2 Unix SMB/CIFS implementation.
4 Winbind status program.
6 Copyright (C) Tim Potter 2000-2002
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 extern int winbindd_fd;
33 static char winbind_separator(void)
35 struct winbindd_response response;
42 ZERO_STRUCT(response);
44 /* Send off request */
46 if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
48 d_printf("could not obtain winbind separator!\n");
49 /* HACK: (this module should not call lp_ funtions) */
50 return *lp_winbind_separator();
53 sep = response.data.info.winbind_separator;
57 d_printf("winbind separator was NULL!\n");
58 /* HACK: (this module should not call lp_ funtions) */
59 sep = *lp_winbind_separator();
65 static char *get_winbind_domain(void)
67 struct winbindd_response response;
68 static fstring winbind_domain;
70 ZERO_STRUCT(response);
72 /* Send off request */
74 if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
76 d_printf("could not obtain winbind domain name!\n");
78 /* HACK: (this module should not call lp_ funtions) */
79 return lp_workgroup();
82 fstrcpy(winbind_domain, response.data.domain_name);
84 return winbind_domain;
88 /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
89 form DOMAIN/user into a domain and a user */
91 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain,
95 char *p = strchr(domuser,winbind_separator());
98 fstrcpy(user, domuser);
99 fstrcpy(domain, get_winbind_domain());
104 fstrcpy(domain, domuser);
105 domain[PTR_DIFF(p, domuser)] = 0;
111 /* List groups a user is a member of */
113 static BOOL wbinfo_get_usergroups(char *user)
115 struct winbindd_request request;
116 struct winbindd_response response;
120 ZERO_STRUCT(response);
124 fstrcpy(request.data.username, user);
126 result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
128 if (result != NSS_STATUS_SUCCESS)
131 for (i = 0; i < response.data.num_entries; i++)
132 d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]);
134 SAFE_FREE(response.extra_data);
139 /* Convert NetBIOS name to IP */
141 static BOOL wbinfo_wins_byname(char *name)
143 struct winbindd_request request;
144 struct winbindd_response response;
146 ZERO_STRUCT(request);
147 ZERO_STRUCT(response);
151 fstrcpy(request.data.winsreq, name);
153 if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
154 NSS_STATUS_SUCCESS) {
158 /* Display response */
160 printf("%s\n", response.data.winsresp);
165 /* Convert IP to NetBIOS name */
167 static BOOL wbinfo_wins_byip(char *ip)
169 struct winbindd_request request;
170 struct winbindd_response response;
172 ZERO_STRUCT(request);
173 ZERO_STRUCT(response);
177 fstrcpy(request.data.winsreq, ip);
179 if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
180 NSS_STATUS_SUCCESS) {
184 /* Display response */
186 printf("%s\n", response.data.winsresp);
191 /* List trusted domains */
193 static BOOL wbinfo_list_domains(void)
195 struct winbindd_response response;
198 ZERO_STRUCT(response);
202 if (winbindd_request(WINBINDD_LIST_TRUSTDOM, NULL, &response) !=
206 /* Display response */
208 if (response.extra_data) {
209 char *extra_data = (char *)response.extra_data;
211 while(next_token(&extra_data, name, ",", sizeof(fstring)))
212 d_printf("%s\n", name);
214 SAFE_FREE(response.extra_data);
221 /* show sequence numbers */
222 static BOOL wbinfo_show_sequence(void)
224 struct winbindd_response response;
226 ZERO_STRUCT(response);
230 if (winbindd_request(WINBINDD_SHOW_SEQUENCE, NULL, &response) !=
234 /* Display response */
236 if (response.extra_data) {
237 char *extra_data = (char *)response.extra_data;
238 d_printf("%s", extra_data);
239 SAFE_FREE(response.extra_data);
245 /* Check trust account password */
247 static BOOL wbinfo_check_secret(void)
249 struct winbindd_response response;
252 ZERO_STRUCT(response);
254 result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
256 d_printf("checking the trust secret via RPC calls %s\n",
257 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
259 if (result != NSS_STATUS_SUCCESS)
260 d_printf("error code was %s (0x%x)\n",
261 response.data.auth.nt_status_string,
262 response.data.auth.nt_status);
264 return result == NSS_STATUS_SUCCESS;
267 /* Convert uid to sid */
269 static BOOL wbinfo_uid_to_sid(uid_t uid)
271 struct winbindd_request request;
272 struct winbindd_response response;
274 ZERO_STRUCT(request);
275 ZERO_STRUCT(response);
279 request.data.uid = uid;
281 if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
285 /* Display response */
287 d_printf("%s\n", response.data.sid.sid);
292 /* Convert gid to sid */
294 static BOOL wbinfo_gid_to_sid(gid_t gid)
296 struct winbindd_request request;
297 struct winbindd_response response;
299 ZERO_STRUCT(request);
300 ZERO_STRUCT(response);
304 request.data.gid = gid;
306 if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
310 /* Display response */
312 d_printf("%s\n", response.data.sid.sid);
317 /* Convert sid to uid */
319 static BOOL wbinfo_sid_to_uid(char *sid)
321 struct winbindd_request request;
322 struct winbindd_response response;
324 ZERO_STRUCT(request);
325 ZERO_STRUCT(response);
329 fstrcpy(request.data.sid, sid);
331 if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
335 /* Display response */
337 d_printf("%d\n", (int)response.data.uid);
342 static BOOL wbinfo_sid_to_gid(char *sid)
344 struct winbindd_request request;
345 struct winbindd_response response;
347 ZERO_STRUCT(request);
348 ZERO_STRUCT(response);
352 fstrcpy(request.data.sid, sid);
354 if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
358 /* Display response */
360 d_printf("%d\n", (int)response.data.gid);
365 /* Convert sid to string */
367 static BOOL wbinfo_lookupsid(char *sid)
369 struct winbindd_request request;
370 struct winbindd_response response;
372 ZERO_STRUCT(request);
373 ZERO_STRUCT(response);
375 /* Send off request */
377 fstrcpy(request.data.sid, sid);
379 if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
383 /* Display response */
385 d_printf("%s%c%s %d\n", response.data.name.dom_name,
386 winbind_separator(), response.data.name.name,
387 response.data.name.type);
392 /* Convert string to sid */
394 static BOOL wbinfo_lookupname(char *name)
396 struct winbindd_request request;
397 struct winbindd_response response;
399 /* Send off request */
401 ZERO_STRUCT(request);
402 ZERO_STRUCT(response);
404 parse_wbinfo_domain_user(name, request.data.name.dom_name,
405 request.data.name.name);
407 if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
411 /* Display response */
413 d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type);
418 /* Authenticate a user with a plaintext password */
420 static BOOL wbinfo_auth(char *username)
422 struct winbindd_request request;
423 struct winbindd_response response;
427 /* Send off request */
429 ZERO_STRUCT(request);
430 ZERO_STRUCT(response);
432 p = strchr(username, '%');
436 fstrcpy(request.data.auth.user, username);
437 fstrcpy(request.data.auth.pass, p + 1);
440 fstrcpy(request.data.auth.user, username);
442 result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
444 /* Display response */
446 d_printf("plaintext password authentication %s\n",
447 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
449 d_printf("error code was %s (0x%x)\n",
450 response.data.auth.nt_status_string,
451 response.data.auth.nt_status);
453 return result == NSS_STATUS_SUCCESS;
456 /* Authenticate a user with a challenge/response */
458 static BOOL wbinfo_auth_crap(char *username)
460 struct winbindd_request request;
461 struct winbindd_response response;
468 /* Send off request */
470 ZERO_STRUCT(request);
471 ZERO_STRUCT(response);
473 p = strchr(username, '%');
477 fstrcpy(pass, p + 1);
480 parse_wbinfo_domain_user(username, name_domain, name_user);
482 fstrcpy(request.data.auth_crap.user, name_user);
484 fstrcpy(request.data.auth_crap.domain, name_domain);
486 generate_random_buffer(request.data.auth_crap.chal, 8, False);
488 SMBencrypt(pass, request.data.auth_crap.chal,
489 (uchar *)request.data.auth_crap.lm_resp);
490 SMBNTencrypt(pass, request.data.auth_crap.chal,
491 (uchar *)request.data.auth_crap.nt_resp);
493 request.data.auth_crap.lm_resp_len = 24;
494 request.data.auth_crap.nt_resp_len = 24;
496 result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
498 /* Display response */
500 d_printf("challenge/response password authentication %s\n",
501 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
503 d_printf("error code was %s (0x%x)\n",
504 response.data.auth.nt_status_string,
505 response.data.auth.nt_status);
507 return result == NSS_STATUS_SUCCESS;
510 /* Print domain users */
512 static BOOL print_domain_users(void)
514 struct winbindd_response response;
518 /* Send request to winbind daemon */
520 ZERO_STRUCT(response);
522 if (winbindd_request(WINBINDD_LIST_USERS, NULL, &response) !=
526 /* Look through extra data */
528 if (!response.extra_data)
531 extra_data = (char *)response.extra_data;
533 while(next_token(&extra_data, name, ",", sizeof(fstring)))
534 d_printf("%s\n", name);
536 SAFE_FREE(response.extra_data);
541 /* Print domain groups */
543 static BOOL print_domain_groups(void)
545 struct winbindd_response response;
549 ZERO_STRUCT(response);
551 if (winbindd_request(WINBINDD_LIST_GROUPS, NULL, &response) !=
555 /* Look through extra data */
557 if (!response.extra_data)
560 extra_data = (char *)response.extra_data;
562 while(next_token(&extra_data, name, ",", sizeof(fstring)))
563 d_printf("%s\n", name);
565 SAFE_FREE(response.extra_data);
570 /* Set the authorised user for winbindd access in secrets.tdb */
572 static BOOL wbinfo_set_auth_user(char *username)
575 fstring user, domain;
577 /* Separate into user and password */
579 parse_wbinfo_domain_user(username, domain, user);
581 password = strchr(user, '%');
589 /* Store in secrets.tdb */
591 if (!secrets_store(SECRETS_AUTH_USER, user,
593 !secrets_store(SECRETS_AUTH_DOMAIN, domain,
594 strlen(domain) + 1) ||
595 !secrets_store(SECRETS_AUTH_PASSWORD, password,
596 strlen(password) + 1)) {
597 d_fprintf(stderr, "error storing authenticated user info\n");
604 static BOOL wbinfo_ping(void)
608 result = winbindd_request(WINBINDD_PING, NULL, NULL);
610 /* Display response */
612 d_printf("'ping' to winbindd %s on fd %d\n",
613 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
615 return result == NSS_STATUS_SUCCESS;
621 OPT_SET_AUTH_USER = 1000,
625 int main(int argc, char **argv)
627 extern pstring global_myname;
631 static char *string_arg;
633 BOOL got_command = False;
636 struct poptOption long_options[] = {
639 /* longName, shortName, argInfo, argPtr, value, descrip,
642 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"},
643 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" },
644 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)" },
645 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)" },
646 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid" },
647 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name" },
648 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" },
649 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid" },
650 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid" },
651 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid" },
652 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
653 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
654 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" },
655 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups" },
656 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
657 { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
658 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" },
662 /* Samba client initialisation */
664 if (!*global_myname) {
667 fstrcpy(global_myname, myhostname());
668 p = strchr(global_myname, '.');
673 if (!lp_load(dyn_CONFIGFILE, True, False, False)) {
674 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
675 dyn_CONFIGFILE, strerror(errno));
683 pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
685 /* Parse command line options */
688 poptPrintHelp(pc, stderr, 0);
692 while((opt = poptGetNextOpt(pc)) != -1) {
694 d_fprintf(stderr, "No more than one command may be specified at once.\n");
702 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
703 POPT_CONTEXT_KEEP_FIRST);
705 while((opt = poptGetNextOpt(pc)) != -1) {
708 if (!print_domain_users()) {
709 d_printf("Error looking up domain users\n");
714 if (!print_domain_groups()) {
715 d_printf("Error looking up domain groups\n");
720 if (!wbinfo_lookupsid(string_arg)) {
721 d_printf("Could not lookup sid %s\n", string_arg);
726 if (!wbinfo_lookupname(string_arg)) {
727 d_printf("Could not lookup name %s\n", string_arg);
732 if (!wbinfo_wins_byname(string_arg)) {
733 d_printf("Could not lookup WINS by name %s\n", string_arg);
738 if (!wbinfo_wins_byip(string_arg)) {
739 d_printf("Could not lookup WINS by IP %s\n", string_arg);
744 if (!wbinfo_uid_to_sid(int_arg)) {
745 d_printf("Could not convert uid %d to sid\n", int_arg);
750 if (!wbinfo_gid_to_sid(int_arg)) {
751 d_printf("Could not convert gid %d to sid\n",
757 if (!wbinfo_sid_to_uid(string_arg)) {
758 d_printf("Could not convert sid %s to uid\n",
764 if (!wbinfo_sid_to_gid(string_arg)) {
765 d_printf("Could not convert sid %s to gid\n",
771 if (!wbinfo_check_secret()) {
772 d_printf("Could not check secret\n");
777 if (!wbinfo_list_domains()) {
778 d_printf("Could not list trusted domains\n");
783 if (!wbinfo_show_sequence()) {
784 d_printf("Could not show sequence numbers\n");
789 if (!wbinfo_get_usergroups(string_arg)) {
790 d_printf("Could not get groups for user %s\n",
796 BOOL got_error = False;
798 if (!wbinfo_auth(string_arg)) {
799 d_printf("Could not authenticate user %s with "
800 "plaintext password\n", string_arg);
804 if (!wbinfo_auth_crap(string_arg)) {
805 d_printf("Could not authenticate user %s with "
806 "challenge/response\n", string_arg);
816 if (!wbinfo_ping()) {
817 d_printf("could not ping winbindd!\n");
822 case OPT_SET_AUTH_USER:
823 if (!(wbinfo_set_auth_user(string_arg)))
827 d_fprintf(stderr, "Invalid option\n");
828 poptPrintHelp(pc, stderr, 0);