RIP BOOL. Convert BOOL -> bool. I found a few interesting
[nivanova/samba-autobuild/.git] / source3 / nsswitch / wbinfo.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind status program.
5
6    Copyright (C) Tim Potter      2000-2003
7    Copyright (C) Andrew Bartlett 2002
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "winbind_client.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_WINBIND
28
29 extern int winbindd_fd;
30
31 static char winbind_separator_int(bool strict)
32 {
33         struct winbindd_response response;
34         static bool got_sep;
35         static char sep;
36
37         if (got_sep)
38                 return sep;
39
40         ZERO_STRUCT(response);
41
42         /* Send off request */
43
44         if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
45             NSS_STATUS_SUCCESS) {
46                 d_fprintf(stderr, "could not obtain winbind separator!\n");
47                 if (strict) {
48                         return 0;
49                 }
50                 /* HACK: (this module should not call lp_ funtions) */
51                 return *lp_winbind_separator();
52         }
53
54         sep = response.data.info.winbind_separator;
55         got_sep = True;
56
57         if (!sep) {
58                 d_fprintf(stderr, "winbind separator was NULL!\n");
59                 if (strict) {
60                         return 0;
61                 }
62                 /* HACK: (this module should not call lp_ funtions) */
63                 sep = *lp_winbind_separator();
64         }
65         
66         return sep;
67 }
68
69 static char winbind_separator(void)
70 {
71         return winbind_separator_int(False);
72 }
73
74 static const char *get_winbind_domain(void)
75 {
76         struct winbindd_response response;
77         static fstring winbind_domain;
78
79         ZERO_STRUCT(response);
80
81         /* Send off request */
82
83         if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
84             NSS_STATUS_SUCCESS) {
85                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
86                 
87                 /* HACK: (this module should not call lp_ funtions) */
88                 return lp_workgroup();
89         }
90
91         fstrcpy(winbind_domain, response.data.domain_name);
92
93         return winbind_domain;
94
95 }
96
97 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
98    form DOMAIN/user into a domain and a user */
99
100 static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, 
101                                      fstring user)
102 {
103
104         char *p = strchr(domuser,winbind_separator());
105
106         if (!p) {
107                 /* Maybe it was a UPN? */
108                 if ((p = strchr(domuser, '@')) != NULL) {
109                         fstrcpy(domain, "");
110                         fstrcpy(user, domuser);
111                         return True;
112                 }
113                 
114                 fstrcpy(user, domuser);
115                 fstrcpy(domain, get_winbind_domain());
116                 return True;
117         }
118         
119         fstrcpy(user, p+1);
120         fstrcpy(domain, domuser);
121         domain[PTR_DIFF(p, domuser)] = 0;
122         strupper_m(domain);
123
124         return True;
125 }
126
127 /* pull pwent info for a given user */
128
129 static bool wbinfo_get_userinfo(char *user)
130 {
131         struct winbindd_request request;
132         struct winbindd_response response;
133         NSS_STATUS result;
134         
135         ZERO_STRUCT(request);
136         ZERO_STRUCT(response);
137
138         /* Send request */
139         
140         fstrcpy(request.data.username, user);
141
142         result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
143         
144         if (result != NSS_STATUS_SUCCESS)
145                 return False;
146         
147         d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
148                           response.data.pw.pw_name,
149                           response.data.pw.pw_passwd,
150                           response.data.pw.pw_uid,
151                           response.data.pw.pw_gid,
152                           response.data.pw.pw_gecos,
153                           response.data.pw.pw_dir,
154                           response.data.pw.pw_shell );
155         
156         return True;
157 }
158
159 /* pull pwent info for a given uid */
160 static bool wbinfo_get_uidinfo(int uid)
161 {
162         struct winbindd_request request;
163         struct winbindd_response response;
164         NSS_STATUS result;
165
166         ZERO_STRUCT(request);
167         ZERO_STRUCT(response);
168
169         request.data.uid = uid;
170
171         result = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
172
173         if (result != NSS_STATUS_SUCCESS)
174                 return False;
175
176         d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
177                 response.data.pw.pw_name,
178                 response.data.pw.pw_passwd,
179                 response.data.pw.pw_uid,
180                 response.data.pw.pw_gid,
181                 response.data.pw.pw_gecos,
182                 response.data.pw.pw_dir,
183                 response.data.pw.pw_shell );
184
185         return True;
186 }
187
188 /* pull grent for a given group */
189 static bool wbinfo_get_groupinfo(char *group)
190 {
191         struct winbindd_request request;
192         struct winbindd_response response;
193         NSS_STATUS result;
194
195         ZERO_STRUCT(request);
196         ZERO_STRUCT(response);
197
198         /* Send request */
199
200         fstrcpy(request.data.groupname, group);
201
202         result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
203                                            &response);
204
205         if ( result != NSS_STATUS_SUCCESS)
206                 return False;
207
208         d_printf( "%s:%s:%d\n",
209                   response.data.gr.gr_name,
210                   response.data.gr.gr_passwd,
211                   response.data.gr.gr_gid );
212         
213         return True;
214 }
215
216 /* List groups a user is a member of */
217
218 static bool wbinfo_get_usergroups(char *user)
219 {
220         struct winbindd_request request;
221         struct winbindd_response response;
222         NSS_STATUS result;
223         int i;
224         
225         ZERO_STRUCT(request);
226         ZERO_STRUCT(response);
227
228         /* Send request */
229
230         fstrcpy(request.data.username, user);
231
232         result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
233
234         if (result != NSS_STATUS_SUCCESS)
235                 return False;
236
237         for (i = 0; i < response.data.num_entries; i++)
238                 d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
239
240         SAFE_FREE(response.extra_data.data);
241
242         return True;
243 }
244
245
246 /* List group SIDs a user SID is a member of */
247 static bool wbinfo_get_usersids(char *user_sid)
248 {
249         struct winbindd_request request;
250         struct winbindd_response response;
251         NSS_STATUS result;
252         int i;
253         const char *s;
254
255         ZERO_STRUCT(request);
256         ZERO_STRUCT(response);
257
258         /* Send request */
259         fstrcpy(request.data.sid, user_sid);
260
261         result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
262
263         if (result != NSS_STATUS_SUCCESS)
264                 return False;
265
266         s = (const char *)response.extra_data.data;
267         for (i = 0; i < response.data.num_entries; i++) {
268                 d_printf("%s\n", s);
269                 s += strlen(s) + 1;
270         }
271
272         SAFE_FREE(response.extra_data.data);
273
274         return True;
275 }
276
277 static bool wbinfo_get_userdomgroups(const char *user_sid)
278 {
279         struct winbindd_request request;
280         struct winbindd_response response;
281         NSS_STATUS result;
282
283         ZERO_STRUCT(request);
284         ZERO_STRUCT(response);
285
286         /* Send request */
287         fstrcpy(request.data.sid, user_sid);
288
289         result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
290                                   &response);
291
292         if (result != NSS_STATUS_SUCCESS)
293                 return False;
294
295         if (response.data.num_entries != 0)
296                 printf("%s", (char *)response.extra_data.data);
297         
298         SAFE_FREE(response.extra_data.data);
299
300         return True;
301 }
302
303 /* Convert NetBIOS name to IP */
304
305 static bool wbinfo_wins_byname(char *name)
306 {
307         struct winbindd_request request;
308         struct winbindd_response response;
309
310         ZERO_STRUCT(request);
311         ZERO_STRUCT(response);
312
313         /* Send request */
314
315         fstrcpy(request.data.winsreq, name);
316
317         if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
318             NSS_STATUS_SUCCESS) {
319                 return False;
320         }
321
322         /* Display response */
323
324         d_printf("%s\n", response.data.winsresp);
325
326         return True;
327 }
328
329 /* Convert IP to NetBIOS name */
330
331 static bool wbinfo_wins_byip(char *ip)
332 {
333         struct winbindd_request request;
334         struct winbindd_response response;
335
336         ZERO_STRUCT(request);
337         ZERO_STRUCT(response);
338
339         /* Send request */
340
341         fstrcpy(request.data.winsreq, ip);
342
343         if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
344             NSS_STATUS_SUCCESS) {
345                 return False;
346         }
347
348         /* Display response */
349
350         d_printf("%s\n", response.data.winsresp);
351
352         return True;
353 }
354
355 /* List trusted domains */
356
357 static bool wbinfo_list_domains(bool list_all_domains)
358 {
359         struct winbindd_request request;
360         struct winbindd_response response;
361
362         ZERO_STRUCT(request);
363         ZERO_STRUCT(response);
364
365         /* Send request */
366
367         request.data.list_all_domains = list_all_domains;
368
369         if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
370             NSS_STATUS_SUCCESS)
371                 return False;
372
373         /* Display response */
374
375         if (response.extra_data.data) {
376                 const char *extra_data = (char *)response.extra_data.data;
377                 fstring name;
378                 char *p;
379
380                 while(next_token(&extra_data, name, "\n", sizeof(fstring))) {
381                         p = strchr(name, '\\');
382                         if (p == 0) {
383                                 d_fprintf(stderr, "Got invalid response: %s\n",
384                                          extra_data);
385                                 return False;
386                         }
387                         *p = 0;
388                         d_printf("%s\n", name);
389                 }
390
391                 SAFE_FREE(response.extra_data.data);
392         }
393
394         return True;
395 }
396
397 /* List own domain */
398
399 static bool wbinfo_list_own_domain(void)
400 {
401         d_printf("%s\n", get_winbind_domain());
402
403         return True;
404 }
405
406 /* show sequence numbers */
407 static bool wbinfo_show_sequence(const char *domain)
408 {
409         struct winbindd_request  request;
410         struct winbindd_response response;
411
412         ZERO_STRUCT(response);
413         ZERO_STRUCT(request);
414
415         if ( domain )
416                 fstrcpy( request.domain_name, domain );
417
418         /* Send request */
419
420         if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
421             NSS_STATUS_SUCCESS)
422                 return False;
423
424         /* Display response */
425
426         if (domain) {
427                 d_printf("%s : ", domain);
428                 if (response.data.sequence_number == (uint32_t)-1) {
429                         d_printf("DISCONNECTED\n");
430                 } else {
431                         d_printf("%d\n", response.data.sequence_number);
432                 }
433         } else if (response.extra_data.data) {
434                 char *extra_data = (char *)response.extra_data.data;
435                 d_printf("%s", extra_data);
436                 SAFE_FREE(response.extra_data.data);
437         }
438
439         return True;
440 }
441
442 /* Show domain info */
443
444 static bool wbinfo_domain_info(const char *domain_name)
445 {
446         struct winbindd_request request;
447         struct winbindd_response response;
448
449         ZERO_STRUCT(request);
450         ZERO_STRUCT(response);
451
452         if ((strequal(domain_name, ".")) || (domain_name[0] == '\0'))
453                 fstrcpy(request.domain_name, get_winbind_domain());
454         else
455                 fstrcpy(request.domain_name, domain_name);
456
457         /* Send request */
458
459         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
460             NSS_STATUS_SUCCESS)
461                 return False;
462
463         /* Display response */
464
465         d_printf("Name              : %s\n", response.data.domain_info.name);
466         d_printf("Alt_Name          : %s\n", response.data.domain_info.alt_name);
467
468         d_printf("SID               : %s\n", response.data.domain_info.sid);
469
470         d_printf("Active Directory  : %s\n",
471                  response.data.domain_info.active_directory ? "Yes" : "No");
472         d_printf("Native            : %s\n",
473                  response.data.domain_info.native_mode ? "Yes" : "No");
474
475         d_printf("Primary           : %s\n",
476                  response.data.domain_info.primary ? "Yes" : "No");
477
478         return True;
479 }
480
481 /* Get a foreign DC's name */
482 static bool wbinfo_getdcname(const char *domain_name)
483 {
484         struct winbindd_request request;
485         struct winbindd_response response;
486
487         ZERO_STRUCT(request);
488         ZERO_STRUCT(response);
489
490         fstrcpy(request.domain_name, domain_name);
491
492         /* Send request */
493
494         if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
495             NSS_STATUS_SUCCESS) {
496                 d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
497                 return False;
498         }
499
500         /* Display response */
501
502         d_printf("%s\n", response.data.dc_name);
503
504         return True;
505 }
506
507 /* Find a DC */
508 static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
509 {
510         struct winbindd_request request;
511         struct winbindd_response response;
512
513         ZERO_STRUCT(request);
514         ZERO_STRUCT(response);
515
516         fstrcpy(request.domain_name, domain_name);
517         request.flags = flags;
518
519         request.flags |= DS_DIRECTORY_SERVICE_REQUIRED;
520
521         /* Send request */
522
523         if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
524             NSS_STATUS_SUCCESS) {
525                 d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
526                 return False;
527         }
528
529         /* Display response */
530
531         d_printf("%s\n", response.data.dc_name);
532
533         return True;
534 }
535
536 /* Check trust account password */
537
538 static bool wbinfo_check_secret(void)
539 {
540         struct winbindd_response response;
541         NSS_STATUS result;
542
543         ZERO_STRUCT(response);
544
545         result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
546                 
547         d_printf("checking the trust secret via RPC calls %s\n", 
548                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
549
550         if (result != NSS_STATUS_SUCCESS)       
551                 d_fprintf(stderr, "error code was %s (0x%x)\n", 
552                          response.data.auth.nt_status_string, 
553                          response.data.auth.nt_status);
554         
555         return result == NSS_STATUS_SUCCESS;    
556 }
557
558 /* Convert uid to sid */
559
560 static bool wbinfo_uid_to_sid(uid_t uid)
561 {
562         struct winbindd_request request;
563         struct winbindd_response response;
564
565         ZERO_STRUCT(request);
566         ZERO_STRUCT(response);
567
568         /* Send request */
569
570         request.data.uid = uid;
571
572         if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
573             NSS_STATUS_SUCCESS)
574                 return False;
575
576         /* Display response */
577
578         d_printf("%s\n", response.data.sid.sid);
579
580         return True;
581 }
582
583 /* Convert gid to sid */
584
585 static bool wbinfo_gid_to_sid(gid_t gid)
586 {
587         struct winbindd_request request;
588         struct winbindd_response response;
589
590         ZERO_STRUCT(request);
591         ZERO_STRUCT(response);
592
593         /* Send request */
594
595         request.data.gid = gid;
596
597         if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
598             NSS_STATUS_SUCCESS)
599                 return False;
600
601         /* Display response */
602
603         d_printf("%s\n", response.data.sid.sid);
604
605         return True;
606 }
607
608 /* Convert sid to uid */
609
610 static bool wbinfo_sid_to_uid(char *sid)
611 {
612         struct winbindd_request request;
613         struct winbindd_response response;
614
615         ZERO_STRUCT(request);
616         ZERO_STRUCT(response);
617
618         /* Send request */
619
620         fstrcpy(request.data.sid, sid);
621
622         if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
623             NSS_STATUS_SUCCESS)
624                 return False;
625
626         /* Display response */
627
628         d_printf("%d\n", (int)response.data.uid);
629
630         return True;
631 }
632
633 static bool wbinfo_sid_to_gid(char *sid)
634 {
635         struct winbindd_request request;
636         struct winbindd_response response;
637
638         ZERO_STRUCT(request);
639         ZERO_STRUCT(response);
640
641         /* Send request */
642
643         fstrcpy(request.data.sid, sid);
644
645         if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
646             NSS_STATUS_SUCCESS)
647                 return False;
648
649         /* Display response */
650
651         d_printf("%d\n", (int)response.data.gid);
652
653         return True;
654 }
655
656 static bool wbinfo_allocate_uid(void)
657 {
658         uid_t uid;
659
660         if (!winbind_allocate_uid(&uid))
661                 return False;
662
663         d_printf("New uid: %d\n", uid);
664
665         return True;
666 }
667
668 static bool wbinfo_allocate_gid(void)
669 {
670         gid_t gid;
671
672         if (!winbind_allocate_gid(&gid))
673                 return False;
674
675         d_printf("New gid: %d\n", gid);
676
677         return True;
678 }
679
680 /* Convert sid to string */
681
682 static bool wbinfo_lookupsid(char *sid)
683 {
684         struct winbindd_request request;
685         struct winbindd_response response;
686
687         ZERO_STRUCT(request);
688         ZERO_STRUCT(response);
689
690         /* Send off request */
691
692         fstrcpy(request.data.sid, sid);
693
694         if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
695             NSS_STATUS_SUCCESS)
696                 return False;
697
698         /* Display response */
699
700         d_printf("%s%c%s %d\n", response.data.name.dom_name, 
701                  winbind_separator(), response.data.name.name, 
702                  response.data.name.type);
703
704         return True;
705 }
706
707 /* Lookup a list of RIDs */
708
709 static bool wbinfo_lookuprids(char *domain, char *arg)
710 {
711         size_t i;
712         DOM_SID sid;
713         int num_rids;
714         uint32 *rids;
715         const char *p;
716         char ridstr[32];
717         const char **names;
718         enum lsa_SidType *types;
719         const char *domain_name;
720         TALLOC_CTX *mem_ctx;
721         struct winbindd_request request;
722         struct winbindd_response response;
723
724         ZERO_STRUCT(request);
725         ZERO_STRUCT(response);
726
727         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0'))
728                 fstrcpy(request.domain_name, get_winbind_domain());
729         else
730                 fstrcpy(request.domain_name, domain);
731
732         /* Send request */
733
734         if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
735             NSS_STATUS_SUCCESS) {
736                 d_printf("Could not get domain sid for %s\n", request.domain_name);
737                 return False;
738         }
739
740         if (!string_to_sid(&sid, response.data.domain_info.sid)) {
741                 d_printf("Could not convert %s to sid\n", response.data.domain_info.sid);
742                 return False;
743         }
744
745         mem_ctx = talloc_new(NULL);
746         if (mem_ctx == NULL) {
747                 d_printf("talloc_new failed\n");
748                 return False;
749         }
750
751         num_rids = 0;
752         rids = NULL;
753         p = arg;
754
755         while (next_token(&p, ridstr, " ,\n", sizeof(ridstr))) {
756                 uint32 rid = strtoul(ridstr, NULL, 10);
757                 ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
758         }
759
760         if (rids == NULL) {
761                 TALLOC_FREE(mem_ctx);
762                 return False;
763         }
764
765         if (!winbind_lookup_rids(mem_ctx, &sid, num_rids, rids,
766                                  &domain_name, &names, &types)) {
767                 d_printf("winbind_lookup_rids failed\n");
768                 TALLOC_FREE(mem_ctx);
769                 return False;
770         }
771
772         d_printf("Domain: %s\n", domain_name);
773
774         for (i=0; i<num_rids; i++) {
775                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
776                          sid_type_lookup(types[i]));
777         }
778
779         TALLOC_FREE(mem_ctx);
780         return True;
781 }
782
783 /* Convert string to sid */
784
785 static bool wbinfo_lookupname(char *name)
786 {
787         struct winbindd_request request;
788         struct winbindd_response response;
789
790         /* Send off request */
791
792         ZERO_STRUCT(request);
793         ZERO_STRUCT(response);
794
795         parse_wbinfo_domain_user(name, request.data.name.dom_name, 
796                                  request.data.name.name);
797
798         if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
799             NSS_STATUS_SUCCESS)
800                 return False;
801
802         /* Display response */
803
804         d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
805
806         return True;
807 }
808
809 /* Authenticate a user with a plaintext password */
810
811 static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
812 {
813         struct winbindd_request request;
814         struct winbindd_response response;
815         NSS_STATUS result;
816         char *p;
817
818         /* Send off request */
819
820         ZERO_STRUCT(request);
821         ZERO_STRUCT(response);
822
823         p = strchr(username, '%');
824
825         if (p) {
826                 *p = 0;
827                 fstrcpy(request.data.auth.user, username);
828                 fstrcpy(request.data.auth.pass, p + 1);
829                 *p = '%';
830         } else
831                 fstrcpy(request.data.auth.user, username);
832
833         request.flags = flags;
834
835         fstrcpy(request.data.auth.krb5_cc_type, cctype);
836
837         request.data.auth.uid = geteuid();
838
839         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
840
841         /* Display response */
842
843         d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", 
844                 username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
845
846         if (response.data.auth.nt_status)
847                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
848                          response.data.auth.nt_status_string, 
849                          response.data.auth.nt_status,
850                          response.data.auth.error_string);
851
852         if (result == NSS_STATUS_SUCCESS) {
853
854                 if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
855                         if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
856                                 d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
857                         }
858                 }
859
860                 if (response.data.auth.krb5ccname[0] != '\0') {
861                         d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
862                 } else {
863                         d_printf("no credentials cached\n");
864                 }
865         }
866
867         return result == NSS_STATUS_SUCCESS;
868 }
869
870 /* Authenticate a user with a plaintext password */
871
872 static bool wbinfo_auth(char *username)
873 {
874         struct winbindd_request request;
875         struct winbindd_response response;
876         NSS_STATUS result;
877         char *p;
878
879         /* Send off request */
880
881         ZERO_STRUCT(request);
882         ZERO_STRUCT(response);
883
884         p = strchr(username, '%');
885
886         if (p) {
887                 *p = 0;
888                 fstrcpy(request.data.auth.user, username);
889                 fstrcpy(request.data.auth.pass, p + 1);
890                 *p = '%';
891         } else
892                 fstrcpy(request.data.auth.user, username);
893
894         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
895
896         /* Display response */
897
898         d_printf("plaintext password authentication %s\n", 
899                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
900
901         if (response.data.auth.nt_status)
902                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
903                          response.data.auth.nt_status_string, 
904                          response.data.auth.nt_status,
905                          response.data.auth.error_string);
906
907         return result == NSS_STATUS_SUCCESS;
908 }
909
910 /* Authenticate a user with a challenge/response */
911
912 static bool wbinfo_auth_crap(char *username)
913 {
914         struct winbindd_request request;
915         struct winbindd_response response;
916         NSS_STATUS result;
917         fstring name_user;
918         fstring name_domain;
919         fstring pass;
920         char *p;
921
922         /* Send off request */
923
924         ZERO_STRUCT(request);
925         ZERO_STRUCT(response);
926
927         p = strchr(username, '%');
928
929         if (p) {
930                 *p = 0;
931                 fstrcpy(pass, p + 1);
932         }
933                 
934         parse_wbinfo_domain_user(username, name_domain, name_user);
935
936         request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
937
938         fstrcpy(request.data.auth_crap.user, name_user);
939
940         fstrcpy(request.data.auth_crap.domain, 
941                               name_domain);
942
943         generate_random_buffer(request.data.auth_crap.chal, 8);
944         
945         if (lp_client_ntlmv2_auth()) {
946                 DATA_BLOB server_chal;
947                 DATA_BLOB names_blob;   
948
949                 DATA_BLOB lm_response;
950                 DATA_BLOB nt_response;
951
952                 server_chal = data_blob(request.data.auth_crap.chal, 8); 
953                 
954                 /* Pretend this is a login to 'us', for blob purposes */
955                 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
956                 
957                 if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, 
958                                       &names_blob,
959                                       &lm_response, &nt_response, NULL)) {
960                         data_blob_free(&names_blob);
961                         data_blob_free(&server_chal);
962                         return False;
963                 }
964                 data_blob_free(&names_blob);
965                 data_blob_free(&server_chal);
966
967                 memcpy(request.data.auth_crap.nt_resp, nt_response.data, 
968                        MIN(nt_response.length, 
969                            sizeof(request.data.auth_crap.nt_resp)));
970                 request.data.auth_crap.nt_resp_len = nt_response.length;
971
972                 memcpy(request.data.auth_crap.lm_resp, lm_response.data, 
973                        MIN(lm_response.length, 
974                            sizeof(request.data.auth_crap.lm_resp)));
975                 request.data.auth_crap.lm_resp_len = lm_response.length;
976                        
977                 data_blob_free(&nt_response);
978                 data_blob_free(&lm_response);
979
980         } else {
981                 if (lp_client_lanman_auth() 
982                     && SMBencrypt(pass, request.data.auth_crap.chal, 
983                                (uchar *)request.data.auth_crap.lm_resp)) {
984                         request.data.auth_crap.lm_resp_len = 24;
985                 } else {
986                         request.data.auth_crap.lm_resp_len = 0;
987                 }
988                 SMBNTencrypt(pass, request.data.auth_crap.chal,
989                              (uchar *)request.data.auth_crap.nt_resp);
990
991                 request.data.auth_crap.nt_resp_len = 24;
992         }
993
994         result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
995
996         /* Display response */
997
998         d_printf("challenge/response password authentication %s\n", 
999                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1000
1001         if (response.data.auth.nt_status)
1002                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1003                          response.data.auth.nt_status_string, 
1004                          response.data.auth.nt_status,
1005                          response.data.auth.error_string);
1006
1007         return result == NSS_STATUS_SUCCESS;
1008 }
1009
1010 /* Authenticate a user with a plaintext password and set a token */
1011
1012 static bool wbinfo_klog(char *username)
1013 {
1014         struct winbindd_request request;
1015         struct winbindd_response response;
1016         NSS_STATUS result;
1017         char *p;
1018
1019         /* Send off request */
1020
1021         ZERO_STRUCT(request);
1022         ZERO_STRUCT(response);
1023
1024         p = strchr(username, '%');
1025
1026         if (p) {
1027                 *p = 0;
1028                 fstrcpy(request.data.auth.user, username);
1029                 fstrcpy(request.data.auth.pass, p + 1);
1030                 *p = '%';
1031         } else {
1032                 fstrcpy(request.data.auth.user, username);
1033                 fstrcpy(request.data.auth.pass, getpass("Password: "));
1034         }
1035
1036         request.flags |= WBFLAG_PAM_AFS_TOKEN;
1037
1038         result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
1039
1040         /* Display response */
1041
1042         d_printf("plaintext password authentication %s\n", 
1043                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
1044
1045         if (response.data.auth.nt_status)
1046                 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
1047                          response.data.auth.nt_status_string, 
1048                          response.data.auth.nt_status,
1049                          response.data.auth.error_string);
1050
1051         if (result != NSS_STATUS_SUCCESS)
1052                 return False;
1053
1054         if (response.extra_data.data == NULL) {
1055                 d_fprintf(stderr, "Did not get token data\n");
1056                 return False;
1057         }
1058
1059         if (!afs_settoken_str((char *)response.extra_data.data)) {
1060                 d_fprintf(stderr, "Could not set token\n");
1061                 return False;
1062         }
1063
1064         d_printf("Successfully created AFS token\n");
1065         return True;
1066 }
1067
1068 /* Print domain users */
1069
1070 static bool print_domain_users(const char *domain)
1071 {
1072         struct winbindd_request request;
1073         struct winbindd_response response;
1074         const char *extra_data;
1075         fstring name;
1076
1077         /* Send request to winbind daemon */
1078
1079         ZERO_STRUCT(request);
1080         ZERO_STRUCT(response);
1081         
1082         if (domain) {
1083                 /* '.' is the special sign for our own domain */
1084                 if ( strequal(domain, ".") )
1085                         fstrcpy( request.domain_name, get_winbind_domain() );
1086                 else
1087                         fstrcpy( request.domain_name, domain );
1088         }
1089
1090         if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
1091             NSS_STATUS_SUCCESS)
1092                 return False;
1093
1094         /* Look through extra data */
1095
1096         if (!response.extra_data.data)
1097                 return False;
1098
1099         extra_data = (const char *)response.extra_data.data;
1100
1101         while(next_token(&extra_data, name, ",", sizeof(fstring)))
1102                 d_printf("%s\n", name);
1103         
1104         SAFE_FREE(response.extra_data.data);
1105
1106         return True;
1107 }
1108
1109 /* Print domain groups */
1110
1111 static bool print_domain_groups(const char *domain)
1112 {
1113         struct winbindd_request  request;
1114         struct winbindd_response response;
1115         const char *extra_data;
1116         fstring name;
1117
1118         ZERO_STRUCT(request);
1119         ZERO_STRUCT(response);
1120
1121         if (domain) {
1122                 if ( strequal(domain, ".") )
1123                         fstrcpy( request.domain_name, get_winbind_domain() );
1124                 else
1125                         fstrcpy( request.domain_name, domain );
1126         }
1127
1128         if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
1129             NSS_STATUS_SUCCESS)
1130                 return False;
1131
1132         /* Look through extra data */
1133
1134         if (!response.extra_data.data)
1135                 return False;
1136
1137         extra_data = (const char *)response.extra_data.data;
1138
1139         while(next_token(&extra_data, name, ",", sizeof(fstring)))
1140                 d_printf("%s\n", name);
1141
1142         SAFE_FREE(response.extra_data.data);
1143         
1144         return True;
1145 }
1146
1147 /* Set the authorised user for winbindd access in secrets.tdb */
1148
1149 static bool wbinfo_set_auth_user(char *username)
1150 {
1151         const char *password;
1152         char *p;
1153         fstring user, domain;
1154
1155         /* Separate into user and password */
1156
1157         parse_wbinfo_domain_user(username, domain, user);
1158
1159         p = strchr(user, '%');
1160
1161         if (p != NULL) {
1162                 *p = 0;
1163                 password = p+1;
1164         } else {
1165                 char *thepass = getpass("Password: ");
1166                 if (thepass) {
1167                         password = thepass;     
1168                 } else
1169                         password = "";
1170         }
1171
1172         /* Store or remove DOMAIN\username%password in secrets.tdb */
1173
1174         secrets_init();
1175
1176         if (user[0]) {
1177
1178                 if (!secrets_store(SECRETS_AUTH_USER, user,
1179                                    strlen(user) + 1)) {
1180                         d_fprintf(stderr, "error storing username\n");
1181                         return False;
1182                 }
1183
1184                 /* We always have a domain name added by the
1185                    parse_wbinfo_domain_user() function. */
1186
1187                 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
1188                                    strlen(domain) + 1)) {
1189                         d_fprintf(stderr, "error storing domain name\n");
1190                         return False;
1191                 }
1192
1193         } else {
1194                 secrets_delete(SECRETS_AUTH_USER);
1195                 secrets_delete(SECRETS_AUTH_DOMAIN);
1196         }
1197
1198         if (password[0]) {
1199
1200                 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
1201                                    strlen(password) + 1)) {
1202                         d_fprintf(stderr, "error storing password\n");
1203                         return False;
1204                 }
1205
1206         } else
1207                 secrets_delete(SECRETS_AUTH_PASSWORD);
1208
1209         return True;
1210 }
1211
1212 static void wbinfo_get_auth_user(void)
1213 {
1214         char *user, *domain, *password;
1215
1216         /* Lift data from secrets file */
1217         
1218         secrets_fetch_ipc_userpass(&user, &domain, &password);
1219
1220         if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
1221
1222                 SAFE_FREE(user);
1223                 SAFE_FREE(domain);
1224                 SAFE_FREE(password);
1225                 d_printf("No authorised user configured\n");
1226                 return;
1227         }
1228
1229         /* Pretty print authorised user info */
1230
1231         d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
1232                  user, password ? "%" : "", password ? password : "");
1233
1234         SAFE_FREE(user);
1235         SAFE_FREE(domain);
1236         SAFE_FREE(password);
1237 }
1238
1239 static bool wbinfo_ping(void)
1240 {
1241         NSS_STATUS result;
1242
1243         result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
1244
1245         /* Display response */
1246
1247         d_printf("Ping to winbindd %s on fd %d\n", 
1248                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
1249
1250         return result == NSS_STATUS_SUCCESS;
1251 }
1252
1253 /* Main program */
1254
1255 enum {
1256         OPT_SET_AUTH_USER = 1000,
1257         OPT_GET_AUTH_USER,
1258         OPT_DOMAIN_NAME,
1259         OPT_SEQUENCE,
1260         OPT_GETDCNAME,
1261         OPT_DSGETDCNAME,
1262         OPT_USERDOMGROUPS,
1263         OPT_USERSIDS,
1264         OPT_ALLOCATE_UID,
1265         OPT_ALLOCATE_GID,
1266         OPT_SEPARATOR,
1267         OPT_LIST_ALL_DOMAINS,
1268         OPT_LIST_OWN_DOMAIN,
1269         OPT_UID_INFO,
1270         OPT_GROUP_INFO,
1271 };
1272
1273 int main(int argc, char **argv, char **envp)
1274 {
1275         int opt;
1276
1277         poptContext pc;
1278         static char *string_arg;
1279         static char *opt_domain_name;
1280         static int int_arg;
1281         int result = 1;
1282
1283         struct poptOption long_options[] = {
1284                 POPT_AUTOHELP
1285
1286                 /* longName, shortName, argInfo, argPtr, value, descrip, 
1287                    argDesc */
1288
1289                 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
1290                 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
1291                 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
1292                 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
1293                 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
1294                 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
1295                 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
1296                 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
1297                 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
1298                 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
1299                 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
1300                 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
1301                   "Get a new UID out of idmap" },
1302                 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
1303                   "Get a new GID out of idmap" },
1304                 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
1305                 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
1306                 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
1307                 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
1308                 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
1309                 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
1310                 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
1311                 { "uid-info", 0, POPT_ARG_INT, &int_arg, OPT_UID_INFO, "Get user info from uid", "UID" },
1312                 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
1313                 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
1314                 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
1315                   OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
1316                 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
1317                 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
1318                 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
1319                 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
1320                   "Get a DC name for a foreign domain", "domainname" },
1321                 { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
1322                 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
1323                 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
1324                 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
1325 #ifdef WITH_FAKE_KASERVER
1326                 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
1327 #endif
1328 #ifdef HAVE_KRB5
1329                 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
1330                         /* destroys wbinfo --help output */
1331                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
1332 #endif
1333                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
1334                 POPT_COMMON_VERSION
1335                 POPT_TABLEEND
1336         };
1337
1338         /* Samba client initialisation */
1339         load_case_tables();
1340
1341         if (!lp_load(dyn_CONFIGFILE, True, False, False, True)) {
1342                 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
1343                         dyn_CONFIGFILE, strerror(errno));
1344                 exit(1);
1345         }
1346
1347         if (!init_names())
1348                 return 1;
1349
1350         load_interfaces();
1351
1352         /* Parse options */
1353
1354         pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
1355
1356         /* Parse command line options */
1357
1358         if (argc == 1) {
1359                 poptPrintHelp(pc, stderr, 0);
1360                 return 1;
1361         }
1362
1363         while((opt = poptGetNextOpt(pc)) != -1) {
1364                 /* get the generic configuration parameters like --domain */
1365         }
1366
1367         poptFreeContext(pc);
1368
1369         pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
1370                             POPT_CONTEXT_KEEP_FIRST);
1371
1372         while((opt = poptGetNextOpt(pc)) != -1) {
1373                 switch (opt) {
1374                 case 'u':
1375                         if (!print_domain_users(opt_domain_name)) {
1376                                 d_fprintf(stderr, "Error looking up domain users\n");
1377                                 goto done;
1378                         }
1379                         break;
1380                 case 'g':
1381                         if (!print_domain_groups(opt_domain_name)) {
1382                                 d_fprintf(stderr, "Error looking up domain groups\n");
1383                                 goto done;
1384                         }
1385                         break;
1386                 case 's':
1387                         if (!wbinfo_lookupsid(string_arg)) {
1388                                 d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
1389                                 goto done;
1390                         }
1391                         break;
1392                 case 'R':
1393                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
1394                                 d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
1395                                 goto done;
1396                         }
1397                         break;
1398                 case 'n':
1399                         if (!wbinfo_lookupname(string_arg)) {
1400                                 d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
1401                                 goto done;
1402                         }
1403                         break;
1404                 case 'N':
1405                         if (!wbinfo_wins_byname(string_arg)) {
1406                                 d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
1407                                 goto done;
1408                         }
1409                         break;
1410                 case 'I':
1411                         if (!wbinfo_wins_byip(string_arg)) {
1412                                 d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
1413                                 goto done;
1414                         }
1415                         break;
1416                 case 'U':
1417                         if (!wbinfo_uid_to_sid(int_arg)) {
1418                                 d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
1419                                 goto done;
1420                         }
1421                         break;
1422                 case 'G':
1423                         if (!wbinfo_gid_to_sid(int_arg)) {
1424                                 d_fprintf(stderr, "Could not convert gid %d to sid\n",
1425                                        int_arg);
1426                                 goto done;
1427                         }
1428                         break;
1429                 case 'S':
1430                         if (!wbinfo_sid_to_uid(string_arg)) {
1431                                 d_fprintf(stderr, "Could not convert sid %s to uid\n",
1432                                        string_arg);
1433                                 goto done;
1434                         }
1435                         break;
1436                 case 'Y':
1437                         if (!wbinfo_sid_to_gid(string_arg)) {
1438                                 d_fprintf(stderr, "Could not convert sid %s to gid\n",
1439                                        string_arg);
1440                                 goto done;
1441                         }
1442                         break;
1443                 case OPT_ALLOCATE_UID:
1444                         if (!wbinfo_allocate_uid()) {
1445                                 d_fprintf(stderr, "Could not allocate a uid\n");
1446                                 goto done;
1447                         }
1448                         break;
1449                 case OPT_ALLOCATE_GID:
1450                         if (!wbinfo_allocate_gid()) {
1451                                 d_fprintf(stderr, "Could not allocate a gid\n");
1452                                 goto done;
1453                         }
1454                         break;
1455                 case 't':
1456                         if (!wbinfo_check_secret()) {
1457                                 d_fprintf(stderr, "Could not check secret\n");
1458                                 goto done;
1459                         }
1460                         break;
1461                 case 'm':
1462                         if (!wbinfo_list_domains(False)) {
1463                                 d_fprintf(stderr, "Could not list trusted domains\n");
1464                                 goto done;
1465                         }
1466                         break;
1467                 case OPT_SEQUENCE:
1468                         if (!wbinfo_show_sequence(opt_domain_name)) {
1469                                 d_fprintf(stderr, "Could not show sequence numbers\n");
1470                                 goto done;
1471                         }
1472                         break;
1473                 case 'D':
1474                         if (!wbinfo_domain_info(string_arg)) {
1475                                 d_fprintf(stderr, "Could not get domain info\n");
1476                                 goto done;
1477                         }
1478                         break;
1479                 case 'i':
1480                         if (!wbinfo_get_userinfo(string_arg)) {
1481                                 d_fprintf(stderr, "Could not get info for user %s\n",
1482                                                   string_arg);
1483                                 goto done;
1484                         }
1485                         break;
1486                 case OPT_UID_INFO:
1487                         if ( !wbinfo_get_uidinfo(int_arg)) {
1488                                 d_fprintf(stderr, "Could not get info for uid "
1489                                                 "%d\n", int_arg);
1490                                 goto done;
1491                         }
1492                         break;
1493                 case OPT_GROUP_INFO:
1494                         if ( !wbinfo_get_groupinfo(string_arg)) {
1495                                 d_fprintf(stderr, "Could not get info for "
1496                                           "group %s\n", string_arg);
1497                                 goto done;
1498                         }
1499                         break;
1500                 case 'r':
1501                         if (!wbinfo_get_usergroups(string_arg)) {
1502                                 d_fprintf(stderr, "Could not get groups for user %s\n", 
1503                                        string_arg);
1504                                 goto done;
1505                         }
1506                         break;
1507                 case OPT_USERSIDS:
1508                         if (!wbinfo_get_usersids(string_arg)) {
1509                                 d_fprintf(stderr, "Could not get group SIDs for user SID %s\n", 
1510                                        string_arg);
1511                                 goto done;
1512                         }
1513                         break;
1514                 case OPT_USERDOMGROUPS:
1515                         if (!wbinfo_get_userdomgroups(string_arg)) {
1516                                 d_fprintf(stderr, "Could not get user's domain groups "
1517                                          "for user SID %s\n", string_arg);
1518                                 goto done;
1519                         }
1520                         break;
1521                 case 'a': {
1522                                 bool got_error = False;
1523
1524                                 if (!wbinfo_auth(string_arg)) {
1525                                         d_fprintf(stderr, "Could not authenticate user %s with "
1526                                                 "plaintext password\n", string_arg);
1527                                         got_error = True;
1528                                 }
1529
1530                                 if (!wbinfo_auth_crap(string_arg)) {
1531                                         d_fprintf(stderr, "Could not authenticate user %s with "
1532                                                 "challenge/response\n", string_arg);
1533                                         got_error = True;
1534                                 }
1535
1536                                 if (got_error)
1537                                         goto done;
1538                                 break;
1539                         }
1540                 case 'K': {
1541                                 uint32 flags =  WBFLAG_PAM_KRB5 |
1542                                                 WBFLAG_PAM_CACHED_LOGIN |
1543                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
1544                                                 WBFLAG_PAM_INFO3_TEXT;
1545
1546                                 if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
1547                                         d_fprintf(stderr, "Could not authenticate user [%s] with "
1548                                                 "Kerberos (ccache: %s)\n", string_arg, "FILE");
1549                                         goto done;
1550                                 }
1551                                 break;
1552                         }
1553                 case 'k':
1554                         if (!wbinfo_klog(string_arg)) {
1555                                 d_fprintf(stderr, "Could not klog user\n");
1556                                 goto done;
1557                         }
1558                         break;
1559                 case 'p':
1560                         if (!wbinfo_ping()) {
1561                                 d_fprintf(stderr, "could not ping winbindd!\n");
1562                                 goto done;
1563                         }
1564                         break;
1565                 case OPT_SET_AUTH_USER:
1566                         if (!wbinfo_set_auth_user(string_arg)) {
1567                                 goto done;
1568                         }
1569                         break;
1570                 case OPT_GET_AUTH_USER:
1571                         wbinfo_get_auth_user();
1572                         break;
1573                 case OPT_GETDCNAME:
1574                         if (!wbinfo_getdcname(string_arg)) {
1575                                 goto done;
1576                         }
1577                         break;
1578                 case OPT_DSGETDCNAME:
1579                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
1580                                 goto done;
1581                         }
1582                         break;
1583                 case OPT_SEPARATOR: {
1584                         const char sep = winbind_separator_int(True);
1585                         if ( !sep ) {
1586                                 goto done;
1587                         }
1588                         d_printf("%c\n", sep);
1589                         break;
1590                 }
1591                 case OPT_LIST_ALL_DOMAINS:
1592                         if (!wbinfo_list_domains(True)) {
1593                                 goto done;
1594                         }
1595                         break;
1596                 case OPT_LIST_OWN_DOMAIN:
1597                         if (!wbinfo_list_own_domain()) {
1598                                 goto done;
1599                         }
1600                         break;
1601                 /* generic configuration options */
1602                 case OPT_DOMAIN_NAME:
1603                         break;
1604                 default:
1605                         d_fprintf(stderr, "Invalid option\n");
1606                         poptPrintHelp(pc, stderr, 0);
1607                         goto done;
1608                 }
1609         }
1610
1611         result = 0;
1612
1613         /* Exit code */
1614
1615  done:
1616         poptFreeContext(pc);
1617         return result;
1618 }