LCOV - code coverage report
Current view: top level - nsswitch - wbinfo.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 819 1367 59.9 %
Date: 2021-09-23 10:06:22 Functions: 44 59 74.6 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    Winbind status program.
       5             : 
       6             :    Copyright (C) Tim Potter      2000-2003
       7             :    Copyright (C) Andrew Bartlett 2002-2007
       8             :    Copyright (C) Volker Lendecke 2009
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             : 
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "winbind_client.h"
      26             : #include "libwbclient/wbclient.h"
      27             : #include "../libcli/auth/libcli_auth.h"
      28             : #include "lib/cmdline/cmdline.h"
      29             : #include "lib/afs/afs_settoken.h"
      30             : #include "lib/util/smb_strtox.h"
      31             : #include "lib/util/string_wrappers.h"
      32             : 
      33             : #ifdef DBGC_CLASS
      34             : #undef DBGC_CLASS
      35             : #define DBGC_CLASS DBGC_WINBIND
      36             : #endif
      37             : 
      38        1193 : static struct wbcInterfaceDetails *init_interface_details(void)
      39             : {
      40        1193 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
      41             :         static struct wbcInterfaceDetails *details;
      42             : 
      43        1193 :         if (details) {
      44         408 :                 return details;
      45             :         }
      46             : 
      47         785 :         wbc_status = wbcInterfaceDetails(&details);
      48         785 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
      49           6 :                 d_fprintf(stderr, "could not obtain winbind interface "
      50             :                                   "details: %s\n", wbcErrorString(wbc_status));
      51             :         }
      52             : 
      53         785 :         return details;
      54             : }
      55             : 
      56         615 : static char winbind_separator(void)
      57             : {
      58             :         struct wbcInterfaceDetails *details;
      59             :         static bool got_sep;
      60             :         static char sep;
      61             : 
      62         615 :         if (got_sep)
      63          35 :                 return sep;
      64             : 
      65         580 :         details = init_interface_details();
      66             : 
      67         580 :         if (!details) {
      68           0 :                 d_fprintf(stderr, "could not obtain winbind separator!\n");
      69           0 :                 return 0;
      70             :         }
      71             : 
      72         580 :         sep = details->winbind_separator;
      73         580 :         got_sep = true;
      74             : 
      75         580 :         if (!sep) {
      76           0 :                 d_fprintf(stderr, "winbind separator was NULL!\n");
      77           0 :                 return 0;
      78             :         }
      79             : 
      80         580 :         return sep;
      81             : }
      82             : 
      83         494 : static const char *get_winbind_domain(void)
      84             : {
      85             :         static struct wbcInterfaceDetails *details;
      86             : 
      87         494 :         details = init_interface_details();
      88             : 
      89         494 :         if (!details) {
      90           6 :                 d_fprintf(stderr, "could not obtain winbind domain name!\n");
      91           6 :                 return 0;
      92             :         }
      93             : 
      94         488 :         return details->netbios_domain;
      95             : }
      96             : 
      97         119 : static const char *get_winbind_netbios_name(void)
      98             : {
      99             :         static struct wbcInterfaceDetails *details;
     100             : 
     101         119 :         details = init_interface_details();
     102             : 
     103         119 :         if (!details) {
     104           0 :                 d_fprintf(stderr, "could not obtain winbind netbios name!\n");
     105           0 :                 return 0;
     106             :         }
     107             : 
     108         119 :         return details->netbios_name;
     109             : }
     110             : 
     111             : /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
     112             :    form DOMAIN/user into a domain and a user */
     113             : 
     114         475 : static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
     115             :                                      fstring user)
     116             : {
     117             : 
     118         475 :         char *p = strchr(domuser,winbind_separator());
     119             : 
     120         475 :         if (!p) {
     121             :                 /* Maybe it was a UPN? */
     122         184 :                 p = strchr(domuser, '@');
     123         184 :                 if (p != NULL) {
     124          14 :                         fstrcpy(domain, "");
     125          14 :                         fstrcpy(user, domuser);
     126          14 :                         return true;
     127             :                 }
     128             : 
     129         170 :                 fstrcpy(user, domuser);
     130         170 :                 fstrcpy(domain, get_winbind_domain());
     131         170 :                 return true;
     132             :         }
     133             : 
     134         291 :         fstrcpy(user, p+1);
     135         291 :         fstrcpy(domain, domuser);
     136         291 :         domain[PTR_DIFF(p, domuser)] = 0;
     137             : 
     138         291 :         return true;
     139             : }
     140             : 
     141             : /* Parse string of "uid,sid" or "gid,sid" into separate int and string values.
     142             :  * Return true if input was valid, false otherwise. */
     143           0 : static bool parse_mapping_arg(char *arg, int *id, char **sid)
     144             : {
     145             :         char *tmp;
     146           0 :         int error = 0;
     147             : 
     148           0 :         if (!arg || !*arg)
     149           0 :                 return false;
     150             : 
     151           0 :         tmp = strtok(arg, ",");
     152           0 :         *sid = strtok(NULL, ",");
     153             : 
     154           0 :         if (!tmp || !*tmp || !*sid || !**sid)
     155           0 :                 return false;
     156             : 
     157             :         /* Because atoi() can return 0 on invalid input, which would be a valid
     158             :          * UID/GID we must use strtoul() and do error checking */
     159           0 :         *id = smb_strtoul(tmp, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
     160           0 :         if (error != 0)
     161           0 :                 return false;
     162             : 
     163           0 :         return true;
     164             : }
     165             : 
     166             : /* pull pwent info for a given user */
     167             : 
     168          62 : static bool wbinfo_get_userinfo(char *user)
     169             : {
     170          62 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     171          62 :         struct passwd *pwd = NULL;
     172             : 
     173          62 :         wbc_status = wbcGetpwnam(user, &pwd);
     174          62 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     175           4 :                 d_fprintf(stderr, "failed to call wbcGetpwnam: %s\n",
     176             :                           wbcErrorString(wbc_status));
     177           4 :                 return false;
     178             :         }
     179             : 
     180         198 :         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
     181          58 :                  pwd->pw_name,
     182          58 :                  pwd->pw_passwd,
     183          58 :                  (unsigned int)pwd->pw_uid,
     184          58 :                  (unsigned int)pwd->pw_gid,
     185          58 :                  pwd->pw_gecos,
     186          58 :                  pwd->pw_dir,
     187          58 :                  pwd->pw_shell);
     188             : 
     189          58 :         wbcFreeMemory(pwd);
     190             : 
     191          58 :         return true;
     192             : }
     193             : 
     194             : /* pull pwent info for a given uid */
     195           9 : static bool wbinfo_get_uidinfo(int uid)
     196             : {
     197           9 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     198           9 :         struct passwd *pwd = NULL;
     199             : 
     200           9 :         wbc_status = wbcGetpwuid(uid, &pwd);
     201           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     202           0 :                 d_fprintf(stderr, "failed to call wbcGetpwuid: %s\n",
     203             :                           wbcErrorString(wbc_status));
     204           0 :                 return false;
     205             :         }
     206             : 
     207          33 :         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
     208           9 :                  pwd->pw_name,
     209           9 :                  pwd->pw_passwd,
     210           9 :                  (unsigned int)pwd->pw_uid,
     211           9 :                  (unsigned int)pwd->pw_gid,
     212           9 :                  pwd->pw_gecos,
     213           9 :                  pwd->pw_dir,
     214           9 :                  pwd->pw_shell);
     215             : 
     216           9 :         wbcFreeMemory(pwd);
     217             : 
     218           9 :         return true;
     219             : }
     220             : 
     221           0 : static bool wbinfo_get_user_sidinfo(const char *sid_str)
     222             : {
     223           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     224           0 :         struct passwd *pwd = NULL;
     225             :         struct wbcDomainSid sid;
     226             : 
     227           0 :         wbc_status = wbcStringToSid(sid_str, &sid);
     228           0 :         wbc_status = wbcGetpwsid(&sid, &pwd);
     229           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     230           0 :                 d_fprintf(stderr, "failed to call wbcGetpwsid: %s\n",
     231             :                           wbcErrorString(wbc_status));
     232           0 :                 return false;
     233             :         }
     234             : 
     235           0 :         d_printf("%s:%s:%u:%u:%s:%s:%s\n",
     236           0 :                  pwd->pw_name,
     237           0 :                  pwd->pw_passwd,
     238           0 :                  (unsigned int)pwd->pw_uid,
     239           0 :                  (unsigned int)pwd->pw_gid,
     240           0 :                  pwd->pw_gecos,
     241           0 :                  pwd->pw_dir,
     242           0 :                  pwd->pw_shell);
     243             : 
     244           0 :         wbcFreeMemory(pwd);
     245             : 
     246           0 :         return true;
     247             : }
     248             : 
     249             : 
     250             : /* pull grent for a given group */
     251          27 : static bool wbinfo_get_groupinfo(const char *group)
     252             : {
     253          27 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     254             :         struct group *grp;
     255             :         char **mem;
     256             : 
     257          27 :         wbc_status = wbcGetgrnam(group, &grp);
     258          27 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     259           9 :                 d_fprintf(stderr, "failed to call wbcGetgrnam: %s\n",
     260             :                           wbcErrorString(wbc_status));
     261           9 :                 return false;
     262             :         }
     263             : 
     264          30 :         d_printf("%s:%s:%u:",
     265          18 :                  grp->gr_name,
     266          18 :                  grp->gr_passwd,
     267          18 :                  (unsigned int)grp->gr_gid);
     268             : 
     269          18 :         mem = grp->gr_mem;
     270          30 :         while (*mem != NULL) {
     271           0 :                 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
     272           0 :                 mem += 1;
     273             :         }
     274          18 :         d_printf("\n");
     275             : 
     276          18 :         wbcFreeMemory(grp);
     277             : 
     278          18 :         return true;
     279             : }
     280             : 
     281             : /* pull grent for a given gid */
     282           9 : static bool wbinfo_get_gidinfo(int gid)
     283             : {
     284           9 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     285             :         struct group *grp;
     286             :         char **mem;
     287             : 
     288           9 :         wbc_status = wbcGetgrgid(gid, &grp);
     289           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     290           0 :                 d_fprintf(stderr, "failed to call wbcGetgrgid: %s\n",
     291             :                           wbcErrorString(wbc_status));
     292           0 :                 return false;
     293             :         }
     294             : 
     295          15 :         d_printf("%s:%s:%u:",
     296           9 :                  grp->gr_name,
     297           9 :                  grp->gr_passwd,
     298           9 :                  (unsigned int)grp->gr_gid);
     299             : 
     300           9 :         mem = grp->gr_mem;
     301          15 :         while (*mem != NULL) {
     302           0 :                 d_printf("%s%s", *mem, *(mem+1) != NULL ? "," : "");
     303           0 :                 mem += 1;
     304             :         }
     305           9 :         d_printf("\n");
     306             : 
     307           9 :         wbcFreeMemory(grp);
     308             : 
     309           9 :         return true;
     310             : }
     311             : 
     312             : /* List groups a user is a member of */
     313             : 
     314          23 : static bool wbinfo_get_usergroups(const char *user)
     315             : {
     316          23 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     317             :         uint32_t num_groups;
     318             :         uint32_t i;
     319          23 :         gid_t *groups = NULL;
     320             : 
     321             :         /* Send request */
     322             : 
     323          23 :         wbc_status = wbcGetGroups(user, &num_groups, &groups);
     324          23 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     325           0 :                 d_fprintf(stderr, "failed to call wbcGetGroups: %s\n",
     326             :                           wbcErrorString(wbc_status));
     327           0 :                 return false;
     328             :         }
     329             : 
     330         237 :         for (i = 0; i < num_groups; i++) {
     331         214 :                 d_printf("%d\n", (int)groups[i]);
     332             :         }
     333             : 
     334          23 :         wbcFreeMemory(groups);
     335             : 
     336          23 :         return true;
     337             : }
     338             : 
     339             : 
     340             : /* List group SIDs a user SID is a member of */
     341           9 : static bool wbinfo_get_usersids(const char *user_sid_str)
     342             : {
     343           9 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     344             :         uint32_t num_sids;
     345             :         uint32_t i;
     346           9 :         struct wbcDomainSid user_sid, *sids = NULL;
     347             : 
     348             :         /* Send request */
     349             : 
     350           9 :         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
     351           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     352           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
     353             :                           wbcErrorString(wbc_status));
     354           0 :                 return false;
     355             :         }
     356             : 
     357           9 :         wbc_status = wbcLookupUserSids(&user_sid, false, &num_sids, &sids);
     358           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     359           0 :                 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
     360             :                           wbcErrorString(wbc_status));
     361           0 :                 return false;
     362             :         }
     363             : 
     364          86 :         for (i = 0; i < num_sids; i++) {
     365             :                 char str[WBC_SID_STRING_BUFLEN];
     366          77 :                 wbcSidToStringBuf(&sids[i], str, sizeof(str));
     367          77 :                 d_printf("%s\n", str);
     368             :         }
     369             : 
     370           9 :         wbcFreeMemory(sids);
     371             : 
     372           9 :         return true;
     373             : }
     374             : 
     375           9 : static bool wbinfo_get_userdomgroups(const char *user_sid_str)
     376             : {
     377           9 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     378             :         uint32_t num_sids;
     379             :         uint32_t i;
     380           9 :         struct wbcDomainSid user_sid, *sids = NULL;
     381             : 
     382             :         /* Send request */
     383             : 
     384           9 :         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
     385           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     386           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
     387             :                           wbcErrorString(wbc_status));
     388           0 :                 return false;
     389             :         }
     390             : 
     391           9 :         wbc_status = wbcLookupUserSids(&user_sid, true, &num_sids, &sids);
     392           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     393           0 :                 d_fprintf(stderr, "failed to call wbcLookupUserSids: %s\n",
     394             :                           wbcErrorString(wbc_status));
     395           0 :                 return false;
     396             :         }
     397             : 
     398          70 :         for (i = 0; i < num_sids; i++) {
     399             :                 char str[WBC_SID_STRING_BUFLEN];
     400          61 :                 wbcSidToStringBuf(&sids[i], str, sizeof(str));
     401          61 :                 d_printf("%s\n", str);
     402             :         }
     403             : 
     404           9 :         wbcFreeMemory(sids);
     405             : 
     406           9 :         return true;
     407             : }
     408             : 
     409           0 : static bool wbinfo_get_sidaliases(const char *domain,
     410             :                                   const char *user_sid_str)
     411             : {
     412           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     413           0 :         struct wbcDomainInfo *dinfo = NULL;
     414             :         uint32_t i;
     415             :         struct wbcDomainSid user_sid;
     416           0 :         uint32_t *alias_rids = NULL;
     417             :         uint32_t num_alias_rids;
     418             :         char domain_sid_str[WBC_SID_STRING_BUFLEN];
     419             : 
     420             :         /* Send request */
     421           0 :         if ((domain == NULL) || (strequal(domain, ".")) ||
     422           0 :            (domain[0] == '\0')) {
     423           0 :                 domain = get_winbind_domain();
     424             :         }
     425             : 
     426             :         /* Send request */
     427             : 
     428           0 :         wbc_status = wbcDomainInfo(domain, &dinfo);
     429           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     430           0 :                 d_fprintf(stderr, "wbcDomainInfo(%s) failed: %s\n", domain,
     431             :                           wbcErrorString(wbc_status));
     432           0 :                 goto done;
     433             :         }
     434           0 :         wbc_status = wbcStringToSid(user_sid_str, &user_sid);
     435           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     436           0 :                 goto done;
     437             :         }
     438             : 
     439           0 :         wbc_status = wbcGetSidAliases(&dinfo->sid, &user_sid, 1,
     440             :             &alias_rids, &num_alias_rids);
     441           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     442           0 :                 goto done;
     443             :         }
     444             : 
     445           0 :         wbcSidToStringBuf(&dinfo->sid, domain_sid_str, sizeof(domain_sid_str));
     446             : 
     447           0 :         for (i = 0; i < num_alias_rids; i++) {
     448           0 :                 d_printf("%s-%d\n", domain_sid_str, alias_rids[i]);
     449             :         }
     450             : 
     451           0 :         wbcFreeMemory(alias_rids);
     452             : 
     453           0 : done:
     454           0 :         wbcFreeMemory(dinfo);
     455           0 :         return (WBC_ERR_SUCCESS == wbc_status);
     456             : }
     457             : 
     458             : 
     459             : /* Convert NetBIOS name to IP */
     460             : 
     461           9 : static bool wbinfo_wins_byname(const char *name)
     462             : {
     463           9 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     464           9 :         char *ip = NULL;
     465             : 
     466           9 :         wbc_status = wbcResolveWinsByName(name, &ip);
     467           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     468           0 :                 d_fprintf(stderr, "failed to call wbcResolveWinsByName: %s\n",
     469             :                           wbcErrorString(wbc_status));
     470           0 :                 return false;
     471             :         }
     472             : 
     473             :         /* Display response */
     474             : 
     475           9 :         d_printf("%s\n", ip);
     476             : 
     477           9 :         wbcFreeMemory(ip);
     478             : 
     479           9 :         return true;
     480             : }
     481             : 
     482             : /* Convert IP to NetBIOS name */
     483             : 
     484           9 : static bool wbinfo_wins_byip(const char *ip)
     485             : {
     486           9 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     487           9 :         char *name = NULL;
     488             : 
     489           9 :         wbc_status = wbcResolveWinsByIP(ip, &name);
     490           9 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     491           0 :                 d_fprintf(stderr, "failed to call wbcResolveWinsByIP: %s\n",
     492             :                           wbcErrorString(wbc_status));
     493           0 :                 return false;
     494             :         }
     495             : 
     496             :         /* Display response */
     497             : 
     498           9 :         d_printf("%s\n", name);
     499             : 
     500           9 :         wbcFreeMemory(name);
     501             : 
     502           9 :         return true;
     503             : }
     504             : 
     505             : /* List all/trusted domains */
     506             : 
     507          42 : static bool wbinfo_list_domains(bool list_all_domains, bool verbose)
     508             : {
     509          42 :         struct wbcDomainInfo *domain_list = NULL;
     510             :         size_t i, num_domains;
     511          42 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     512          42 :         bool print_all = !list_all_domains && verbose;
     513             : 
     514          42 :         wbc_status = wbcListTrusts(&domain_list, &num_domains);
     515          42 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     516           0 :                 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
     517             :                           wbcErrorString(wbc_status));
     518           0 :                 return false;
     519             :         }
     520             : 
     521          42 :         if (print_all) {
     522           0 :                 d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
     523             :                          "Domain Name", "DNS Domain", "Trust Type",
     524             :                          "Transitive", "In", "Out");
     525             :         }
     526             : 
     527         164 :         for (i=0; i<num_domains; i++) {
     528         122 :                 if (print_all) {
     529           0 :                         d_printf("%-16s", domain_list[i].short_name);
     530             :                 } else {
     531         122 :                         d_printf("%s", domain_list[i].short_name);
     532         122 :                         d_printf("\n");
     533         122 :                         continue;
     534             :                 }
     535             : 
     536           0 :                 d_printf("%-65s", domain_list[i].dns_name);
     537             : 
     538           0 :                 switch(domain_list[i].trust_type) {
     539           0 :                 case WBC_DOMINFO_TRUSTTYPE_NONE:
     540           0 :                         if (domain_list[i].trust_routing != NULL) {
     541           0 :                                 d_printf("%s\n", domain_list[i].trust_routing);
     542             :                         } else {
     543           0 :                                 d_printf("None\n");
     544             :                         }
     545           0 :                         continue;
     546           0 :                 case WBC_DOMINFO_TRUSTTYPE_LOCAL:
     547           0 :                         d_printf("Local\n");
     548           0 :                         continue;
     549           0 :                 case WBC_DOMINFO_TRUSTTYPE_RWDC:
     550           0 :                         d_printf("RWDC\n");
     551           0 :                         continue;
     552           0 :                 case WBC_DOMINFO_TRUSTTYPE_RODC:
     553           0 :                         d_printf("RODC\n");
     554           0 :                         continue;
     555           0 :                 case WBC_DOMINFO_TRUSTTYPE_PDC:
     556           0 :                         d_printf("PDC\n");
     557           0 :                         continue;
     558           0 :                 case WBC_DOMINFO_TRUSTTYPE_WKSTA:
     559           0 :                         d_printf("Workstation ");
     560           0 :                         break;
     561           0 :                 case WBC_DOMINFO_TRUSTTYPE_FOREST:
     562           0 :                         d_printf("Forest      ");
     563           0 :                         break;
     564           0 :                 case WBC_DOMINFO_TRUSTTYPE_EXTERNAL:
     565           0 :                         d_printf("External    ");
     566           0 :                         break;
     567           0 :                 case WBC_DOMINFO_TRUSTTYPE_IN_FOREST:
     568           0 :                         d_printf("In-Forest   ");
     569           0 :                         break;
     570             :                 }
     571             : 
     572           0 :                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_TRANSITIVE) {
     573           0 :                         d_printf("Yes         ");
     574             :                 } else {
     575           0 :                         d_printf("No          ");
     576             :                 }
     577             : 
     578           0 :                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_INCOMING) {
     579           0 :                         d_printf("Yes  ");
     580             :                 } else {
     581           0 :                         d_printf("No   ");
     582             :                 }
     583             : 
     584           0 :                 if (domain_list[i].trust_flags & WBC_DOMINFO_TRUST_OUTGOING) {
     585           0 :                         d_printf("Yes  ");
     586             :                 } else {
     587           0 :                         d_printf("No   ");
     588             :                 }
     589             : 
     590           0 :                 d_printf("\n");
     591             :         }
     592             : 
     593          42 :         wbcFreeMemory(domain_list);
     594             : 
     595          42 :         return true;
     596             : }
     597             : 
     598             : /* List own domain */
     599             : 
     600          42 : static bool wbinfo_list_own_domain(void)
     601             : {
     602          42 :         d_printf("%s\n", get_winbind_domain());
     603             : 
     604          42 :         return true;
     605             : }
     606             : 
     607             : /* show sequence numbers */
     608           9 : static bool wbinfo_show_sequence(const char *domain)
     609             : {
     610           9 :         d_printf("This command has been deprecated.  Please use the "
     611             :                  "--online-status option instead.\n");
     612           9 :         return false;
     613             : }
     614             : 
     615             : /* show sequence numbers */
     616          48 : static bool wbinfo_show_onlinestatus(const char *domain)
     617             : {
     618          48 :         struct wbcDomainInfo *domain_list = NULL;
     619             :         size_t i, num_domains;
     620          48 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     621             : 
     622          48 :         wbc_status = wbcListTrusts(&domain_list, &num_domains);
     623          48 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     624           0 :                 d_fprintf(stderr, "failed to call wbcListTrusts: %s\n",
     625             :                           wbcErrorString(wbc_status));
     626           0 :                 return false;
     627             :         }
     628             : 
     629         184 :         for (i=0; i<num_domains; i++) {
     630             :                 bool is_offline;
     631             : 
     632         136 :                 if (domain) {
     633         102 :                         if (!strequal(domain_list[i].short_name, domain)) {
     634          66 :                                 continue;
     635             :                         }
     636             :                 }
     637             : 
     638          70 :                 is_offline = (domain_list[i].domain_flags &
     639             :                               WBC_DOMINFO_DOMAIN_OFFLINE);
     640             : 
     641         121 :                 d_printf("%s : %s\n",
     642          70 :                          domain_list[i].short_name,
     643             :                          is_offline ? "no active connection" : "active connection" );
     644             :         }
     645             : 
     646          48 :         wbcFreeMemory(domain_list);
     647             : 
     648          48 :         return true;
     649             : }
     650             : 
     651             : 
     652             : /* Show domain info */
     653             : 
     654          35 : static bool wbinfo_domain_info(const char *domain)
     655             : {
     656          35 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     657          35 :         struct wbcDomainInfo *dinfo = NULL;
     658             :         char sid_str[WBC_SID_STRING_BUFLEN];
     659             : 
     660          35 :         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
     661           0 :                 domain = get_winbind_domain();
     662             :         }
     663             : 
     664             :         /* Send request */
     665             : 
     666          35 :         wbc_status = wbcDomainInfo(domain, &dinfo);
     667          35 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     668           0 :                 d_fprintf(stderr, "failed to call wbcDomainInfo: %s\n",
     669             :                           wbcErrorString(wbc_status));
     670           0 :                 return false;
     671             :         }
     672             : 
     673          35 :         wbcSidToStringBuf(&dinfo->sid, sid_str, sizeof(sid_str));
     674             : 
     675             :         /* Display response */
     676             : 
     677          35 :         d_printf("Name              : %s\n", dinfo->short_name);
     678          35 :         d_printf("Alt_Name          : %s\n", dinfo->dns_name);
     679             : 
     680          35 :         d_printf("SID               : %s\n", sid_str);
     681             : 
     682          35 :         d_printf("Active Directory  : %s\n",
     683          35 :                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_AD) ? "Yes" : "No");
     684          35 :         d_printf("Native            : %s\n",
     685          35 :                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_NATIVE) ?
     686             :                  "Yes" : "No");
     687             : 
     688          35 :         d_printf("Primary           : %s\n",
     689          35 :                  (dinfo->domain_flags & WBC_DOMINFO_DOMAIN_PRIMARY) ?
     690             :                  "Yes" : "No");
     691             : 
     692          35 :         wbcFreeMemory(dinfo);
     693             : 
     694          35 :         return true;
     695             : }
     696             : 
     697             : /* Get a foreign DC's name */
     698           9 : static bool wbinfo_getdcname(const char *domain_name)
     699             : {
     700             :         struct winbindd_request request;
     701             :         struct winbindd_response response;
     702             : 
     703           9 :         ZERO_STRUCT(request);
     704           9 :         ZERO_STRUCT(response);
     705             : 
     706           9 :         fstrcpy(request.domain_name, domain_name);
     707             : 
     708             :         /* Send request */
     709             : 
     710           9 :         if (winbindd_request_response(NULL, WINBINDD_GETDCNAME, &request,
     711             :                                       &response) != NSS_STATUS_SUCCESS) {
     712           0 :                 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
     713           0 :                 return false;
     714             :         }
     715             : 
     716             :         /* Display response */
     717             : 
     718           9 :         d_printf("%s\n", response.data.dc_name);
     719             : 
     720           9 :         return true;
     721             : }
     722             : 
     723             : /* Find a DC */
     724           0 : static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
     725             : {
     726           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     727             :         struct wbcDomainControllerInfoEx *dc_info;
     728           0 :         char *str = NULL;
     729             : 
     730           0 :         wbc_status = wbcLookupDomainControllerEx(domain_name, NULL, NULL,
     731             :                                                  flags | DS_DIRECTORY_SERVICE_REQUIRED,
     732             :                                                  &dc_info);
     733           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     734           0 :                 printf("Could not find dc for %s\n", domain_name);
     735           0 :                 return false;
     736             :         }
     737             : 
     738           0 :         wbcGuidToString(dc_info->domain_guid, &str);
     739             : 
     740           0 :         d_printf("%s\n", dc_info->dc_unc);
     741           0 :         d_printf("%s\n", dc_info->dc_address);
     742           0 :         d_printf("%d\n", dc_info->dc_address_type);
     743           0 :         d_printf("%s\n", str);
     744           0 :         d_printf("%s\n", dc_info->domain_name);
     745           0 :         d_printf("%s\n", dc_info->forest_name);
     746           0 :         d_printf("0x%08x\n", dc_info->dc_flags);
     747           0 :         d_printf("%s\n", dc_info->dc_site_name);
     748           0 :         d_printf("%s\n", dc_info->client_site_name);
     749             : 
     750           0 :         wbcFreeMemory(str);
     751           0 :         wbcFreeMemory(dc_info);
     752             : 
     753           0 :         return true;
     754             : }
     755             : 
     756             : /* Check trust account password */
     757             : 
     758          39 : static bool wbinfo_check_secret(const char *domain)
     759             : {
     760          39 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     761          39 :         struct wbcAuthErrorInfo *error = NULL;
     762             :         const char *domain_name;
     763             : 
     764          39 :         if (domain) {
     765          30 :                 domain_name = domain;
     766             :         } else {
     767           9 :                 domain_name = get_winbind_domain();
     768             :         }
     769             : 
     770          39 :         wbc_status = wbcCheckTrustCredentials(domain_name, &error);
     771             : 
     772          39 :         d_printf("checking the trust secret for domain %s via RPC calls %s\n",
     773             :                 domain_name,
     774             :                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
     775             : 
     776          39 :         if (wbc_status == WBC_ERR_AUTH_ERROR) {
     777           0 :                 d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
     778           0 :                           domain_name, error->nt_string, error->nt_status);
     779           0 :                 wbcFreeMemory(error);
     780             :         }
     781          39 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     782           0 :                 d_fprintf(stderr, "failed to call wbcCheckTrustCredentials: "
     783             :                           "%s\n", wbcErrorString(wbc_status));
     784           0 :                 return false;
     785             :         }
     786             : 
     787          39 :         return true;
     788             : }
     789             : 
     790             : /* Find the currently connected DCs */
     791             : 
     792           2 : static bool wbinfo_dc_info(const char *domain_name)
     793             : {
     794           2 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     795             :         size_t i, num_dcs;
     796             :         const char **dc_names, **dc_ips;
     797             : 
     798           2 :         wbc_status = wbcDcInfo(domain_name, &num_dcs,
     799             :                                &dc_names, &dc_ips);
     800           2 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     801           0 :                 printf("Could not find dc info %s\n",
     802             :                        domain_name ? domain_name : "our domain");
     803           0 :                 return false;
     804             :         }
     805             : 
     806           4 :         for (i=0; i<num_dcs; i++) {
     807           2 :                 printf("%s (%s)\n", dc_names[i], dc_ips[i]);
     808             :         }
     809           2 :         wbcFreeMemory(dc_names);
     810           2 :         wbcFreeMemory(dc_ips);
     811             : 
     812           2 :         return true;
     813             : }
     814             : 
     815             : /* Change trust account password */
     816             : 
     817          28 : static bool wbinfo_change_secret(const char *domain)
     818             : {
     819          28 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     820          28 :         struct wbcAuthErrorInfo *error = NULL;
     821             :         const char *domain_name;
     822             : 
     823          28 :         if (domain) {
     824          18 :                 domain_name = domain;
     825             :         } else {
     826          10 :                 domain_name = get_winbind_domain();
     827             :         }
     828             : 
     829          28 :         wbc_status = wbcChangeTrustCredentials(domain_name, &error);
     830             : 
     831          28 :         d_printf("changing the trust secret for domain %s via RPC calls %s\n",
     832             :                 domain_name,
     833             :                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
     834             : 
     835          28 :         if (wbc_status == WBC_ERR_AUTH_ERROR) {
     836           0 :                 d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
     837           0 :                           domain_name, error->nt_string, error->nt_status);
     838           0 :                 wbcFreeMemory(error);
     839             :         }
     840          28 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     841           0 :                 d_fprintf(stderr, "failed to call wbcChangeTrustCredentials: "
     842             :                           "%s\n", wbcErrorString(wbc_status));
     843           0 :                 return false;
     844             :         }
     845             : 
     846          28 :         return true;
     847             : }
     848             : 
     849             : /* Check DC connection */
     850             : 
     851         104 : static bool wbinfo_ping_dc(const char *domain)
     852             : {
     853         104 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     854         104 :         struct wbcAuthErrorInfo *error = NULL;
     855         104 :         char *dcname = NULL;
     856             : 
     857             :         const char *domain_name;
     858             : 
     859         104 :         if (domain) {
     860           6 :                 domain_name = domain;
     861             :         } else {
     862          98 :                 domain_name = get_winbind_domain();
     863             :         }
     864             : 
     865         104 :         wbc_status = wbcPingDc2(domain_name, &error, &dcname);
     866             : 
     867         208 :         d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
     868             :                  domain_name ? domain_name : "",
     869         104 :                  dcname ? dcname : "",
     870             :                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
     871             : 
     872         104 :         wbcFreeMemory(dcname);
     873         104 :         if (wbc_status == WBC_ERR_AUTH_ERROR) {
     874           0 :                 d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
     875           0 :                           domain_name, error->nt_string, error->nt_status);
     876           0 :                 wbcFreeMemory(error);
     877           0 :                 return false;
     878             :         }
     879         104 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     880          10 :                 d_fprintf(stderr, "failed to call wbcPingDc: %s\n",
     881             :                           wbcErrorString(wbc_status));
     882          10 :                 return false;
     883             :         }
     884             : 
     885          92 :         return true;
     886             : }
     887             : 
     888             : /* Convert uid to sid */
     889             : 
     890          56 : static bool wbinfo_uid_to_sid(uid_t uid)
     891             : {
     892          56 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     893             :         struct wbcDomainSid sid;
     894             :         char sid_str[WBC_SID_STRING_BUFLEN];
     895             : 
     896             :         /* Send request */
     897             : 
     898          56 :         wbc_status = wbcUidToSid(uid, &sid);
     899          56 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     900           4 :                 d_fprintf(stderr, "failed to call wbcUidToSid: %s\n",
     901             :                           wbcErrorString(wbc_status));
     902           4 :                 return false;
     903             :         }
     904             : 
     905          52 :         wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
     906             : 
     907             :         /* Display response */
     908             : 
     909          52 :         d_printf("%s\n", sid_str);
     910             : 
     911          52 :         return true;
     912             : }
     913             : 
     914             : /* Convert gid to sid */
     915             : 
     916         100 : static bool wbinfo_gid_to_sid(gid_t gid)
     917             : {
     918         100 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     919             :         struct wbcDomainSid sid;
     920             :         char sid_str[WBC_SID_STRING_BUFLEN];
     921             : 
     922             :         /* Send request */
     923             : 
     924         100 :         wbc_status = wbcGidToSid(gid, &sid);
     925         100 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     926           4 :                 d_fprintf(stderr, "failed to call wbcGidToSid: %s\n",
     927             :                           wbcErrorString(wbc_status));
     928           4 :                 return false;
     929             :         }
     930             : 
     931          96 :         wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
     932             : 
     933             :         /* Display response */
     934             : 
     935          96 :         d_printf("%s\n", sid_str);
     936             : 
     937          96 :         return true;
     938             : }
     939             : 
     940             : /* Convert sid to uid */
     941             : 
     942          90 : static bool wbinfo_sid_to_uid(const char *sid_str)
     943             : {
     944          90 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     945             :         struct wbcDomainSid sid;
     946             :         uid_t uid;
     947             : 
     948             :         /* Send request */
     949             : 
     950          90 :         wbc_status = wbcStringToSid(sid_str, &sid);
     951          90 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     952           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
     953             :                           wbcErrorString(wbc_status));
     954           0 :                 return false;
     955             :         }
     956             : 
     957          90 :         wbc_status = wbcSidToUid(&sid, &uid);
     958          90 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     959           9 :                 d_fprintf(stderr, "failed to call wbcSidToUid: %s\n",
     960             :                           wbcErrorString(wbc_status));
     961           9 :                 return false;
     962             :         }
     963             : 
     964             :         /* Display response */
     965             : 
     966          81 :         d_printf("%d\n", (int)uid);
     967             : 
     968          81 :         return true;
     969             : }
     970             : 
     971         222 : static bool wbinfo_sid_to_gid(const char *sid_str)
     972             : {
     973         222 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
     974             :         struct wbcDomainSid sid;
     975             :         gid_t gid;
     976             : 
     977             :         /* Send request */
     978             : 
     979         222 :         wbc_status = wbcStringToSid(sid_str, &sid);
     980         222 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     981           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
     982             :                           wbcErrorString(wbc_status));
     983           0 :                 return false;
     984             :         }
     985             : 
     986         222 :         wbc_status = wbcSidToGid(&sid, &gid);
     987         222 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
     988          21 :                 d_fprintf(stderr, "failed to call wbcSidToGid: %s\n",
     989             :                           wbcErrorString(wbc_status));
     990          21 :                 return false;
     991             :         }
     992             : 
     993             :         /* Display response */
     994             : 
     995         201 :         d_printf("%d\n", (int)gid);
     996             : 
     997         201 :         return true;
     998             : }
     999             : 
    1000          44 : static bool wbinfo_sids_to_unix_ids(const char *arg)
    1001             : {
    1002             :         char sidstr[WBC_SID_STRING_BUFLEN];
    1003             :         struct wbcDomainSid *sids;
    1004             :         struct wbcUnixId *unix_ids;
    1005             :         int i, num_sids;
    1006             :         const char *p;
    1007             :         wbcErr wbc_status;
    1008             : 
    1009             : 
    1010          44 :         num_sids = 0;
    1011          44 :         sids = NULL;
    1012          44 :         p = arg;
    1013             : 
    1014         302 :         while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
    1015         226 :                 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
    1016             :                                       num_sids+1);
    1017         226 :                 if (sids == NULL) {
    1018           0 :                         d_fprintf(stderr, "talloc failed\n");
    1019           0 :                         return false;
    1020             :                 }
    1021         226 :                 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
    1022         226 :                 if (!WBC_ERROR_IS_OK(wbc_status)) {
    1023           0 :                         d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
    1024             :                                   sidstr, wbcErrorString(wbc_status));
    1025           0 :                         TALLOC_FREE(sids);
    1026           0 :                         return false;
    1027             :                 }
    1028         226 :                 num_sids += 1;
    1029             :         }
    1030             : 
    1031          44 :         unix_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_sids);
    1032          44 :         if (unix_ids == NULL) {
    1033           0 :                 TALLOC_FREE(sids);
    1034           0 :                 return false;
    1035             :         }
    1036             : 
    1037          44 :         wbc_status = wbcSidsToUnixIds(sids, num_sids, unix_ids);
    1038          44 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1039           0 :                 d_fprintf(stderr, "wbcSidsToUnixIds failed: %s\n",
    1040             :                           wbcErrorString(wbc_status));
    1041           0 :                 TALLOC_FREE(sids);
    1042           0 :                 return false;
    1043             :         }
    1044             : 
    1045         270 :         for (i=0; i<num_sids; i++) {
    1046             : 
    1047         226 :                 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
    1048             : 
    1049         226 :                 switch(unix_ids[i].type) {
    1050           0 :                 case WBC_ID_TYPE_UID:
    1051           0 :                         d_printf("%s -> uid %d\n", sidstr, unix_ids[i].id.uid);
    1052           0 :                         break;
    1053         122 :                 case WBC_ID_TYPE_GID:
    1054         122 :                         d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
    1055         122 :                         break;
    1056          98 :                 case WBC_ID_TYPE_BOTH:
    1057          98 :                         d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
    1058          98 :                         break;
    1059           6 :                 default:
    1060           6 :                         d_printf("%s -> unmapped\n", sidstr);
    1061           6 :                         break;
    1062             :                 }
    1063             :         }
    1064             : 
    1065          44 :         TALLOC_FREE(sids);
    1066          44 :         TALLOC_FREE(unix_ids);
    1067             : 
    1068          44 :         return true;
    1069             : }
    1070             : 
    1071           2 : static bool wbinfo_xids_to_sids(const char *arg)
    1072             : {
    1073             :         fstring idstr;
    1074           2 :         struct wbcUnixId *xids = NULL;
    1075             :         struct wbcDomainSid *sids;
    1076             :         wbcErr wbc_status;
    1077           2 :         int num_xids = 0;
    1078             :         const char *p;
    1079             :         int i;
    1080             : 
    1081           2 :         p = arg;
    1082             : 
    1083          73 :         while (next_token(&p, idstr, LIST_SEP, sizeof(idstr))) {
    1084          70 :                 xids = talloc_realloc(talloc_tos(), xids, struct wbcUnixId,
    1085             :                                       num_xids+1);
    1086          70 :                 if (xids == NULL) {
    1087           0 :                         d_fprintf(stderr, "talloc failed\n");
    1088           0 :                         return false;
    1089             :                 }
    1090             : 
    1091          70 :                 switch (idstr[0]) {
    1092           0 :                 case 'u':
    1093           0 :                         xids[num_xids] = (struct wbcUnixId) {
    1094             :                                 .type = WBC_ID_TYPE_UID,
    1095           0 :                                 .id.uid = atoi(&idstr[1])
    1096             :                         };
    1097           0 :                         break;
    1098          70 :                 case 'g':
    1099         105 :                         xids[num_xids] = (struct wbcUnixId) {
    1100             :                                 .type = WBC_ID_TYPE_GID,
    1101          70 :                                 .id.gid = atoi(&idstr[1])
    1102             :                         };
    1103          70 :                         break;
    1104           0 :                 default:
    1105           0 :                         d_fprintf(stderr, "%s is an invalid id\n", idstr);
    1106           0 :                         TALLOC_FREE(xids);
    1107           0 :                         return false;
    1108             :                 }
    1109          70 :                 num_xids += 1;
    1110             :         }
    1111             : 
    1112           2 :         sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_xids);
    1113           2 :         if (sids == NULL) {
    1114           0 :                 d_fprintf(stderr, "talloc failed\n");
    1115           0 :                 TALLOC_FREE(xids);
    1116           0 :                 return false;
    1117             :         }
    1118             : 
    1119           2 :         wbc_status = wbcUnixIdsToSids(xids, num_xids, sids);
    1120           2 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1121           0 :                 d_fprintf(stderr, "wbcUnixIdsToSids failed: %s\n",
    1122             :                           wbcErrorString(wbc_status));
    1123           0 :                 TALLOC_FREE(sids);
    1124           0 :                 TALLOC_FREE(xids);
    1125           0 :                 return false;
    1126             :         }
    1127             : 
    1128          72 :         for (i=0; i<num_xids; i++) {
    1129             :                 char str[WBC_SID_STRING_BUFLEN];
    1130          70 :                 struct wbcDomainSid null_sid = { 0 };
    1131             : 
    1132          70 :                 if (memcmp(&null_sid, &sids[i], sizeof(struct wbcDomainSid)) == 0) {
    1133           0 :                         d_printf("NOT MAPPED\n");
    1134           0 :                         continue;
    1135             :                 }
    1136          70 :                 wbcSidToStringBuf(&sids[i], str, sizeof(str));
    1137          70 :                 d_printf("%s\n", str);
    1138             :         }
    1139             : 
    1140           2 :         return true;
    1141             : }
    1142             : 
    1143          12 : static bool wbinfo_allocate_uid(void)
    1144             : {
    1145          12 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1146             :         uid_t uid;
    1147             : 
    1148             :         /* Send request */
    1149             : 
    1150          12 :         wbc_status = wbcAllocateUid(&uid);
    1151          12 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1152           6 :                 d_fprintf(stderr, "failed to call wbcAllocateUid: %s\n",
    1153             :                           wbcErrorString(wbc_status));
    1154           6 :                 return false;
    1155             :         }
    1156             : 
    1157             :         /* Display response */
    1158             : 
    1159           6 :         d_printf("New uid: %u\n", (unsigned int)uid);
    1160             : 
    1161           6 :         return true;
    1162             : }
    1163             : 
    1164          12 : static bool wbinfo_allocate_gid(void)
    1165             : {
    1166          12 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1167             :         gid_t gid;
    1168             : 
    1169             :         /* Send request */
    1170             : 
    1171          12 :         wbc_status = wbcAllocateGid(&gid);
    1172          12 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1173           6 :                 d_fprintf(stderr, "failed to call wbcAllocateGid: %s\n",
    1174             :                           wbcErrorString(wbc_status));
    1175           6 :                 return false;
    1176             :         }
    1177             : 
    1178             :         /* Display response */
    1179             : 
    1180           6 :         d_printf("New gid: %u\n", (unsigned int)gid);
    1181             : 
    1182           6 :         return true;
    1183             : }
    1184             : 
    1185           0 : static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str)
    1186             : {
    1187           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1188             :         struct wbcDomainSid sid;
    1189             : 
    1190             :         /* Send request */
    1191             : 
    1192           0 :         wbc_status = wbcStringToSid(sid_str, &sid);
    1193           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1194           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
    1195             :                           wbcErrorString(wbc_status));
    1196           0 :                 return false;
    1197             :         }
    1198             : 
    1199           0 :         wbc_status = wbcSetUidMapping(uid, &sid);
    1200           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1201           0 :                 d_fprintf(stderr, "failed to call wbcSetUidMapping: %s\n",
    1202             :                           wbcErrorString(wbc_status));
    1203           0 :                 return false;
    1204             :         }
    1205             : 
    1206             :         /* Display response */
    1207             : 
    1208           0 :         d_printf("uid %u now mapped to sid %s\n",
    1209             :                 (unsigned int)uid, sid_str);
    1210             : 
    1211           0 :         return true;
    1212             : }
    1213             : 
    1214           0 : static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str)
    1215             : {
    1216           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1217             :         struct wbcDomainSid sid;
    1218             : 
    1219             :         /* Send request */
    1220             : 
    1221           0 :         wbc_status = wbcStringToSid(sid_str, &sid);
    1222           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1223           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
    1224             :                           wbcErrorString(wbc_status));
    1225           0 :                 return false;
    1226             :         }
    1227             : 
    1228           0 :         wbc_status = wbcSetGidMapping(gid, &sid);
    1229           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1230           0 :                 d_fprintf(stderr, "failed to call wbcSetGidMapping: %s\n",
    1231             :                           wbcErrorString(wbc_status));
    1232           0 :                 return false;
    1233             :         }
    1234             : 
    1235             :         /* Display response */
    1236             : 
    1237           0 :         d_printf("gid %u now mapped to sid %s\n",
    1238             :                 (unsigned int)gid, sid_str);
    1239             : 
    1240           0 :         return true;
    1241             : }
    1242             : 
    1243           0 : static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str)
    1244             : {
    1245           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1246             :         struct wbcDomainSid sid;
    1247             : 
    1248             :         /* Send request */
    1249             : 
    1250           0 :         wbc_status = wbcStringToSid(sid_str, &sid);
    1251           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1252           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
    1253             :                           wbcErrorString(wbc_status));
    1254           0 :                 return false;
    1255             :         }
    1256             : 
    1257           0 :         wbc_status = wbcRemoveUidMapping(uid, &sid);
    1258           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1259           0 :                 d_fprintf(stderr, "failed to call wbcRemoveUidMapping: %s\n",
    1260             :                           wbcErrorString(wbc_status));
    1261           0 :                 return false;
    1262             :         }
    1263             : 
    1264             :         /* Display response */
    1265             : 
    1266           0 :         d_printf("Removed uid %u to sid %s mapping\n",
    1267             :                 (unsigned int)uid, sid_str);
    1268             : 
    1269           0 :         return true;
    1270             : }
    1271             : 
    1272           0 : static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str)
    1273             : {
    1274           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1275             :         struct wbcDomainSid sid;
    1276             : 
    1277             :         /* Send request */
    1278             : 
    1279           0 :         wbc_status = wbcStringToSid(sid_str, &sid);
    1280           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1281           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
    1282             :                           wbcErrorString(wbc_status));
    1283           0 :                 return false;
    1284             :         }
    1285             : 
    1286           0 :         wbc_status = wbcRemoveGidMapping(gid, &sid);
    1287           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1288           0 :                 d_fprintf(stderr, "failed to call wbcRemoveGidMapping: %s\n",
    1289             :                           wbcErrorString(wbc_status));
    1290           0 :                 return false;
    1291             :         }
    1292             : 
    1293             :         /* Display response */
    1294             : 
    1295           0 :         d_printf("Removed gid %u to sid %s mapping\n",
    1296             :                 (unsigned int)gid, sid_str);
    1297             : 
    1298           0 :         return true;
    1299             : }
    1300             : 
    1301             : /* Convert sid to string */
    1302             : 
    1303          88 : static bool wbinfo_lookupsid(const char *sid_str)
    1304             : {
    1305          88 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1306             :         struct wbcDomainSid sid;
    1307             :         char *domain;
    1308             :         char *name;
    1309             :         enum wbcSidType type;
    1310             : 
    1311             :         /* Send off request */
    1312             : 
    1313          88 :         wbc_status = wbcStringToSid(sid_str, &sid);
    1314          88 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1315           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
    1316             :                           wbcErrorString(wbc_status));
    1317           0 :                 return false;
    1318             :         }
    1319             : 
    1320          88 :         wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
    1321          88 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1322           4 :                 d_fprintf(stderr, "failed to call wbcLookupSid: %s\n",
    1323             :                           wbcErrorString(wbc_status));
    1324           4 :                 return false;
    1325             :         }
    1326             : 
    1327             :         /* Display response */
    1328             : 
    1329          84 :         if (type == WBC_SID_NAME_DOMAIN) {
    1330           0 :                 d_printf("%s %d\n", domain, type);
    1331             :         } else {
    1332         139 :                 d_printf("%s%c%s %d\n",
    1333          84 :                          domain, winbind_separator(), name, type);
    1334             :         }
    1335             : 
    1336          84 :         wbcFreeMemory(domain);
    1337          84 :         wbcFreeMemory(name);
    1338             : 
    1339          84 :         return true;
    1340             : }
    1341             : 
    1342             : /* Convert sid to fullname */
    1343             : 
    1344           0 : static bool wbinfo_lookupsid_fullname(const char *sid_str)
    1345             : {
    1346           0 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1347             :         struct wbcDomainSid sid;
    1348             :         char *domain;
    1349             :         char *name;
    1350             :         enum wbcSidType type;
    1351             : 
    1352             :         /* Send off request */
    1353             : 
    1354           0 :         wbc_status = wbcStringToSid(sid_str, &sid);
    1355           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1356           0 :                 d_fprintf(stderr, "failed to call wbcStringToSid: %s\n",
    1357             :                           wbcErrorString(wbc_status));
    1358           0 :                 return false;
    1359             :         }
    1360             : 
    1361           0 :         wbc_status = wbcGetDisplayName(&sid, &domain, &name, &type);
    1362           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1363           0 :                 d_fprintf(stderr, "failed to call wbcGetDisplayName: %s\n",
    1364             :                           wbcErrorString(wbc_status));
    1365           0 :                 return false;
    1366             :         }
    1367             : 
    1368             :         /* Display response */
    1369             : 
    1370           0 :         d_printf("%s%c%s %d\n",
    1371           0 :                  domain, winbind_separator(), name, type);
    1372             : 
    1373           0 :         wbcFreeMemory(domain);
    1374           0 :         wbcFreeMemory(name);
    1375             : 
    1376           0 :         return true;
    1377             : }
    1378             : 
    1379             : /* Lookup a list of RIDs */
    1380             : 
    1381           4 : static bool wbinfo_lookuprids(const char *domain, const char *arg)
    1382             : {
    1383           4 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1384             :         struct wbcDomainSid dsid;
    1385           4 :         char *domain_name = NULL;
    1386           4 :         const char **names = NULL;
    1387           4 :         enum wbcSidType *types = NULL;
    1388             :         size_t i, num_rids;
    1389           4 :         uint32_t *rids = NULL;
    1390             :         const char *p;
    1391             :         char *ridstr;
    1392           4 :         TALLOC_CTX *mem_ctx = NULL;
    1393           4 :         bool ret = false;
    1394             : 
    1395           4 :         if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0')){
    1396           4 :                 domain = get_winbind_domain();
    1397             :         }
    1398             : 
    1399           4 :         wbc_status = wbcStringToSid(domain, &dsid);
    1400           4 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1401           4 :                 struct wbcDomainInfo *dinfo = NULL;
    1402             : 
    1403           4 :                 wbc_status = wbcDomainInfo(domain, &dinfo);
    1404           4 :                 if (!WBC_ERROR_IS_OK(wbc_status)) {
    1405           0 :                         d_printf("wbcDomainInfo(%s) failed: %s\n", domain,
    1406             :                                  wbcErrorString(wbc_status));
    1407           0 :                         goto done;
    1408             :                 }
    1409             : 
    1410           4 :                 dsid = dinfo->sid;
    1411           4 :                 wbcFreeMemory(dinfo);
    1412             :         }
    1413             : 
    1414           4 :         mem_ctx = talloc_new(NULL);
    1415           4 :         if (mem_ctx == NULL) {
    1416           0 :                 d_printf("talloc_new failed\n");
    1417           0 :                 goto done;
    1418             :         }
    1419             : 
    1420           4 :         num_rids = 0;
    1421           4 :         rids = NULL;
    1422           4 :         p = arg;
    1423             : 
    1424          16 :         while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) {
    1425           8 :                 int error = 0;
    1426             :                 uint32_t rid;
    1427             : 
    1428           8 :                 rid = smb_strtoul(ridstr, NULL, 10, &error, SMB_STR_STANDARD);
    1429           8 :                 if (error != 0) {
    1430           0 :                         d_printf("failed to convert rid\n");
    1431           0 :                         goto done;
    1432             :                 }
    1433           8 :                 rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1);
    1434           8 :                 if (rids == NULL) {
    1435           0 :                         d_printf("talloc_realloc failed\n");
    1436             :                 }
    1437           8 :                 rids[num_rids] = rid;
    1438           8 :                 num_rids += 1;
    1439             :         }
    1440             : 
    1441           4 :         if (rids == NULL) {
    1442           0 :                 d_printf("no rids\n");
    1443           0 :                 goto done;
    1444             :         }
    1445             : 
    1446           4 :         wbc_status = wbcLookupRids(
    1447             :                 &dsid, num_rids, rids, &p, &names, &types);
    1448           4 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1449           0 :                 d_printf("winbind_lookup_rids failed: %s\n",
    1450             :                          wbcErrorString(wbc_status));
    1451           0 :                 goto done;
    1452             :         }
    1453             : 
    1454           4 :         domain_name = discard_const_p(char, p);
    1455           4 :         d_printf("Domain: %s\n", domain_name);
    1456             : 
    1457          12 :         for (i=0; i<num_rids; i++) {
    1458           8 :                 d_printf("%8d: %s (%s)\n", rids[i], names[i],
    1459           8 :                          wbcSidTypeString(types[i]));
    1460             :         }
    1461             : 
    1462           4 :         ret = true;
    1463           4 : done:
    1464           4 :         wbcFreeMemory(domain_name);
    1465           4 :         wbcFreeMemory(names);
    1466           4 :         wbcFreeMemory(types);
    1467           4 :         TALLOC_FREE(mem_ctx);
    1468           4 :         return ret;
    1469             : }
    1470             : 
    1471           0 : static bool wbinfo_lookup_sids(const char *arg)
    1472             : {
    1473             :         char sidstr[WBC_SID_STRING_BUFLEN];
    1474             :         struct wbcDomainSid *sids;
    1475             :         struct wbcDomainInfo *domains;
    1476             :         struct wbcTranslatedName *names;
    1477             :         int num_domains;
    1478             :         int i, num_sids;
    1479             :         const char *p;
    1480             :         wbcErr wbc_status;
    1481             : 
    1482             : 
    1483           0 :         num_sids = 0;
    1484           0 :         sids = NULL;
    1485           0 :         p = arg;
    1486             : 
    1487           0 :         while (next_token(&p, sidstr, LIST_SEP, sizeof(sidstr))) {
    1488           0 :                 sids = talloc_realloc(talloc_tos(), sids, struct wbcDomainSid,
    1489             :                                       num_sids+1);
    1490           0 :                 if (sids == NULL) {
    1491           0 :                         d_fprintf(stderr, "talloc failed\n");
    1492           0 :                         return false;
    1493             :                 }
    1494           0 :                 wbc_status = wbcStringToSid(sidstr, &sids[num_sids]);
    1495           0 :                 if (!WBC_ERROR_IS_OK(wbc_status)) {
    1496           0 :                         d_fprintf(stderr, "wbcSidToString(%s) failed: %s\n",
    1497             :                                   sidstr, wbcErrorString(wbc_status));
    1498           0 :                         TALLOC_FREE(sids);
    1499           0 :                         return false;
    1500             :                 }
    1501           0 :                 num_sids += 1;
    1502             :         }
    1503             : 
    1504           0 :         wbc_status = wbcLookupSids(sids, num_sids, &domains, &num_domains,
    1505             :                                    &names);
    1506           0 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1507           0 :                 d_fprintf(stderr, "wbcLookupSids failed: %s\n",
    1508             :                           wbcErrorString(wbc_status));
    1509           0 :                 TALLOC_FREE(sids);
    1510           0 :                 return false;
    1511             :         }
    1512             : 
    1513           0 :         for (i=0; i<num_sids; i++) {
    1514           0 :                 const char *domain = NULL;
    1515             : 
    1516           0 :                 wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
    1517             : 
    1518           0 :                 if (names[i].domain_index >= num_domains) {
    1519           0 :                         domain = "<none>";
    1520           0 :                 } else if (names[i].domain_index < 0) {
    1521           0 :                         domain = "<none>";
    1522             :                 } else {
    1523           0 :                         domain = domains[names[i].domain_index].short_name;
    1524             :                 }
    1525             : 
    1526           0 :                 if (names[i].type == WBC_SID_NAME_DOMAIN) {
    1527           0 :                         d_printf("%s -> %s %d\n", sidstr,
    1528             :                                  domain,
    1529           0 :                                  names[i].type);
    1530             :                 } else {
    1531           0 :                         d_printf("%s -> %s%c%s %d\n", sidstr,
    1532             :                                  domain,
    1533           0 :                                  winbind_separator(),
    1534           0 :                                  names[i].name, names[i].type);
    1535             :                 }
    1536             :         }
    1537           0 :         wbcFreeMemory(names);
    1538           0 :         wbcFreeMemory(domains);
    1539           0 :         return true;
    1540             : }
    1541             : 
    1542             : /* Convert string to sid */
    1543             : 
    1544         355 : static bool wbinfo_lookupname(const char *full_name)
    1545             : {
    1546         355 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1547             :         struct wbcDomainSid sid;
    1548             :         char sid_str[WBC_SID_STRING_BUFLEN];
    1549             :         enum wbcSidType type;
    1550             :         fstring domain_name;
    1551             :         fstring account_name;
    1552             : 
    1553             :         /* Send off request */
    1554             : 
    1555         355 :         parse_wbinfo_domain_user(full_name, domain_name,
    1556             :                                  account_name);
    1557             : 
    1558         355 :         wbc_status = wbcLookupName(domain_name, account_name,
    1559             :                                    &sid, &type);
    1560         355 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1561          20 :                 d_fprintf(stderr, "failed to call wbcLookupName: %s\n",
    1562             :                           wbcErrorString(wbc_status));
    1563          20 :                 return false;
    1564             :         }
    1565             : 
    1566         335 :         wbcSidToStringBuf(&sid, sid_str, sizeof(sid_str));
    1567             : 
    1568             :         /* Display response */
    1569             : 
    1570         335 :         d_printf("%s %s (%d)\n", sid_str, wbcSidTypeString(type), type);
    1571             : 
    1572         335 :         return true;
    1573             : }
    1574             : 
    1575           0 : static char *wbinfo_prompt_pass(TALLOC_CTX *mem_ctx,
    1576             :                                 const char *prefix,
    1577             :                                 const char *username)
    1578             : {
    1579             :         char *prompt;
    1580           0 :         char buf[1024] = {0};
    1581             :         int rc;
    1582             : 
    1583           0 :         prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
    1584           0 :         if (!prompt) {
    1585           0 :                 return NULL;
    1586             :         }
    1587           0 :         if (prefix) {
    1588           0 :                 prompt = talloc_asprintf_append(prompt, "%s ", prefix);
    1589           0 :                 if (!prompt) {
    1590           0 :                         return NULL;
    1591             :                 }
    1592             :         }
    1593           0 :         prompt = talloc_asprintf_append(prompt, "password: ");
    1594           0 :         if (!prompt) {
    1595           0 :                 return NULL;
    1596             :         }
    1597             : 
    1598           0 :         rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
    1599           0 :         TALLOC_FREE(prompt);
    1600           0 :         if (rc < 0) {
    1601           0 :                 return NULL;
    1602             :         }
    1603             : 
    1604           0 :         return talloc_strdup(mem_ctx, buf);
    1605             : }
    1606             : 
    1607             : /* Authenticate a user with a plaintext password */
    1608             : 
    1609          48 : static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
    1610             : {
    1611          48 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1612          48 :         char *s = NULL;
    1613          48 :         char *p = NULL;
    1614          48 :         char *password = NULL;
    1615          48 :         char *name = NULL;
    1616          48 :         char *local_cctype = NULL;
    1617             :         uid_t uid;
    1618             :         struct wbcLogonUserParams params;
    1619             :         struct wbcLogonUserInfo *info;
    1620             :         struct wbcAuthErrorInfo *error;
    1621             :         struct wbcUserPasswordPolicyInfo *policy;
    1622          48 :         TALLOC_CTX *frame = talloc_tos();
    1623             : 
    1624          48 :         if ((s = talloc_strdup(frame, username)) == NULL) {
    1625           0 :                 return false;
    1626             :         }
    1627             : 
    1628          48 :         if ((p = strchr(s, '%')) != NULL) {
    1629          48 :                 *p = 0;
    1630          48 :                 p++;
    1631          48 :                 password = talloc_strdup(frame, p);
    1632             :         } else {
    1633           0 :                 password = wbinfo_prompt_pass(frame, NULL, username);
    1634             :         }
    1635             : 
    1636          48 :         local_cctype = talloc_strdup(frame, cctype);
    1637             : 
    1638          48 :         name = s;
    1639             : 
    1640          48 :         uid = geteuid();
    1641             : 
    1642          48 :         params.username = name;
    1643          48 :         params.password = password;
    1644          48 :         params.num_blobs = 0;
    1645          48 :         params.blobs = NULL;
    1646             : 
    1647          48 :         wbc_status = wbcAddNamedBlob(&params.num_blobs,
    1648             :                                      &params.blobs,
    1649             :                                      "flags",
    1650             :                                      0,
    1651             :                                      (uint8_t *)&flags,
    1652             :                                      sizeof(flags));
    1653          48 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1654           0 :                 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
    1655             :                           wbcErrorString(wbc_status));
    1656           0 :                 goto done;
    1657             :         }
    1658             : 
    1659          48 :         wbc_status = wbcAddNamedBlob(&params.num_blobs,
    1660             :                                      &params.blobs,
    1661             :                                      "user_uid",
    1662             :                                      0,
    1663             :                                      (uint8_t *)&uid,
    1664             :                                      sizeof(uid));
    1665          48 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1666           0 :                 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
    1667             :                           wbcErrorString(wbc_status));
    1668           0 :                 goto done;
    1669             :         }
    1670             : 
    1671          48 :         wbc_status = wbcAddNamedBlob(&params.num_blobs,
    1672             :                                      &params.blobs,
    1673             :                                      "krb5_cc_type",
    1674             :                                      0,
    1675             :                                      (uint8_t *)local_cctype,
    1676          48 :                                      strlen(cctype)+1);
    1677          48 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1678           0 :                 d_fprintf(stderr, "failed to call wbcAddNamedBlob: %s\n",
    1679             :                           wbcErrorString(wbc_status));
    1680           0 :                 goto done;
    1681             :         }
    1682             : 
    1683          48 :         wbc_status = wbcLogonUser(&params, &info, &error, &policy);
    1684             : 
    1685          48 :         d_printf("plaintext kerberos password authentication for [%s] %s "
    1686             :                  "(requesting cctype: %s)\n",
    1687             :                  name, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed",
    1688             :                  cctype);
    1689             : 
    1690          48 :         if (error) {
    1691          21 :                 d_fprintf(stderr,
    1692             :                          "wbcLogonUser(%s): error code was %s (0x%x)\n"
    1693             :                          "error message was: %s\n",
    1694           9 :                          params.username, error->nt_string,
    1695           9 :                          error->nt_status,
    1696           9 :                          error->display_string);
    1697             :         }
    1698             : 
    1699          48 :         if (WBC_ERROR_IS_OK(wbc_status)) {
    1700          39 :                 if (flags & WBFLAG_PAM_INFO3_TEXT) {
    1701          39 :                         if (info && info->info && info->info->user_flags &
    1702             :                             NETLOGON_CACHED_ACCOUNT) {
    1703           8 :                                 d_printf("user_flgs: "
    1704             :                                          "NETLOGON_CACHED_ACCOUNT\n");
    1705             :                         }
    1706             :                 }
    1707             : 
    1708          39 :                 if (info) {
    1709             :                         size_t i;
    1710          39 :                         for (i=0; i < info->num_blobs; i++) {
    1711           8 :                                 if (strequal(info->blobs[i].name,
    1712             :                                              "krb5ccname")) {
    1713           8 :                                         d_printf("credentials were put "
    1714             :                                                  "in: %s\n",
    1715             :                                                 (const char *)
    1716           8 :                                                       info->blobs[i].blob.data);
    1717           8 :                                         break;
    1718             :                                 }
    1719             :                         }
    1720             :                 } else {
    1721           0 :                         d_printf("no credentials cached\n");
    1722             :                 }
    1723             :         }
    1724          36 :  done:
    1725             : 
    1726          48 :         wbcFreeMemory(params.blobs);
    1727             : 
    1728          48 :         return WBC_ERROR_IS_OK(wbc_status);
    1729             : }
    1730             : 
    1731             : /* Authenticate a user with a plaintext password */
    1732             : 
    1733         120 : static bool wbinfo_auth(char *username)
    1734             : {
    1735         120 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1736         120 :         char *s = NULL;
    1737         120 :         char *p = NULL;
    1738         120 :         char *password = NULL;
    1739         120 :         char *name = NULL;
    1740         120 :         TALLOC_CTX *frame = talloc_tos();
    1741             : 
    1742         120 :         if ((s = talloc_strdup(frame, username)) == NULL) {
    1743           0 :                 return false;
    1744             :         }
    1745             : 
    1746         120 :         if ((p = strchr(s, '%')) != NULL) {
    1747         120 :                 *p = 0;
    1748         120 :                 p++;
    1749         120 :                 password = talloc_strdup(frame, p);
    1750             :         } else {
    1751           0 :                 password = wbinfo_prompt_pass(frame, NULL, username);
    1752             :         }
    1753             : 
    1754         120 :         name = s;
    1755             : 
    1756         120 :         wbc_status = wbcAuthenticateUser(name, password);
    1757             : 
    1758         120 :         d_printf("plaintext password authentication %s\n",
    1759             :                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
    1760             : 
    1761             : #if 0
    1762             :         if (response.data.auth.nt_status)
    1763             :                 d_fprintf(stderr,
    1764             :                          "error code was %s (0x%x)\nerror message was: %s\n",
    1765             :                          response.data.auth.nt_status_string,
    1766             :                          response.data.auth.nt_status,
    1767             :                          response.data.auth.error_string);
    1768             : #endif
    1769             : 
    1770         120 :         return WBC_ERROR_IS_OK(wbc_status);
    1771             : }
    1772             : 
    1773             : /* Authenticate a user with a challenge/response */
    1774             : 
    1775         120 : static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
    1776             : {
    1777         120 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1778             :         struct wbcAuthUserParams params;
    1779         120 :         struct wbcAuthUserInfo *info = NULL;
    1780         120 :         struct wbcAuthErrorInfo *err = NULL;
    1781         120 :         DATA_BLOB lm = data_blob_null;
    1782         120 :         DATA_BLOB nt = data_blob_null;
    1783             :         fstring name_user;
    1784             :         fstring name_domain;
    1785             :         char *pass;
    1786             :         char *p;
    1787         120 :         TALLOC_CTX *frame = talloc_tos();
    1788             : 
    1789         120 :         p = strchr(username, '%');
    1790             : 
    1791         120 :         if (p) {
    1792         120 :                 *p = 0;
    1793         120 :                 pass = talloc_strdup(frame, p + 1);
    1794             :         } else {
    1795           0 :                 pass = wbinfo_prompt_pass(frame, NULL, username);
    1796             :         }
    1797             : 
    1798         120 :         parse_wbinfo_domain_user(username, name_domain, name_user);
    1799             : 
    1800         120 :         params.account_name     = name_user;
    1801         120 :         params.domain_name      = name_domain;
    1802         120 :         params.workstation_name = NULL;
    1803             : 
    1804         120 :         params.flags            = 0;
    1805         120 :         params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
    1806             :                                   WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
    1807             : 
    1808         120 :         params.level            = WBC_AUTH_USER_LEVEL_RESPONSE;
    1809             : 
    1810         120 :         generate_random_buffer(params.password.response.challenge, 8);
    1811             : 
    1812         120 :         if (use_ntlmv2) {
    1813             :                 DATA_BLOB server_chal;
    1814             :                 DATA_BLOB names_blob;
    1815         119 :                 const char *netbios_name = NULL;
    1816         119 :                 const char *domain = NULL;
    1817             : 
    1818         119 :                 netbios_name = get_winbind_netbios_name(),
    1819         119 :                 domain = get_winbind_domain();
    1820         119 :                 if (domain == NULL) {
    1821           0 :                         d_fprintf(stderr, "Failed to get domain from winbindd\n");
    1822           0 :                         return false;
    1823             :                 }
    1824             : 
    1825         119 :                 server_chal = data_blob(params.password.response.challenge, 8);
    1826             : 
    1827             :                 /* Pretend this is a login to 'us', for blob purposes */
    1828         119 :                 names_blob = NTLMv2_generate_names_blob(NULL,
    1829             :                                                         netbios_name,
    1830             :                                                         domain);
    1831             : 
    1832         196 :                 if (pass != NULL &&
    1833         119 :                     !SMBNTLMv2encrypt(NULL, name_user, name_domain, pass,
    1834             :                                       &server_chal,
    1835             :                                       &names_blob,
    1836             :                                       &lm, &nt, NULL, NULL)) {
    1837           0 :                         data_blob_free(&names_blob);
    1838           0 :                         data_blob_free(&server_chal);
    1839           0 :                         TALLOC_FREE(pass);
    1840           0 :                         return false;
    1841             :                 }
    1842         119 :                 data_blob_free(&names_blob);
    1843         119 :                 data_blob_free(&server_chal);
    1844             : 
    1845             :         } else {
    1846           1 :                 if (use_lanman) {
    1847             :                         bool ok;
    1848           0 :                         lm = data_blob(NULL, 24);
    1849           0 :                         ok = SMBencrypt(pass,
    1850             :                                         params.password.response.challenge,
    1851             :                                         lm.data);
    1852           0 :                         if (!ok) {
    1853           0 :                                 data_blob_free(&lm);
    1854             :                         }
    1855             :                 }
    1856           1 :                 nt = data_blob(NULL, 24);
    1857           1 :                 SMBNTencrypt(pass, params.password.response.challenge,
    1858             :                              nt.data);
    1859             :         }
    1860             : 
    1861         120 :         params.password.response.nt_length      = nt.length;
    1862         120 :         params.password.response.nt_data        = nt.data;
    1863         120 :         params.password.response.lm_length      = lm.length;
    1864         120 :         params.password.response.lm_data        = lm.data;
    1865             : 
    1866         120 :         wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
    1867             : 
    1868             :         /* Display response */
    1869             : 
    1870         120 :         d_printf("challenge/response password authentication %s\n",
    1871             :                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
    1872             : 
    1873         120 :         if (wbc_status == WBC_ERR_AUTH_ERROR) {
    1874         131 :                 d_fprintf(stderr,
    1875             :                          "wbcAuthenticateUserEx(%s%c%s): error code was "
    1876             :                           "%s (0x%x, authoritative=%"PRIu8")\n"
    1877             :                          "error message was: %s\n",
    1878             :                          name_domain,
    1879          35 :                          winbind_separator(),
    1880             :                          name_user,
    1881          35 :                          err->nt_string,
    1882          35 :                          err->nt_status,
    1883          35 :                          err->authoritative,
    1884          35 :                          err->display_string);
    1885          35 :                 wbcFreeMemory(err);
    1886          85 :         } else if (WBC_ERROR_IS_OK(wbc_status)) {
    1887          85 :                 wbcFreeMemory(info);
    1888             :         }
    1889             : 
    1890         120 :         data_blob_free(&nt);
    1891         120 :         data_blob_free(&lm);
    1892             : 
    1893         120 :         return WBC_ERROR_IS_OK(wbc_status);
    1894             : }
    1895             : 
    1896             : /* Authenticate a user with a plaintext password */
    1897             : 
    1898          24 : static bool wbinfo_pam_logon(char *username, bool verbose)
    1899             : {
    1900          24 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    1901             :         struct wbcLogonUserParams params;
    1902          24 :         struct wbcLogonUserInfo *info = NULL;
    1903          24 :         struct wbcAuthErrorInfo *error = NULL;
    1904          24 :         char *s = NULL;
    1905          24 :         char *p = NULL;
    1906          24 :         TALLOC_CTX *frame = talloc_tos();
    1907             :         uint32_t flags;
    1908             :         uint32_t uid;
    1909             : 
    1910          24 :         ZERO_STRUCT(params);
    1911             : 
    1912          24 :         if ((s = talloc_strdup(frame, username)) == NULL) {
    1913           0 :                 return false;
    1914             :         }
    1915             : 
    1916          24 :         if ((p = strchr(s, '%')) != NULL) {
    1917          24 :                 *p = 0;
    1918          24 :                 p++;
    1919          24 :                 params.password = talloc_strdup(frame, p);
    1920             :         } else {
    1921           0 :                 params.password = wbinfo_prompt_pass(frame, NULL, username);
    1922             :         }
    1923          24 :         params.username = s;
    1924             : 
    1925          24 :         flags = WBFLAG_PAM_CACHED_LOGIN;
    1926             : 
    1927          24 :         wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
    1928             :                                      "flags", 0,
    1929             :                                      (uint8_t *)&flags, sizeof(flags));
    1930          24 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1931           0 :                 d_printf("wbcAddNamedBlob failed: %s\n",
    1932             :                          wbcErrorString(wbc_status));
    1933           0 :                 return false;
    1934             :         }
    1935             : 
    1936          24 :         uid = getuid();
    1937             : 
    1938          24 :         wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
    1939             :                                      "user_uid", 0,
    1940             :                                      (uint8_t *)&uid, sizeof(uid));
    1941          24 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    1942           0 :                 d_printf("wbcAddNamedBlob failed: %s\n",
    1943             :                          wbcErrorString(wbc_status));
    1944           0 :                 return false;
    1945             :         }
    1946             : 
    1947          24 :         wbc_status = wbcLogonUser(&params, &info, &error, NULL);
    1948             : 
    1949          24 :         if (verbose && (info != NULL)) {
    1950           0 :                 struct wbcAuthUserInfo *i = info->info;
    1951             :                 uint32_t j;
    1952             : 
    1953           0 :                 if (i->account_name != NULL) {
    1954           0 :                         d_printf("account_name: %s\n", i->account_name);
    1955             :                 }
    1956           0 :                 if (i->user_principal != NULL) {
    1957           0 :                         d_printf("user_principal: %s\n", i->user_principal);
    1958             :                 }
    1959           0 :                 if (i->full_name != NULL) {
    1960           0 :                         d_printf("full_name: %s\n", i->full_name);
    1961             :                 }
    1962           0 :                 if (i->domain_name != NULL) {
    1963           0 :                         d_printf("domain_name: %s\n", i->domain_name);
    1964             :                 }
    1965           0 :                 if (i->dns_domain_name != NULL) {
    1966           0 :                         d_printf("dns_domain_name: %s\n", i->dns_domain_name);
    1967             :                 }
    1968           0 :                 if (i->logon_server != NULL) {
    1969           0 :                         d_printf("logon_server: %s\n", i->logon_server);
    1970             :                 }
    1971           0 :                 if (i->logon_script != NULL) {
    1972           0 :                         d_printf("logon_script: %s\n", i->logon_script);
    1973             :                 }
    1974           0 :                 if (i->profile_path != NULL) {
    1975           0 :                         d_printf("profile_path: %s\n", i->profile_path);
    1976             :                 }
    1977           0 :                 if (i->home_directory != NULL) {
    1978           0 :                         d_printf("home_directory: %s\n", i->home_directory);
    1979             :                 }
    1980           0 :                 if (i->home_drive != NULL) {
    1981           0 :                         d_printf("home_drive: %s\n", i->home_drive);
    1982             :                 }
    1983             : 
    1984           0 :                 d_printf("sids:");
    1985             : 
    1986           0 :                 for (j=0; j<i->num_sids; j++) {
    1987             :                         char buf[WBC_SID_STRING_BUFLEN];
    1988           0 :                         wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
    1989           0 :                         d_printf(" %s", buf);
    1990             :                 }
    1991           0 :                 d_printf("\n");
    1992             : 
    1993           0 :                 wbcFreeMemory(info);
    1994           0 :                 info = NULL;
    1995             :         }
    1996             : 
    1997          24 :         wbcFreeMemory(params.blobs);
    1998             : 
    1999          24 :         d_printf("plaintext password authentication %s\n",
    2000             :                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
    2001             : 
    2002          24 :         if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
    2003          16 :                 d_fprintf(stderr,
    2004             :                           "wbcLogonUser(%s): error code was %s (0x%x)\n"
    2005             :                           "error message was: %s\n",
    2006             :                           params.username,
    2007           8 :                           error->nt_string,
    2008           8 :                           (int)error->nt_status,
    2009           8 :                           error->display_string);
    2010           8 :                 wbcFreeMemory(error);
    2011             :         }
    2012          24 :         return WBC_ERROR_IS_OK(wbc_status);
    2013             : }
    2014             : 
    2015             : /* Save creds with winbind */
    2016             : 
    2017          68 : static bool wbinfo_ccache_save(char *username)
    2018             : {
    2019          68 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    2020          68 :         char *s = NULL;
    2021          68 :         char *p = NULL;
    2022          68 :         char *password = NULL;
    2023          68 :         char *name = NULL;
    2024          68 :         TALLOC_CTX *frame = talloc_stackframe();
    2025             : 
    2026          68 :         s = talloc_strdup(frame, username);
    2027          68 :         if (s == NULL) {
    2028           0 :                 return false;
    2029             :         }
    2030             : 
    2031          68 :         p = strchr(s, '%');
    2032          68 :         if (p != NULL) {
    2033          68 :                 *p = 0;
    2034          68 :                 p++;
    2035          68 :                 password = talloc_strdup(frame, p);
    2036             :         } else {
    2037           0 :                 password = wbinfo_prompt_pass(frame, NULL, username);
    2038             :         }
    2039             : 
    2040          68 :         name = s;
    2041             : 
    2042          68 :         wbc_status = wbcCredentialSave(name, password);
    2043             : 
    2044          68 :         d_printf("saving creds %s\n",
    2045             :                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
    2046             : 
    2047          68 :         TALLOC_FREE(frame);
    2048             : 
    2049          68 :         return WBC_ERROR_IS_OK(wbc_status);
    2050             : }
    2051             : 
    2052             : #ifdef WITH_FAKE_KASERVER
    2053             : /* Authenticate a user with a plaintext password and set a token */
    2054             : 
    2055             : static bool wbinfo_klog(char *username)
    2056             : {
    2057             :         struct winbindd_request request;
    2058             :         struct winbindd_response response;
    2059             :         NSS_STATUS result;
    2060             :         char *p;
    2061             : 
    2062             :         /* Send off request */
    2063             : 
    2064             :         ZERO_STRUCT(request);
    2065             :         ZERO_STRUCT(response);
    2066             : 
    2067             :         p = strchr(username, '%');
    2068             : 
    2069             :         if (p) {
    2070             :                 *p = 0;
    2071             :                 fstrcpy(request.data.auth.user, username);
    2072             :                 fstrcpy(request.data.auth.pass, p + 1);
    2073             :                 *p = '%';
    2074             :         } else {
    2075             :                 fstrcpy(request.data.auth.user, username);
    2076             :                 (void) samba_getpass("Password: ",
    2077             :                                      request.data.auth.pass,
    2078             :                                      sizeof(request.data.auth.pass),
    2079             :                                      false, false);
    2080             :         }
    2081             : 
    2082             :         request.flags |= WBFLAG_PAM_AFS_TOKEN;
    2083             : 
    2084             :         result = winbindd_request_response(NULL, WINBINDD_PAM_AUTH, &request,
    2085             :                                            &response);
    2086             : 
    2087             :         /* Display response */
    2088             : 
    2089             :         d_printf("plaintext password authentication %s\n",
    2090             :                  (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
    2091             : 
    2092             :         if (response.data.auth.nt_status)
    2093             :                 d_fprintf(stderr,
    2094             :                          "error code was %s (0x%x)\nerror message was: %s\n",
    2095             :                          response.data.auth.nt_status_string,
    2096             :                          response.data.auth.nt_status,
    2097             :                          response.data.auth.error_string);
    2098             : 
    2099             :         if (result != NSS_STATUS_SUCCESS)
    2100             :                 return false;
    2101             : 
    2102             :         if (response.extra_data.data == NULL) {
    2103             :                 d_fprintf(stderr, "Did not get token data\n");
    2104             :                 return false;
    2105             :         }
    2106             : 
    2107             :         if (!afs_settoken_str((char *)response.extra_data.data)) {
    2108             :                 d_fprintf(stderr, "Could not set token\n");
    2109             :                 return false;
    2110             :         }
    2111             : 
    2112             :         d_printf("Successfully created AFS token\n");
    2113             :         return true;
    2114             : }
    2115             : #else
    2116           0 : static bool wbinfo_klog(char *username)
    2117             : {
    2118           0 :         d_fprintf(stderr, "No AFS support compiled in.\n");
    2119           0 :         return false;
    2120             : }
    2121             : #endif
    2122             : 
    2123             : /* Print domain users */
    2124             : 
    2125          21 : static bool print_domain_users(const char *domain)
    2126             : {
    2127          21 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    2128             :         uint32_t i;
    2129          21 :         uint32_t num_users = 0;
    2130          21 :         const char **users = NULL;
    2131             : 
    2132             :         /* Send request to winbind daemon */
    2133             : 
    2134          21 :         if (domain == NULL) {
    2135          21 :                 domain = get_winbind_domain();
    2136             :         } else {
    2137             :                 /* '.' is the special sign for our own domain */
    2138           0 :                 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
    2139           0 :                         domain = get_winbind_domain();
    2140             :                 /* '*' is the special sign for all domains */
    2141           0 :                 } else if (strcmp(domain, "*") == 0) {
    2142           0 :                         domain = NULL;
    2143             :                 }
    2144             :         }
    2145             : 
    2146          21 :         wbc_status = wbcListUsers(domain, &num_users, &users);
    2147          21 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    2148           0 :                 return false;
    2149             :         }
    2150             : 
    2151        1482 :         for (i=0; i < num_users; i++) {
    2152        1461 :                 d_printf("%s\n", users[i]);
    2153             :         }
    2154             : 
    2155          21 :         wbcFreeMemory(users);
    2156             : 
    2157          21 :         return true;
    2158             : }
    2159             : 
    2160             : /* Print domain groups */
    2161             : 
    2162          21 : static bool print_domain_groups(const char *domain)
    2163             : {
    2164          21 :         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
    2165             :         uint32_t i;
    2166          21 :         uint32_t num_groups = 0;
    2167          21 :         const char **groups = NULL;
    2168             : 
    2169             :         /* Send request to winbind daemon */
    2170             : 
    2171          21 :         if (domain == NULL) {
    2172          21 :                 domain = get_winbind_domain();
    2173             :         } else {
    2174             :                 /* '.' is the special sign for our own domain */
    2175           0 :                 if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
    2176           0 :                         domain = get_winbind_domain();
    2177             :                 /* '*' is the special sign for all domains */
    2178           0 :                 } else if (strcmp(domain, "*") == 0) {
    2179           0 :                         domain = NULL;
    2180             :                 }
    2181             :         }
    2182             : 
    2183          21 :         wbc_status = wbcListGroups(domain, &num_groups, &groups);
    2184          21 :         if (!WBC_ERROR_IS_OK(wbc_status)) {
    2185           0 :                 d_fprintf(stderr, "failed to call wbcListGroups: %s\n",
    2186             :                           wbcErrorString(wbc_status));
    2187           0 :                 return false;
    2188             :         }
    2189             : 
    2190        2118 :         for (i=0; i < num_groups; i++) {
    2191        2097 :                 d_printf("%s\n", groups[i]);
    2192             :         }
    2193             : 
    2194          21 :         wbcFreeMemory(groups);
    2195             : 
    2196          21 :         return true;
    2197             : }
    2198             : 
    2199             : /* Set the authorised user for winbindd access in secrets.tdb */
    2200             : 
    2201           0 : static bool wbinfo_set_auth_user(char *username)
    2202             : {
    2203           0 :         d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
    2204             :                           "See 'net help setauthuser' for details.\n");
    2205           0 :         return false;
    2206             : }
    2207             : 
    2208           0 : static void wbinfo_get_auth_user(void)
    2209             : {
    2210           0 :         d_fprintf(stderr, "This functionality was moved to the 'net' utility.\n"
    2211             :                           "See 'net help getauthuser' for details.\n");
    2212           0 : }
    2213             : 
    2214          35 : static bool wbinfo_ping(void)
    2215             : {
    2216             :         wbcErr wbc_status;
    2217             : 
    2218          35 :         wbc_status = wbcPing();
    2219             : 
    2220             :         /* Display response */
    2221             : 
    2222          35 :         d_printf("Ping to winbindd %s\n",
    2223             :                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
    2224             : 
    2225          35 :         return WBC_ERROR_IS_OK(wbc_status);
    2226             : }
    2227             : 
    2228           0 : static bool wbinfo_change_user_password(const char *username)
    2229             : {
    2230             :         wbcErr wbc_status;
    2231           0 :         char *old_password = NULL;
    2232           0 :         char *new_password = NULL;
    2233           0 :         TALLOC_CTX *frame = talloc_tos();
    2234             : 
    2235           0 :         old_password = wbinfo_prompt_pass(frame, "old", username);
    2236           0 :         new_password = wbinfo_prompt_pass(frame, "new", username);
    2237             : 
    2238           0 :         wbc_status = wbcChangeUserPassword(username, old_password,new_password);
    2239             : 
    2240             :         /* Display response */
    2241             : 
    2242           0 :         d_printf("Password change for user %s %s\n", username,
    2243             :                 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
    2244             : 
    2245           0 :         return WBC_ERROR_IS_OK(wbc_status);
    2246             : }
    2247             : 
    2248             : /* Main program */
    2249             : 
    2250             : enum {
    2251             :         OPT_SET_AUTH_USER = 1000,
    2252             :         OPT_GET_AUTH_USER,
    2253             :         OPT_DOMAIN_NAME,
    2254             :         OPT_SEQUENCE,
    2255             :         OPT_GETDCNAME,
    2256             :         OPT_DSGETDCNAME,
    2257             :         OPT_DC_INFO,
    2258             :         OPT_USERDOMGROUPS,
    2259             :         OPT_SIDALIASES,
    2260             :         OPT_USERSIDS,
    2261             :         OPT_LOOKUP_SIDS,
    2262             :         OPT_ALLOCATE_UID,
    2263             :         OPT_ALLOCATE_GID,
    2264             :         OPT_SET_UID_MAPPING,
    2265             :         OPT_SET_GID_MAPPING,
    2266             :         OPT_REMOVE_UID_MAPPING,
    2267             :         OPT_REMOVE_GID_MAPPING,
    2268             :         OPT_SIDS_TO_XIDS,
    2269             :         OPT_XIDS_TO_SIDS,
    2270             :         OPT_SEPARATOR,
    2271             :         OPT_LIST_ALL_DOMAINS,
    2272             :         OPT_LIST_OWN_DOMAIN,
    2273             :         OPT_UID_INFO,
    2274             :         OPT_USER_SIDINFO,
    2275             :         OPT_GROUP_INFO,
    2276             :         OPT_GID_INFO,
    2277             :         OPT_VERBOSE,
    2278             :         OPT_ONLINESTATUS,
    2279             :         OPT_CHANGE_USER_PASSWORD,
    2280             :         OPT_CCACHE_SAVE,
    2281             :         OPT_SID_TO_FULLNAME,
    2282             :         OPT_NTLMV1,
    2283             :         OPT_NTLMV2,
    2284             :         OPT_PAM_LOGON,
    2285             :         OPT_LOGOFF,
    2286             :         OPT_LOGOFF_USER,
    2287             :         OPT_LOGOFF_UID,
    2288             :         OPT_LANMAN,
    2289             :         OPT_KRB5CCNAME
    2290             : };
    2291             : 
    2292        1887 : int main(int argc, const char **argv, char **envp)
    2293             : {
    2294             :         int opt;
    2295        1887 :         TALLOC_CTX *frame = talloc_stackframe();
    2296             :         poptContext pc;
    2297             :         static char *string_arg;
    2298        1887 :         char *string_subarg = NULL;
    2299             :         static char *opt_domain_name;
    2300             :         static int int_arg;
    2301        1887 :         int int_subarg = -1;
    2302        1887 :         int result = 1;
    2303        1887 :         bool verbose = false;
    2304        1887 :         bool use_ntlmv2 = true;
    2305        1887 :         bool use_lanman = false;
    2306        1887 :         char *logoff_user = getenv("USER");
    2307        1887 :         int logoff_uid = geteuid();
    2308        1887 :         const char *opt_krb5ccname = "FILE";
    2309             : 
    2310        3774 :         struct poptOption long_options[] = {
    2311             :                 POPT_AUTOHELP
    2312             : 
    2313             :                 /* longName, shortName, argInfo, argPtr, value, descrip,
    2314             :                    argDesc */
    2315             : 
    2316             :                 {
    2317             :                         .longName   = "domain-users",
    2318             :                         .shortName  = 'u',
    2319             :                         .argInfo    = POPT_ARG_NONE,
    2320             :                         .val        = 'u',
    2321             :                         .descrip    = "Lists all domain users",
    2322             :                         .argDescrip = "domain"
    2323             :                 },
    2324             :                 {
    2325             :                         .longName   = "domain-groups",
    2326             :                         .shortName  = 'g',
    2327             :                         .argInfo    = POPT_ARG_NONE,
    2328             :                         .val        = 'g',
    2329             :                         .descrip    = "Lists all domain groups",
    2330             :                         .argDescrip = "domain"
    2331             :                 },
    2332             :                 {
    2333             :                         .longName   = "WINS-by-name",
    2334             :                         .shortName  = 'N',
    2335             :                         .argInfo    = POPT_ARG_STRING,
    2336             :                         .arg        = &string_arg,
    2337             :                         .val        = 'N',
    2338             :                         .descrip    = "Converts NetBIOS name to IP",
    2339             :                         .argDescrip = "NETBIOS-NAME"
    2340             :                 },
    2341             :                 {
    2342             :                         .longName   = "WINS-by-ip",
    2343             :                         .shortName  = 'I',
    2344             :                         .argInfo    = POPT_ARG_STRING,
    2345             :                         .arg        = &string_arg,
    2346             :                         .val        = 'I',
    2347             :                         .descrip    = "Converts IP address to NetBIOS name",
    2348             :                         .argDescrip = "IP"
    2349             :                 },
    2350             :                 {
    2351             :                         .longName   = "name-to-sid",
    2352             :                         .shortName  = 'n',
    2353             :                         .argInfo    = POPT_ARG_STRING,
    2354             :                         .arg        = &string_arg,
    2355             :                         .val        = 'n',
    2356             :                         .descrip    = "Converts name to sid",
    2357             :                         .argDescrip = "NAME"
    2358             :                 },
    2359             :                 {
    2360             :                         .longName   = "sid-to-name",
    2361             :                         .shortName  = 's',
    2362             :                         .argInfo    = POPT_ARG_STRING,
    2363             :                         .arg        = &string_arg,
    2364             :                         .val        = 's',
    2365             :                         .descrip    = "Converts sid to name",
    2366             :                         .argDescrip = "SID"
    2367             :                 },
    2368             :                 {
    2369             :                         .longName   = "sid-to-fullname",
    2370             :                         .argInfo    = POPT_ARG_STRING,
    2371             :                         .arg        = &string_arg,
    2372             :                         .val        = OPT_SID_TO_FULLNAME,
    2373             :                         .descrip    = "Converts sid to fullname",
    2374             :                         .argDescrip = "SID"
    2375             :                 },
    2376             :                 {
    2377             :                         .longName   = "lookup-rids",
    2378             :                         .shortName  = 'R',
    2379             :                         .argInfo    = POPT_ARG_STRING,
    2380             :                         .arg        = &string_arg,
    2381             :                         .val        = 'R',
    2382             :                         .descrip    = "Converts RIDs to names",
    2383             :                         .argDescrip = "RIDs"
    2384             :                 },
    2385             :                 {
    2386             :                         .longName   = "lookup-sids",
    2387             :                         .argInfo    = POPT_ARG_STRING,
    2388             :                         .arg        = &string_arg,
    2389             :                         .val        = OPT_LOOKUP_SIDS,
    2390             :                         .descrip    = "Converts SIDs to types and names",
    2391             :                         .argDescrip = "Sid-List"
    2392             :                 },
    2393             :                 {
    2394             :                         .longName   = "uid-to-sid",
    2395             :                         .shortName  = 'U',
    2396             :                         .argInfo    = POPT_ARG_INT,
    2397             :                         .arg        = &int_arg,
    2398             :                         .val        = 'U',
    2399             :                         .descrip    = "Converts uid to sid",
    2400             :                         .argDescrip = "UID"
    2401             :                 },
    2402             :                 {
    2403             :                         .longName   = "gid-to-sid",
    2404             :                         .shortName  = 'G',
    2405             :                         .argInfo    = POPT_ARG_INT,
    2406             :                         .arg        = &int_arg,
    2407             :                         .val        = 'G',
    2408             :                         .descrip    = "Converts gid to sid",
    2409             :                         .argDescrip = "GID"
    2410             :                 },
    2411             :                 {
    2412             :                         .longName   = "sid-to-uid",
    2413             :                         .shortName  = 'S',
    2414             :                         .argInfo    = POPT_ARG_STRING,
    2415             :                         .arg        = &string_arg,
    2416             :                         .val        = 'S',
    2417             :                         .descrip    = "Converts sid to uid",
    2418             :                         .argDescrip = "SID"
    2419             :                 },
    2420             :                 {
    2421             :                         .longName   = "sid-to-gid",
    2422             :                         .shortName  = 'Y',
    2423             :                         .argInfo    = POPT_ARG_STRING,
    2424             :                         .arg        = &string_arg,
    2425             :                         .val        = 'Y',
    2426             :                         .descrip    = "Converts sid to gid",
    2427             :                         .argDescrip = "SID"
    2428             :                 },
    2429             :                 {
    2430             :                         .longName   = "allocate-uid",
    2431             :                         .argInfo    = POPT_ARG_NONE,
    2432             :                         .val        = OPT_ALLOCATE_UID,
    2433             :                         .descrip    = "Get a new UID out of idmap"
    2434             :                 },
    2435             :                 {
    2436             :                         .longName   = "allocate-gid",
    2437             :                         .argInfo    = POPT_ARG_NONE,
    2438             :                         .val        = OPT_ALLOCATE_GID,
    2439             :                         .descrip    = "Get a new GID out of idmap"
    2440             :                 },
    2441             :                 {
    2442             :                         .longName   = "set-uid-mapping",
    2443             :                         .argInfo    = POPT_ARG_STRING,
    2444             :                         .arg        = &string_arg,
    2445             :                         .val        = OPT_SET_UID_MAPPING,
    2446             :                         .descrip    = "Create or modify uid to sid mapping in "
    2447             :                                       "idmap",
    2448             :                         .argDescrip = "UID,SID"
    2449             :                 },
    2450             :                 {
    2451             :                         .longName   = "set-gid-mapping",
    2452             :                         .argInfo    = POPT_ARG_STRING,
    2453             :                         .arg        = &string_arg,
    2454             :                         .val        = OPT_SET_GID_MAPPING,
    2455             :                         .descrip    = "Create or modify gid to sid mapping in "
    2456             :                                       "idmap",
    2457             :                         .argDescrip = "GID,SID"
    2458             :                 },
    2459             :                 {
    2460             :                         .longName   = "remove-uid-mapping",
    2461             :                         .argInfo    = POPT_ARG_STRING,
    2462             :                         .arg        = &string_arg,
    2463             :                         .val        = OPT_REMOVE_UID_MAPPING,
    2464             :                         .descrip    = "Remove uid to sid mapping in idmap",
    2465             :                         .argDescrip = "UID,SID"
    2466             :                 },
    2467             :                 {
    2468             :                         .longName   = "remove-gid-mapping",
    2469             :                         .argInfo    = POPT_ARG_STRING,
    2470             :                         .arg        = &string_arg,
    2471             :                         .val        = OPT_REMOVE_GID_MAPPING,
    2472             :                         .descrip    = "Remove gid to sid mapping in idmap",
    2473             :                         .argDescrip = "GID,SID",
    2474             :                 },
    2475             :                 {
    2476             :                         .longName   = "sids-to-unix-ids",
    2477             :                         .argInfo    = POPT_ARG_STRING,
    2478             :                         .arg        = &string_arg,
    2479             :                         .val        = OPT_SIDS_TO_XIDS,
    2480             :                         .descrip    = "Translate SIDs to Unix IDs",
    2481             :                         .argDescrip = "Sid-List",
    2482             :                 },
    2483             :                 {
    2484             :                         .longName   = "unix-ids-to-sids",
    2485             :                         .argInfo    = POPT_ARG_STRING,
    2486             :                         .arg        = &string_arg,
    2487             :                         .val        = OPT_XIDS_TO_SIDS,
    2488             :                         .descrip    = "Translate Unix IDs to SIDs",
    2489             :                         .argDescrip = "ID-List (u<num> g<num>)",
    2490             :                 },
    2491             :                 {
    2492             :                         .longName   = "check-secret",
    2493             :                         .shortName  = 't',
    2494             :                         .argInfo    = POPT_ARG_NONE,
    2495             :                         .val        = 't',
    2496             :                         .descrip    = "Check shared secret",
    2497             :                 },
    2498             :                 {
    2499             :                         .longName   = "change-secret",
    2500             :                         .shortName  = 'c',
    2501             :                         .argInfo    = POPT_ARG_NONE,
    2502             :                         .val        = 'c',
    2503             :                         .descrip    = "Change shared secret",
    2504             :                 },
    2505             :                 {
    2506             :                         .longName   = "ping-dc",
    2507             :                         .shortName  = 'P',
    2508             :                         .argInfo    = POPT_ARG_NONE,
    2509             :                         .val        = 'P',
    2510             :                         .descrip    = "Check the NETLOGON connection",
    2511             :                 },
    2512             :                 {
    2513             :                         .longName   = "trusted-domains",
    2514             :                         .shortName  = 'm',
    2515             :                         .argInfo    = POPT_ARG_NONE,
    2516             :                         .val        = 'm',
    2517             :                         .descrip    = "List trusted domains",
    2518             :                 },
    2519             :                 {
    2520             :                         .longName   = "all-domains",
    2521             :                         .argInfo    = POPT_ARG_NONE,
    2522             :                         .val        = OPT_LIST_ALL_DOMAINS,
    2523             :                         .descrip    = "List all domains (trusted and own "
    2524             :                                       "domain)",
    2525             :                 },
    2526             :                 {
    2527             :                         .longName   = "own-domain",
    2528             :                         .argInfo    = POPT_ARG_NONE,
    2529             :                         .val        = OPT_LIST_OWN_DOMAIN,
    2530             :                         .descrip    = "List own domain",
    2531             :                 },
    2532             :                 {
    2533             :                         .longName   = "sequence",
    2534             :                         .argInfo    = POPT_ARG_NONE,
    2535             :                         .val        = OPT_SEQUENCE,
    2536             :                         .descrip    = "Deprecated command, see --online-status",
    2537             :                 },
    2538             :                 {
    2539             :                         .longName   = "online-status",
    2540             :                         .argInfo    = POPT_ARG_NONE,
    2541             :                         .val        = OPT_ONLINESTATUS,
    2542             :                         .descrip    = "Show whether domains maintain an active "
    2543             :                                       "connection",
    2544             :                 },
    2545             :                 {
    2546             :                         .longName   = "domain-info",
    2547             :                         .shortName  = 'D',
    2548             :                         .argInfo    = POPT_ARG_STRING,
    2549             :                         .arg        = &string_arg,
    2550             :                         .val        = 'D',
    2551             :                         .descrip    = "Show most of the info we have about the "
    2552             :                                       "domain",
    2553             :                 },
    2554             :                 {
    2555             :                         .longName   = "user-info",
    2556             :                         .shortName  = 'i',
    2557             :                         .argInfo    = POPT_ARG_STRING,
    2558             :                         .arg        = &string_arg,
    2559             :                         .val        = 'i',
    2560             :                         .descrip    = "Get user info",
    2561             :                         .argDescrip = "USER",
    2562             :                 },
    2563             :                 {
    2564             :                         .longName   = "uid-info",
    2565             :                         .argInfo    = POPT_ARG_INT,
    2566             :                         .arg        = &int_arg,
    2567             :                         .val        = OPT_UID_INFO,
    2568             :                         .descrip    = "Get user info from uid",
    2569             :                         .argDescrip = "UID",
    2570             :                 },
    2571             :                 {
    2572             :                         .longName   = "group-info",
    2573             :                         .argInfo    = POPT_ARG_STRING,
    2574             :                         .arg        = &string_arg,
    2575             :                         .val        = OPT_GROUP_INFO,
    2576             :                         .descrip    = "Get group info",
    2577             :                         .argDescrip = "GROUP",
    2578             :                 },
    2579             :                 {
    2580             :                         .longName   = "user-sidinfo",
    2581             :                         .argInfo    = POPT_ARG_STRING,
    2582             :                         .arg        = &string_arg,
    2583             :                         .val        = OPT_USER_SIDINFO,
    2584             :                         .descrip    = "Get user info from sid",
    2585             :                         .argDescrip = "SID",
    2586             :                 },
    2587             :                 {
    2588             :                         .longName   = "gid-info",
    2589             :                         .argInfo    = POPT_ARG_INT,
    2590             :                         .arg        = &int_arg,
    2591             :                         .val        = OPT_GID_INFO,
    2592             :                         .descrip    = "Get group info from gid",
    2593             :                         .argDescrip = "GID",
    2594             :                 },
    2595             :                 {
    2596             :                         .longName   = "user-groups",
    2597             :                         .shortName  = 'r',
    2598             :                         .argInfo    = POPT_ARG_STRING,
    2599             :                         .arg        = &string_arg,
    2600             :                         .val        = 'r',
    2601             :                         .descrip    = "Get user groups",
    2602             :                         .argDescrip = "USER",
    2603             :                 },
    2604             :                 {
    2605             :                         .longName   = "user-domgroups",
    2606             :                         .argInfo    = POPT_ARG_STRING,
    2607             :                         .arg        = &string_arg,
    2608             :                         .val        = OPT_USERDOMGROUPS,
    2609             :                         .descrip    = "Get user domain groups",
    2610             :                         .argDescrip = "SID",
    2611             :                 },
    2612             :                 {
    2613             :                         .longName   = "sid-aliases",
    2614             :                         .argInfo    = POPT_ARG_STRING,
    2615             :                         .arg        = &string_arg,
    2616             :                         .val        = OPT_SIDALIASES,
    2617             :                         .descrip    = "Get sid aliases",
    2618             :                         .argDescrip = "SID",
    2619             :                 },
    2620             :                 {
    2621             :                         .longName   = "user-sids",
    2622             :                         .argInfo    = POPT_ARG_STRING,
    2623             :                         .arg        = &string_arg,
    2624             :                         .val        = OPT_USERSIDS,
    2625             :                         .descrip    = "Get user group sids for user SID",
    2626             :                         .argDescrip = "SID",
    2627             :                 },
    2628             :                 {
    2629             :                         .longName   = "authenticate",
    2630             :                         .shortName  = 'a',
    2631             :                         .argInfo    = POPT_ARG_STRING,
    2632             :                         .arg        = &string_arg,
    2633             :                         .val        = 'a',
    2634             :                         .descrip    = "authenticate user",
    2635             :                         .argDescrip = "user%password",
    2636             :                 },
    2637             :                 {
    2638             :                         .longName   = "pam-logon",
    2639             :                         .argInfo    = POPT_ARG_STRING,
    2640             :                         .arg        = &string_arg,
    2641             :                         .val        = OPT_PAM_LOGON,
    2642             :                         .descrip    = "do a pam logon equivalent",
    2643             :                         .argDescrip = "user%password",
    2644             :                 },
    2645             :                 {
    2646             :                         .longName   = "logoff",
    2647             :                         .argInfo    = POPT_ARG_NONE,
    2648             :                         .val        = OPT_LOGOFF,
    2649             :                         .descrip    = "log off user",
    2650             :                         .argDescrip = "uid",
    2651             :                 },
    2652             :                 {
    2653             :                         .longName   = "logoff-user",
    2654             :                         .argInfo    = POPT_ARG_STRING,
    2655             :                         .arg        = &logoff_user,
    2656             :                         .val        = OPT_LOGOFF_USER,
    2657             :                         .descrip    = "username to log off"
    2658             :                 },
    2659             :                 {
    2660             :                         .longName   = "logoff-uid",
    2661             :                         .argInfo    = POPT_ARG_INT,
    2662             :                         .arg        = &logoff_uid,
    2663             :                         .val        = OPT_LOGOFF_UID,
    2664             :                         .descrip    = "uid to log off",
    2665             :                 },
    2666             :                 {
    2667             :                         .longName   = "set-auth-user",
    2668             :                         .argInfo    = POPT_ARG_STRING,
    2669             :                         .arg        = &string_arg,
    2670             :                         .val        = OPT_SET_AUTH_USER,
    2671             :                         .descrip    = "Store user and password used by "
    2672             :                                       "winbindd (root only)",
    2673             :                         .argDescrip = "user%password",
    2674             :                 },
    2675             :                 {
    2676             :                         .longName   = "ccache-save",
    2677             :                         .shortName  = 0,
    2678             :                         .argInfo    = POPT_ARG_STRING,
    2679             :                         .arg        = &string_arg,
    2680             :                         .val        = OPT_CCACHE_SAVE,
    2681             :                         .descrip    = "Store user and password for ccache "
    2682             :                                       "operation",
    2683             :                         .argDescrip = "user%password",
    2684             :                 },
    2685             :                 {
    2686             :                         .longName   = "getdcname",
    2687             :                         .argInfo    = POPT_ARG_STRING,
    2688             :                         .arg        = &string_arg,
    2689             :                         .val        = OPT_GETDCNAME,
    2690             :                         .descrip    = "Get a DC name for a foreign domain",
    2691             :                         .argDescrip = "domainname",
    2692             :                 },
    2693             :                 {
    2694             :                         .longName   = "dsgetdcname",
    2695             :                         .argInfo    = POPT_ARG_STRING,
    2696             :                         .arg        = &string_arg,
    2697             :                         .val        = OPT_DSGETDCNAME,
    2698             :                         .descrip    = "Find a DC for a domain",
    2699             :                         .argDescrip = "domainname",
    2700             :                 },
    2701             :                 {
    2702             :                         .longName   = "dc-info",
    2703             :                         .argInfo    = POPT_ARG_STRING,
    2704             :                         .arg        = &string_arg,
    2705             :                         .val        = OPT_DC_INFO,
    2706             :                         .descrip    = "Find the currently known DCs",
    2707             :                         .argDescrip = "domainname",
    2708             :                 },
    2709             :                 {
    2710             :                         .longName   = "get-auth-user",
    2711             :                         .argInfo    = POPT_ARG_NONE,
    2712             :                         .val        = OPT_GET_AUTH_USER,
    2713             :                         .descrip    = "Retrieve user and password used by "
    2714             :                                       "winbindd (root only)",
    2715             :                 },
    2716             :                 {
    2717             :                         .longName   = "ping",
    2718             :                         .shortName  = 'p',
    2719             :                         .argInfo    = POPT_ARG_NONE,
    2720             :                         .arg        = 0,
    2721             :                         .val        = 'p',
    2722             :                         .descrip    = "Ping winbindd to see if it is alive",
    2723             :                 },
    2724             :                 {
    2725             :                         .longName   = "domain",
    2726             :                         .shortName  = 0,
    2727             :                         .argInfo    = POPT_ARG_STRING,
    2728             :                         .arg        = &opt_domain_name,
    2729             :                         .val        = OPT_DOMAIN_NAME,
    2730             :                         .descrip    = "Define to the domain to restrict "
    2731             :                                       "operation",
    2732             :                         .argDescrip = "domain",
    2733             :                 },
    2734             : #ifdef WITH_FAKE_KASERVER
    2735             :                 {
    2736             :                         .longName   = "klog",
    2737             :                         .shortName  = 'k',
    2738             :                         .argInfo    = POPT_ARG_STRING,
    2739             :                         .arg        = &string_arg,
    2740             :                         .val        = 'k',
    2741             :                         .descrip    = "set an AFS token from winbind",
    2742             :                         .argDescrip = "user%password",
    2743             :                 },
    2744             : #endif
    2745             : #ifdef HAVE_KRB5
    2746             :                 {
    2747             :                         .longName   = "krb5auth",
    2748             :                         .shortName  = 'K',
    2749             :                         .argInfo    = POPT_ARG_STRING,
    2750             :                         .arg        = &string_arg,
    2751             :                         .val        = 'K',
    2752             :                         .descrip    = "authenticate user using Kerberos",
    2753             :                         .argDescrip = "user%password",
    2754             :                 },
    2755             :                         /* destroys wbinfo --help output */
    2756             :                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" },
    2757             :                         */
    2758             :                 {
    2759             :                         .longName   = "krb5ccname",
    2760             :                         .argInfo    = POPT_ARG_STRING,
    2761             :                         .arg        = &opt_krb5ccname,
    2762             :                         .val        = OPT_KRB5CCNAME,
    2763             :                         .descrip    = "authenticate user using Kerberos and "
    2764             :                                       "specific credential cache type",
    2765             :                         .argDescrip = "krb5ccname",
    2766             :                 },
    2767             : #endif
    2768             :                 {
    2769             :                         .longName   = "separator",
    2770             :                         .argInfo    = POPT_ARG_NONE,
    2771             :                         .val        = OPT_SEPARATOR,
    2772             :                         .descrip    = "Get the active winbind separator",
    2773             :                 },
    2774             :                 {
    2775             :                         .longName   = "verbose",
    2776             :                         .argInfo    = POPT_ARG_NONE,
    2777             :                         .val        = OPT_VERBOSE,
    2778             :                         .descrip    = "Print additional information per command",
    2779             :                 },
    2780             :                 {
    2781             :                         .longName   = "change-user-password",
    2782             :                         .argInfo    = POPT_ARG_STRING,
    2783             :                         .arg        = &string_arg,
    2784             :                         .val        = OPT_CHANGE_USER_PASSWORD,
    2785             :                         .descrip    = "Change the password for a user",
    2786             :                 },
    2787             :                 {
    2788             :                         .longName   = "ntlmv1",
    2789             :                         .argInfo    = POPT_ARG_NONE,
    2790             :                         .val        = OPT_NTLMV1,
    2791             :                         .descrip    = "Use NTLMv1 cryptography for user authentication",
    2792             :                 },
    2793             :                 {
    2794             :                         .longName   = "ntlmv2",
    2795             :                         .argInfo    = POPT_ARG_NONE,
    2796             :                         .val        = OPT_NTLMV2,
    2797             :                         .descrip    = "Use NTLMv2 cryptography for user authentication",
    2798             :                 },
    2799             :                 {
    2800             :                         .longName   = "lanman",
    2801             :                         .argInfo    = POPT_ARG_NONE,
    2802             :                         .val        = OPT_LANMAN,
    2803             :                         .descrip    = "Use lanman cryptography for user authentication",
    2804             :                 },
    2805        1887 :                 POPT_COMMON_VERSION
    2806             :                 POPT_TABLEEND
    2807             :         };
    2808             : 
    2809             :         /* Samba client initialisation */
    2810        1887 :         smb_init_locale();
    2811             : 
    2812             : 
    2813             :         /* Parse options */
    2814             : 
    2815        1887 :         pc = samba_popt_get_context(getprogname(),
    2816             :                                     argc,
    2817             :                                     argv,
    2818             :                                     long_options,
    2819             :                                     0);
    2820        1887 :         if (pc == NULL) {
    2821           0 :                 DBG_ERR("Failed to setup popt context!\n");
    2822           0 :                 exit(1);
    2823             :         }
    2824             : 
    2825             :         /* Parse command line options */
    2826             : 
    2827        1887 :         if (argc == 1) {
    2828           0 :                 poptPrintHelp(pc, stderr, 0);
    2829           0 :                 return 1;
    2830             :         }
    2831             : 
    2832        5476 :         while((opt = poptGetNextOpt(pc)) != -1) {
    2833             :                 /* get the generic configuration parameters like --domain */
    2834        2301 :                 switch (opt) {
    2835           0 :                 case OPT_VERBOSE:
    2836           0 :                         verbose = true;
    2837           0 :                         break;
    2838           1 :                 case OPT_NTLMV1:
    2839           1 :                         use_ntlmv2 = false;
    2840           1 :                         break;
    2841           0 :                 case OPT_LANMAN:
    2842           0 :                         use_lanman = true;
    2843           0 :                         break;
    2844             :                 }
    2845             :         }
    2846             : 
    2847        1887 :         poptFreeContext(pc);
    2848             : 
    2849        1887 :         pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
    2850             :                             POPT_CONTEXT_KEEP_FIRST);
    2851             : 
    2852        2541 :         while((opt = poptGetNextOpt(pc)) != -1) {
    2853        2301 :                 switch (opt) {
    2854          21 :                 case 'u':
    2855          21 :                         if (!print_domain_users(opt_domain_name)) {
    2856           0 :                                 d_fprintf(stderr,
    2857             :                                           "Error looking up domain users\n");
    2858           0 :                                 goto done;
    2859             :                         }
    2860          21 :                         break;
    2861          21 :                 case 'g':
    2862          21 :                         if (!print_domain_groups(opt_domain_name)) {
    2863           0 :                                 d_fprintf(stderr,
    2864             :                                           "Error looking up domain groups\n");
    2865           0 :                                 goto done;
    2866             :                         }
    2867          21 :                         break;
    2868          88 :                 case 's':
    2869          88 :                         if (!wbinfo_lookupsid(string_arg)) {
    2870           4 :                                 d_fprintf(stderr,
    2871             :                                           "Could not lookup sid %s\n",
    2872             :                                           string_arg);
    2873           4 :                                 goto done;
    2874             :                         }
    2875          84 :                         break;
    2876           0 :                 case OPT_SID_TO_FULLNAME:
    2877           0 :                         if (!wbinfo_lookupsid_fullname(string_arg)) {
    2878           0 :                                 d_fprintf(stderr, "Could not lookup sid %s\n",
    2879             :                                           string_arg);
    2880           0 :                                 goto done;
    2881             :                         }
    2882           0 :                         break;
    2883           4 :                 case 'R':
    2884           4 :                         if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
    2885           0 :                                 d_fprintf(stderr, "Could not lookup RIDs %s\n",
    2886             :                                           string_arg);
    2887           0 :                                 goto done;
    2888             :                         }
    2889           4 :                         break;
    2890           0 :                 case OPT_LOOKUP_SIDS:
    2891           0 :                         if (!wbinfo_lookup_sids(string_arg)) {
    2892           0 :                                 d_fprintf(stderr, "Could not lookup SIDs %s\n",
    2893             :                                           string_arg);
    2894           0 :                                 goto done;
    2895             :                         }
    2896           0 :                         break;
    2897         355 :                 case 'n':
    2898         355 :                         if (!wbinfo_lookupname(string_arg)) {
    2899          20 :                                 d_fprintf(stderr, "Could not lookup name %s\n",
    2900             :                                           string_arg);
    2901          20 :                                 goto done;
    2902             :                         }
    2903         335 :                         break;
    2904           9 :                 case 'N':
    2905           9 :                         if (!wbinfo_wins_byname(string_arg)) {
    2906           0 :                                 d_fprintf(stderr,
    2907             :                                           "Could not lookup WINS by name %s\n",
    2908             :                                           string_arg);
    2909           0 :                                 goto done;
    2910             :                         }
    2911           9 :                         break;
    2912           9 :                 case 'I':
    2913           9 :                         if (!wbinfo_wins_byip(string_arg)) {
    2914           0 :                                 d_fprintf(stderr,
    2915             :                                           "Could not lookup WINS by IP %s\n",
    2916             :                                           string_arg);
    2917           0 :                                 goto done;
    2918             :                         }
    2919           9 :                         break;
    2920          56 :                 case 'U':
    2921          56 :                         if (!wbinfo_uid_to_sid(int_arg)) {
    2922           4 :                                 d_fprintf(stderr,
    2923             :                                           "Could not convert uid %d to sid\n",
    2924             :                                           int_arg);
    2925           4 :                                 goto done;
    2926             :                         }
    2927          52 :                         break;
    2928         100 :                 case 'G':
    2929         100 :                         if (!wbinfo_gid_to_sid(int_arg)) {
    2930           4 :                                 d_fprintf(stderr,
    2931             :                                           "Could not convert gid %d to sid\n",
    2932             :                                           int_arg);
    2933           4 :                                 goto done;
    2934             :                         }
    2935          96 :                         break;
    2936          90 :                 case 'S':
    2937          90 :                         if (!wbinfo_sid_to_uid(string_arg)) {
    2938           9 :                                 d_fprintf(stderr,
    2939             :                                           "Could not convert sid %s to uid\n",
    2940             :                                           string_arg);
    2941           9 :                                 goto done;
    2942             :                         }
    2943          81 :                         break;
    2944         222 :                 case 'Y':
    2945         222 :                         if (!wbinfo_sid_to_gid(string_arg)) {
    2946          21 :                                 d_fprintf(stderr,
    2947             :                                           "Could not convert sid %s to gid\n",
    2948             :                                           string_arg);
    2949          21 :                                 goto done;
    2950             :                         }
    2951         201 :                         break;
    2952          12 :                 case OPT_ALLOCATE_UID:
    2953          12 :                         if (!wbinfo_allocate_uid()) {
    2954           6 :                                 d_fprintf(stderr, "Could not allocate a uid\n");
    2955           6 :                                 goto done;
    2956             :                         }
    2957           6 :                         break;
    2958          12 :                 case OPT_ALLOCATE_GID:
    2959          12 :                         if (!wbinfo_allocate_gid()) {
    2960           6 :                                 d_fprintf(stderr, "Could not allocate a gid\n");
    2961           6 :                                 goto done;
    2962             :                         }
    2963           6 :                         break;
    2964           0 :                 case OPT_SET_UID_MAPPING:
    2965           0 :                         if (!parse_mapping_arg(string_arg, &int_subarg,
    2966           0 :                                 &string_subarg) ||
    2967           0 :                             !wbinfo_set_uid_mapping(int_subarg, string_subarg))
    2968             :                         {
    2969           0 :                                 d_fprintf(stderr, "Could not create or modify "
    2970             :                                           "uid to sid mapping\n");
    2971           0 :                                 goto done;
    2972             :                         }
    2973           0 :                         break;
    2974           0 :                 case OPT_SET_GID_MAPPING:
    2975           0 :                         if (!parse_mapping_arg(string_arg, &int_subarg,
    2976           0 :                                 &string_subarg) ||
    2977           0 :                             !wbinfo_set_gid_mapping(int_subarg, string_subarg))
    2978             :                         {
    2979           0 :                                 d_fprintf(stderr, "Could not create or modify "
    2980             :                                           "gid to sid mapping\n");
    2981           0 :                                 goto done;
    2982             :                         }
    2983           0 :                         break;
    2984           0 :                 case OPT_REMOVE_UID_MAPPING:
    2985           0 :                         if (!parse_mapping_arg(string_arg, &int_subarg,
    2986           0 :                                 &string_subarg) ||
    2987           0 :                             !wbinfo_remove_uid_mapping(int_subarg,
    2988             :                                 string_subarg))
    2989             :                         {
    2990           0 :                                 d_fprintf(stderr, "Could not remove uid to sid "
    2991             :                                     "mapping\n");
    2992           0 :                                 goto done;
    2993             :                         }
    2994           0 :                         break;
    2995           0 :                 case OPT_REMOVE_GID_MAPPING:
    2996           0 :                         if (!parse_mapping_arg(string_arg, &int_subarg,
    2997           0 :                                 &string_subarg) ||
    2998           0 :                             !wbinfo_remove_gid_mapping(int_subarg,
    2999             :                                 string_subarg))
    3000             :                         {
    3001           0 :                                 d_fprintf(stderr, "Could not remove gid to sid "
    3002             :                                     "mapping\n");
    3003           0 :                                 goto done;
    3004             :                         }
    3005           0 :                         break;
    3006          44 :                 case OPT_SIDS_TO_XIDS:
    3007          44 :                         if (!wbinfo_sids_to_unix_ids(string_arg)) {
    3008           0 :                                 d_fprintf(stderr, "wbinfo_sids_to_unix_ids "
    3009             :                                           "failed\n");
    3010           0 :                                 goto done;
    3011             :                         }
    3012          44 :                         break;
    3013           2 :                 case OPT_XIDS_TO_SIDS:
    3014           2 :                         if (!wbinfo_xids_to_sids(string_arg)) {
    3015           0 :                                 d_fprintf(stderr, "wbinfo_xids_to_sids "
    3016             :                                           "failed\n");
    3017           0 :                                 goto done;
    3018             :                         }
    3019           2 :                         break;
    3020          39 :                 case 't':
    3021          39 :                         if (!wbinfo_check_secret(opt_domain_name)) {
    3022           0 :                                 d_fprintf(stderr, "Could not check secret\n");
    3023           0 :                                 goto done;
    3024             :                         }
    3025          39 :                         break;
    3026          28 :                 case 'c':
    3027          28 :                         if (!wbinfo_change_secret(opt_domain_name)) {
    3028           0 :                                 d_fprintf(stderr, "Could not change secret\n");
    3029           0 :                                 goto done;
    3030             :                         }
    3031          28 :                         break;
    3032         104 :                 case 'P':
    3033         104 :                         if (!wbinfo_ping_dc(opt_domain_name)) {
    3034          10 :                                 goto done;
    3035             :                         }
    3036          92 :                         break;
    3037          21 :                 case 'm':
    3038          21 :                         if (!wbinfo_list_domains(false, verbose)) {
    3039           0 :                                 d_fprintf(stderr,
    3040             :                                           "Could not list trusted domains\n");
    3041           0 :                                 goto done;
    3042             :                         }
    3043          21 :                         break;
    3044           9 :                 case OPT_SEQUENCE:
    3045           9 :                         if (!wbinfo_show_sequence(opt_domain_name)) {
    3046           9 :                                 d_fprintf(stderr,
    3047             :                                           "Could not show sequence numbers\n");
    3048           9 :                                 goto done;
    3049             :                         }
    3050           0 :                         break;
    3051          48 :                 case OPT_ONLINESTATUS:
    3052          48 :                         if (!wbinfo_show_onlinestatus(opt_domain_name)) {
    3053           0 :                                 d_fprintf(stderr,
    3054             :                                           "Could not show online-status\n");
    3055           0 :                                 goto done;
    3056             :                         }
    3057          48 :                         break;
    3058          35 :                 case 'D':
    3059          35 :                         if (!wbinfo_domain_info(string_arg)) {
    3060           0 :                                 d_fprintf(stderr,
    3061             :                                           "Could not get domain info\n");
    3062           0 :                                 goto done;
    3063             :                         }
    3064          35 :                         break;
    3065          62 :                 case 'i':
    3066          62 :                         if (!wbinfo_get_userinfo(string_arg)) {
    3067           4 :                                 d_fprintf(stderr,
    3068             :                                           "Could not get info for user %s\n",
    3069             :                                           string_arg);
    3070           4 :                                 goto done;
    3071             :                         }
    3072          58 :                         break;
    3073           0 :                 case OPT_USER_SIDINFO:
    3074           0 :                         if ( !wbinfo_get_user_sidinfo(string_arg)) {
    3075           0 :                                 d_fprintf(stderr,
    3076             :                                           "Could not get info for user "
    3077             :                                           "sid %s\n", string_arg);
    3078           0 :                                 goto done;
    3079             :                         }
    3080           0 :                         break;
    3081           9 :                 case OPT_UID_INFO:
    3082           9 :                         if ( !wbinfo_get_uidinfo(int_arg)) {
    3083           0 :                                 d_fprintf(stderr, "Could not get info for uid "
    3084             :                                                 "%d\n", int_arg);
    3085           0 :                                 goto done;
    3086             :                         }
    3087           9 :                         break;
    3088          27 :                 case OPT_GROUP_INFO:
    3089          27 :                         if ( !wbinfo_get_groupinfo(string_arg)) {
    3090           9 :                                 d_fprintf(stderr, "Could not get info for "
    3091             :                                           "group %s\n", string_arg);
    3092           9 :                                 goto done;
    3093             :                         }
    3094          18 :                         break;
    3095           9 :                 case OPT_GID_INFO:
    3096           9 :                         if ( !wbinfo_get_gidinfo(int_arg)) {
    3097           0 :                                 d_fprintf(stderr, "Could not get info for gid "
    3098             :                                                 "%d\n", int_arg);
    3099           0 :                                 goto done;
    3100             :                         }
    3101           9 :                         break;
    3102          23 :                 case 'r':
    3103          23 :                         if (!wbinfo_get_usergroups(string_arg)) {
    3104           0 :                                 d_fprintf(stderr,
    3105             :                                           "Could not get groups for user %s\n",
    3106             :                                           string_arg);
    3107           0 :                                 goto done;
    3108             :                         }
    3109          23 :                         break;
    3110           9 :                 case OPT_USERSIDS:
    3111           9 :                         if (!wbinfo_get_usersids(string_arg)) {
    3112           0 :                                 d_fprintf(stderr, "Could not get group SIDs "
    3113             :                                           "for user SID %s\n",
    3114             :                                           string_arg);
    3115           0 :                                 goto done;
    3116             :                         }
    3117           9 :                         break;
    3118           9 :                 case OPT_USERDOMGROUPS:
    3119           9 :                         if (!wbinfo_get_userdomgroups(string_arg)) {
    3120           0 :                                 d_fprintf(stderr, "Could not get user's domain "
    3121             :                                          "groups for user SID %s\n",
    3122             :                                          string_arg);
    3123           0 :                                 goto done;
    3124             :                         }
    3125           9 :                         break;
    3126           0 :                 case OPT_SIDALIASES:
    3127           0 :                         if (!wbinfo_get_sidaliases(opt_domain_name,
    3128             :                                                    string_arg)) {
    3129           0 :                                 d_fprintf(stderr, "Could not get sid aliases "
    3130             :                                          "for user SID %s\n", string_arg);
    3131           0 :                                 goto done;
    3132             :                         }
    3133           0 :                         break;
    3134         120 :                 case 'a': {
    3135         120 :                                 bool got_error = false;
    3136             : 
    3137         120 :                                 if (!wbinfo_auth(string_arg)) {
    3138          39 :                                         d_fprintf(stderr,
    3139             :                                                   "Could not authenticate user "
    3140             :                                                   "%s with plaintext "
    3141             :                                                   "password\n", string_arg);
    3142          39 :                                         got_error = true;
    3143             :                                 }
    3144             : 
    3145         120 :                                 if (!wbinfo_auth_crap(string_arg, use_ntlmv2,
    3146             :                                                       use_lanman)) {
    3147          35 :                                         d_fprintf(stderr,
    3148             :                                                 "Could not authenticate user "
    3149             :                                                 "%s with challenge/response\n",
    3150             :                                                 string_arg);
    3151          35 :                                         got_error = true;
    3152             :                                 }
    3153             : 
    3154         120 :                                 if (got_error)
    3155          39 :                                         goto done;
    3156          81 :                                 break;
    3157             :                         }
    3158          24 :                 case OPT_PAM_LOGON:
    3159          24 :                         if (!wbinfo_pam_logon(string_arg, verbose)) {
    3160           8 :                                 d_fprintf(stderr, "pam_logon failed for %s\n",
    3161             :                                           string_arg);
    3162           8 :                                 goto done;
    3163             :                         }
    3164          16 :                         break;
    3165          20 :                 case OPT_LOGOFF:
    3166             :                 {
    3167             :                         wbcErr wbc_status;
    3168             : 
    3169          20 :                         wbc_status = wbcLogoffUser(logoff_user, logoff_uid,
    3170             :                                                    "");
    3171          20 :                         d_printf("Logoff %s (%d): %s\n", logoff_user,
    3172             :                                  logoff_uid, wbcErrorString(wbc_status));
    3173          20 :                         break;
    3174             :                 }
    3175          48 :                 case 'K': {
    3176          48 :                                 uint32_t flags = WBFLAG_PAM_KRB5 |
    3177             :                                                  WBFLAG_PAM_CACHED_LOGIN |
    3178             :                                                 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
    3179             :                                                  WBFLAG_PAM_INFO3_TEXT |
    3180             :                                                  WBFLAG_PAM_CONTACT_TRUSTDOM;
    3181             : 
    3182          48 :                                 if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
    3183             :                                                       flags)) {
    3184           9 :                                         d_fprintf(stderr,
    3185             :                                                 "Could not authenticate user "
    3186             :                                                 "[%s] with Kerberos "
    3187             :                                                 "(ccache: %s)\n", string_arg,
    3188             :                                                 opt_krb5ccname);
    3189           9 :                                         goto done;
    3190             :                                 }
    3191          39 :                                 break;
    3192             :                         }
    3193           0 :                 case 'k':
    3194           0 :                         if (!wbinfo_klog(string_arg)) {
    3195           0 :                                 d_fprintf(stderr, "Could not klog user\n");
    3196           0 :                                 goto done;
    3197             :                         }
    3198           0 :                         break;
    3199          35 :                 case 'p':
    3200          35 :                         if (!wbinfo_ping()) {
    3201           4 :                                 d_fprintf(stderr, "could not ping winbindd!\n");
    3202           4 :                                 goto done;
    3203             :                         }
    3204          31 :                         break;
    3205           0 :                 case OPT_SET_AUTH_USER:
    3206           0 :                         if (!wbinfo_set_auth_user(string_arg)) {
    3207           0 :                                 goto done;
    3208             :                         }
    3209           0 :                         break;
    3210           0 :                 case OPT_GET_AUTH_USER:
    3211           0 :                         wbinfo_get_auth_user();
    3212           0 :                         goto done;
    3213             :                         break;
    3214          68 :                 case OPT_CCACHE_SAVE:
    3215          68 :                         if (!wbinfo_ccache_save(string_arg)) {
    3216           0 :                                 goto done;
    3217             :                         }
    3218          68 :                         break;
    3219           9 :                 case OPT_GETDCNAME:
    3220           9 :                         if (!wbinfo_getdcname(string_arg)) {
    3221           0 :                                 goto done;
    3222             :                         }
    3223           9 :                         break;
    3224           0 :                 case OPT_DSGETDCNAME:
    3225           0 :                         if (!wbinfo_dsgetdcname(string_arg, 0)) {
    3226           0 :                                 goto done;
    3227             :                         }
    3228           0 :                         break;
    3229           2 :                 case OPT_DC_INFO:
    3230           2 :                         if (!wbinfo_dc_info(string_arg)) {
    3231           0 :                                 goto done;
    3232             :                         }
    3233           2 :                         break;
    3234          21 :                 case OPT_SEPARATOR: {
    3235          21 :                         const char sep = winbind_separator();
    3236          21 :                         if ( !sep ) {
    3237           0 :                                 goto done;
    3238             :                         }
    3239          21 :                         d_printf("%c\n", sep);
    3240          21 :                         break;
    3241             :                 }
    3242          21 :                 case OPT_LIST_ALL_DOMAINS:
    3243          21 :                         if (!wbinfo_list_domains(true, verbose)) {
    3244           0 :                                 goto done;
    3245             :                         }
    3246          21 :                         break;
    3247          42 :                 case OPT_LIST_OWN_DOMAIN:
    3248          42 :                         if (!wbinfo_list_own_domain()) {
    3249           0 :                                 goto done;
    3250             :                         }
    3251          42 :                         break;
    3252           0 :                 case OPT_CHANGE_USER_PASSWORD:
    3253           0 :                         if (!wbinfo_change_user_password(string_arg)) {
    3254           0 :                                 d_fprintf(stderr,
    3255             :                                         "Could not change user password "
    3256             :                                          "for user %s\n", string_arg);
    3257           0 :                                 goto done;
    3258             :                         }
    3259           0 :                         break;
    3260             : 
    3261             :                 /* generic configuration options */
    3262         414 :                 case OPT_DOMAIN_NAME:
    3263             :                 case OPT_VERBOSE:
    3264             :                 case OPT_NTLMV1:
    3265             :                 case OPT_NTLMV2:
    3266             :                 case OPT_LANMAN:
    3267             :                 case OPT_LOGOFF_USER:
    3268             :                 case OPT_LOGOFF_UID:
    3269             :                 case OPT_KRB5CCNAME:
    3270         414 :                         break;
    3271           0 :                 default:
    3272           0 :                         d_fprintf(stderr, "Invalid option\n");
    3273           0 :                         poptPrintHelp(pc, stderr, 0);
    3274           0 :                         goto done;
    3275             :                 }
    3276             :         }
    3277             : 
    3278        1719 :         result = 0;
    3279             : 
    3280             :         /* Exit code */
    3281             : 
    3282        1887 :  done:
    3283        1887 :         talloc_free(frame);
    3284             : 
    3285        1887 :         poptFreeContext(pc);
    3286        1887 :         return result;
    3287             : }

Generated by: LCOV version 1.13