diff options
Diffstat (limited to 'source/nsswitch/wbinfo.c')
-rw-r--r-- | source/nsswitch/wbinfo.c | 227 |
1 files changed, 135 insertions, 92 deletions
diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index 875df231dca..3b44c40ba26 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -25,10 +25,11 @@ #include "winbindd.h" #include "debug.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND +/* Prototypes from common.h */ -extern int winbindd_fd; +NSS_STATUS winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); static char winbind_separator(void) { @@ -45,7 +46,7 @@ static char winbind_separator(void) if (winbindd_request(WINBINDD_INFO, NULL, &response) != NSS_STATUS_SUCCESS) { - d_printf("could not obtain winbind separator!\n"); + printf("could not obtain winbind separator!\n"); /* HACK: (this module should not call lp_ funtions) */ return *lp_winbind_separator(); } @@ -54,7 +55,7 @@ static char winbind_separator(void) got_sep = True; if (!sep) { - d_printf("winbind separator was NULL!\n"); + printf("winbind separator was NULL!\n"); /* HACK: (this module should not call lp_ funtions) */ sep = *lp_winbind_separator(); } @@ -73,7 +74,7 @@ static char *get_winbind_domain(void) if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) != NSS_STATUS_SUCCESS) { - d_printf("could not obtain winbind domain name!\n"); + printf("could not obtain winbind domain name!\n"); /* HACK: (this module should not call lp_ funtions) */ return lp_workgroup(); @@ -129,7 +130,7 @@ static BOOL wbinfo_get_usergroups(char *user) return False; for (i = 0; i < response.data.num_entries; i++) - d_printf("%d\n", (int)((gid_t *)response.extra_data)[i]); + printf("%d\n", (int)((gid_t *)response.extra_data)[i]); SAFE_FREE(response.extra_data); @@ -209,7 +210,7 @@ static BOOL wbinfo_list_domains(void) char *extra_data = (char *)response.extra_data; while(next_token(&extra_data, name, ",", sizeof(fstring))) - d_printf("%s\n", name); + printf("%s\n", name); SAFE_FREE(response.extra_data); } @@ -235,7 +236,7 @@ static BOOL wbinfo_show_sequence(void) if (response.extra_data) { char *extra_data = (char *)response.extra_data; - d_printf("%s", extra_data); + printf("%s", extra_data); SAFE_FREE(response.extra_data); } @@ -247,21 +248,25 @@ static BOOL wbinfo_show_sequence(void) static BOOL wbinfo_check_secret(void) { struct winbindd_response response; - NSS_STATUS result; + BOOL result; ZERO_STRUCT(response); - result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response); - - d_printf("checking the trust secret via RPC calls %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); + result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response) == + NSS_STATUS_SUCCESS; - if (result != NSS_STATUS_SUCCESS) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); - - return result == NSS_STATUS_SUCCESS; + if (result) { + + if (response.data.auth.nt_status == 0) + printf("Secret is good\n"); + else + printf("Secret is bad\n0x%08x\n", + response.data.auth.nt_status); + + return True; + } + + return False; } /* Convert uid to sid */ @@ -284,7 +289,7 @@ static BOOL wbinfo_uid_to_sid(uid_t uid) /* Display response */ - d_printf("%s\n", response.data.sid.sid); + printf("%s\n", response.data.sid.sid); return True; } @@ -309,7 +314,7 @@ static BOOL wbinfo_gid_to_sid(gid_t gid) /* Display response */ - d_printf("%s\n", response.data.sid.sid); + printf("%s\n", response.data.sid.sid); return True; } @@ -334,7 +339,7 @@ static BOOL wbinfo_sid_to_uid(char *sid) /* Display response */ - d_printf("%d\n", (int)response.data.uid); + printf("%d\n", (int)response.data.uid); return True; } @@ -357,7 +362,7 @@ static BOOL wbinfo_sid_to_gid(char *sid) /* Display response */ - d_printf("%d\n", (int)response.data.gid); + printf("%d\n", (int)response.data.gid); return True; } @@ -382,7 +387,7 @@ static BOOL wbinfo_lookupsid(char *sid) /* Display response */ - d_printf("%s%c%s %d\n", response.data.name.dom_name, + printf("%s%c%s %d\n", response.data.name.dom_name, winbind_separator(), response.data.name.name, response.data.name.type); @@ -410,7 +415,7 @@ static BOOL wbinfo_lookupname(char *name) /* Display response */ - d_printf("%s %d\n", response.data.sid.sid, response.data.sid.type); + printf("%s %d\n", response.data.sid.sid, response.data.sid.type); return True; } @@ -443,17 +448,18 @@ static BOOL wbinfo_auth(char *username) /* Display response */ - d_printf("plaintext password authentication %s\n", + printf("plaintext password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } +#ifdef WITH_WINBIND_AUTH_CRAP + /* Authenticate a user with a challenge/response */ static BOOL wbinfo_auth_crap(char *username) @@ -486,9 +492,9 @@ static BOOL wbinfo_auth_crap(char *username) generate_random_buffer(request.data.auth_crap.chal, 8, False); - SMBencrypt(pass, request.data.auth_crap.chal, + SMBencrypt((uchar *)pass, request.data.auth_crap.chal, (uchar *)request.data.auth_crap.lm_resp); - SMBNTencrypt(pass, request.data.auth_crap.chal, + SMBNTencrypt((uchar *)pass, request.data.auth_crap.chal, (uchar *)request.data.auth_crap.nt_resp); request.data.auth_crap.lm_resp_len = 24; @@ -498,17 +504,18 @@ static BOOL wbinfo_auth_crap(char *username) /* Display response */ - d_printf("challenge/response password authentication %s\n", + printf("challenge/response password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } +#endif /* WITH_WINBIND_AUTH_CRAP */ + /* Print domain users */ static BOOL print_domain_users(void) @@ -533,7 +540,7 @@ static BOOL print_domain_users(void) extra_data = (char *)response.extra_data; while(next_token(&extra_data, name, ",", sizeof(fstring))) - d_printf("%s\n", name); + printf("%s\n", name); SAFE_FREE(response.extra_data); @@ -562,7 +569,7 @@ static BOOL print_domain_groups(void) extra_data = (char *)response.extra_data; while(next_token(&extra_data, name, ",", sizeof(fstring))) - d_printf("%s\n", name); + printf("%s\n", name); SAFE_FREE(response.extra_data); @@ -590,13 +597,15 @@ static BOOL wbinfo_set_auth_user(char *username) /* Store in secrets.tdb */ + secrets_init(); + if (!secrets_store(SECRETS_AUTH_USER, user, strlen(user) + 1) || !secrets_store(SECRETS_AUTH_DOMAIN, domain, strlen(domain) + 1) || !secrets_store(SECRETS_AUTH_PASSWORD, password, strlen(password) + 1)) { - d_fprintf(stderr, "error storing authenticated user info\n"); + fprintf(stderr, "error storing authenticated user info\n"); return False; } @@ -606,17 +615,42 @@ static BOOL wbinfo_set_auth_user(char *username) static BOOL wbinfo_ping(void) { NSS_STATUS result; - + result = winbindd_request(WINBINDD_PING, NULL, NULL); /* Display response */ - d_printf("'ping' to winbindd %s on fd %d\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd); + printf("'ping' to winbindd %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); return result == NSS_STATUS_SUCCESS; } +/* Print program usage */ + +static void usage(void) +{ + printf("Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm " + "| -[aA] user%%password\n"); + printf("\t-u\t\t\tlists all domain users\n"); + printf("\t-g\t\t\tlists all domain groups\n"); + printf("\t-n name\t\t\tconverts name to sid\n"); + printf("\t-s sid\t\t\tconverts sid to name\n"); + printf("\t-N name\t\t\tconverts NetBIOS name to IP (WINS)\n"); + printf("\t-I IP\t\t\tconverts IP address to NetBIOS name (WINS)\n"); + printf("\t-U uid\t\t\tconverts uid to sid\n"); + printf("\t-G gid\t\t\tconverts gid to sid\n"); + printf("\t-S sid\t\t\tconverts sid to uid\n"); + printf("\t-Y sid\t\t\tconverts sid to gid\n"); + printf("\t-t\t\t\tcheck shared secret\n"); + printf("\t-m\t\t\tlist trusted domains\n"); + printf("\t-r user\t\t\tget user groups\n"); + printf("\t-a user%%password\tauthenticate user\n"); + printf("\t-A user%%password\tstore user and password used by winbindd (root only)\n"); + printf("\t-p 'ping' winbindd to see if it is alive\n"); + printf("\t--sequence\t\tshow sequence numbers of all domains\n"); +} + /* Main program */ enum { @@ -636,28 +670,28 @@ int main(int argc, char **argv) int result = 1; struct poptOption long_options[] = { - POPT_AUTOHELP /* longName, shortName, argInfo, argPtr, value, descrip, argDesc */ - { "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users"}, - { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g', "Lists all domain groups" }, - { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N', "Converts NetBIOS name to IP (WINS)" }, - { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I', "Converts IP address to NetBIOS name (WINS)" }, - { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n', "Converts name to sid" }, - { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's', "Converts sid to name" }, - { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U', "Converts uid to sid" }, - { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid" }, - { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid" }, - { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid" }, - { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, - { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, - { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "show sequence numbers of all domains" }, - { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups" }, - { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, - { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" }, - { "ping", 'p', POPT_ARG_NONE, 0, 'p', "'ping' winbindd to see if it is alive" }, + { "help", 'h', POPT_ARG_NONE, 0, 'h' }, + { "domain-users", 'u', POPT_ARG_NONE, 0, 'u' }, + { "domain-groups", 'g', POPT_ARG_NONE, 0, 'g' }, + { "WINS-by-name", 'N', POPT_ARG_STRING, &string_arg, 'N' }, + { "WINS-by-ip", 'I', POPT_ARG_STRING, &string_arg, 'I' }, + { "name-to-sid", 'n', POPT_ARG_STRING, &string_arg, 'n' }, + { "sid-to-name", 's', POPT_ARG_STRING, &string_arg, 's' }, + { "uid-to-sid", 'U', POPT_ARG_INT, &int_arg, 'U' }, + { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G' }, + { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S' }, + { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y' }, + { "check-secret", 't', POPT_ARG_NONE, 0, 't' }, + { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm' }, + { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE }, + { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' }, + { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' }, + { "set-auth-user", 'A', POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER }, + { "ping", 'p', POPT_ARG_NONE, 0, 'p' }, { 0, 0, 0, 0 } }; @@ -672,28 +706,33 @@ int main(int argc, char **argv) *p = 0; } - if (!lp_load(dyn_CONFIGFILE, True, False, False)) { - d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n", - dyn_CONFIGFILE, strerror(errno)); + TimeInit(); + + codepage_initialise(lp_client_code_page()); + charset_initialise(); + + if (!lp_load(CONFIGFILE, True, False, False)) { + fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n", + CONFIGFILE, strerror(errno)); exit(1); } load_interfaces(); - /* Parse options */ - - pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0); - /* Parse command line options */ if (argc == 1) { - poptPrintHelp(pc, stderr, 0); + usage(); return 1; } + /* Parse options */ + + pc = poptGetContext("wbinfo", argc, (const char **)argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { if (got_command) { - d_fprintf(stderr, "No more than one command may be specified at once.\n"); + fprintf(stderr, "No more than one command may be specified at once.\n"); exit(1); } got_command = True; @@ -706,90 +745,94 @@ int main(int argc, char **argv) while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { + case 'h': + usage(); + result = 0; + goto done; case 'u': if (!print_domain_users()) { - d_printf("Error looking up domain users\n"); + printf("Error looking up domain users\n"); goto done; } break; case 'g': if (!print_domain_groups()) { - d_printf("Error looking up domain groups\n"); + printf("Error looking up domain groups\n"); goto done; } break; case 's': if (!wbinfo_lookupsid(string_arg)) { - d_printf("Could not lookup sid %s\n", string_arg); + printf("Could not lookup sid %s\n", string_arg); goto done; } break; case 'n': if (!wbinfo_lookupname(string_arg)) { - d_printf("Could not lookup name %s\n", string_arg); + printf("Could not lookup name %s\n", string_arg); goto done; } break; case 'N': if (!wbinfo_wins_byname(string_arg)) { - d_printf("Could not lookup WINS by name %s\n", string_arg); + printf("Could not lookup WINS by name %s\n", string_arg); goto done; } break; case 'I': if (!wbinfo_wins_byip(string_arg)) { - d_printf("Could not lookup WINS by IP %s\n", string_arg); + printf("Could not lookup WINS by IP %s\n", string_arg); goto done; } break; case 'U': if (!wbinfo_uid_to_sid(int_arg)) { - d_printf("Could not convert uid %d to sid\n", int_arg); + printf("Could not convert uid %d to sid\n", int_arg); goto done; } break; case 'G': if (!wbinfo_gid_to_sid(int_arg)) { - d_printf("Could not convert gid %d to sid\n", + printf("Could not convert gid %d to sid\n", int_arg); goto done; } break; case 'S': if (!wbinfo_sid_to_uid(string_arg)) { - d_printf("Could not convert sid %s to uid\n", + printf("Could not convert sid %s to uid\n", string_arg); goto done; } break; case 'Y': if (!wbinfo_sid_to_gid(string_arg)) { - d_printf("Could not convert sid %s to gid\n", + printf("Could not convert sid %s to gid\n", string_arg); goto done; } break; case 't': if (!wbinfo_check_secret()) { - d_printf("Could not check secret\n"); + printf("Could not check secret\n"); goto done; } break; case 'm': if (!wbinfo_list_domains()) { - d_printf("Could not list trusted domains\n"); + printf("Could not list trusted domains\n"); goto done; } break; case OPT_SEQUENCE: if (!wbinfo_show_sequence()) { - d_printf("Could not show sequence numbers\n"); + printf("Could not show sequence numbers\n"); goto done; } break; case 'r': if (!wbinfo_get_usergroups(string_arg)) { - d_printf("Could not get groups for user %s\n", + printf("Could not get groups for user %s\n", string_arg); goto done; } @@ -798,17 +841,17 @@ int main(int argc, char **argv) BOOL got_error = False; if (!wbinfo_auth(string_arg)) { - d_printf("Could not authenticate user %s with " + printf("Could not authenticate user %s with " "plaintext password\n", string_arg); got_error = True; } - +#ifdef WITH_WINBIND_AUTH_CRAP if (!wbinfo_auth_crap(string_arg)) { - d_printf("Could not authenticate user %s with " + printf("Could not authenticate user %s with " "challenge/response\n", string_arg); got_error = True; } - +#endif if (got_error) goto done; break; @@ -816,7 +859,7 @@ int main(int argc, char **argv) case 'p': { if (!wbinfo_ping()) { - d_printf("could not ping winbindd!\n"); + printf("could not ping winbindd!\n"); goto done; } break; @@ -826,8 +869,8 @@ int main(int argc, char **argv) goto done; break; default: - d_fprintf(stderr, "Invalid option\n"); - poptPrintHelp(pc, stderr, 0); + fprintf(stderr, "Invalid option\n"); + usage(); goto done; } } |