679                         break;
1680                 /* generic configuration options */
1681                 case OPT_DOMAIN_NAME:
1682                         break;
1683                 case OPT_VERBOSE:
1684                         break;
1685                 default:
1686                         d_fprintf(stderr, "Invalid option\n");
1687                         poptPrintHelp(pc, stderr, 0);
1688                         goto done;
1689                 }
1690         }
1691
1692         result = 0;
1693
1694         /* Exit code */
1695
1696  done:
1697         talloc_destroy(frame);
1698
1699         poptFreeContext(pc);
1700         return result;
1701 }