import HEAD into svn+ssh://svn.samba.org/home/svn/samba/trunk
[metze/old/v3-2-winbind-ndr.git] / source / nsswitch / wbinfo.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 2 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program; if not, write to the Free Software
21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25 #include "winbindd.h"
26 #include "debug.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_WINBIND
30
31 extern int winbindd_fd;
32
33 static char winbind_separator(void)
34 {
35         struct winbindd_response response;
36         static BOOL got_sep;
37         static char sep;
38
39         if (got_sep)
40                 return sep;
41
42         ZERO_STRUCT(response);
43
44         /* Send off request */
45
46         if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
47             NSS_STATUS_SUCCESS) {
48                 d_printf("could not obtain winbind separator!\n");
49                 /* HACK: (this module should not call lp_ funtions) */
50                 return *lp_winbind_separator();
51         }
52
53         sep = response.data.info.winbind_separator;
54         got_sep = True;
55
56         if (!sep) {
57                 d_printf("winbind separator was NULL!\n");
58                 /* HACK: (this module should not call lp_ funtions) */
59                 sep = *lp_winbind_separator();
60         }
61         
62         return sep;
63 }
64
65 static const char *get_winbind_domain(void)
66 {
67         struct winbindd_response response;
68         static fstring winbind_domain;
69
70         ZERO_STRUCT(response);
71
72         /* Send off request */
73
74         if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
75             NSS_STATUS_SUCCESS) {
76                 d_printf("could not obtain winbind domain name!\n");
77                 
78                 /* HACK: (this module should not call lp_ funtions) */
79                 return lp_workgroup();
80         }
81
82         fstrcpy(winbind_domain, response.data.domain_name);
83
84         return winbind_domain;
85
86 }
87
88 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
89    form DOMAIN/user into a domain and a user */
90
91 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain, 
92                                      fstring user)
93 {
94
95         char *p = strchr(domuser,winbind_separator());
96
97         if (!p) {
98                 fstrcpy(user, domuser);
99                 fstrcpy(domain, get_winbind_domain());
100                 return True;
101         }
102         
103         fstrcpy(user, p+1);
104         fstrcpy(domain, domuser);
105         domain[PTR_DIFF(p, domuser)] = 0;
106         strupper_m(domain);
107
108         return True;
109 }
110
111 /* List groups a user is a member of */
112
113 static BOOL wbinfo_get_usergroups(char *user)
114 {
115         struct winbindd_request request;
116         struct winbindd_response response;
117         NSS_STATUS result;
118         int i;
119         
120         ZERO_STRUCT(response);
121
122         /* Send request */
123
124         fstrcpy(request.data.username, user);
125
126         result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
127
128         if (result != NSS_STATUS_SUCCESS)
129                 return False;
130
131         for (i = 0; i < response.data.num_entries; i++)
132                 d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
133
134         SAFE_FREE(response.extra_data);
135
136         return True;
137 }
138
139
140 /* List group SIDs a user SID is a member of */
141 static BOOL wbinfo_get_usersids(char *user_sid)
142 {
143         struct winbindd_request request;
144         struct winbindd_response response;
145         NSS_STATUS result;
146         int i;
147         const char *s;
148
149         ZERO_STRUCT(response);
150
151         /* Send request */
152         fstrcpy(request.data.sid, user_sid);
153
154         result = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
155
156         if (result != NSS_STATUS_SUCCESS)
157                 return False;
158
159         s = response.extra_data;
160         for (i = 0; i < response.data.num_entries; i++) {
161                 d_printf("%s\n", s);
162                 s += strlen(s) + 1;
163         }
164
165         SAFE_FREE(response.extra_data);
166
167         return True;
168 }
169
170 /* Convert NetBIOS name to IP */
171
172 static BOOL wbinfo_wins_byname(char *name)
173 {
174         struct winbindd_request request;
175         struct winbindd_response response;
176
177         ZERO_STRUCT(request);
178         ZERO_STRUCT(response);
179
180         /* Send request */
181
182         fstrcpy(request.data.winsreq, name);
183
184         if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
185             NSS_STATUS_SUCCESS) {
186                 return False;
187         }
188
189         /* Display response */
190
191         printf("%s\n", response.data.winsresp);
192
193         return True;
194 }
195
196 /* Convert IP to NetBIOS name */
197
198 static BOOL wbinfo_wins_byip(char *ip)
199 {
200         struct winbindd_request request;
201         struct winbindd_response response;
202
203         ZERO_STRUCT(request);
204         ZERO_STRUCT(response);
205
206         /* Send request */
207
208         fstrcpy(request.data.winsreq, ip);
209
210         if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
211             NSS_STATUS_SUCCESS) {
212                 return False;
213         }
214
215         /* Display response */
216
217         printf("%s\n", response.data.winsresp);
218
219         return True;
220 }
221
222 /* List trusted domains */
223
224 static BOOL wbinfo_list_domains(void)
225 {
226         struct winbindd_response response;
227         fstring name;
228
229         ZERO_STRUCT(response);
230
231         /* Send request */
232
233         if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
234             NSS_STATUS_SUCCESS)
235                 return False;
236
237         /* Display response */
238
239         if (response.extra_data) {
240                 const char *extra_data = (char *)response.extra_data;
241
242                 while(next_token(&extra_data, name, ",", sizeof(fstring)))
243                         d_printf("%s\n", name);
244
245                 SAFE_FREE(response.extra_data);
246         }
247
248         return True;
249 }
250
251
252 /* show sequence numbers */
253 static BOOL wbinfo_show_sequence(const char *domain)
254 {
255         struct winbindd_request  request;
256         struct winbindd_response response;
257
258         ZERO_STRUCT(response);
259         ZERO_STRUCT(request);
260
261         if ( domain )
262                 fstrcpy( request.domain_name, domain );
263
264         /* Send request */
265
266         if (winbindd_request(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
267             NSS_STATUS_SUCCESS)
268                 return False;
269
270         /* Display response */
271
272         if (response.extra_data) {
273                 char *extra_data = (char *)response.extra_data;
274                 d_printf("%s", extra_data);
275                 SAFE_FREE(response.extra_data);
276         }
277
278         return True;
279 }
280
281 /* Show domain info */
282
283 static BOOL wbinfo_domain_info(const char *domain_name)
284 {
285         struct winbindd_request request;
286         struct winbindd_response response;
287
288         ZERO_STRUCT(request);
289         ZERO_STRUCT(response);
290
291         fstrcpy(request.domain_name, domain_name);
292
293         /* Send request */
294
295         if (winbindd_request(WINBINDD_DOMAIN_INFO, &request, &response) !=
296             NSS_STATUS_SUCCESS)
297                 return False;
298
299         /* Display response */
300
301         d_printf("Name              : %s\n", response.data.domain_info.name);
302         d_printf("Alt_Name          : %s\n", response.data.domain_info.alt_name);
303
304         d_printf("SID               : %s\n", response.data.domain_info.sid);
305
306         d_printf("Active Directory  : %s\n",
307                  response.data.domain_info.active_directory ? "Yes" : "No");
308         d_printf("Native            : %s\n",
309                  response.data.domain_info.native_mode ? "Yes" : "No");
310
311         d_printf("Primary           : %s\n",
312                  response.data.domain_info.primary ? "Yes" : "No");
313
314         d_printf("Sequence          : %d\n", response.data.domain_info.sequence_number);
315
316         return True;
317 }
318
319 /* Check trust account password */
320
321 static BOOL wbinfo_check_secret(void)
322 {
323         struct winbindd_response response;
324         NSS_STATUS result;
325
326         ZERO_STRUCT(response);
327
328         result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
329                 
330         d_printf("checking the trust secret via RPC calls %s\n", 
331                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
332
333         if (result != NSS_STATUS_SUCCESS)       
334                 d_printf("error code was %s (0x%x)\n", 
335                          response.data.auth.nt_status_string, 
336                          response.data.auth.nt_status);
337         
338         return result == NSS_STATUS_SUCCESS;    
339 }
340
341 /* Convert uid to sid */
342
343 static BOOL wbinfo_uid_to_sid(uid_t uid)
344 {
345         struct winbindd_request request;
346         struct winbindd_response response;
347
348         ZERO_STRUCT(request);
349         ZERO_STRUCT(response);
350
351         /* Send request */
352
353         request.data.uid = uid;
354
355         if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
356             NSS_STATUS_SUCCESS)
357                 return False;
358
359         /* Display response */
360
361         d_printf("%s\n", response.data.sid.sid);
362
363         return True;
364 }
365
366 /* Convert gid to sid */
367
368 static BOOL wbinfo_gid_to_sid(gid_t gid)
369 {
370         struct winbindd_request request;
371         struct winbindd_response response;
372
373         ZERO_STRUCT(request);
374         ZERO_STRUCT(response);
375
376         /* Send request */
377
378         request.data.gid = gid;
379
380         if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
381             NSS_STATUS_SUCCESS)
382                 return False;
383
384         /* Display response */
385
386         d_printf("%s\n", response.data.sid.sid);
387
388         return True;
389 }
390
391 /* Convert sid to uid */
392
393 static BOOL wbinfo_sid_to_uid(char *sid)
394 {
395         struct winbindd_request request;
396         struct winbindd_response response;
397
398         ZERO_STRUCT(request);
399         ZERO_STRUCT(response);
400
401         /* Send request */
402
403         fstrcpy(request.data.sid, sid);
404
405         if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
406             NSS_STATUS_SUCCESS)
407                 return False;
408
409         /* Display response */
410
411         d_printf("%d\n", (int)response.data.uid);
412
413         return True;
414 }
415
416 static BOOL wbinfo_sid_to_gid(char *sid)
417 {
418         struct winbindd_request request;
419         struct winbindd_response response;
420
421         ZERO_STRUCT(request);
422         ZERO_STRUCT(response);
423
424         /* Send request */
425
426         fstrcpy(request.data.sid, sid);
427
428         if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
429             NSS_STATUS_SUCCESS)
430                 return False;
431
432         /* Display response */
433
434         d_printf("%d\n", (int)response.data.gid);
435
436         return True;
437 }
438
439 static BOOL wbinfo_allocate_rid(void)
440 {
441         uint32 rid;
442
443         if (!winbind_allocate_rid(&rid))
444                 return False;
445
446         d_printf("New rid: %d\n", rid);
447
448         return True;
449 }
450
451 /* Convert sid to string */
452
453 static BOOL wbinfo_lookupsid(char *sid)
454 {
455         struct winbindd_request request;
456         struct winbindd_response response;
457
458         ZERO_STRUCT(request);
459         ZERO_STRUCT(response);
460
461         /* Send off request */
462
463         fstrcpy(request.data.sid, sid);
464
465         if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
466             NSS_STATUS_SUCCESS)
467                 return False;
468
469         /* Display response */
470
471         d_printf("%s%c%s %d\n", response.data.name.dom_name, 
472                  winbind_separator(), response.data.name.name, 
473                  response.data.name.type);
474
475         return True;
476 }
477
478 /* Convert string to sid */
479
480 static BOOL wbinfo_lookupname(char *name)
481 {
482         struct winbindd_request request;
483         struct winbindd_response response;
484
485         /* Send off request */
486
487         ZERO_STRUCT(request);
488         ZERO_STRUCT(response);
489
490         parse_wbinfo_domain_user(name, request.data.name.dom_name, 
491                                  request.data.name.name);
492
493         if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
494             NSS_STATUS_SUCCESS)
495                 return False;
496
497         /* Display response */
498
499         d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
500
501         return True;
502 }
503
504 /* Authenticate a user with a plaintext password */
505
506 static BOOL wbinfo_auth(char *username)
507 {
508         struct winbindd_request request;
509         struct winbindd_response response;
510         NSS_STATUS result;
511         char *p;
512
513         /* Send off request */
514
515         ZERO_STRUCT(request);
516         ZERO_STRUCT(response);
517
518         p = strchr(username, '%');
519
520         if (p) {
521                 *p = 0;
522                 fstrcpy(request.data.auth.user, username);
523                 fstrcpy(request.data.auth.pass, p + 1);
524                 *p = '%';
525         } else
526                 fstrcpy(request.data.auth.user, username);
527
528         result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
529
530         /* Display response */
531
532         d_printf("plaintext password authentication %s\n", 
533                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
534
535         if (response.data.auth.nt_status)
536                 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
537                          response.data.auth.nt_status_string, 
538                          response.data.auth.nt_status,
539                          response.data.auth.error_string);
540
541         return result == NSS_STATUS_SUCCESS;
542 }
543
544 /* Authenticate a user with a challenge/response */
545
546 static BOOL wbinfo_auth_crap(char *username)
547 {
548         struct winbindd_request request;
549         struct winbindd_response response;
550         NSS_STATUS result;
551         fstring name_user;
552         fstring name_domain;
553         fstring pass;
554         char *p;
555
556         /* Send off request */
557
558         ZERO_STRUCT(request);
559         ZERO_STRUCT(response);
560
561         p = strchr(username, '%');
562
563         if (p) {
564                 *p = 0;
565                 fstrcpy(pass, p + 1);
566         }
567                 
568         parse_wbinfo_domain_user(username, name_domain, name_user);
569
570         if (push_utf8_fstring(request.data.auth_crap.user, name_user) == -1) {
571                 d_printf("unable to create utf8 string for '%s'\n",
572                          name_user);
573                 return False;
574         }
575
576         if (push_utf8_fstring(request.data.auth_crap.domain, 
577                               name_domain) == -1) {
578                 d_printf("unable to create utf8 string for '%s'\n",
579                          name_domain);
580                 return False;
581         }
582
583         generate_random_buffer(request.data.auth_crap.chal, 8, False);
584         
585         SMBencrypt(pass, request.data.auth_crap.chal, 
586                    (uchar *)request.data.auth_crap.lm_resp);
587         SMBNTencrypt(pass, request.data.auth_crap.chal,
588                      (uchar *)request.data.auth_crap.nt_resp);
589
590         request.data.auth_crap.lm_resp_len = 24;
591         request.data.auth_crap.nt_resp_len = 24;
592
593         result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
594
595         /* Display response */
596
597         d_printf("challenge/response password authentication %s\n", 
598                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
599
600         if (response.data.auth.nt_status)
601                 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
602                          response.data.auth.nt_status_string, 
603                          response.data.auth.nt_status,
604                          response.data.auth.error_string);
605
606         return result == NSS_STATUS_SUCCESS;
607 }
608
609 /* Authenticate a user with a plaintext password and set a token */
610
611 static BOOL wbinfo_klog(char *username)
612 {
613         struct winbindd_request request;
614         struct winbindd_response response;
615         NSS_STATUS result;
616         char *p;
617
618         /* Send off request */
619
620         ZERO_STRUCT(request);
621         ZERO_STRUCT(response);
622
623         p = strchr(username, '%');
624
625         if (p) {
626                 *p = 0;
627                 fstrcpy(request.data.auth.user, username);
628                 fstrcpy(request.data.auth.pass, p + 1);
629                 *p = '%';
630         } else {
631                 fstrcpy(request.data.auth.user, username);
632                 fstrcpy(request.data.auth.pass, getpass("Password: "));
633         }
634
635         request.flags |= WBFLAG_PAM_AFS_TOKEN;
636
637         result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
638
639         /* Display response */
640
641         d_printf("plaintext password authentication %s\n", 
642                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
643
644         if (response.data.auth.nt_status)
645                 d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", 
646                          response.data.auth.nt_status_string, 
647                          response.data.auth.nt_status,
648                          response.data.auth.error_string);
649
650         if (result != NSS_STATUS_SUCCESS)
651                 return False;
652
653         if (response.extra_data == NULL) {
654                 d_printf("Did not get token data\n");
655                 return False;
656         }
657
658         if (!afs_settoken_str((char *)response.extra_data)) {
659                 d_printf("Could not set token\n");
660                 return False;
661         }
662
663         d_printf("Successfully created AFS token\n");
664         return True;
665 }
666
667 /******************************************************************
668  create a winbindd user
669 ******************************************************************/
670
671 static BOOL wbinfo_create_user(char *username)
672 {
673         struct winbindd_request request;
674         struct winbindd_response response;
675         NSS_STATUS result;
676
677         /* Send off request */
678
679         ZERO_STRUCT(request);
680         ZERO_STRUCT(response);
681
682         request.flags = WBFLAG_ALLOCATE_RID;
683         fstrcpy(request.data.acct_mgt.username, username);
684
685         result = winbindd_request(WINBINDD_CREATE_USER, &request, &response);
686         
687         if ( result == NSS_STATUS_SUCCESS )
688                 d_printf("New RID is %d\n", response.data.rid);
689         
690         return result == NSS_STATUS_SUCCESS;
691 }
692
693 /******************************************************************
694  remove a winbindd user
695 ******************************************************************/
696
697 static BOOL wbinfo_delete_user(char *username)
698 {
699         struct winbindd_request request;
700         struct winbindd_response response;
701         NSS_STATUS result;
702
703         /* Send off request */
704
705         ZERO_STRUCT(request);
706         ZERO_STRUCT(response);
707
708         fstrcpy(request.data.acct_mgt.username, username);
709
710         result = winbindd_request(WINBINDD_DELETE_USER, &request, &response);
711         
712         return result == NSS_STATUS_SUCCESS;
713 }
714
715 /******************************************************************
716  create a winbindd group
717 ******************************************************************/
718
719 static BOOL wbinfo_create_group(char *groupname)
720 {
721         struct winbindd_request request;
722         struct winbindd_response response;
723         NSS_STATUS result;
724
725         /* Send off request */
726
727         ZERO_STRUCT(request);
728         ZERO_STRUCT(response);
729
730         fstrcpy(request.data.acct_mgt.groupname, groupname);
731
732         result = winbindd_request(WINBINDD_CREATE_GROUP, &request, &response);
733         
734         return result == NSS_STATUS_SUCCESS;
735 }
736
737 /******************************************************************
738  remove a winbindd group
739 ******************************************************************/
740
741 static BOOL wbinfo_delete_group(char *groupname)
742 {
743         struct winbindd_request request;
744         struct winbindd_response response;
745         NSS_STATUS result;
746
747         /* Send off request */
748
749         ZERO_STRUCT(request);
750         ZERO_STRUCT(response);
751
752         fstrcpy(request.data.acct_mgt.groupname, groupname);
753
754         result = winbindd_request(WINBINDD_DELETE_GROUP, &request, &response);
755         
756         return result == NSS_STATUS_SUCCESS;
757 }
758
759 /******************************************************************
760  parse a string in the form user:group
761 ******************************************************************/
762
763 static BOOL parse_user_group( const char *string, fstring user, fstring group )
764 {
765         char *p;
766         
767         if ( !string )
768                 return False;
769         
770         if ( !(p = strchr( string, ':' )) )
771                 return False;
772                 
773         *p = '\0';
774         p++;
775         
776         fstrcpy( user, string );
777         fstrcpy( group, p );
778         
779         return True;
780 }
781
782 /******************************************************************
783  add a user to a winbindd group
784 ******************************************************************/
785
786 static BOOL wbinfo_add_user_to_group(char *string)
787 {
788         struct winbindd_request request;
789         struct winbindd_response response;
790         NSS_STATUS result;
791
792         /* Send off request */
793
794         ZERO_STRUCT(request);
795         ZERO_STRUCT(response);
796
797         if ( !parse_user_group( string, request.data.acct_mgt.username,
798                 request.data.acct_mgt.groupname))
799         {
800                 d_printf("Can't parse user:group from %s\n", string);
801                 return False;
802         }
803
804         result = winbindd_request(WINBINDD_ADD_USER_TO_GROUP, &request, &response);
805         
806         return result == NSS_STATUS_SUCCESS;
807 }
808
809 /******************************************************************
810  remove a user from a winbindd group
811 ******************************************************************/
812
813 static BOOL wbinfo_remove_user_from_group(char *string)
814 {
815         struct winbindd_request request;
816         struct winbindd_response response;
817         NSS_STATUS result;
818
819         /* Send off request */
820
821         ZERO_STRUCT(request);
822         ZERO_STRUCT(response);
823
824         if ( !parse_user_group( string, request.data.acct_mgt.username,
825                 request.data.acct_mgt.groupname))
826         {
827                 d_printf("Can't parse user:group from %s\n", string);
828                 return False;
829         }
830
831         result = winbindd_request(WINBINDD_REMOVE_USER_FROM_GROUP, &request, &response);
832         
833         return result == NSS_STATUS_SUCCESS;
834 }
835
836 /* Print domain users */
837
838 static BOOL print_domain_users(const char *domain)
839 {
840         struct winbindd_request request;
841         struct winbindd_response response;
842         const char *extra_data;
843         fstring name;
844
845         /* Send request to winbind daemon */
846
847         ZERO_STRUCT(request);
848         ZERO_STRUCT(response);
849         
850         if (domain) {
851                 /* '.' is the special sign for our own domwin */
852                 if ( strequal(domain, ".") )
853                         fstrcpy( request.domain_name, lp_workgroup() );
854                 else
855                         fstrcpy( request.domain_name, domain );
856         }
857
858         if (winbindd_request(WINBINDD_LIST_USERS, &request, &response) !=
859             NSS_STATUS_SUCCESS)
860                 return False;
861
862         /* Look through extra data */
863
864         if (!response.extra_data)
865                 return False;
866
867         extra_data = (const char *)response.extra_data;
868
869         while(next_token(&extra_data, name, ",", sizeof(fstring)))
870                 d_printf("%s\n", name);
871         
872         SAFE_FREE(response.extra_data);
873
874         return True;
875 }
876
877 /* Print domain groups */
878
879 static BOOL print_domain_groups(const char *domain)
880 {
881         struct winbindd_request  request;
882         struct winbindd_response response;
883         const char *extra_data;
884         fstring name;
885
886         ZERO_STRUCT(request);
887         ZERO_STRUCT(response);
888
889         if (domain) {
890                 if ( strequal(domain, ".") )
891                         fstrcpy( request.domain_name, lp_workgroup() );
892                 else
893                         fstrcpy( request.domain_name, domain );
894         }
895
896         if (winbindd_request(WINBINDD_LIST_GROUPS, &request, &response) !=
897             NSS_STATUS_SUCCESS)
898                 return False;
899
900         /* Look through extra data */
901
902         if (!response.extra_data)
903                 return False;
904
905         extra_data = (const char *)response.extra_data;
906
907         while(next_token(&extra_data, name, ",", sizeof(fstring)))
908                 d_printf("%s\n", name);
909
910         SAFE_FREE(response.extra_data);
911         
912         return True;
913 }
914
915 /* Set the authorised user for winbindd access in secrets.tdb */
916
917 static BOOL wbinfo_set_auth_user(char *username)
918 {
919         char *password;
920         fstring user, domain;
921
922         /* Separate into user and password */
923
924         parse_wbinfo_domain_user(username, domain, user);
925
926         password = strchr(user, '%');
927
928         if (password) {
929                 *password = 0;
930                 password++;
931         } else {
932                 char *thepass = getpass("Password: ");
933                 if (thepass) {
934                         password = thepass;     
935                 } else
936                         password = "";
937         }
938
939         /* Store or remove DOMAIN\username%password in secrets.tdb */
940
941         secrets_init();
942
943         if (user[0]) {
944
945                 if (!secrets_store(SECRETS_AUTH_USER, user,
946                                    strlen(user) + 1)) {
947                         d_fprintf(stderr, "error storing username\n");
948                         return False;
949                 }
950
951                 /* We always have a domain name added by the
952                    parse_wbinfo_domain_user() function. */
953
954                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
955                                    strlen(domain) + 1)) {
956                         d_fprintf(stderr, "error storing domain name\n");
957                         return False;
958                 }
959
960         } else {
961                 secrets_delete(SECRETS_AUTH_USER);
962                 secrets_delete(SECRETS_AUTH_DOMAIN);
963         }
964
965         if (password[0]) {
966
967                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
968                                    strlen(password) + 1)) {
969                         d_fprintf(stderr, "error storing password\n");
970                         return False;
971                 }
972
973         } else
974                 secrets_delete(SECRETS_AUTH_PASSWORD);
975
976         return True;
977 }
978
979 static void wbinfo_get_auth_user(void)
980 {
981         char *user, *domain, *password;
982
983         /* Lift data from secrets file */
984         
985         secrets_fetch_ipc_userpass(&user, &domain, &password);
986
987         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
988
989                 SAFE_FREE(user);
990                 SAFE_FREE(domain);
991                 SAFE_FREE(password);
992                 d_printf("No authorised user configured\n");
993                 return;
994         }
995
996         /* Pretty print authorised user info */
997
998         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
999                  user, password ? "%" : "", password ? password : "");
1000
1001         SAFE_FREE(user);
1002         SAFE_FREE(domain);
1003         SAFE_FREE(password);
1004 }
1005
1006 static BOOL wbinfo_ping(void)
1007 {
1008         NSS_STATUS result;
1009
1010         result = winbindd_request(WINBINDD_PING, NULL, NULL);
1011
1012         /* Display response */
1013
1014         d_printf("Ping to winbindd %s on fd %d\n", 
1015                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
1016
1017         return result == NSS_STATUS_SUCCESS;
1018 }
1019
1020 /* Main program */
1021
1022 enum {
1023         OPT_SET_AUTH_USER = 1000,
1024         OPT_GET_AUTH_USER,
1025         OPT_DOMAIN_NAME,
1026         OPT_SEQUENCE,
1027         OPT_USERSIDS
1028 };
1029
1030 int main(int argc, char **argv)
1031 {
1032         int opt;
1033
1034         poptContext pc;
1035         static char *string_arg;
1036         static char *opt_domain_name;
1037         static int int_arg;
1038         int result = 1;
1039
1040         struct poptOption long_options[] = {
1041                 POPT_AUTOHELP
1042
1043                 /* longName, shortName, argInfo, argPtr, value, descrip, 
1044                    argDesc */
1045
1046                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1047                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1048                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1049                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1050                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1051                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1052                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1053                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1054                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1055                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1056                 { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" },
1057                 { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" },
1058                 { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" },
1059                 { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" },
1060                 { "delete-group", 'X', POPT_ARG_STRING, &string_arg, 'X', "Delete a local group", "name" },
1061                 { "add-to-group", 'o', POPT_ARG_STRING, &string_arg, 'o', "Add user to group", "user:group" },
1062                 { "del-from-group", 'O', POPT_ARG_STRING, &string_arg, 'O', "Remove user from group", "user:group" },
1063                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1064                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1065                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1066                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1067                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1068                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1069                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1070                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1071                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1072                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1073                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1074 #ifdef WITH_FAKE_KASERVER
1075                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1076 #endif
1077                 POPT_COMMON_VERSION
1078                 POPT_TABLEEND
1079         };
1080
1081         /* Samba client initialisation */
1082
1083         if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
1084                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1085                         dyn_CONFIGFILE, strerror(errno));
1086                 exit(1);
1087         }
1088
1089         if (!init_names())
1090                 return 1;
1091
1092         load_interfaces();
1093
1094         /* Parse options */
1095
1096         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1097
1098         /* Parse command line options */
1099
1100         if (argc == 1) {
1101                 poptPrintHelp(pc, stderr, 0);
1102                 return 1;
1103         }
1104
1105         while((opt = poptGetNextOpt(pc)) != -1) {
1106                 /* get the generic configuration parameters like --domain */
1107         }
1108
1109         poptFreeContext(pc);
1110
1111         pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
1112                             POPT_CONTEXT_KEEP_FIRST);
1113
1114         while((opt = poptGetNextOpt(pc)) != -1) {
1115                 switch (opt) {
1116                 case 'u':
1117                         if (!print_domain_users(opt_domain_name)) {
1118                                 d_printf("Error looking up domain users\n");
1119                                 goto done;
1120                         }
1121                         break;
1122                 case 'g':
1123                         if (!print_domain_groups(opt_domain_name)) {
1124                                 d_printf("Error looking up domain groups\n");
1125                                 goto done;
1126                         }
1127                         break;
1128                 case 's':
1129                         if (!wbinfo_lookupsid(string_arg)) {
1130                                 d_printf("Could not lookup sid %s\n", string_arg);
1131                                 goto done;
1132                         }
1133                         break;
1134                 case 'n':
1135                         if (!wbinfo_lookupname(string_arg)) {
1136                                 d_printf("Could not lookup name %s\n", string_arg);
1137                                 goto done;
1138                         }
1139                         break;
1140                 case 'N':
1141                         if (!wbinfo_wins_byname(string_arg)) {
1142                                 d_printf("Could not lookup WINS by name %s\n", string_arg);
1143                                 goto done;
1144                         }
1145                         break;
1146                 case 'I':
1147                         if (!wbinfo_wins_byip(string_arg)) {
1148                                 d_printf("Could not lookup WINS by IP %s\n", string_arg);
1149                                 goto done;
1150                         }
1151                         break;
1152                 case 'U':
1153                         if (!wbinfo_uid_to_sid(int_arg)) {
1154                                 d_printf("Could not convert uid %d to sid\n", int_arg);
1155                                 goto done;
1156                         }
1157                         break;
1158                 case 'G':
1159                         if (!wbinfo_gid_to_sid(int_arg)) {
1160                                 d_printf("Could not convert gid %d to sid\n",
1161                                        int_arg);
1162                                 goto done;
1163                         }
1164                         break;
1165                 case 'S':
1166                         if (!wbinfo_sid_to_uid(string_arg)) {
1167                                 d_printf("Could not convert sid %s to uid\n",
1168                                        string_arg);
1169                                 goto done;
1170                         }
1171                         break;
1172                 case 'Y':
1173                         if (!wbinfo_sid_to_gid(string_arg)) {
1174                                 d_printf("Could not convert sid %s to gid\n",
1175                                        string_arg);
1176                                 goto done;
1177                         }
1178                         break;
1179                 case 'A':
1180                         if (!wbinfo_allocate_rid()) {
1181                                 d_printf("Could not allocate a RID\n");
1182                                 goto done;
1183                         }
1184                         break;
1185                 case 't':
1186                         if (!wbinfo_check_secret()) {
1187                                 d_printf("Could not check secret\n");
1188                                 goto done;
1189                         }
1190                         break;
1191                 case 'm':
1192                         if (!wbinfo_list_domains()) {
1193                                 d_printf("Could not list trusted domains\n");
1194                                 goto done;
1195                         }
1196                         break;
1197                 case OPT_SEQUENCE:
1198                         if (!wbinfo_show_sequence(opt_domain_name)) {
1199                                 d_printf("Could not show sequence numbers\n");
1200                                 goto done;
1201                         }
1202                         break;
1203                 case 'D':
1204                         if (!wbinfo_domain_info(string_arg)) {
1205                                 d_printf("Could not get domain info\n");
1206                                 goto done;
1207                         }
1208                         break;
1209                 case 'r':
1210                         if (!wbinfo_get_usergroups(string_arg)) {
1211                                 d_printf("Could not get groups for user %s\n", 
1212                                        string_arg);
1213                                 goto done;
1214                         }
1215                         break;
1216                 case OPT_USERSIDS:
1217                         if (!wbinfo_get_usersids(string_arg)) {
1218                                 d_printf("Could not get group SIDs for user SID %s\n", 
1219                                        string_arg);
1220                                 goto done;
1221                         }
1222                         break;
1223                 case 'a': {
1224                                 BOOL got_error = False;
1225
1226                                 if (!wbinfo_auth(string_arg)) {
1227                                         d_printf("Could not authenticate user %s with "
1228                                                 "plaintext password\n", string_arg);
1229                                         got_error = True;
1230                                 }
1231
1232                                 if (!wbinfo_auth_crap(string_arg)) {
1233                                         d_printf("Could not authenticate user %s with "
1234                                                 "challenge/response\n", string_arg);
1235                                         got_error = True;
1236                                 }
1237
1238                                 if (got_error)
1239                                         goto done;
1240                                 break;
1241                         }
1242                 case 'k':
1243                         if (!wbinfo_klog(string_arg)) {
1244                                 d_printf("Could not klog user\n");
1245                                 goto done;
1246                         }
1247                         break;
1248                 case 'c':
1249                         if ( !wbinfo_create_user(string_arg) ) {
1250                                 d_printf("Could not create user account\n");
1251                                 goto done;
1252                         }
1253                         break;
1254                 case 'C':
1255                         if ( !wbinfo_create_group(string_arg) ) {
1256                                 d_printf("Could not create group\n");
1257                                 goto done;
1258                         }
1259                         break;
1260                 case 'o':
1261                         if ( !wbinfo_add_user_to_group(string_arg) ) {
1262                                 d_printf("Could not add user to group\n");
1263                                 goto done;
1264                         }
1265                         break;
1266                 case 'O':
1267                         if ( !wbinfo_remove_user_from_group(string_arg) ) {
1268                                 d_printf("Could not remove user from group\n");
1269                                 goto done;
1270                         }
1271                         break;
1272                 case 'x':
1273                         if ( !wbinfo_delete_user(string_arg) ) {
1274                                 d_printf("Could not delete user account\n");
1275                                 goto done;
1276                         }
1277                         break;
1278                 case 'X':
1279                         if ( !wbinfo_delete_group(string_arg) ) {
1280                                 d_printf("Could not delete group\n");
1281                                 goto done;
1282                         }
1283                         break;
1284                 case 'p':
1285                         if (!wbinfo_ping()) {
1286                                 d_printf("could not ping winbindd!\n");
1287                                 goto done;
1288                         }
1289                         break;
1290                 case OPT_SET_AUTH_USER:
1291                         wbinfo_set_auth_user(string_arg);
1292                         break;
1293                 case OPT_GET_AUTH_USER:
1294                         wbinfo_get_auth_user();
1295                         break;
1296                 /* generic configuration options */
1297                 case OPT_DOMAIN_NAME:
1298                         break;
1299                 default:
1300                         d_fprintf(stderr, "Invalid option\n");
1301                         poptPrintHelp(pc, stderr, 0);
1302                         goto done;
1303                 }
1304         }
1305
1306         result = 0;
1307
1308         /* Exit code */
1309
1310  done:
1311         poptFreeContext(pc);
1312         return result;
1313 }