00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #include "includes.h"
00025 #include "winbindd.h"
00026 #include "debug.h"
00027
00028 #undef DBGC_CLASS
00029 #define DBGC_CLASS DBGC_WINBIND
00030
00031 extern int winbindd_fd;
00032
00033 static char winbind_separator_int(BOOL strict)
00034 {
00035 struct winbindd_response response;
00036 static BOOL got_sep;
00037 static char sep;
00038
00039 if (got_sep)
00040 return sep;
00041
00042 ZERO_STRUCT(response);
00043
00044
00045
00046 if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
00047 NSS_STATUS_SUCCESS) {
00048 d_fprintf(stderr, "could not obtain winbind separator!\n");
00049 if (strict) {
00050 return 0;
00051 }
00052
00053 return *lp_winbind_separator();
00054 }
00055
00056 sep = response.data.info.winbind_separator;
00057 got_sep = True;
00058
00059 if (!sep) {
00060 d_fprintf(stderr, "winbind separator was NULL!\n");
00061 if (strict) {
00062 return 0;
00063 }
00064
00065 sep = *lp_winbind_separator();
00066 }
00067
00068 return sep;
00069 }
00070
00071 static char winbind_separator(void)
00072 {
00073 return winbind_separator_int(False);
00074 }
00075
00076 static const char *get_winbind_domain(void)
00077 {
00078 struct winbindd_response response;
00079 static fstring winbind_domain;
00080
00081 ZERO_STRUCT(response);
00082
00083
00084
00085 if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
00086 NSS_STATUS_SUCCESS) {
00087 d_fprintf(stderr, "could not obtain winbind domain name!\n");
00088
00089
00090 return lp_workgroup();
00091 }
00092
00093 fstrcpy(winbind_domain, response.data.domain_name);
00094
00095 return winbind_domain;
00096
00097 }
00098
00099
00100
00101
00102 static BOOL parse_wbinfo_domain_user(const char *domuser, fstring domain,
00103 fstring user)
00104 {
00105
00106 char *p = strchr(domuser,winbind_separator());
00107
00108 if (!p) {
00109 fstrcpy(user, domuser);
00110 fstrcpy(domain, get_winbind_domain());
00111 return True;
00112 }
00113
00114 fstrcpy(user, p+1);
00115 fstrcpy(domain, domuser);
00116 domain[PTR_DIFF(p, domuser)] = 0;
00117 strupper_m(domain);
00118
00119 return True;
00120 }
00121
00122
00123
00124 static BOOL wbinfo_get_userinfo(char *user)
00125 {
00126 struct winbindd_request request;
00127 struct winbindd_response response;
00128 NSS_STATUS result;
00129
00130 ZERO_STRUCT(request);
00131 ZERO_STRUCT(response);
00132
00133
00134
00135 fstrcpy(request.data.username, user);
00136
00137 result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
00138
00139 if (result != NSS_STATUS_SUCCESS)
00140 return False;
00141
00142 d_printf( "%s:%s:%d:%d:%s:%s:%s\n",
00143 response.data.pw.pw_name,
00144 response.data.pw.pw_passwd,
00145 response.data.pw.pw_uid,
00146 response.data.pw.pw_gid,
00147 response.data.pw.pw_gecos,
00148 response.data.pw.pw_dir,
00149 response.data.pw.pw_shell );
00150
00151 return True;
00152 }
00153
00154
00155 static BOOL wbinfo_get_groupinfo(char *group)
00156 {
00157 struct winbindd_request request;
00158 struct winbindd_response response;
00159 NSS_STATUS result;
00160
00161 ZERO_STRUCT(request);
00162 ZERO_STRUCT(response);
00163
00164
00165
00166 fstrcpy(request.data.groupname, group);
00167
00168 result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
00169 &response);
00170
00171 if ( result != NSS_STATUS_SUCCESS)
00172 return False;
00173
00174 d_printf( "%s:%s:%d\n",
00175 response.data.gr.gr_name,
00176 response.data.gr.gr_passwd,
00177 response.data.gr.gr_gid );
00178
00179 return True;
00180 }
00181
00182
00183
00184 static BOOL wbinfo_get_usergroups(char *user)
00185 {
00186 struct winbindd_request request;
00187 struct winbindd_response response;
00188 NSS_STATUS result;
00189 int i;
00190
00191 ZERO_STRUCT(request);
00192 ZERO_STRUCT(response);
00193
00194
00195
00196 fstrcpy(request.data.username, user);
00197
00198 result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
00199
00200 if (result != NSS_STATUS_SUCCESS)
00201 return False;
00202
00203 for (i = 0; i < response.data.num_entries; i++)
00204 d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
00205
00206 SAFE_FREE(response.extra_data.data);
00207
00208 return True;
00209 }
00210
00211
00212
00213 static BOOL wbinfo_get_usersids(char *user_sid)
00214 {
00215 struct winbindd_request request;
00216 struct winbindd_response response;
00217 NSS_STATUS result;
00218 int i;
00219 const char *s;
00220
00221 ZERO_STRUCT(request);
00222 ZERO_STRUCT(response);
00223
00224
00225 fstrcpy(request.data.sid, user_sid);
00226
00227 result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
00228
00229 if (result != NSS_STATUS_SUCCESS)
00230 return False;
00231
00232 s = (const char *)response.extra_data.data;
00233 for (i = 0; i < response.data.num_entries; i++) {
00234 d_printf("%s\n", s);
00235 s += strlen(s) + 1;
00236 }
00237
00238 SAFE_FREE(response.extra_data.data);
00239
00240 return True;
00241 }
00242
00243 static BOOL wbinfo_get_userdomgroups(const char *user_sid)
00244 {
00245 struct winbindd_request request;
00246 struct winbindd_response response;
00247 NSS_STATUS result;
00248
00249 ZERO_STRUCT(request);
00250 ZERO_STRUCT(response);
00251
00252
00253 fstrcpy(request.data.sid, user_sid);
00254
00255 result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
00256 &response);
00257
00258 if (result != NSS_STATUS_SUCCESS)
00259 return False;
00260
00261 if (response.data.num_entries != 0)
00262 printf("%s", (char *)response.extra_data.data);
00263
00264 SAFE_FREE(response.extra_data.data);
00265
00266 return True;
00267 }
00268
00269
00270
00271 static BOOL wbinfo_wins_byname(char *name)
00272 {
00273 struct winbindd_request request;
00274 struct winbindd_response response;
00275
00276 ZERO_STRUCT(request);
00277 ZERO_STRUCT(response);
00278
00279
00280
00281 fstrcpy(request.data.winsreq, name);
00282
00283 if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
00284 NSS_STATUS_SUCCESS) {
00285 return False;
00286 }
00287
00288
00289
00290 d_printf("%s\n", response.data.winsresp);
00291
00292 return True;
00293 }
00294
00295
00296
00297 static BOOL wbinfo_wins_byip(char *ip)
00298 {
00299 struct winbindd_request request;
00300 struct winbindd_response response;
00301
00302 ZERO_STRUCT(request);
00303 ZERO_STRUCT(response);
00304
00305
00306
00307 fstrcpy(request.data.winsreq, ip);
00308
00309 if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
00310 NSS_STATUS_SUCCESS) {
00311 return False;
00312 }
00313
00314
00315
00316 d_printf("%s\n", response.data.winsresp);
00317
00318 return True;
00319 }
00320
00321
00322
00323 static BOOL wbinfo_list_domains(BOOL list_all_domains)
00324 {
00325 struct winbindd_request request;
00326 struct winbindd_response response;
00327
00328 ZERO_STRUCT(request);
00329 ZERO_STRUCT(response);
00330
00331
00332
00333 request.data.list_all_domains = list_all_domains;
00334
00335 if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
00336 NSS_STATUS_SUCCESS)
00337 return False;
00338
00339
00340
00341 if (response.extra_data.data) {
00342 const char *extra_data = (char *)response.extra_data.data;
00343 fstring name;
00344 char *p;
00345
00346 while(next_token(&extra_data, name, "\n", sizeof(fstring))) {
00347 p = strchr(name, '\\');
00348 if (p == 0) {
00349 d_fprintf(stderr, "Got invalid response: %s\n",
00350 extra_data);
00351 return False;
00352 }
00353 *p = 0;
00354 d_printf("%s\n", name);
00355 }
00356
00357 SAFE_FREE(response.extra_data.data);
00358 }
00359
00360 return True;
00361 }
00362
00363
00364
00365 static BOOL wbinfo_list_own_domain(void)
00366 {
00367 d_printf("%s\n", get_winbind_domain());
00368
00369 return True;
00370 }
00371
00372
00373 static BOOL wbinfo_show_sequence(const char *domain)
00374 {
00375 struct winbindd_request request;
00376 struct winbindd_response response;
00377
00378 ZERO_STRUCT(response);
00379 ZERO_STRUCT(request);
00380
00381 if ( domain )
00382 fstrcpy( request.domain_name, domain );
00383
00384
00385
00386 if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
00387 NSS_STATUS_SUCCESS)
00388 return False;
00389
00390
00391
00392 if (response.extra_data.data) {
00393 char *extra_data = (char *)response.extra_data.data;
00394 d_printf("%s", extra_data);
00395 SAFE_FREE(response.extra_data.data);
00396 }
00397
00398 return True;
00399 }
00400
00401
00402
00403 static BOOL wbinfo_domain_info(const char *domain_name)
00404 {
00405 struct winbindd_request request;
00406 struct winbindd_response response;
00407
00408 ZERO_STRUCT(request);
00409 ZERO_STRUCT(response);
00410
00411 if ((strequal(domain_name, ".")) || (domain_name[0] == '\0'))
00412 fstrcpy(request.domain_name, get_winbind_domain());
00413 else
00414 fstrcpy(request.domain_name, domain_name);
00415
00416
00417
00418 if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
00419 NSS_STATUS_SUCCESS)
00420 return False;
00421
00422
00423
00424 d_printf("Name : %s\n", response.data.domain_info.name);
00425 d_printf("Alt_Name : %s\n", response.data.domain_info.alt_name);
00426
00427 d_printf("SID : %s\n", response.data.domain_info.sid);
00428
00429 d_printf("Active Directory : %s\n",
00430 response.data.domain_info.active_directory ? "Yes" : "No");
00431 d_printf("Native : %s\n",
00432 response.data.domain_info.native_mode ? "Yes" : "No");
00433
00434 d_printf("Primary : %s\n",
00435 response.data.domain_info.primary ? "Yes" : "No");
00436
00437 d_printf("Sequence : %d\n", response.data.domain_info.sequence_number);
00438
00439 return True;
00440 }
00441
00442
00443 static BOOL wbinfo_getdcname(const char *domain_name)
00444 {
00445 struct winbindd_request request;
00446 struct winbindd_response response;
00447
00448 ZERO_STRUCT(request);
00449 ZERO_STRUCT(response);
00450
00451 fstrcpy(request.domain_name, domain_name);
00452
00453
00454
00455 if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
00456 NSS_STATUS_SUCCESS) {
00457 d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
00458 return False;
00459 }
00460
00461
00462
00463 d_printf("%s\n", response.data.dc_name);
00464
00465 return True;
00466 }
00467
00468
00469
00470 static BOOL wbinfo_check_secret(void)
00471 {
00472 struct winbindd_response response;
00473 NSS_STATUS result;
00474
00475 ZERO_STRUCT(response);
00476
00477 result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
00478
00479 d_printf("checking the trust secret via RPC calls %s\n",
00480 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
00481
00482 if (result != NSS_STATUS_SUCCESS)
00483 d_fprintf(stderr, "error code was %s (0x%x)\n",
00484 response.data.auth.nt_status_string,
00485 response.data.auth.nt_status);
00486
00487 return result == NSS_STATUS_SUCCESS;
00488 }
00489
00490
00491
00492 static BOOL wbinfo_uid_to_sid(uid_t uid)
00493 {
00494 struct winbindd_request request;
00495 struct winbindd_response response;
00496
00497 ZERO_STRUCT(request);
00498 ZERO_STRUCT(response);
00499
00500
00501
00502 request.data.uid = uid;
00503
00504 if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
00505 NSS_STATUS_SUCCESS)
00506 return False;
00507
00508
00509
00510 d_printf("%s\n", response.data.sid.sid);
00511
00512 return True;
00513 }
00514
00515
00516
00517 static BOOL wbinfo_gid_to_sid(gid_t gid)
00518 {
00519 struct winbindd_request request;
00520 struct winbindd_response response;
00521
00522 ZERO_STRUCT(request);
00523 ZERO_STRUCT(response);
00524
00525
00526
00527 request.data.gid = gid;
00528
00529 if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
00530 NSS_STATUS_SUCCESS)
00531 return False;
00532
00533
00534
00535 d_printf("%s\n", response.data.sid.sid);
00536
00537 return True;
00538 }
00539
00540
00541
00542 static BOOL wbinfo_sid_to_uid(char *sid)
00543 {
00544 struct winbindd_request request;
00545 struct winbindd_response response;
00546
00547 ZERO_STRUCT(request);
00548 ZERO_STRUCT(response);
00549
00550
00551
00552 fstrcpy(request.data.sid, sid);
00553
00554 if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
00555 NSS_STATUS_SUCCESS)
00556 return False;
00557
00558
00559
00560 d_printf("%d\n", (int)response.data.uid);
00561
00562 return True;
00563 }
00564
00565 static BOOL wbinfo_sid_to_gid(char *sid)
00566 {
00567 struct winbindd_request request;
00568 struct winbindd_response response;
00569
00570 ZERO_STRUCT(request);
00571 ZERO_STRUCT(response);
00572
00573
00574
00575 fstrcpy(request.data.sid, sid);
00576
00577 if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
00578 NSS_STATUS_SUCCESS)
00579 return False;
00580
00581
00582
00583 d_printf("%d\n", (int)response.data.gid);
00584
00585 return True;
00586 }
00587
00588 static BOOL wbinfo_allocate_uid(void)
00589 {
00590 uid_t uid;
00591
00592 if (!winbind_allocate_uid(&uid))
00593 return False;
00594
00595 d_printf("New uid: %d\n", uid);
00596
00597 return True;
00598 }
00599
00600 static BOOL wbinfo_allocate_gid(void)
00601 {
00602 gid_t gid;
00603
00604 if (!winbind_allocate_gid(&gid))
00605 return False;
00606
00607 d_printf("New gid: %d\n", gid);
00608
00609 return True;
00610 }
00611
00612
00613
00614 static BOOL wbinfo_lookupsid(char *sid)
00615 {
00616 struct winbindd_request request;
00617 struct winbindd_response response;
00618
00619 ZERO_STRUCT(request);
00620 ZERO_STRUCT(response);
00621
00622
00623
00624 fstrcpy(request.data.sid, sid);
00625
00626 if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
00627 NSS_STATUS_SUCCESS)
00628 return False;
00629
00630
00631
00632 d_printf("%s%c%s %d\n", response.data.name.dom_name,
00633 winbind_separator(), response.data.name.name,
00634 response.data.name.type);
00635
00636 return True;
00637 }
00638
00639
00640
00641 static BOOL wbinfo_lookuprids(char *domain, char *arg)
00642 {
00643 size_t i;
00644 DOM_SID sid;
00645 int num_rids;
00646 uint32 *rids;
00647 const char *p;
00648 char ridstr[32];
00649 const char **names;
00650 enum lsa_SidType *types;
00651 const char *domain_name;
00652 TALLOC_CTX *mem_ctx;
00653 struct winbindd_request request;
00654 struct winbindd_response response;
00655
00656 ZERO_STRUCT(request);
00657 ZERO_STRUCT(response);
00658
00659 if ((domain == NULL) || (strequal(domain, ".")) || (domain[0] == '\0'))
00660 fstrcpy(request.domain_name, get_winbind_domain());
00661 else
00662 fstrcpy(request.domain_name, domain);
00663
00664
00665
00666 if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
00667 NSS_STATUS_SUCCESS) {
00668 d_printf("Could not get domain sid for %s\n", request.domain_name);
00669 return False;
00670 }
00671
00672 if (!string_to_sid(&sid, response.data.domain_info.sid)) {
00673 d_printf("Could not convert %s to sid\n", response.data.domain_info.sid);
00674 return False;
00675 }
00676
00677 mem_ctx = talloc_new(NULL);
00678 if (mem_ctx == NULL) {
00679 d_printf("talloc_new failed\n");
00680 return False;
00681 }
00682
00683 num_rids = 0;
00684 rids = NULL;
00685 p = arg;
00686
00687 while (next_token(&p, ridstr, " ,\n", sizeof(ridstr))) {
00688 uint32 rid = strtoul(ridstr, NULL, 10);
00689 ADD_TO_ARRAY(mem_ctx, uint32, rid, &rids, &num_rids);
00690 }
00691
00692 if (rids == NULL) {
00693 TALLOC_FREE(mem_ctx);
00694 return False;
00695 }
00696
00697 if (!winbind_lookup_rids(mem_ctx, &sid, num_rids, rids,
00698 &domain_name, &names, &types)) {
00699 d_printf("winbind_lookup_rids failed\n");
00700 TALLOC_FREE(mem_ctx);
00701 return False;
00702 }
00703
00704 d_printf("Domain: %s\n", domain_name);
00705
00706 for (i=0; i<num_rids; i++) {
00707 d_printf("%8d: %s (%s)\n", rids[i], names[i],
00708 sid_type_lookup(types[i]));
00709 }
00710
00711 TALLOC_FREE(mem_ctx);
00712 return True;
00713 }
00714
00715
00716
00717 static BOOL wbinfo_lookupname(char *name)
00718 {
00719 struct winbindd_request request;
00720 struct winbindd_response response;
00721
00722
00723
00724 ZERO_STRUCT(request);
00725 ZERO_STRUCT(response);
00726
00727 parse_wbinfo_domain_user(name, request.data.name.dom_name,
00728 request.data.name.name);
00729
00730 if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
00731 NSS_STATUS_SUCCESS)
00732 return False;
00733
00734
00735
00736 d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
00737
00738 return True;
00739 }
00740
00741
00742
00743 static BOOL wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
00744 {
00745 struct winbindd_request request;
00746 struct winbindd_response response;
00747 NSS_STATUS result;
00748 char *p;
00749
00750
00751
00752 ZERO_STRUCT(request);
00753 ZERO_STRUCT(response);
00754
00755 p = strchr(username, '%');
00756
00757 if (p) {
00758 *p = 0;
00759 fstrcpy(request.data.auth.user, username);
00760 fstrcpy(request.data.auth.pass, p + 1);
00761 *p = '%';
00762 } else
00763 fstrcpy(request.data.auth.user, username);
00764
00765 request.flags = flags;
00766
00767 fstrcpy(request.data.auth.krb5_cc_type, cctype);
00768
00769 request.data.auth.uid = geteuid();
00770
00771 result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
00772
00773
00774
00775 d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
00776 username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
00777
00778 if (response.data.auth.nt_status)
00779 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
00780 response.data.auth.nt_status_string,
00781 response.data.auth.nt_status,
00782 response.data.auth.error_string);
00783
00784 if (result == NSS_STATUS_SUCCESS) {
00785
00786 if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
00787 if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
00788 d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
00789 }
00790 }
00791
00792 if (response.data.auth.krb5ccname[0] != '\0') {
00793 d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
00794 } else {
00795 d_printf("no credentials cached\n");
00796 }
00797 }
00798
00799 return result == NSS_STATUS_SUCCESS;
00800 }
00801
00802
00803
00804 static BOOL wbinfo_auth(char *username)
00805 {
00806 struct winbindd_request request;
00807 struct winbindd_response response;
00808 NSS_STATUS result;
00809 char *p;
00810
00811
00812
00813 ZERO_STRUCT(request);
00814 ZERO_STRUCT(response);
00815
00816 p = strchr(username, '%');
00817
00818 if (p) {
00819 *p = 0;
00820 fstrcpy(request.data.auth.user, username);
00821 fstrcpy(request.data.auth.pass, p + 1);
00822 *p = '%';
00823 } else
00824 fstrcpy(request.data.auth.user, username);
00825
00826 result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
00827
00828
00829
00830 d_printf("plaintext password authentication %s\n",
00831 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
00832
00833 if (response.data.auth.nt_status)
00834 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
00835 response.data.auth.nt_status_string,
00836 response.data.auth.nt_status,
00837 response.data.auth.error_string);
00838
00839 return result == NSS_STATUS_SUCCESS;
00840 }
00841
00842
00843
00844 static BOOL wbinfo_auth_crap(char *username)
00845 {
00846 struct winbindd_request request;
00847 struct winbindd_response response;
00848 NSS_STATUS result;
00849 fstring name_user;
00850 fstring name_domain;
00851 fstring pass;
00852 char *p;
00853
00854
00855
00856 ZERO_STRUCT(request);
00857 ZERO_STRUCT(response);
00858
00859 p = strchr(username, '%');
00860
00861 if (p) {
00862 *p = 0;
00863 fstrcpy(pass, p + 1);
00864 }
00865
00866 parse_wbinfo_domain_user(username, name_domain, name_user);
00867
00868 request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
00869
00870 fstrcpy(request.data.auth_crap.user, name_user);
00871
00872 fstrcpy(request.data.auth_crap.domain,
00873 name_domain);
00874
00875 generate_random_buffer(request.data.auth_crap.chal, 8);
00876
00877 if (lp_client_ntlmv2_auth()) {
00878 DATA_BLOB server_chal;
00879 DATA_BLOB names_blob;
00880
00881 DATA_BLOB lm_response;
00882 DATA_BLOB nt_response;
00883
00884 server_chal = data_blob(request.data.auth_crap.chal, 8);
00885
00886
00887 names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
00888
00889 if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
00890 &names_blob,
00891 &lm_response, &nt_response, NULL)) {
00892 data_blob_free(&names_blob);
00893 data_blob_free(&server_chal);
00894 return False;
00895 }
00896 data_blob_free(&names_blob);
00897 data_blob_free(&server_chal);
00898
00899 memcpy(request.data.auth_crap.nt_resp, nt_response.data,
00900 MIN(nt_response.length,
00901 sizeof(request.data.auth_crap.nt_resp)));
00902 request.data.auth_crap.nt_resp_len = nt_response.length;
00903
00904 memcpy(request.data.auth_crap.lm_resp, lm_response.data,
00905 MIN(lm_response.length,
00906 sizeof(request.data.auth_crap.lm_resp)));
00907 request.data.auth_crap.lm_resp_len = lm_response.length;
00908
00909 data_blob_free(&nt_response);
00910 data_blob_free(&lm_response);
00911
00912 } else {
00913 if (lp_client_lanman_auth()
00914 && SMBencrypt(pass, request.data.auth_crap.chal,
00915 (uchar *)request.data.auth_crap.lm_resp)) {
00916 request.data.auth_crap.lm_resp_len = 24;
00917 } else {
00918 request.data.auth_crap.lm_resp_len = 0;
00919 }
00920 SMBNTencrypt(pass, request.data.auth_crap.chal,
00921 (uchar *)request.data.auth_crap.nt_resp);
00922
00923 request.data.auth_crap.nt_resp_len = 24;
00924 }
00925
00926 result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
00927
00928
00929
00930 d_printf("challenge/response password authentication %s\n",
00931 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
00932
00933 if (response.data.auth.nt_status)
00934 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
00935 response.data.auth.nt_status_string,
00936 response.data.auth.nt_status,
00937 response.data.auth.error_string);
00938
00939 return result == NSS_STATUS_SUCCESS;
00940 }
00941
00942
00943
00944 static BOOL wbinfo_klog(char *username)
00945 {
00946 struct winbindd_request request;
00947 struct winbindd_response response;
00948 NSS_STATUS result;
00949 char *p;
00950
00951
00952
00953 ZERO_STRUCT(request);
00954 ZERO_STRUCT(response);
00955
00956 p = strchr(username, '%');
00957
00958 if (p) {
00959 *p = 0;
00960 fstrcpy(request.data.auth.user, username);
00961 fstrcpy(request.data.auth.pass, p + 1);
00962 *p = '%';
00963 } else {
00964 fstrcpy(request.data.auth.user, username);
00965 fstrcpy(request.data.auth.pass, getpass("Password: "));
00966 }
00967
00968 request.flags |= WBFLAG_PAM_AFS_TOKEN;
00969
00970 result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
00971
00972
00973
00974 d_printf("plaintext password authentication %s\n",
00975 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
00976
00977 if (response.data.auth.nt_status)
00978 d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
00979 response.data.auth.nt_status_string,
00980 response.data.auth.nt_status,
00981 response.data.auth.error_string);
00982
00983 if (result != NSS_STATUS_SUCCESS)
00984 return False;
00985
00986 if (response.extra_data.data == NULL) {
00987 d_fprintf(stderr, "Did not get token data\n");
00988 return False;
00989 }
00990
00991 if (!afs_settoken_str((char *)response.extra_data.data)) {
00992 d_fprintf(stderr, "Could not set token\n");
00993 return False;
00994 }
00995
00996 d_printf("Successfully created AFS token\n");
00997 return True;
00998 }
00999
01000
01001
01002 static BOOL print_domain_users(const char *domain)
01003 {
01004 struct winbindd_request request;
01005 struct winbindd_response response;
01006 const char *extra_data;
01007 fstring name;
01008
01009
01010
01011 ZERO_STRUCT(request);
01012 ZERO_STRUCT(response);
01013
01014 if (domain) {
01015
01016 if ( strequal(domain, ".") )
01017 fstrcpy( request.domain_name, get_winbind_domain() );
01018 else
01019 fstrcpy( request.domain_name, domain );
01020 }
01021
01022 if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
01023 NSS_STATUS_SUCCESS)
01024 return False;
01025
01026
01027
01028 if (!response.extra_data.data)
01029 return False;
01030
01031 extra_data = (const char *)response.extra_data.data;
01032
01033 while(next_token(&extra_data, name, ",", sizeof(fstring)))
01034 d_printf("%s\n", name);
01035
01036 SAFE_FREE(response.extra_data.data);
01037
01038 return True;
01039 }
01040
01041
01042
01043 static BOOL print_domain_groups(const char *domain)
01044 {
01045 struct winbindd_request request;
01046 struct winbindd_response response;
01047 const char *extra_data;
01048 fstring name;
01049
01050 ZERO_STRUCT(request);
01051 ZERO_STRUCT(response);
01052
01053 if (domain) {
01054 if ( strequal(domain, ".") )
01055 fstrcpy( request.domain_name, get_winbind_domain() );
01056 else
01057 fstrcpy( request.domain_name, domain );
01058 }
01059
01060 if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
01061 NSS_STATUS_SUCCESS)
01062 return False;
01063
01064
01065
01066 if (!response.extra_data.data)
01067 return False;
01068
01069 extra_data = (const char *)response.extra_data.data;
01070
01071 while(next_token(&extra_data, name, ",", sizeof(fstring)))
01072 d_printf("%s\n", name);
01073
01074 SAFE_FREE(response.extra_data.data);
01075
01076 return True;
01077 }
01078
01079
01080
01081 static BOOL wbinfo_set_auth_user(char *username)
01082 {
01083 const char *password;
01084 char *p;
01085 fstring user, domain;
01086
01087
01088
01089 parse_wbinfo_domain_user(username, domain, user);
01090
01091 p = strchr(user, '%');
01092
01093 if (p != NULL) {
01094 *p = 0;
01095 password = p+1;
01096 } else {
01097 char *thepass = getpass("Password: ");
01098 if (thepass) {
01099 password = thepass;
01100 } else
01101 password = "";
01102 }
01103
01104
01105
01106 secrets_init();
01107
01108 if (user[0]) {
01109
01110 if (!secrets_store(SECRETS_AUTH_USER, user,
01111 strlen(user) + 1)) {
01112 d_fprintf(stderr, "error storing username\n");
01113 return False;
01114 }
01115
01116
01117
01118
01119 if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
01120 strlen(domain) + 1)) {
01121 d_fprintf(stderr, "error storing domain name\n");
01122 return False;
01123 }
01124
01125 } else {
01126 secrets_delete(SECRETS_AUTH_USER);
01127 secrets_delete(SECRETS_AUTH_DOMAIN);
01128 }
01129
01130 if (password[0]) {
01131
01132 if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
01133 strlen(password) + 1)) {
01134 d_fprintf(stderr, "error storing password\n");
01135 return False;
01136 }
01137
01138 } else
01139 secrets_delete(SECRETS_AUTH_PASSWORD);
01140
01141 return True;
01142 }
01143
01144 static void wbinfo_get_auth_user(void)
01145 {
01146 char *user, *domain, *password;
01147
01148
01149
01150 secrets_fetch_ipc_userpass(&user, &domain, &password);
01151
01152 if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
01153
01154 SAFE_FREE(user);
01155 SAFE_FREE(domain);
01156 SAFE_FREE(password);
01157 d_printf("No authorised user configured\n");
01158 return;
01159 }
01160
01161
01162
01163 d_printf("%s%s%s%s%s\n", domain ? domain : "", domain ? lp_winbind_separator(): "",
01164 user, password ? "%" : "", password ? password : "");
01165
01166 SAFE_FREE(user);
01167 SAFE_FREE(domain);
01168 SAFE_FREE(password);
01169 }
01170
01171 static BOOL wbinfo_ping(void)
01172 {
01173 NSS_STATUS result;
01174
01175 result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
01176
01177
01178
01179 d_printf("Ping to winbindd %s on fd %d\n",
01180 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
01181
01182 return result == NSS_STATUS_SUCCESS;
01183 }
01184
01185
01186
01187 enum {
01188 OPT_SET_AUTH_USER = 1000,
01189 OPT_GET_AUTH_USER,
01190 OPT_DOMAIN_NAME,
01191 OPT_SEQUENCE,
01192 OPT_GETDCNAME,
01193 OPT_USERDOMGROUPS,
01194 OPT_USERSIDS,
01195 OPT_ALLOCATE_UID,
01196 OPT_ALLOCATE_GID,
01197 OPT_SEPARATOR,
01198 OPT_LIST_ALL_DOMAINS,
01199 OPT_LIST_OWN_DOMAIN,
01200 OPT_GROUP_INFO,
01201 };
01202
01203 int main(int argc, char **argv, char **envp)
01204 {
01205 int opt;
01206
01207 poptContext pc;
01208 static char *string_arg;
01209 static char *opt_domain_name;
01210 static int int_arg;
01211 int result = 1;
01212
01213 struct poptOption long_options[] = {
01214 POPT_AUTOHELP
01215
01216
01217
01218
01219 { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
01220 { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups", "domain" },
01221 { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP", "NETBIOS-NAME" },
01222 { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name", "IP" },
01223 { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid", "NAME" },
01224 { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name", "SID" },
01225 { "lookup-rids", 'R', POPT_ARG_STRING, &string_arg, 'R', "Converts RIDs to names", "RIDs" },
01226 { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" , "UID" },
01227 { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
01228 { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
01229 { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
01230 { "allocate-uid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_UID,
01231 "Get a new UID out of idmap" },
01232 { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID,
01233 "Get a new GID out of idmap" },
01234 { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" },
01235 { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" },
01236 { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" },
01237 { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" },
01238 { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" },
01239 { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" },
01240 { "user-info", 'i', POPT_ARG_STRING, &string_arg, 'i', "Get user info", "USER" },
01241 { "group-info", 0, POPT_ARG_STRING, &string_arg, OPT_GROUP_INFO, "Get group info", "GROUP" },
01242 { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" },
01243 { "user-domgroups", 0, POPT_ARG_STRING, &string_arg,
01244 OPT_USERDOMGROUPS, "Get user domain groups", "SID" },
01245 { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
01246 { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
01247 { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
01248 { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
01249 "Get a DC name for a foreign domain", "domainname" },
01250 { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
01251 { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
01252 { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
01253 #ifdef WITH_FAKE_KASERVER
01254 { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
01255 #endif
01256 #ifdef HAVE_KRB5
01257 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
01258
01259
01260 #endif
01261 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
01262 POPT_COMMON_VERSION
01263 POPT_TABLEEND
01264 };
01265
01266
01267 load_case_tables();
01268
01269 if (!lp_load(dyn_CONFIGFILE, True, False, False, True)) {
01270 d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
01271 dyn_CONFIGFILE, strerror(errno));
01272 exit(1);
01273 }
01274
01275 if (!init_names())
01276 return 1;
01277
01278 load_interfaces();
01279
01280
01281
01282 pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0);
01283
01284
01285
01286 if (argc == 1) {
01287 poptPrintHelp(pc, stderr, 0);
01288 return 1;
01289 }
01290
01291 while((opt = poptGetNextOpt(pc)) != -1) {
01292
01293 }
01294
01295 poptFreeContext(pc);
01296
01297 pc = poptGetContext(NULL, argc, (const char **)argv, long_options,
01298 POPT_CONTEXT_KEEP_FIRST);
01299
01300 while((opt = poptGetNextOpt(pc)) != -1) {
01301 switch (opt) {
01302 case 'u':
01303 if (!print_domain_users(opt_domain_name)) {
01304 d_fprintf(stderr, "Error looking up domain users\n");
01305 goto done;
01306 }
01307 break;
01308 case 'g':
01309 if (!print_domain_groups(opt_domain_name)) {
01310 d_fprintf(stderr, "Error looking up domain groups\n");
01311 goto done;
01312 }
01313 break;
01314 case 's':
01315 if (!wbinfo_lookupsid(string_arg)) {
01316 d_fprintf(stderr, "Could not lookup sid %s\n", string_arg);
01317 goto done;
01318 }
01319 break;
01320 case 'R':
01321 if (!wbinfo_lookuprids(opt_domain_name, string_arg)) {
01322 d_fprintf(stderr, "Could not lookup RIDs %s\n", string_arg);
01323 goto done;
01324 }
01325 break;
01326 case 'n':
01327 if (!wbinfo_lookupname(string_arg)) {
01328 d_fprintf(stderr, "Could not lookup name %s\n", string_arg);
01329 goto done;
01330 }
01331 break;
01332 case 'N':
01333 if (!wbinfo_wins_byname(string_arg)) {
01334 d_fprintf(stderr, "Could not lookup WINS by name %s\n", string_arg);
01335 goto done;
01336 }
01337 break;
01338 case 'I':
01339 if (!wbinfo_wins_byip(string_arg)) {
01340 d_fprintf(stderr, "Could not lookup WINS by IP %s\n", string_arg);
01341 goto done;
01342 }
01343 break;
01344 case 'U':
01345 if (!wbinfo_uid_to_sid(int_arg)) {
01346 d_fprintf(stderr, "Could not convert uid %d to sid\n", int_arg);
01347 goto done;
01348 }
01349 break;
01350 case 'G':
01351 if (!wbinfo_gid_to_sid(int_arg)) {
01352 d_fprintf(stderr, "Could not convert gid %d to sid\n",
01353 int_arg);
01354 goto done;
01355 }
01356 break;
01357 case 'S':
01358 if (!wbinfo_sid_to_uid(string_arg)) {
01359 d_fprintf(stderr, "Could not convert sid %s to uid\n",
01360 string_arg);
01361 goto done;
01362 }
01363 break;
01364 case 'Y':
01365 if (!wbinfo_sid_to_gid(string_arg)) {
01366 d_fprintf(stderr, "Could not convert sid %s to gid\n",
01367 string_arg);
01368 goto done;
01369 }
01370 break;
01371 case OPT_ALLOCATE_UID:
01372 if (!wbinfo_allocate_uid()) {
01373 d_fprintf(stderr, "Could not allocate a uid\n");
01374 goto done;
01375 }
01376 break;
01377 case OPT_ALLOCATE_GID:
01378 if (!wbinfo_allocate_gid()) {
01379 d_fprintf(stderr, "Could not allocate a gid\n");
01380 goto done;
01381 }
01382 break;
01383 case 't':
01384 if (!wbinfo_check_secret()) {
01385 d_fprintf(stderr, "Could not check secret\n");
01386 goto done;
01387 }
01388 break;
01389 case 'm':
01390 if (!wbinfo_list_domains(False)) {
01391 d_fprintf(stderr, "Could not list trusted domains\n");
01392 goto done;
01393 }
01394 break;
01395 case OPT_SEQUENCE:
01396 if (!wbinfo_show_sequence(opt_domain_name)) {
01397 d_fprintf(stderr, "Could not show sequence numbers\n");
01398 goto done;
01399 }
01400 break;
01401 case 'D':
01402 if (!wbinfo_domain_info(string_arg)) {
01403 d_fprintf(stderr, "Could not get domain info\n");
01404 goto done;
01405 }
01406 break;
01407 case 'i':
01408 if (!wbinfo_get_userinfo(string_arg)) {
01409 d_fprintf(stderr, "Could not get info for user %s\n",
01410 string_arg);
01411 goto done;
01412 }
01413 break;
01414 case OPT_GROUP_INFO:
01415 if ( !wbinfo_get_groupinfo(string_arg)) {
01416 d_fprintf(stderr, "Could not get info for "
01417 "group %s\n", string_arg);
01418 goto done;
01419 }
01420 break;
01421 case 'r':
01422 if (!wbinfo_get_usergroups(string_arg)) {
01423 d_fprintf(stderr, "Could not get groups for user %s\n",
01424 string_arg);
01425 goto done;
01426 }
01427 break;
01428 case OPT_USERSIDS:
01429 if (!wbinfo_get_usersids(string_arg)) {
01430 d_fprintf(stderr, "Could not get group SIDs for user SID %s\n",
01431 string_arg);
01432 goto done;
01433 }
01434 break;
01435 case OPT_USERDOMGROUPS:
01436 if (!wbinfo_get_userdomgroups(string_arg)) {
01437 d_fprintf(stderr, "Could not get user's domain groups "
01438 "for user SID %s\n", string_arg);
01439 goto done;
01440 }
01441 break;
01442 case 'a': {
01443 BOOL got_error = False;
01444
01445 if (!wbinfo_auth(string_arg)) {
01446 d_fprintf(stderr, "Could not authenticate user %s with "
01447 "plaintext password\n", string_arg);
01448 got_error = True;
01449 }
01450
01451 if (!wbinfo_auth_crap(string_arg)) {
01452 d_fprintf(stderr, "Could not authenticate user %s with "
01453 "challenge/response\n", string_arg);
01454 got_error = True;
01455 }
01456
01457 if (got_error)
01458 goto done;
01459 break;
01460 }
01461 case 'K': {
01462 uint32 flags = WBFLAG_PAM_KRB5 |
01463 WBFLAG_PAM_CACHED_LOGIN |
01464 WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
01465 WBFLAG_PAM_INFO3_TEXT;
01466
01467 if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) {
01468 d_fprintf(stderr, "Could not authenticate user [%s] with "
01469 "Kerberos (ccache: %s)\n", string_arg, "FILE");
01470 goto done;
01471 }
01472 break;
01473 }
01474 case 'k':
01475 if (!wbinfo_klog(string_arg)) {
01476 d_fprintf(stderr, "Could not klog user\n");
01477 goto done;
01478 }
01479 break;
01480 case 'p':
01481 if (!wbinfo_ping()) {
01482 d_fprintf(stderr, "could not ping winbindd!\n");
01483 goto done;
01484 }
01485 break;
01486 case OPT_SET_AUTH_USER:
01487 if (!wbinfo_set_auth_user(string_arg)) {
01488 goto done;
01489 }
01490 break;
01491 case OPT_GET_AUTH_USER:
01492 wbinfo_get_auth_user();
01493 break;
01494 case OPT_GETDCNAME:
01495 if (!wbinfo_getdcname(string_arg)) {
01496 goto done;
01497 }
01498 break;
01499 case OPT_SEPARATOR: {
01500 const char sep = winbind_separator_int(True);
01501 if ( !sep ) {
01502 goto done;
01503 }
01504 d_printf("%c\n", sep);
01505 break;
01506 }
01507 case OPT_LIST_ALL_DOMAINS:
01508 if (!wbinfo_list_domains(True)) {
01509 goto done;
01510 }
01511 break;
01512 case OPT_LIST_OWN_DOMAIN:
01513 if (!wbinfo_list_own_domain()) {
01514 goto done;
01515 }
01516 break;
01517
01518 case OPT_DOMAIN_NAME:
01519 break;
01520 default:
01521 d_fprintf(stderr, "Invalid option\n");
01522 poptPrintHelp(pc, stderr, 0);
01523 goto done;
01524 }
01525 }
01526
01527 result = 0;
01528
01529
01530
01531 done:
01532 poptFreeContext(pc);
01533 return result;
01534 }