2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2002
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 extern int winbindd_fd;
33 static char winbind_separator(void)
35 struct winbindd_response response;
42 ZERO_STRUCT(response);
44 /* Send off request */
46 if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
48 d_printf("could not obtain winbind separator!\n");
49 /* HACK: (this module should not call lp_ funtions) */
50 return *lp_winbind_separator();
53 sep = response.data.info.winbind_separator;
57 d_printf("winbind separator was NULL!\n");
58 /* HACK: (this module should not call lp_ funtions) */
59 sep = *lp_winbind_separator();
65 static const char *get_winbind_domain(void)
67 struct winbindd_response response;
68 static fstring winbind_domain;
70 ZERO_STRUCT(response);
72 /* Send off request */
74 if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
76 d_printf("could not obtain winbind domain name!\n");
78 /* HACK: (this module should not call lp_ funtions) */
79 return lp_workgroup();
82 fstrcpy(winbind_domain, response.data.domain_name);
84 return winbind_domain;
88 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
89 form DOMAIN/user into a domain and a user */
91 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain,
95 char *p = strchr(domuser,winbind_separator());
98 fstrcpy(user, domuser);
99 fstrcpy(domain, get_winbind_domain());
104 fstrcpy(domain, domuser);
105 domain[PTR_DIFF(p, domuser)] = 0;
111 /* List groups a user is a member of */
113 static BOOL wbinfo_get_usergroups(char *user)
115 struct winbindd_request request;
116 struct winbindd_response response;
120 ZERO_STRUCT(response);
124 fstrcpy(request.data.username, user);
126 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
128 if (result != NSS_STATUS_SUCCESS)
131 for (i = 0; i < response.data.num_entries; i++)
132 d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
134 SAFE_FREE(response.extra_data);
139 /* Convert NetBIOS name to IP */
141 static BOOL wbinfo_wins_byname(char *name)
143 struct winbindd_request request;
144 struct winbindd_response response;
146 ZERO_STRUCT(request);
147 ZERO_STRUCT(response);
151 fstrcpy(request.data.winsreq, name);
153 if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
154 NSS_STATUS_SUCCESS) {
158 /* Display response */
160 printf("%s\n", response.data.winsresp);
165 /* Convert IP to NetBIOS name */
167 static BOOL wbinfo_wins_byip(char *ip)
169 struct winbindd_request request;
170 struct winbindd_response response;
172 ZERO_STRUCT(request);
173 ZERO_STRUCT(response);
177 fstrcpy(request.data.winsreq, ip);
179 if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
180 NSS_STATUS_SUCCESS) {
184 /* Display response */
186 printf("%s\n", response.data.winsresp);
191 /* List trusted domains */
193 static BOOL wbinfo_list_domains(void)
195 struct winbindd_response response;
198 ZERO_STRUCT(response);
202 if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
206 /* Display response */
208 if (response.extra_data) {
209 const char *extra_data = (char *)response.extra_data;
211 while(next_token(&extra_data, name, ",", sizeof(fstring)))
212 d_printf("%s\n", name);
214 SAFE_FREE(response.extra_data);
221 /* show sequence numbers */
222 static BOOL wbinfo_show_sequence(void)
224 struct winbindd_response response;
226 ZERO_STRUCT(response);
230 if (winbindd_request(WINBINDD_SHOW_SEQUENCE, NULL, &response) !=
234 /* Display response */
236 if (response.extra_data) {
237 char *extra_data = (char *)response.extra_data;
238 d_printf("%s", extra_data);
239 SAFE_FREE(response.extra_data);
245 /* Check trust account password */
247 static BOOL wbinfo_check_secret(void)
249 struct winbindd_response response;
252 ZERO_STRUCT(response);
254 result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
256 d_printf("checking the trust secret via RPC calls %s\n",
257 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
259 if (result != NSS_STATUS_SUCCESS)
260 d_printf("error code was %s (0x%x)\n",
261 response.data.auth.nt_status_string,
262 response.data.auth.nt_status);
264 return result == NSS_STATUS_SUCCESS;
267 /* Convert uid to sid */
269 static BOOL wbinfo_uid_to_sid(uid_t uid)
271 struct winbindd_request request;
272 struct winbindd_response response;
274 ZERO_STRUCT(request);
275 ZERO_STRUCT(response);
279 request.data.uid = uid;
281 if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
285 /* Display response */
287 d_printf("%s\n", response.data.sid.sid);
292 /* Convert gid to sid */
294 static BOOL wbinfo_gid_to_sid(gid_t gid)
296 struct winbindd_request request;
297 struct winbindd_response response;
299 ZERO_STRUCT(request);
300 ZERO_STRUCT(response);
304 request.data.gid = gid;
306 if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
310 /* Display response */
312 d_printf("%s\n", response.data.sid.sid);
317 /* Convert sid to uid */
319 static BOOL wbinfo_sid_to_uid(char *sid)
321 struct winbindd_request request;
322 struct winbindd_response response;
324 ZERO_STRUCT(request);
325 ZERO_STRUCT(response);
329 fstrcpy(request.data.sid, sid);
331 if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
335 /* Display response */
337 d_printf("%d\n", (int)response.data.uid);
342 static BOOL wbinfo_sid_to_gid(char *sid)
344 struct winbindd_request request;
345 struct winbindd_response response;
347 ZERO_STRUCT(request);
348 ZERO_STRUCT(response);
352 fstrcpy(request.data.sid, sid);
354 if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
358 /* Display response */
360 d_printf("%d\n", (int)response.data.gid);
365 /* Convert sid to string */
367 static BOOL wbinfo_lookupsid(char *sid)
369 struct winbindd_request request;
370 struct winbindd_response response;
372 ZERO_STRUCT(request);
373 ZERO_STRUCT(response);
375 /* Send off request */
377 fstrcpy(request.data.sid, sid);
379 if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
383 /* Display response */
385 d_printf("%s%c%s %d\n", response.data.name.dom_name,
386 winbind_separator(), response.data.name.name,
387 response.data.name.type);
392 /* Convert string to sid */
394 static BOOL wbinfo_lookupname(char *name)
396 struct winbindd_request request;
397 struct winbindd_response response;
399 /* Send off request */
401 ZERO_STRUCT(request);
402 ZERO_STRUCT(response);
404 parse_wbinfo_domain_user(name, request.data.name.dom_name,
405 request.data.name.name);
407 if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
411 /* Display response */
413 d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type);
418 /* Authenticate a user with a plaintext password */
420 static BOOL wbinfo_auth(char *username)
422 struct winbindd_request request;
423 struct winbindd_response response;
427 /* Send off request */
429 ZERO_STRUCT(request);
430 ZERO_STRUCT(response);
432 p = strchr(username, '%');
436 fstrcpy(request.data.auth.user, username);
437 fstrcpy(request.data.auth.pass, p + 1);
440 fstrcpy(request.data.auth.user, username);
442 result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
444 /* Display response */
446 d_printf("plaintext password authentication %s\n",
447 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
449 if (response.data.auth.nt_status)
450 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
451 response.data.auth.nt_status_string,
452 response.data.auth.nt_status,
453 response.data.auth.error_string);
455 return result == NSS_STATUS_SUCCESS;
458 /* Authenticate a user with a challenge/response */
460 static BOOL wbinfo_auth_crap(char *username)
462 struct winbindd_request request;
463 struct winbindd_response response;
470 /* Send off request */
472 ZERO_STRUCT(request);
473 ZERO_STRUCT(response);
475 p = strchr(username, '%');
479 fstrcpy(pass, p + 1);
482 parse_wbinfo_domain_user(username, name_domain, name_user);
484 fstrcpy(request.data.auth_crap.user, name_user);
486 fstrcpy(request.data.auth_crap.domain, name_domain);
488 generate_random_buffer(request.data.auth_crap.chal, 8, False);
490 SMBencrypt(pass, request.data.auth_crap.chal,
491 (uchar *)request.data.auth_crap.lm_resp);
492 SMBNTencrypt(pass, request.data.auth_crap.chal,
493 (uchar *)request.data.auth_crap.nt_resp);
495 request.data.auth_crap.lm_resp_len = 24;
496 request.data.auth_crap.nt_resp_len = 24;
498 result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
500 /* Display response */
502 d_printf("challenge/response password authentication %s\n",
503 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
505 if (response.data.auth.nt_status)
506 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
507 response.data.auth.nt_status_string,
508 response.data.auth.nt_status,
509 response.data.auth.error_string);
511 return result == NSS_STATUS_SUCCESS;
514 /* Print domain users */
516 static BOOL print_domain_users(void)
518 struct winbindd_response response;
519 const char *extra_data;
522 /* Send request to winbind daemon */
524 ZERO_STRUCT(response);
526 if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response) !=
530 /* Look through extra data */
532 if (!response.extra_data)
535 extra_data = (const char *)response.extra_data;
537 while(next_token(&extra_data, name, ",", sizeof(fstring)))
538 d_printf("%s\n", name);
540 SAFE_FREE(response.extra_data);
545 /* Print domain groups */
547 static BOOL print_domain_groups(void)
549 struct winbindd_response response;
550 const char *extra_data;
553 ZERO_STRUCT(response);
555 if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response) !=
559 /* Look through extra data */
561 if (!response.extra_data)
564 extra_data = (const char *)response.extra_data;
566 while(next_token(&extra_data, name, ",", sizeof(fstring)))
567 d_printf("%s\n", name);
569 SAFE_FREE(response.extra_data);
574 /* Set the authorised user for winbindd access in secrets.tdb */
576 static BOOL wbinfo_set_auth_user(char *username)
579 fstring user, domain;
581 /* Separate into user and password */
583 parse_wbinfo_domain_user(username, domain, user);
585 password = strchr(user, '%');
593 /* Store or remove DOMAIN\username%password in secrets.tdb */
599 if (!secrets_store(SECRETS_AUTH_USER, user,
601 d_fprintf(stderr, "error storing username\n");
605 /* We always have a domain name added by the
606 parse_wbinfo_domain_user() function. */
608 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
609 strlen(domain) + 1)) {
610 d_fprintf(stderr, "error storing domain name\n");
615 secrets_delete(SECRETS_AUTH_USER);
616 secrets_delete(SECRETS_AUTH_DOMAIN);
621 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
622 strlen(password) + 1)) {
623 d_fprintf(stderr, "error storing password\n");
628 secrets_delete(SECRETS_AUTH_PASSWORD);
633 static void wbinfo_get_auth_user(void)
635 char *user, *domain, *password;
637 /* Lift data from secrets file */
641 user = secrets_fetch(SECRETS_AUTH_USER, NULL);
642 domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL);
643 password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL);
645 if (!user && !domain && !password) {
646 d_printf("No authorised user configured\n");
650 /* Pretty print authorised user info */
652 d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? "\\" : "",
653 user, password ? "%" : "", password ? password : "");
660 static BOOL wbinfo_ping(void)
664 result = winbindd_request(WINBINDD_PING, NULL, NULL);
666 /* Display response */
668 d_printf("Ping to winbindd %s on fd %d\n",
669 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
671 return result == NSS_STATUS_SUCCESS;
677 OPT_SET_AUTH_USER = 1000,
682 int main(int argc, char **argv)
687 static char *string_arg;
689 BOOL got_command = False;
692 struct poptOption long_options[] = {
695 /* longName, shortName, argInfo, argPtr, value, descrip,
698 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
699 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
700 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
701 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
702 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
703 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
704 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
705 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
706 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
707 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
708 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
709 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
710 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
711 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
712 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
713 { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
714 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
715 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
720 /* Samba client initialisation */
722 if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
723 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
724 dyn_CONFIGFILE, strerror(errno));
735 pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
737 /* Parse command line options */
740 poptPrintHelp(pc, stderr, 0);
744 while((opt = poptGetNextOpt(pc)) != -1) {
746 d_fprintf(stderr, "No more than one command may be specified at once.\n");
754 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
755 POPT_CONTEXT_KEEP_FIRST);
757 while((opt = poptGetNextOpt(pc)) != -1) {
760 if (!print_domain_users()) {
761 d_printf("Error looking up domain users\n");
766 if (!print_domain_groups()) {
767 d_printf("Error looking up domain groups\n");
772 if (!wbinfo_lookupsid(string_arg)) {
773 d_printf("Could not lookup sid %s\n", string_arg);
778 if (!wbinfo_lookupname(string_arg)) {
779 d_printf("Could not lookup name %s\n", string_arg);
784 if (!wbinfo_wins_byname(string_arg)) {
785 d_printf("Could not lookup WINS by name %s\n", string_arg);
790 if (!wbinfo_wins_byip(string_arg)) {
791 d_printf("Could not lookup WINS by IP %s\n", string_arg);
796 if (!wbinfo_uid_to_sid(int_arg)) {
797 d_printf("Could not convert uid %d to sid\n", int_arg);
802 if (!wbinfo_gid_to_sid(int_arg)) {
803 d_printf("Could not convert gid %d to sid\n",
809 if (!wbinfo_sid_to_uid(string_arg)) {
810 d_printf("Could not convert sid %s to uid\n",
816 if (!wbinfo_sid_to_gid(string_arg)) {
817 d_printf("Could not convert sid %s to gid\n",
823 if (!wbinfo_check_secret()) {
824 d_printf("Could not check secret\n");
829 if (!wbinfo_list_domains()) {
830 d_printf("Could not list trusted domains\n");
835 if (!wbinfo_show_sequence()) {
836 d_printf("Could not show sequence numbers\n");
841 if (!wbinfo_get_usergroups(string_arg)) {
842 d_printf("Could not get groups for user %s\n",
848 BOOL got_error = False;
850 if (!wbinfo_auth(string_arg)) {
851 d_printf("Could not authenticate user %s with "
852 "plaintext password\n", string_arg);
856 if (!wbinfo_auth_crap(string_arg)) {
857 d_printf("Could not authenticate user %s with "
858 "challenge/response\n", string_arg);
867 if (!wbinfo_ping()) {
868 d_printf("could not ping winbindd!\n");
873 case OPT_SET_AUTH_USER:
874 wbinfo_set_auth_user(string_arg);
876 case OPT_GET_AUTH_USER:
877 wbinfo_get_auth_user();
880 d_fprintf(stderr, "Invalid option\n");
881 poptPrintHelp(pc, stderr, 0);
git.samba.org / ira / wip.git / blob