2000-07-05 15:24:26 +04:00
/*
Unix SMB / Netbios implementation .
Version 2.0
Winbind status program .
Copyright ( C ) Tim Potter 2000
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
# include "winbindd.h"
# include "debug.h"
2001-06-04 08:12:38 +04:00
/* Prototypes from common.h */
2000-07-05 15:24:26 +04:00
2001-09-05 11:55:54 +04:00
NSS_STATUS winbindd_request ( int req_type ,
struct winbindd_request * request ,
struct winbindd_response * response ) ;
2000-07-05 15:24:26 +04:00
2000-10-13 09:19:57 +04:00
/* List groups a user is a member of */
2000-10-11 09:25:32 +04:00
static BOOL wbinfo_get_usergroups ( char * user )
{
struct winbindd_request request ;
struct winbindd_response response ;
2001-09-05 11:55:54 +04:00
NSS_STATUS result ;
int i ;
2000-10-11 09:25:32 +04:00
ZERO_STRUCT ( response ) ;
/* Send request */
fstrcpy ( request . data . username , user ) ;
2000-10-11 09:45:06 +04:00
result = winbindd_request ( WINBINDD_GETGROUPS , & request , & response ) ;
2000-10-11 09:25:32 +04:00
if ( result ! = NSS_STATUS_SUCCESS ) {
return False ;
}
for ( i = 0 ; i < response . data . num_entries ; i + + ) {
2001-06-04 07:14:56 +04:00
printf ( " %d \n " , ( int ) ( ( gid_t * ) response . extra_data ) [ i ] ) ;
2000-10-11 09:25:32 +04:00
}
return True ;
}
2000-07-05 15:24:26 +04:00
/* List trusted domains */
static BOOL wbinfo_list_domains ( void )
{
struct winbindd_response response ;
fstring name ;
ZERO_STRUCT ( response ) ;
/* Send request */
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_LIST_TRUSTDOM , NULL , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
if ( response . extra_data ) {
while ( next_token ( ( char * * ) & response . extra_data , name , " , " ,
sizeof ( fstring ) ) ) {
printf ( " %s \n " , name ) ;
}
}
return True ;
}
/* Check trust account password */
static BOOL wbinfo_check_secret ( void )
{
2000-10-13 09:19:57 +04:00
struct winbindd_response response ;
BOOL result ;
ZERO_STRUCT ( response ) ;
result = winbindd_request ( WINBINDD_CHECK_MACHACC , NULL , & response ) = =
NSS_STATUS_SUCCESS ;
if ( result ) {
2001-04-25 09:47:50 +04:00
if ( response . data . num_entries = = 0 ) {
2000-10-13 09:19:57 +04:00
printf ( " Secret is good \n " ) ;
} else {
2001-04-25 09:47:50 +04:00
printf ( " Secret is bad \n 0x%08x \n " ,
response . data . num_entries ) ;
2000-10-13 09:19:57 +04:00
}
return True ;
}
return False ;
2000-07-05 15:24:26 +04:00
}
/* Convert uid to sid */
static BOOL wbinfo_uid_to_sid ( uid_t uid )
{
struct winbindd_request request ;
struct winbindd_response response ;
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
/* Send request */
request . data . uid = uid ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_UID_TO_SID , & request , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
printf ( " %s \n " , response . data . sid . sid ) ;
return True ;
}
/* Convert gid to sid */
static BOOL wbinfo_gid_to_sid ( gid_t gid )
{
struct winbindd_request request ;
struct winbindd_response response ;
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
/* Send request */
request . data . gid = gid ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_GID_TO_SID , & request , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
printf ( " %s \n " , response . data . sid . sid ) ;
return True ;
}
/* Convert sid to uid */
static BOOL wbinfo_sid_to_uid ( char * sid )
{
struct winbindd_request request ;
struct winbindd_response response ;
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
/* Send request */
fstrcpy ( request . data . sid , sid ) ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_SID_TO_UID , & request , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
2001-06-04 07:14:56 +04:00
printf ( " %d \n " , ( int ) response . data . uid ) ;
2000-07-05 15:24:26 +04:00
return True ;
}
static BOOL wbinfo_sid_to_gid ( char * sid )
{
struct winbindd_request request ;
struct winbindd_response response ;
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
/* Send request */
fstrcpy ( request . data . sid , sid ) ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_SID_TO_GID , & request , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
2001-06-04 07:14:56 +04:00
printf ( " %d \n " , ( int ) response . data . gid ) ;
2000-07-05 15:24:26 +04:00
return True ;
}
/* Convert sid to string */
static BOOL wbinfo_lookupsid ( char * sid )
{
struct winbindd_request request ;
struct winbindd_response response ;
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
/* Send off request */
fstrcpy ( request . data . sid , sid ) ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_LOOKUPSID , & request , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
printf ( " %s %d \n " , response . data . name . name , response . data . name . type ) ;
return True ;
}
/* Convert string to sid */
static BOOL wbinfo_lookupname ( char * name )
{
struct winbindd_request request ;
struct winbindd_response response ;
2001-11-14 00:28:31 +03:00
/*
* Don ' t do the lookup if the name has no separator .
*/
if ( ! strchr ( name , * lp_winbind_separator ( ) ) )
return False ;
2000-07-05 15:24:26 +04:00
/* Send off request */
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
fstrcpy ( request . data . name , name ) ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_LOOKUPNAME , & request , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Display response */
printf ( " %s %d \n " , response . data . sid . sid , response . data . sid . type ) ;
return True ;
}
2001-08-22 06:48:16 +04:00
/* Authenticate a user with a plaintext password */
static BOOL wbinfo_auth ( char * username )
{
struct winbindd_request request ;
struct winbindd_response response ;
2001-09-05 11:55:54 +04:00
NSS_STATUS result ;
2001-08-22 06:48:16 +04:00
char * p ;
2001-11-14 00:28:31 +03:00
/*
* Don ' t do the lookup if the name has no separator .
*/
if ( ! strchr ( username , * lp_winbind_separator ( ) ) )
return False ;
2001-08-22 06:48:16 +04:00
/* Send off request */
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
p = strchr ( username , ' % ' ) ;
if ( p ) {
* p = 0 ;
fstrcpy ( request . data . auth . user , username ) ;
fstrcpy ( request . data . auth . pass , p + 1 ) ;
* p = ' % ' ;
} else
fstrcpy ( request . data . auth . user , username ) ;
result = winbindd_request ( WINBINDD_PAM_AUTH , & request , & response ) ;
/* Display response */
printf ( " plaintext password authentication %s \n " ,
2001-09-05 11:55:54 +04:00
( result = = NSS_STATUS_SUCCESS ) ? " succeeded " : " failed " ) ;
2001-08-22 06:48:16 +04:00
2001-09-05 11:55:54 +04:00
return result = = NSS_STATUS_SUCCESS ;
2001-08-22 06:48:16 +04:00
}
/* Authenticate a user with a challenge/response */
static BOOL wbinfo_auth_crap ( char * username )
{
struct winbindd_request request ;
struct winbindd_response response ;
2001-09-05 11:55:54 +04:00
NSS_STATUS result ;
2001-08-22 06:48:16 +04:00
fstring pass ;
char * p ;
2001-11-14 00:28:31 +03:00
/*
* Don ' t do the lookup if the name has no separator .
*/
if ( ! strchr ( username , * lp_winbind_separator ( ) ) )
return False ;
2001-08-22 06:48:16 +04:00
/* Send off request */
ZERO_STRUCT ( request ) ;
ZERO_STRUCT ( response ) ;
p = strchr ( username , ' % ' ) ;
if ( p ) {
* p = 0 ;
fstrcpy ( request . data . auth_crap . user , username ) ;
fstrcpy ( pass , p + 1 ) ;
* p = ' % ' ;
} else
fstrcpy ( request . data . auth_crap . user , username ) ;
generate_random_buffer ( request . data . auth_crap . chal , 8 , False ) ;
2001-09-05 11:55:54 +04:00
SMBencrypt ( ( uchar * ) pass , request . data . auth_crap . chal ,
( uchar * ) request . data . auth_crap . lm_resp ) ;
SMBNTencrypt ( ( uchar * ) pass , request . data . auth_crap . chal ,
( uchar * ) request . data . auth_crap . nt_resp ) ;
2001-08-22 06:48:16 +04:00
request . data . auth_crap . lm_resp_len = 24 ;
request . data . auth_crap . nt_resp_len = 24 ;
result = winbindd_request ( WINBINDD_PAM_AUTH_CRAP , & request , & response ) ;
/* Display response */
printf ( " challenge/response password authentication %s \n " ,
2001-09-05 11:55:54 +04:00
( result = = NSS_STATUS_SUCCESS ) ? " succeeded " : " failed " ) ;
2001-08-22 06:48:16 +04:00
2001-09-05 11:55:54 +04:00
return result = = NSS_STATUS_SUCCESS ;
2001-08-22 06:48:16 +04:00
}
2000-07-05 15:24:26 +04:00
/* Print domain users */
static BOOL print_domain_users ( void )
{
struct winbindd_response response ;
fstring name ;
/* Send request to winbind daemon */
ZERO_STRUCT ( response ) ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_LIST_USERS , NULL , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Look through extra data */
if ( ! response . extra_data ) {
return False ;
}
while ( next_token ( ( char * * ) & response . extra_data , name , " , " ,
sizeof ( fstring ) ) ) {
printf ( " %s \n " , name ) ;
}
return True ;
}
/* Print domain groups */
static BOOL print_domain_groups ( void )
{
struct winbindd_response response ;
fstring name ;
ZERO_STRUCT ( response ) ;
2001-09-05 11:55:54 +04:00
if ( winbindd_request ( WINBINDD_LIST_GROUPS , NULL , & response ) ! =
NSS_STATUS_SUCCESS ) {
2000-07-05 15:24:26 +04:00
return False ;
}
/* Look through extra data */
if ( ! response . extra_data ) {
return False ;
}
while ( next_token ( ( char * * ) & response . extra_data , name , " , " ,
sizeof ( fstring ) ) ) {
printf ( " %s \n " , name ) ;
}
return True ;
}
2001-12-11 08:18:36 +03:00
/* Set the authorised user for winbindd access in secrets.tdb */
static BOOL wbinfo_set_auth_user ( char * username )
{
char * password ;
/* Separate into user and password */
password = strchr ( username , ' % ' ) ;
if ( password ) {
* password = 0 ;
password + + ;
} else
password = " " ;
/* Store in secrets.tdb */
if ( ! secrets_store ( SECRETS_AUTH_USER , username , strlen ( username ) + 1 ) | |
! secrets_store ( SECRETS_AUTH_PASSWORD , password , strlen ( password ) + 1 ) ) {
fprintf ( stderr , " error storing authenticated user info \n " ) ;
return False ;
}
return True ;
}
2000-07-05 15:24:26 +04:00
/* Print program usage */
static void usage ( void )
{
2001-08-22 06:48:16 +04:00
printf ( " Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm "
" | -a user%%password \n " ) ;
printf ( " \t -u \t \t \t lists all domain users \n " ) ;
printf ( " \t -g \t \t \t lists all domain groups \n " ) ;
printf ( " \t -n name \t \t \t converts name to sid \n " ) ;
printf ( " \t -s sid \t \t \t converts sid to name \n " ) ;
printf ( " \t -U uid \t \t \t converts uid to sid \n " ) ;
printf ( " \t -G gid \t \t \t converts gid to sid \n " ) ;
printf ( " \t -S sid \t \t \t converts sid to uid \n " ) ;
printf ( " \t -Y sid \t \t \t converts sid to gid \n " ) ;
printf ( " \t -t \t \t \t check shared secret \n " ) ;
printf ( " \t -m \t \t \t list trusted domains \n " ) ;
printf ( " \t -r user \t \t \t get user groups \n " ) ;
printf ( " \t -a user%%password \t authenticate user \n " ) ;
2000-07-05 15:24:26 +04:00
}
/* Main program */
2001-12-11 08:18:36 +03:00
enum {
OPT_SET_AUTH_USER = 1000
} ;
2000-07-05 15:24:26 +04:00
int main ( int argc , char * * argv )
{
extern pstring global_myname ;
int opt ;
2001-12-11 08:18:36 +03:00
poptContext pc ;
2001-12-11 21:08:48 +03:00
static char * string_arg ;
static int int_arg ;
2001-12-11 08:18:36 +03:00
BOOL got_command = False ;
struct poptOption long_options [ ] = {
/* longName, shortName, argInfo, argPtr, value, descrip, argDesc */
{ " domain-users " , ' u ' , POPT_ARG_NONE , 0 , ' u ' } ,
{ " domain-groups " , ' g ' , POPT_ARG_NONE , 0 , ' g ' } ,
{ " name-to-sid " , ' n ' , POPT_ARG_STRING , & string_arg , ' n ' } ,
{ " sid-to-name " , ' s ' , POPT_ARG_STRING , & string_arg , ' s ' } ,
{ " uid-to-sid " , ' U ' , POPT_ARG_INT , & int_arg , ' U ' } ,
{ " gid-to-sid " , ' G ' , POPT_ARG_INT , & int_arg , ' G ' } ,
{ " sid-to-uid " , ' S ' , POPT_ARG_STRING , & string_arg , ' S ' } ,
{ " sid-to-gid " , ' Y ' , POPT_ARG_STRING , & string_arg , ' Y ' } ,
{ " check-secret " , ' t ' , POPT_ARG_NONE , 0 , ' t ' } ,
{ " trusted-domains " , ' m ' , POPT_ARG_NONE , 0 , ' m ' } ,
{ " user-groups " , ' r ' , POPT_ARG_STRING , & string_arg , ' r ' } ,
2001-12-12 02:27:45 +03:00
{ " authenticate " , ' a ' , POPT_ARG_STRING , & string_arg , ' a ' } ,
2001-12-11 08:18:36 +03:00
{ " set-auth-user " , 0 , POPT_ARG_STRING , & string_arg , OPT_SET_AUTH_USER } ,
{ 0 , 0 , 0 , 0 }
} ;
2000-07-05 15:24:26 +04:00
/* Samba client initialisation */
if ( ! * global_myname ) {
char * p ;
fstrcpy ( global_myname , myhostname ( ) ) ;
2001-07-19 01:50:20 +04:00
p = strchr ( global_myname , ' . ' ) ;
2000-07-05 15:24:26 +04:00
if ( p ) {
* p = 0 ;
}
}
2001-11-19 05:49:53 +03:00
if ( ! lp_load ( dyn_CONFIGFILE , True , False , False ) ) {
2001-12-05 00:30:52 +03:00
fprintf ( stderr , " wbinfo: error opening config file %s. Error was %s \n " ,
dyn_CONFIGFILE , strerror ( errno ) ) ;
2000-07-05 15:24:26 +04:00
exit ( 1 ) ;
}
load_interfaces ( ) ;
/* Parse command line options */
if ( argc = = 1 ) {
usage ( ) ;
return 1 ;
}
2001-12-11 08:18:36 +03:00
/* Parse options */
pc = poptGetContext ( " wbinfo " , argc , ( const char * * ) argv , long_options , 0 ) ;
while ( ( opt = poptGetNextOpt ( pc ) ) ! = - 1 ) {
if ( got_command ) {
fprintf ( stderr , " No more than one command may be specified "
" at once. \n " ) ;
exit ( 1 ) ;
}
got_command = True ;
}
pc = poptGetContext ( NULL , argc , ( const char * * ) argv , long_options ,
POPT_CONTEXT_KEEP_FIRST ) ;
while ( ( opt = poptGetNextOpt ( pc ) ) ! = - 1 ) {
2000-07-05 15:24:26 +04:00
switch ( opt ) {
case ' u ' :
if ( ! print_domain_users ( ) ) {
printf ( " Error looking up domain users \n " ) ;
return 1 ;
}
break ;
case ' g ' :
if ( ! print_domain_groups ( ) ) {
printf ( " Error looking up domain groups \n " ) ;
return 1 ;
}
break ;
case ' s ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_lookupsid ( string_arg ) ) {
printf ( " Could not lookup sid %s \n " , string_arg ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
break ;
case ' n ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_lookupname ( string_arg ) ) {
printf ( " Could not lookup name %s \n " , string_arg ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
break ;
case ' U ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_uid_to_sid ( int_arg ) ) {
printf ( " Could not convert uid %d to sid \n " , int_arg ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
break ;
case ' G ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_gid_to_sid ( int_arg ) ) {
printf ( " Could not convert gid %d to sid \n " ,
int_arg ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
break ;
case ' S ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_sid_to_uid ( string_arg ) ) {
2000-07-05 15:24:26 +04:00
printf ( " Could not convert sid %s to uid \n " ,
2001-12-11 08:18:36 +03:00
string_arg ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
break ;
case ' Y ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_sid_to_gid ( string_arg ) ) {
2000-07-05 15:24:26 +04:00
printf ( " Could not convert sid %s to gid \n " ,
2001-12-11 08:18:36 +03:00
string_arg ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
break ;
case ' t ' :
if ( ! wbinfo_check_secret ( ) ) {
printf ( " Could not check secret \n " ) ;
return 1 ;
}
break ;
case ' m ' :
if ( ! wbinfo_list_domains ( ) ) {
printf ( " Could not list trusted domains \n " ) ;
return 1 ;
}
break ;
2000-10-11 09:25:32 +04:00
case ' r ' :
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_get_usergroups ( string_arg ) ) {
2000-10-11 09:25:32 +04:00
printf ( " Could not get groups for user %s \n " ,
2001-12-11 08:18:36 +03:00
string_arg ) ;
2000-10-11 09:25:32 +04:00
return 1 ;
}
break ;
2001-08-22 06:48:16 +04:00
case ' a ' : {
BOOL got_error = False ;
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_auth ( string_arg ) ) {
2001-08-22 06:48:16 +04:00
printf ( " Could not authenticate user %s with "
2001-12-11 08:18:36 +03:00
" plaintext password \n " , string_arg ) ;
2001-08-22 06:48:16 +04:00
got_error = True ;
}
2001-12-11 08:18:36 +03:00
if ( ! wbinfo_auth_crap ( string_arg ) ) {
2001-08-22 06:48:16 +04:00
printf ( " Could not authenticate user %s with "
2001-12-11 08:18:36 +03:00
" challenge/response \n " , string_arg ) ;
2001-08-22 06:48:16 +04:00
got_error = True ;
}
2001-12-11 08:18:36 +03:00
2001-08-22 06:48:16 +04:00
if ( got_error )
return 1 ;
break ;
2001-12-11 08:18:36 +03:00
}
case OPT_SET_AUTH_USER :
if ( ! ( wbinfo_set_auth_user ( string_arg ) ) ) {
return 1 ;
}
break ;
2000-07-05 15:24:26 +04:00
default :
2001-12-11 08:18:36 +03:00
fprintf ( stderr , " Invalid option \n " ) ;
2000-07-05 15:24:26 +04:00
return 1 ;
}
}
2001-12-11 08:18:36 +03:00
2000-07-05 15:24:26 +04:00
/* Clean exit */
return 0 ;
}