search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-tests: nfs_iterate_test() marks RPC service down
[samba4-gss.git] / nsswitch / libwbclient / wbc_sid.c
blob747addb1f5b23f1f2dcb7b01139c6d030b08799d
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind client API
5
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2010
8
9
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
14
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Library General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 /* Required Headers */
25
26 #include "replace.h"
27 #include "libwbclient.h"
28 #include "../winbind_client.h"
29 #include "lib/util/smb_strtox.h"
30
31 /* Convert a sid to a string into a buffer. Return the string
32 * length. If buflen is too small, return the string length that would
33 * result if it was long enough. */
34 _PUBLIC_
35 int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen)
36 {
37 uint64_t id_auth;
38 int i, ofs;
39
40 if (!sid) {
41 strlcpy(buf, "(NULL SID)", buflen);
42 return 10; /* strlen("(NULL SID)") */
43 }
44
45 id_auth = (uint64_t)sid->id_auth[5] +
46 ((uint64_t)sid->id_auth[4] << 8) +
47 ((uint64_t)sid->id_auth[3] << 16) +
48 ((uint64_t)sid->id_auth[2] << 24) +
49 ((uint64_t)sid->id_auth[1] << 32) +
50 ((uint64_t)sid->id_auth[0] << 40);
51
52 ofs = snprintf(buf, buflen, "S-%hhu-", (unsigned char)sid->sid_rev_num);
53 if (id_auth >= UINT32_MAX) {
54 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "0x%llx",
55 (unsigned long long)id_auth);
56 } else {
57 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "%llu",
58 (unsigned long long)id_auth);
59 }
60
61 for (i = 0; i < sid->num_auths; i++) {
62 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%u",
63 (unsigned int)sid->sub_auths[i]);
64 }
65 return ofs;
66 }
67
68 /* Convert a binary SID to a character string */
69 _PUBLIC_
70 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
71 char **sid_string)
72 {
73 char buf[WBC_SID_STRING_BUFLEN];
74 char *result;
75 int len;
76
77 if (!sid) {
78 return WBC_ERR_INVALID_SID;
79 }
80
81 len = wbcSidToStringBuf(sid, buf, sizeof(buf));
82
83 if (len >= WBC_SID_STRING_BUFLEN) {
84 return WBC_ERR_INVALID_SID;
85 }
86
87 result = (char *)wbcAllocateMemory(len+1, 1, NULL);
88 if (result == NULL) {
89 return WBC_ERR_NO_MEMORY;
90 }
91 memcpy(result, buf, len+1);
92
93 *sid_string = result;
94 return WBC_ERR_SUCCESS;
95 }
96
97 #define AUTHORITY_MASK (~(0xffffffffffffULL))
98
99 /* Convert a character string to a binary SID */
100 _PUBLIC_
101 wbcErr wbcStringToSid(const char *str,
102 struct wbcDomainSid *sid)
103 {
104 const char *p;
105 char *q;
106 int error = 0;
107 uint64_t x;
108 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
109
110 if (!sid) {
111 wbc_status = WBC_ERR_INVALID_PARAM;
112 BAIL_ON_WBC_ERROR(wbc_status);
113 }
114
115 /* Sanity check for either "S-" or "s-" */
116
117 if (!str
118 || (str[0]!='S' && str[0]!='s')
119 || (str[1]!='-'))
120 {
121 wbc_status = WBC_ERR_INVALID_PARAM;
122 BAIL_ON_WBC_ERROR(wbc_status);
123 }
124
125 /* Get the SID revision number */
126
127 p = str+2;
128 x = (uint64_t)smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
129 if (x == 0 || x > UINT8_MAX || !q || *q != '-' || error != 0) {
130 wbc_status = WBC_ERR_INVALID_SID;
131 BAIL_ON_WBC_ERROR(wbc_status);
132 }
133 sid->sid_rev_num = (uint8_t)x;
134
135 /*
136 * Next the Identifier Authority. This is stored big-endian in a
137 * 6 byte array. If the authority value is >= UINT_MAX, then it should
138 * be expressed as a hex value, according to MS-DTYP.
139 */
140 p = q+1;
141 x = smb_strtoull(p, &q, 0, &error, SMB_STR_STANDARD);
142 if (!q || *q != '-' || (x & AUTHORITY_MASK) || error != 0) {
143 wbc_status = WBC_ERR_INVALID_SID;
144 BAIL_ON_WBC_ERROR(wbc_status);
145 }
146 sid->id_auth[5] = (x & 0x0000000000ffULL);
147 sid->id_auth[4] = (x & 0x00000000ff00ULL) >> 8;
148 sid->id_auth[3] = (x & 0x000000ff0000ULL) >> 16;
149 sid->id_auth[2] = (x & 0x0000ff000000ULL) >> 24;
150 sid->id_auth[1] = (x & 0x00ff00000000ULL) >> 32;
151 sid->id_auth[0] = (x & 0xff0000000000ULL) >> 40;
152
153 /* now read the the subauthorities */
154 p = q +1;
155 sid->num_auths = 0;
156 while (sid->num_auths < WBC_MAXSUBAUTHS) {
157 x = smb_strtoull(p, &q, 10, &error, SMB_STR_ALLOW_NO_CONVERSION);
158 if (p == q)
159 break;
160 if (x > UINT32_MAX || error != 0) {
161 wbc_status = WBC_ERR_INVALID_SID;
162 BAIL_ON_WBC_ERROR(wbc_status);
163 }
164 sid->sub_auths[sid->num_auths++] = x;
165
166 if (*q != '-') {
167 break;
168 }
169 p = q + 1;
170 }
171
172 /* IF we ended early, then the SID could not be converted */
173
174 if (q && *q!='\0') {
175 wbc_status = WBC_ERR_INVALID_SID;
176 BAIL_ON_WBC_ERROR(wbc_status);
177 }
178
179 wbc_status = WBC_ERR_SUCCESS;
180
181 done:
182 return wbc_status;
183
184 }
185
186
187 /* Convert a domain and name to SID */
188 _PUBLIC_
189 wbcErr wbcCtxLookupName(struct wbcContext *ctx,
190 const char *domain,
191 const char *name,
192 struct wbcDomainSid *sid,
193 enum wbcSidType *name_type)
194 {
195 struct winbindd_request request;
196 struct winbindd_response response;
197 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
198
199 if (!sid || !name_type) {
200 wbc_status = WBC_ERR_INVALID_PARAM;
201 BAIL_ON_WBC_ERROR(wbc_status);
202 }
203
204 /* Initialize request */
205
206 ZERO_STRUCT(request);
207 ZERO_STRUCT(response);
208
209 /* dst is already null terminated from the memset above */
210
211 strncpy(request.data.name.dom_name, domain,
212 sizeof(request.data.name.dom_name)-1);
213 strncpy(request.data.name.name, name,
214 sizeof(request.data.name.name)-1);
215
216 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPNAME,
217 &request,
218 &response);
219 BAIL_ON_WBC_ERROR(wbc_status);
220
221 *name_type = (enum wbcSidType)response.data.sid.type;
222 if (*name_type == WBC_SID_NAME_UNKNOWN) {
223 return WBC_ERR_NOT_MAPPED;
224 }
225
226 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
227 BAIL_ON_WBC_ERROR(wbc_status);
228
229 wbc_status = WBC_ERR_SUCCESS;
230
231 done:
232 return wbc_status;
233 }
234
235 _PUBLIC_
236 wbcErr wbcLookupName(const char *domain,
237 const char *name,
238 struct wbcDomainSid *sid,
239 enum wbcSidType *name_type)
240 {
241 return wbcCtxLookupName(NULL, domain, name, sid, name_type);
242 }
243
244
245 /* Convert a SID to a domain and name */
246 _PUBLIC_
247 wbcErr wbcCtxLookupSid(struct wbcContext *ctx,
248 const struct wbcDomainSid *sid,
249 char **pdomain,
250 char **pname,
251 enum wbcSidType *pname_type)
252 {
253 struct winbindd_request request;
254 struct winbindd_response response;
255 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
256 char *domain, *name;
257
258 if (!sid) {
259 return WBC_ERR_INVALID_PARAM;
260 }
261
262 /* Initialize request */
263
264 ZERO_STRUCT(request);
265 ZERO_STRUCT(response);
266
267 wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
268
269 /* Make request */
270
271 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSID,
272 &request,
273 &response);
274 if (!WBC_ERROR_IS_OK(wbc_status)) {
275 return wbc_status;
276 }
277
278 /* Copy out result */
279
280 wbc_status = WBC_ERR_NO_MEMORY;
281 domain = NULL;
282 name = NULL;
283
284 domain = wbcStrDup(response.data.name.dom_name);
285 if (domain == NULL) {
286 goto done;
287 }
288 name = wbcStrDup(response.data.name.name);
289 if (name == NULL) {
290 goto done;
291 }
292 if (pdomain != NULL) {
293 *pdomain = domain;
294 domain = NULL;
295 }
296 if (pname != NULL) {
297 *pname = name;
298 name = NULL;
299 }
300 if (pname_type != NULL) {
301 *pname_type = (enum wbcSidType)response.data.name.type;
302 }
303 wbc_status = WBC_ERR_SUCCESS;
304 done:
305 wbcFreeMemory(name);
306 wbcFreeMemory(domain);
307 return wbc_status;
308 }
309
310 _PUBLIC_
311 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
312 char **pdomain,
313 char **pname,
314 enum wbcSidType *pname_type)
315 {
316 return wbcCtxLookupSid(NULL, sid, pdomain, pname, pname_type);
317 }
318
319 static void wbcDomainInfosDestructor(void *ptr)
320 {
321 struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
322
323 while (i->short_name != NULL) {
324 wbcFreeMemory(i->short_name);
325 wbcFreeMemory(i->dns_name);
326 i += 1;
327 }
328 }
329
330 static void wbcTranslatedNamesDestructor(void *ptr)
331 {
332 struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr;
333
334 while (n->name != NULL) {
335 wbcFreeMemory(n->name);
336 n += 1;
337 }
338 }
339
340 _PUBLIC_
341 wbcErr wbcCtxLookupSids(struct wbcContext *ctx,
342 const struct wbcDomainSid *sids, int num_sids,
343 struct wbcDomainInfo **pdomains, int *pnum_domains,
344 struct wbcTranslatedName **pnames)
345 {
346 struct winbindd_request request;
347 struct winbindd_response response;
348 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
349 int buflen, i, extra_len, num_domains, num_names;
350 char *sidlist, *p, *q, *extra_data;
351 struct wbcDomainInfo *domains = NULL;
352 struct wbcTranslatedName *names = NULL;
353 int error = 0;
354
355 buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
356
357 sidlist = (char *)malloc(buflen);
358 if (sidlist == NULL) {
359 return WBC_ERR_NO_MEMORY;
360 }
361
362 p = sidlist;
363
364 for (i=0; i<num_sids; i++) {
365 int remaining;
366 int len;
367
368 remaining = buflen - (p - sidlist);
369
370 len = wbcSidToStringBuf(&sids[i], p, remaining);
371 if (len > remaining) {
372 free(sidlist);
373 return WBC_ERR_UNKNOWN_FAILURE;
374 }
375
376 p += len;
377 *p++ = '\n';
378 }
379 *p++ = '\0';
380
381 ZERO_STRUCT(request);
382 ZERO_STRUCT(response);
383
384 request.extra_data.data = sidlist;
385 request.extra_len = p - sidlist;
386
387 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSIDS,
388 &request, &response);
389 free(sidlist);
390 if (!WBC_ERROR_IS_OK(wbc_status)) {
391 return wbc_status;
392 }
393
394 extra_len = response.length - sizeof(struct winbindd_response);
395 extra_data = (char *)response.extra_data.data;
396
397 if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
398 goto wbc_err_invalid;
399 }
400
401 p = extra_data;
402
403 num_domains = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
404 if (*q != '\n' || error != 0) {
405 goto wbc_err_invalid;
406 }
407 p = q+1;
408
409 domains = (struct wbcDomainInfo *)wbcAllocateMemory(
410 num_domains+1, sizeof(struct wbcDomainInfo),
411 wbcDomainInfosDestructor);
412 if (domains == NULL) {
413 wbc_status = WBC_ERR_NO_MEMORY;
414 goto fail;
415 }
416
417 for (i=0; i<num_domains; i++) {
418
419 q = strchr(p, ' ');
420 if (q == NULL) {
421 goto wbc_err_invalid;
422 }
423 *q = '\0';
424 wbc_status = wbcStringToSid(p, &domains[i].sid);
425 if (!WBC_ERROR_IS_OK(wbc_status)) {
426 goto fail;
427 }
428 p = q+1;
429
430 q = strchr(p, '\n');
431 if (q == NULL) {
432 goto wbc_err_invalid;
433 }
434 *q = '\0';
435 domains[i].short_name = wbcStrDup(p);
436 if (domains[i].short_name == NULL) {
437 wbc_status = WBC_ERR_NO_MEMORY;
438 goto fail;
439 }
440 p = q+1;
441 }
442
443 num_names = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
444 if (*q != '\n' || error != 0) {
445 goto wbc_err_invalid;
446 }
447 p = q+1;
448
449 if (num_names != num_sids) {
450 goto wbc_err_invalid;
451 }
452
453 names = (struct wbcTranslatedName *)wbcAllocateMemory(
454 num_names+1, sizeof(struct wbcTranslatedName),
455 wbcTranslatedNamesDestructor);
456 if (names == NULL) {
457 wbc_status = WBC_ERR_NO_MEMORY;
458 goto fail;
459 }
460
461 for (i=0; i<num_names; i++) {
462
463 names[i].domain_index = smb_strtoul(p,
464 &q,
465 10,
466 &error,
467 SMB_STR_STANDARD);
468 if (names[i].domain_index < 0 || error != 0) {
469 goto wbc_err_invalid;
470 }
471 if (names[i].domain_index >= num_domains) {
472 goto wbc_err_invalid;
473 }
474
475 if (*q != ' ') {
476 goto wbc_err_invalid;
477 }
478 p = q+1;
479
480 names[i].type = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
481 if (*q != ' ' || error != 0) {
482 goto wbc_err_invalid;
483 }
484 p = q+1;
485
486 q = strchr(p, '\n');
487 if (q == NULL) {
488 goto wbc_err_invalid;
489 }
490 *q = '\0';
491 names[i].name = wbcStrDup(p);
492 if (names[i].name == NULL) {
493 wbc_status = WBC_ERR_NO_MEMORY;
494 goto fail;
495 }
496 p = q+1;
497 }
498 if (*p != '\0') {
499 goto wbc_err_invalid;
500 }
501
502 *pdomains = domains;
503 *pnames = names;
504 winbindd_free_response(&response);
505 return WBC_ERR_SUCCESS;
506
507 wbc_err_invalid:
508 wbc_status = WBC_ERR_INVALID_RESPONSE;
509 fail:
510 winbindd_free_response(&response);
511 wbcFreeMemory(domains);
512 wbcFreeMemory(names);
513 return wbc_status;
514 }
515
516 _PUBLIC_
517 wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
518 struct wbcDomainInfo **pdomains, int *pnum_domains,
519 struct wbcTranslatedName **pnames)
520 {
521 return wbcCtxLookupSids(NULL, sids, num_sids, pdomains,
522 pnum_domains, pnames);
523 }
524
525 /* Translate a collection of RIDs within a domain to names */
526
527 _PUBLIC_
528 wbcErr wbcCtxLookupRids(struct wbcContext *ctx, struct wbcDomainSid *dom_sid,
529 int num_rids,
530 uint32_t *rids,
531 const char **pp_domain_name,
532 const char ***pnames,
533 enum wbcSidType **ptypes)
534 {
535 int i;
536 size_t len, ridbuf_size;
537 char *ridlist;
538 char *p;
539 int error = 0;
540 struct winbindd_request request;
541 struct winbindd_response response;
542 char *domain_name = NULL;
543 const char **names = NULL;
544 enum wbcSidType *types = NULL;
545 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
546
547 /* Initialise request */
548
549 ZERO_STRUCT(request);
550 ZERO_STRUCT(response);
551
552 if (!dom_sid || (num_rids == 0)) {
553 wbc_status = WBC_ERR_INVALID_PARAM;
554 BAIL_ON_WBC_ERROR(wbc_status);
555 }
556
557 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
558
559 /* Even if all the Rids were of maximum 32bit values,
560 we would only have 11 bytes per rid in the final array
561 ("4294967296" + \n). Add one more byte for the
562 terminating '\0' */
563
564 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
565
566 ridlist = (char *)malloc(ridbuf_size);
567 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
568
569 len = 0;
570 for (i=0; i<num_rids; i++) {
571 len += snprintf(ridlist + len, ridbuf_size - len, "%u\n",
572 rids[i]);
573 }
574 ridlist[len] = '\0';
575 len += 1;
576
577 request.extra_data.data = ridlist;
578 request.extra_len = len;
579
580 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPRIDS,
581 &request,
582 &response);
583 free(ridlist);
584 BAIL_ON_WBC_ERROR(wbc_status);
585
586 domain_name = wbcStrDup(response.data.domain_name);
587 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
588
589 names = wbcAllocateStringArray(num_rids);
590 BAIL_ON_PTR_ERROR(names, wbc_status);
591
592 types = (enum wbcSidType *)wbcAllocateMemory(
593 num_rids, sizeof(enum wbcSidType), NULL);
594 BAIL_ON_PTR_ERROR(types, wbc_status);
595
596 p = (char *)response.extra_data.data;
597
598 for (i=0; i<num_rids; i++) {
599 char *q;
600
601 if (*p == '\0') {
602 wbc_status = WBC_ERR_INVALID_RESPONSE;
603 goto done;
604 }
605
606 types[i] = (enum wbcSidType)smb_strtoul(p,
607 &q,
608 10,
609 &error,
610 SMB_STR_STANDARD);
611
612 if (*q != ' ' || error != 0) {
613 wbc_status = WBC_ERR_INVALID_RESPONSE;
614 goto done;
615 }
616
617 p = q+1;
618
619 if ((q = strchr(p, '\n')) == NULL) {
620 wbc_status = WBC_ERR_INVALID_RESPONSE;
621 goto done;
622 }
623
624 *q = '\0';
625
626 names[i] = strdup(p);
627 BAIL_ON_PTR_ERROR(names[i], wbc_status);
628
629 p = q+1;
630 }
631
632 if (*p != '\0') {
633 wbc_status = WBC_ERR_INVALID_RESPONSE;
634 goto done;
635 }
636
637 wbc_status = WBC_ERR_SUCCESS;
638
639 done:
640 winbindd_free_response(&response);
641
642 if (WBC_ERROR_IS_OK(wbc_status)) {
643 *pp_domain_name = domain_name;
644 *pnames = names;
645 *ptypes = types;
646 }
647 else {
648 wbcFreeMemory(domain_name);
649 wbcFreeMemory(names);
650 wbcFreeMemory(types);
651 }
652
653 return wbc_status;
654 }
655
656 _PUBLIC_
657 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
658 int num_rids,
659 uint32_t *rids,
660 const char **pp_domain_name,
661 const char ***pnames,
662 enum wbcSidType **ptypes)
663 {
664 return wbcCtxLookupRids(NULL, dom_sid, num_rids, rids,
665 pp_domain_name, pnames, ptypes);
666 }
667
668 /* Get the groups a user belongs to */
669 _PUBLIC_
670 wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx,
671 const struct wbcDomainSid *user_sid,
672 bool domain_groups_only,
673 uint32_t *num_sids,
674 struct wbcDomainSid **_sids)
675 {
676 uint32_t i;
677 const char *s;
678 struct winbindd_request request;
679 struct winbindd_response response;
680 struct wbcDomainSid *sids = NULL;
681 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
682 int cmd;
683
684 /* Initialise request */
685
686 ZERO_STRUCT(request);
687 ZERO_STRUCT(response);
688
689 if (!user_sid) {
690 wbc_status = WBC_ERR_INVALID_PARAM;
691 BAIL_ON_WBC_ERROR(wbc_status);
692 }
693
694 wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid));
695
696 if (domain_groups_only) {
697 cmd = WINBINDD_GETUSERDOMGROUPS;
698 } else {
699 cmd = WINBINDD_GETUSERSIDS;
700 }
701
702 wbc_status = wbcRequestResponse(ctx, cmd,
703 &request,
704 &response);
705 BAIL_ON_WBC_ERROR(wbc_status);
706
707 if (response.data.num_entries &&
708 !response.extra_data.data) {
709 wbc_status = WBC_ERR_INVALID_RESPONSE;
710 BAIL_ON_WBC_ERROR(wbc_status);
711 }
712
713 sids = (struct wbcDomainSid *)wbcAllocateMemory(
714 response.data.num_entries, sizeof(struct wbcDomainSid),
715 NULL);
716 BAIL_ON_PTR_ERROR(sids, wbc_status);
717
718 s = (const char *)response.extra_data.data;
719 for (i = 0; i < response.data.num_entries; i++) {
720 char *n = strchr(s, '\n');
721 if (n) {
722 *n = '\0';
723 }
724 wbc_status = wbcStringToSid(s, &sids[i]);
725 BAIL_ON_WBC_ERROR(wbc_status);
726 s += strlen(s) + 1;
727 }
728
729 *num_sids = response.data.num_entries;
730 *_sids = sids;
731 sids = NULL;
732 wbc_status = WBC_ERR_SUCCESS;
733
734 done:
735 winbindd_free_response(&response);
736 if (sids) {
737 wbcFreeMemory(sids);
738 }
739
740 return wbc_status;
741 }
742
743 _PUBLIC_
744 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
745 bool domain_groups_only,
746 uint32_t *num_sids,
747 struct wbcDomainSid **_sids)
748 {
749 return wbcCtxLookupUserSids(NULL, user_sid, domain_groups_only,
750 num_sids, _sids);
751 }
752
753 static inline
754 wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
755 {
756 if (sid->num_auths < 1) {
757 return WBC_ERR_INVALID_RESPONSE;
758 }
759 *rid = sid->sub_auths[sid->num_auths - 1];
760
761 return WBC_ERR_SUCCESS;
762 }
763
764 /* Get alias membership for sids */
765 _PUBLIC_
766 wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx,
767 const struct wbcDomainSid *dom_sid,
768 struct wbcDomainSid *sids,
769 uint32_t num_sids,
770 uint32_t **alias_rids,
771 uint32_t *num_alias_rids)
772 {
773 uint32_t i;
774 const char *s;
775 struct winbindd_request request;
776 struct winbindd_response response;
777 ssize_t extra_data_len = 0;
778 char * extra_data = NULL;
779 ssize_t buflen = 0;
780 struct wbcDomainSid sid;
781 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
782 uint32_t * rids = NULL;
783
784 /* Initialise request */
785
786 ZERO_STRUCT(request);
787 ZERO_STRUCT(response);
788
789 if (!dom_sid) {
790 wbc_status = WBC_ERR_INVALID_PARAM;
791 goto done;
792 }
793
794 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
795
796 /* Lets assume each sid is around 57 characters
797 * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
798 buflen = 57 * num_sids;
799 extra_data = (char *)malloc(buflen);
800 if (!extra_data) {
801 wbc_status = WBC_ERR_NO_MEMORY;
802 goto done;
803 }
804
805 /* Build the sid list */
806 for (i=0; i<num_sids; i++) {
807 char sid_str[WBC_SID_STRING_BUFLEN];
808 size_t sid_len;
809
810 sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str));
811
812 if (buflen < extra_data_len + sid_len + 2) {
813 char * tmp_data = NULL;
814 buflen *= 2;
815 tmp_data = (char *)realloc(extra_data, buflen);
816 if (!tmp_data) {
817 wbc_status = WBC_ERR_NO_MEMORY;
818 BAIL_ON_WBC_ERROR(wbc_status);
819 }
820 extra_data = tmp_data;
821 }
822
823 strncpy(&extra_data[extra_data_len], sid_str,
824 buflen - extra_data_len);
825 extra_data_len += sid_len;
826 extra_data[extra_data_len++] = '\n';
827 extra_data[extra_data_len] = '\0';
828 }
829 extra_data_len += 1;
830
831 request.extra_data.data = extra_data;
832 request.extra_len = extra_data_len;
833
834 wbc_status = wbcRequestResponse(ctx, WINBINDD_GETSIDALIASES,
835 &request,
836 &response);
837 BAIL_ON_WBC_ERROR(wbc_status);
838
839 if (response.data.num_entries &&
840 !response.extra_data.data) {
841 wbc_status = WBC_ERR_INVALID_RESPONSE;
842 goto done;
843 }
844
845 rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries,
846 sizeof(uint32_t), NULL);
847 BAIL_ON_PTR_ERROR(rids, wbc_status);
848
849 s = (const char *)response.extra_data.data;
850 for (i = 0; i < response.data.num_entries; i++) {
851 char *n = strchr(s, '\n');
852 if (n) {
853 *n = '\0';
854 }
855 wbc_status = wbcStringToSid(s, &sid);
856 BAIL_ON_WBC_ERROR(wbc_status);
857 wbc_status = _sid_to_rid(&sid, &rids[i]);
858 BAIL_ON_WBC_ERROR(wbc_status);
859 s += strlen(s) + 1;
860 }
861
862 *num_alias_rids = response.data.num_entries;
863 *alias_rids = rids;
864 rids = NULL;
865 wbc_status = WBC_ERR_SUCCESS;
866
867 done:
868 free(extra_data);
869 winbindd_free_response(&response);
870 wbcFreeMemory(rids);
871 return wbc_status;
872 }
873
874 _PUBLIC_
875 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
876 struct wbcDomainSid *sids,
877 uint32_t num_sids,
878 uint32_t **alias_rids,
879 uint32_t *num_alias_rids)
880 {
881 return wbcCtxGetSidAliases(NULL, dom_sid, sids, num_sids,
882 alias_rids, num_alias_rids);
883 }
884
885
886 /* Lists Users */
887 _PUBLIC_
888 wbcErr wbcCtxListUsers(struct wbcContext *ctx,
889 const char *domain_name,
890 uint32_t *_num_users,
891 const char ***_users)
892 {
893 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
894 struct winbindd_request request;
895 struct winbindd_response response;
896 uint32_t num_users = 0;
897 const char **users = NULL;
898 const char *next;
899
900 /* Initialise request */
901
902 ZERO_STRUCT(request);
903 ZERO_STRUCT(response);
904
905 if (domain_name) {
906 strncpy(request.domain_name, domain_name,
907 sizeof(request.domain_name)-1);
908 }
909
910 wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_USERS,
911 &request,
912 &response);
913 BAIL_ON_WBC_ERROR(wbc_status);
914
915 users = wbcAllocateStringArray(response.data.num_entries);
916 if (users == NULL) {
917 return WBC_ERR_NO_MEMORY;
918 }
919
920 /* Look through extra data */
921
922 next = (const char *)response.extra_data.data;
923 while (next) {
924 const char *current;
925 char *k;
926
927 if (num_users >= response.data.num_entries) {
928 wbc_status = WBC_ERR_INVALID_RESPONSE;
929 goto done;
930 }
931
932 current = next;
933 k = strchr(next, ',');
934
935 if (k) {
936 k[0] = '\0';
937 next = k+1;
938 } else {
939 next = NULL;
940 }
941
942 users[num_users] = strdup(current);
943 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
944 num_users += 1;
945 }
946 if (num_users != response.data.num_entries) {
947 wbc_status = WBC_ERR_INVALID_RESPONSE;
948 goto done;
949 }
950
951 *_num_users = response.data.num_entries;
952 *_users = users;
953 users = NULL;
954 wbc_status = WBC_ERR_SUCCESS;
955
956 done:
957 winbindd_free_response(&response);
958 wbcFreeMemory(users);
959 return wbc_status;
960 }
961
962 _PUBLIC_
963 wbcErr wbcListUsers(const char *domain_name,
964 uint32_t *_num_users,
965 const char ***_users)
966 {
967 return wbcCtxListUsers(NULL, domain_name, _num_users, _users);
968 }
969
970 /* Lists Groups */
971 _PUBLIC_
972 wbcErr wbcCtxListGroups(struct wbcContext *ctx,
973 const char *domain_name,
974 uint32_t *_num_groups,
975 const char ***_groups)
976 {
977 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
978 struct winbindd_request request;
979 struct winbindd_response response;
980 uint32_t num_groups = 0;
981 const char **groups = NULL;
982 const char *next;
983
984 /* Initialise request */
985
986 ZERO_STRUCT(request);
987 ZERO_STRUCT(response);
988
989 if (domain_name) {
990 strncpy(request.domain_name, domain_name,
991 sizeof(request.domain_name)-1);
992 }
993
994 wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_GROUPS,
995 &request,
996 &response);
997 BAIL_ON_WBC_ERROR(wbc_status);
998
999 groups = wbcAllocateStringArray(response.data.num_entries);
1000 if (groups == NULL) {
1001 return WBC_ERR_NO_MEMORY;
1002 }
1003
1004 /* Look through extra data */
1005
1006 next = (const char *)response.extra_data.data;
1007 while (next) {
1008 const char *current;
1009 char *k;
1010
1011 if (num_groups >= response.data.num_entries) {
1012 wbc_status = WBC_ERR_INVALID_RESPONSE;
1013 goto done;
1014 }
1015
1016 current = next;
1017 k = strchr(next, ',');
1018
1019 if (k) {
1020 k[0] = '\0';
1021 next = k+1;
1022 } else {
1023 next = NULL;
1024 }
1025
1026 groups[num_groups] = strdup(current);
1027 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
1028 num_groups += 1;
1029 }
1030 if (num_groups != response.data.num_entries) {
1031 wbc_status = WBC_ERR_INVALID_RESPONSE;
1032 goto done;
1033 }
1034
1035 *_num_groups = response.data.num_entries;
1036 *_groups = groups;
1037 groups = NULL;
1038 wbc_status = WBC_ERR_SUCCESS;
1039
1040 done:
1041 winbindd_free_response(&response);
1042 wbcFreeMemory(groups);
1043 return wbc_status;
1044 }
1045
1046 _PUBLIC_
1047 wbcErr wbcListGroups(const char *domain_name,
1048 uint32_t *_num_groups,
1049 const char ***_groups)
1050 {
1051 return wbcCtxListGroups(NULL, domain_name, _num_groups, _groups);
1052 }
1053
1054 _PUBLIC_
1055 wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx,
1056 const struct wbcDomainSid *sid,
1057 char **pdomain,
1058 char **pfullname,
1059 enum wbcSidType *pname_type)
1060 {
1061 wbcErr wbc_status;
1062 char *domain = NULL;
1063 char *name = NULL;
1064 enum wbcSidType name_type;
1065
1066 wbc_status = wbcCtxLookupSid(ctx, sid, &domain, &name, &name_type);
1067 BAIL_ON_WBC_ERROR(wbc_status);
1068
1069 if (name_type == WBC_SID_NAME_USER) {
1070 uid_t uid;
1071 struct passwd *pwd;
1072
1073 wbc_status = wbcCtxSidToUid(ctx, sid, &uid);
1074 BAIL_ON_WBC_ERROR(wbc_status);
1075
1076 wbc_status = wbcCtxGetpwuid(ctx, uid, &pwd);
1077 BAIL_ON_WBC_ERROR(wbc_status);
1078
1079 wbcFreeMemory(name);
1080
1081 name = wbcStrDup(pwd->pw_gecos);
1082 wbcFreeMemory(pwd);
1083 BAIL_ON_PTR_ERROR(name, wbc_status);
1084 }
1085
1086 wbc_status = WBC_ERR_SUCCESS;
1087
1088 done:
1089 if (WBC_ERROR_IS_OK(wbc_status)) {
1090 *pdomain = domain;
1091 *pfullname = name;
1092 *pname_type = name_type;
1093 } else {
1094 wbcFreeMemory(domain);
1095 wbcFreeMemory(name);
1096 }
1097
1098 return wbc_status;
1099 }
1100
1101 _PUBLIC_
1102 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
1103 char **pdomain,
1104 char **pfullname,
1105 enum wbcSidType *pname_type)
1106 {
1107 return wbcCtxGetDisplayName(NULL, sid, pdomain, pfullname, pname_type);
1108 }
1109
1110 _PUBLIC_
1111 const char* wbcSidTypeString(enum wbcSidType type)
1112 {
1113 switch (type) {
1114 case WBC_SID_NAME_USE_NONE: return "SID_NONE";
1115 case WBC_SID_NAME_USER: return "SID_USER";
1116 case WBC_SID_NAME_DOM_GRP: return "SID_DOM_GROUP";
1117 case WBC_SID_NAME_DOMAIN: return "SID_DOMAIN";
1118 case WBC_SID_NAME_ALIAS: return "SID_ALIAS";
1119 case WBC_SID_NAME_WKN_GRP: return "SID_WKN_GROUP";
1120 case WBC_SID_NAME_DELETED: return "SID_DELETED";
1121 case WBC_SID_NAME_INVALID: return "SID_INVALID";
1122 case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN";
1123 case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER";
1124 case WBC_SID_NAME_LABEL: return "SID_LABEL";
1125 default: return "Unknown type";
1126 }
1127 }
GSS-enabled samba4