search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:tests: Also clear the download area in smbget msdfs_link test
[Samba.git] / nsswitch / libwbclient / wbc_sid.c
blobfd82510295039b10cc754723ceee048cd613a7d4
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind client API
5
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2010
8
9
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
14
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Library General Public License for more details.
19
20 You should have received a copy of the GNU Lesser General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 /* Required Headers */
25
26 #include "replace.h"
27 #include "libwbclient.h"
28 #include "../winbind_client.h"
29 #include "lib/util/smb_strtox.h"
30
31 /* Convert a sid to a string into a buffer. Return the string
32 * length. If buflen is too small, return the string length that would
33 * result if it was long enough. */
34 _PUBLIC_
35 int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen)
36 {
37 uint64_t id_auth;
38 int i, ofs;
39
40 if (!sid) {
41 strlcpy(buf, "(NULL SID)", buflen);
42 return 10; /* strlen("(NULL SID)") */
43 }
44
45 id_auth = (uint64_t)sid->id_auth[5] +
46 ((uint64_t)sid->id_auth[4] << 8) +
47 ((uint64_t)sid->id_auth[3] << 16) +
48 ((uint64_t)sid->id_auth[2] << 24) +
49 ((uint64_t)sid->id_auth[1] << 32) +
50 ((uint64_t)sid->id_auth[0] << 40);
51
52 ofs = snprintf(buf, buflen, "S-%hhu-", (unsigned char)sid->sid_rev_num);
53 if (id_auth >= UINT32_MAX) {
54 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "0x%llx",
55 (unsigned long long)id_auth);
56 } else {
57 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "%llu",
58 (unsigned long long)id_auth);
59 }
60
61 for (i = 0; i < sid->num_auths; i++) {
62 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%u",
63 (unsigned int)sid->sub_auths[i]);
64 }
65 return ofs;
66 }
67
68 /* Convert a binary SID to a character string */
69 _PUBLIC_
70 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
71 char **sid_string)
72 {
73 char buf[WBC_SID_STRING_BUFLEN];
74 char *result;
75 int len;
76
77 if (!sid) {
78 return WBC_ERR_INVALID_SID;
79 }
80
81 len = wbcSidToStringBuf(sid, buf, sizeof(buf));
82
83 if (len >= WBC_SID_STRING_BUFLEN) {
84 return WBC_ERR_INVALID_SID;
85 }
86
87 result = (char *)wbcAllocateMemory(len+1, 1, NULL);
88 if (result == NULL) {
89 return WBC_ERR_NO_MEMORY;
90 }
91 memcpy(result, buf, len+1);
92
93 *sid_string = result;
94 return WBC_ERR_SUCCESS;
95 }
96
97 #define AUTHORITY_MASK (~(0xffffffffffffULL))
98
99 /* Convert a character string to a binary SID */
100 _PUBLIC_
101 wbcErr wbcStringToSid(const char *str,
102 struct wbcDomainSid *sid)
103 {
104 const char *p;
105 char *q;
106 int error = 0;
107 uint64_t x;
108 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
109
110 if (!sid) {
111 wbc_status = WBC_ERR_INVALID_PARAM;
112 BAIL_ON_WBC_ERROR(wbc_status);
113 }
114
115 /* Sanity check for either "S-" or "s-" */
116
117 if (!str
118 || (str[0]!='S' && str[0]!='s')
119 || (str[1]!='-'))
120 {
121 wbc_status = WBC_ERR_INVALID_PARAM;
122 BAIL_ON_WBC_ERROR(wbc_status);
123 }
124
125 /* Get the SID revision number */
126
127 p = str+2;
128 x = (uint64_t)smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
129 if (x == 0 || x > UINT8_MAX || !q || *q != '-' || error != 0) {
130 wbc_status = WBC_ERR_INVALID_SID;
131 BAIL_ON_WBC_ERROR(wbc_status);
132 }
133 sid->sid_rev_num = (uint8_t)x;
134
135 /*
136 * Next the Identifier Authority. This is stored big-endian in a
137 * 6 byte array. If the authority value is >= UINT_MAX, then it should
138 * be expressed as a hex value, according to MS-DTYP.
139 */
140 p = q+1;
141 x = smb_strtoull(p, &q, 0, &error, SMB_STR_STANDARD);
142 if (!q || *q != '-' || (x & AUTHORITY_MASK) || error != 0) {
143 wbc_status = WBC_ERR_INVALID_SID;
144 BAIL_ON_WBC_ERROR(wbc_status);
145 }
146 sid->id_auth[5] = (x & 0x0000000000ffULL);
147 sid->id_auth[4] = (x & 0x00000000ff00ULL) >> 8;
148 sid->id_auth[3] = (x & 0x000000ff0000ULL) >> 16;
149 sid->id_auth[2] = (x & 0x0000ff000000ULL) >> 24;
150 sid->id_auth[1] = (x & 0x00ff00000000ULL) >> 32;
151 sid->id_auth[0] = (x & 0xff0000000000ULL) >> 40;
152
153 /* now read the the subauthorities */
154 p = q +1;
155 sid->num_auths = 0;
156 while (sid->num_auths < WBC_MAXSUBAUTHS) {
157 x = smb_strtoull(p, &q, 10, &error, SMB_STR_ALLOW_NO_CONVERSION);
158 if (p == q)
159 break;
160 if (x > UINT32_MAX || error != 0) {
161 wbc_status = WBC_ERR_INVALID_SID;
162 BAIL_ON_WBC_ERROR(wbc_status);
163 }
164 sid->sub_auths[sid->num_auths++] = x;
165
166 if (*q != '-') {
167 break;
168 }
169 p = q + 1;
170 }
171
172 /* IF we ended early, then the SID could not be converted */
173
174 if (q && *q!='\0') {
175 wbc_status = WBC_ERR_INVALID_SID;
176 BAIL_ON_WBC_ERROR(wbc_status);
177 }
178
179 wbc_status = WBC_ERR_SUCCESS;
180
181 done:
182 return wbc_status;
183
184 }
185
186
187 /* Convert a domain and name to SID */
188 _PUBLIC_
189 wbcErr wbcCtxLookupName(struct wbcContext *ctx,
190 const char *domain,
191 const char *name,
192 struct wbcDomainSid *sid,
193 enum wbcSidType *name_type)
194 {
195 struct winbindd_request request;
196 struct winbindd_response response;
197 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
198
199 if (!sid || !name_type) {
200 wbc_status = WBC_ERR_INVALID_PARAM;
201 BAIL_ON_WBC_ERROR(wbc_status);
202 }
203
204 /* Initialize request */
205
206 ZERO_STRUCT(request);
207 ZERO_STRUCT(response);
208
209 /* dst is already null terminated from the memset above */
210
211 strncpy(request.data.name.dom_name, domain,
212 sizeof(request.data.name.dom_name)-1);
213 strncpy(request.data.name.name, name,
214 sizeof(request.data.name.name)-1);
215
216 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPNAME,
217 &request,
218 &response);
219 BAIL_ON_WBC_ERROR(wbc_status);
220
221 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
222 BAIL_ON_WBC_ERROR(wbc_status);
223
224 *name_type = (enum wbcSidType)response.data.sid.type;
225
226 wbc_status = WBC_ERR_SUCCESS;
227
228 done:
229 return wbc_status;
230 }
231
232 _PUBLIC_
233 wbcErr wbcLookupName(const char *domain,
234 const char *name,
235 struct wbcDomainSid *sid,
236 enum wbcSidType *name_type)
237 {
238 return wbcCtxLookupName(NULL, domain, name, sid, name_type);
239 }
240
241
242 /* Convert a SID to a domain and name */
243 _PUBLIC_
244 wbcErr wbcCtxLookupSid(struct wbcContext *ctx,
245 const struct wbcDomainSid *sid,
246 char **pdomain,
247 char **pname,
248 enum wbcSidType *pname_type)
249 {
250 struct winbindd_request request;
251 struct winbindd_response response;
252 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
253 char *domain, *name;
254
255 if (!sid) {
256 return WBC_ERR_INVALID_PARAM;
257 }
258
259 /* Initialize request */
260
261 ZERO_STRUCT(request);
262 ZERO_STRUCT(response);
263
264 wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
265
266 /* Make request */
267
268 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSID,
269 &request,
270 &response);
271 if (!WBC_ERROR_IS_OK(wbc_status)) {
272 return wbc_status;
273 }
274
275 /* Copy out result */
276
277 wbc_status = WBC_ERR_NO_MEMORY;
278 domain = NULL;
279 name = NULL;
280
281 domain = wbcStrDup(response.data.name.dom_name);
282 if (domain == NULL) {
283 goto done;
284 }
285 name = wbcStrDup(response.data.name.name);
286 if (name == NULL) {
287 goto done;
288 }
289 if (pdomain != NULL) {
290 *pdomain = domain;
291 domain = NULL;
292 }
293 if (pname != NULL) {
294 *pname = name;
295 name = NULL;
296 }
297 if (pname_type != NULL) {
298 *pname_type = (enum wbcSidType)response.data.name.type;
299 }
300 wbc_status = WBC_ERR_SUCCESS;
301 done:
302 wbcFreeMemory(name);
303 wbcFreeMemory(domain);
304 return wbc_status;
305 }
306
307 _PUBLIC_
308 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
309 char **pdomain,
310 char **pname,
311 enum wbcSidType *pname_type)
312 {
313 return wbcCtxLookupSid(NULL, sid, pdomain, pname, pname_type);
314 }
315
316 static void wbcDomainInfosDestructor(void *ptr)
317 {
318 struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
319
320 while (i->short_name != NULL) {
321 wbcFreeMemory(i->short_name);
322 wbcFreeMemory(i->dns_name);
323 i += 1;
324 }
325 }
326
327 static void wbcTranslatedNamesDestructor(void *ptr)
328 {
329 struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr;
330
331 while (n->name != NULL) {
332 wbcFreeMemory(n->name);
333 n += 1;
334 }
335 }
336
337 _PUBLIC_
338 wbcErr wbcCtxLookupSids(struct wbcContext *ctx,
339 const struct wbcDomainSid *sids, int num_sids,
340 struct wbcDomainInfo **pdomains, int *pnum_domains,
341 struct wbcTranslatedName **pnames)
342 {
343 struct winbindd_request request;
344 struct winbindd_response response;
345 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
346 int buflen, i, extra_len, num_domains, num_names;
347 char *sidlist, *p, *q, *extra_data;
348 struct wbcDomainInfo *domains = NULL;
349 struct wbcTranslatedName *names = NULL;
350 int error = 0;
351
352 buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
353
354 sidlist = (char *)malloc(buflen);
355 if (sidlist == NULL) {
356 return WBC_ERR_NO_MEMORY;
357 }
358
359 p = sidlist;
360
361 for (i=0; i<num_sids; i++) {
362 int remaining;
363 int len;
364
365 remaining = buflen - (p - sidlist);
366
367 len = wbcSidToStringBuf(&sids[i], p, remaining);
368 if (len > remaining) {
369 free(sidlist);
370 return WBC_ERR_UNKNOWN_FAILURE;
371 }
372
373 p += len;
374 *p++ = '\n';
375 }
376 *p++ = '\0';
377
378 ZERO_STRUCT(request);
379 ZERO_STRUCT(response);
380
381 request.extra_data.data = sidlist;
382 request.extra_len = p - sidlist;
383
384 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSIDS,
385 &request, &response);
386 free(sidlist);
387 if (!WBC_ERROR_IS_OK(wbc_status)) {
388 return wbc_status;
389 }
390
391 extra_len = response.length - sizeof(struct winbindd_response);
392 extra_data = (char *)response.extra_data.data;
393
394 if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
395 goto wbc_err_invalid;
396 }
397
398 p = extra_data;
399
400 num_domains = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
401 if (*q != '\n' || error != 0) {
402 goto wbc_err_invalid;
403 }
404 p = q+1;
405
406 domains = (struct wbcDomainInfo *)wbcAllocateMemory(
407 num_domains+1, sizeof(struct wbcDomainInfo),
408 wbcDomainInfosDestructor);
409 if (domains == NULL) {
410 wbc_status = WBC_ERR_NO_MEMORY;
411 goto fail;
412 }
413
414 for (i=0; i<num_domains; i++) {
415
416 q = strchr(p, ' ');
417 if (q == NULL) {
418 goto wbc_err_invalid;
419 }
420 *q = '\0';
421 wbc_status = wbcStringToSid(p, &domains[i].sid);
422 if (!WBC_ERROR_IS_OK(wbc_status)) {
423 goto fail;
424 }
425 p = q+1;
426
427 q = strchr(p, '\n');
428 if (q == NULL) {
429 goto wbc_err_invalid;
430 }
431 *q = '\0';
432 domains[i].short_name = wbcStrDup(p);
433 if (domains[i].short_name == NULL) {
434 wbc_status = WBC_ERR_NO_MEMORY;
435 goto fail;
436 }
437 p = q+1;
438 }
439
440 num_names = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
441 if (*q != '\n' || error != 0) {
442 goto wbc_err_invalid;
443 }
444 p = q+1;
445
446 if (num_names != num_sids) {
447 goto wbc_err_invalid;
448 }
449
450 names = (struct wbcTranslatedName *)wbcAllocateMemory(
451 num_names+1, sizeof(struct wbcTranslatedName),
452 wbcTranslatedNamesDestructor);
453 if (names == NULL) {
454 wbc_status = WBC_ERR_NO_MEMORY;
455 goto fail;
456 }
457
458 for (i=0; i<num_names; i++) {
459
460 names[i].domain_index = smb_strtoul(p,
461 &q,
462 10,
463 &error,
464 SMB_STR_STANDARD);
465 if (names[i].domain_index < 0 || error != 0) {
466 goto wbc_err_invalid;
467 }
468 if (names[i].domain_index >= num_domains) {
469 goto wbc_err_invalid;
470 }
471
472 if (*q != ' ') {
473 goto wbc_err_invalid;
474 }
475 p = q+1;
476
477 names[i].type = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
478 if (*q != ' ' || error != 0) {
479 goto wbc_err_invalid;
480 }
481 p = q+1;
482
483 q = strchr(p, '\n');
484 if (q == NULL) {
485 goto wbc_err_invalid;
486 }
487 *q = '\0';
488 names[i].name = wbcStrDup(p);
489 if (names[i].name == NULL) {
490 wbc_status = WBC_ERR_NO_MEMORY;
491 goto fail;
492 }
493 p = q+1;
494 }
495 if (*p != '\0') {
496 goto wbc_err_invalid;
497 }
498
499 *pdomains = domains;
500 *pnames = names;
501 winbindd_free_response(&response);
502 return WBC_ERR_SUCCESS;
503
504 wbc_err_invalid:
505 wbc_status = WBC_ERR_INVALID_RESPONSE;
506 fail:
507 winbindd_free_response(&response);
508 wbcFreeMemory(domains);
509 wbcFreeMemory(names);
510 return wbc_status;
511 }
512
513 _PUBLIC_
514 wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
515 struct wbcDomainInfo **pdomains, int *pnum_domains,
516 struct wbcTranslatedName **pnames)
517 {
518 return wbcCtxLookupSids(NULL, sids, num_sids, pdomains,
519 pnum_domains, pnames);
520 }
521
522 /* Translate a collection of RIDs within a domain to names */
523
524 _PUBLIC_
525 wbcErr wbcCtxLookupRids(struct wbcContext *ctx, struct wbcDomainSid *dom_sid,
526 int num_rids,
527 uint32_t *rids,
528 const char **pp_domain_name,
529 const char ***pnames,
530 enum wbcSidType **ptypes)
531 {
532 int i;
533 size_t len, ridbuf_size;
534 char *ridlist;
535 char *p;
536 int error = 0;
537 struct winbindd_request request;
538 struct winbindd_response response;
539 char *domain_name = NULL;
540 const char **names = NULL;
541 enum wbcSidType *types = NULL;
542 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
543
544 /* Initialise request */
545
546 ZERO_STRUCT(request);
547 ZERO_STRUCT(response);
548
549 if (!dom_sid || (num_rids == 0)) {
550 wbc_status = WBC_ERR_INVALID_PARAM;
551 BAIL_ON_WBC_ERROR(wbc_status);
552 }
553
554 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
555
556 /* Even if all the Rids were of maximum 32bit values,
557 we would only have 11 bytes per rid in the final array
558 ("4294967296" + \n). Add one more byte for the
559 terminating '\0' */
560
561 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
562
563 ridlist = (char *)malloc(ridbuf_size);
564 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
565
566 len = 0;
567 for (i=0; i<num_rids; i++) {
568 len += snprintf(ridlist + len, ridbuf_size - len, "%u\n",
569 rids[i]);
570 }
571 ridlist[len] = '\0';
572 len += 1;
573
574 request.extra_data.data = ridlist;
575 request.extra_len = len;
576
577 wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPRIDS,
578 &request,
579 &response);
580 free(ridlist);
581 BAIL_ON_WBC_ERROR(wbc_status);
582
583 domain_name = wbcStrDup(response.data.domain_name);
584 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
585
586 names = wbcAllocateStringArray(num_rids);
587 BAIL_ON_PTR_ERROR(names, wbc_status);
588
589 types = (enum wbcSidType *)wbcAllocateMemory(
590 num_rids, sizeof(enum wbcSidType), NULL);
591 BAIL_ON_PTR_ERROR(types, wbc_status);
592
593 p = (char *)response.extra_data.data;
594
595 for (i=0; i<num_rids; i++) {
596 char *q;
597
598 if (*p == '\0') {
599 wbc_status = WBC_ERR_INVALID_RESPONSE;
600 goto done;
601 }
602
603 types[i] = (enum wbcSidType)smb_strtoul(p,
604 &q,
605 10,
606 &error,
607 SMB_STR_STANDARD);
608
609 if (*q != ' ' || error != 0) {
610 wbc_status = WBC_ERR_INVALID_RESPONSE;
611 goto done;
612 }
613
614 p = q+1;
615
616 if ((q = strchr(p, '\n')) == NULL) {
617 wbc_status = WBC_ERR_INVALID_RESPONSE;
618 goto done;
619 }
620
621 *q = '\0';
622
623 names[i] = strdup(p);
624 BAIL_ON_PTR_ERROR(names[i], wbc_status);
625
626 p = q+1;
627 }
628
629 if (*p != '\0') {
630 wbc_status = WBC_ERR_INVALID_RESPONSE;
631 goto done;
632 }
633
634 wbc_status = WBC_ERR_SUCCESS;
635
636 done:
637 winbindd_free_response(&response);
638
639 if (WBC_ERROR_IS_OK(wbc_status)) {
640 *pp_domain_name = domain_name;
641 *pnames = names;
642 *ptypes = types;
643 }
644 else {
645 wbcFreeMemory(domain_name);
646 wbcFreeMemory(names);
647 wbcFreeMemory(types);
648 }
649
650 return wbc_status;
651 }
652
653 _PUBLIC_
654 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
655 int num_rids,
656 uint32_t *rids,
657 const char **pp_domain_name,
658 const char ***pnames,
659 enum wbcSidType **ptypes)
660 {
661 return wbcCtxLookupRids(NULL, dom_sid, num_rids, rids,
662 pp_domain_name, pnames, ptypes);
663 }
664
665 /* Get the groups a user belongs to */
666 _PUBLIC_
667 wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx,
668 const struct wbcDomainSid *user_sid,
669 bool domain_groups_only,
670 uint32_t *num_sids,
671 struct wbcDomainSid **_sids)
672 {
673 uint32_t i;
674 const char *s;
675 struct winbindd_request request;
676 struct winbindd_response response;
677 struct wbcDomainSid *sids = NULL;
678 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
679 int cmd;
680
681 /* Initialise request */
682
683 ZERO_STRUCT(request);
684 ZERO_STRUCT(response);
685
686 if (!user_sid) {
687 wbc_status = WBC_ERR_INVALID_PARAM;
688 BAIL_ON_WBC_ERROR(wbc_status);
689 }
690
691 wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid));
692
693 if (domain_groups_only) {
694 cmd = WINBINDD_GETUSERDOMGROUPS;
695 } else {
696 cmd = WINBINDD_GETUSERSIDS;
697 }
698
699 wbc_status = wbcRequestResponse(ctx, cmd,
700 &request,
701 &response);
702 BAIL_ON_WBC_ERROR(wbc_status);
703
704 if (response.data.num_entries &&
705 !response.extra_data.data) {
706 wbc_status = WBC_ERR_INVALID_RESPONSE;
707 BAIL_ON_WBC_ERROR(wbc_status);
708 }
709
710 sids = (struct wbcDomainSid *)wbcAllocateMemory(
711 response.data.num_entries, sizeof(struct wbcDomainSid),
712 NULL);
713 BAIL_ON_PTR_ERROR(sids, wbc_status);
714
715 s = (const char *)response.extra_data.data;
716 for (i = 0; i < response.data.num_entries; i++) {
717 char *n = strchr(s, '\n');
718 if (n) {
719 *n = '\0';
720 }
721 wbc_status = wbcStringToSid(s, &sids[i]);
722 BAIL_ON_WBC_ERROR(wbc_status);
723 s += strlen(s) + 1;
724 }
725
726 *num_sids = response.data.num_entries;
727 *_sids = sids;
728 sids = NULL;
729 wbc_status = WBC_ERR_SUCCESS;
730
731 done:
732 winbindd_free_response(&response);
733 if (sids) {
734 wbcFreeMemory(sids);
735 }
736
737 return wbc_status;
738 }
739
740 _PUBLIC_
741 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
742 bool domain_groups_only,
743 uint32_t *num_sids,
744 struct wbcDomainSid **_sids)
745 {
746 return wbcCtxLookupUserSids(NULL, user_sid, domain_groups_only,
747 num_sids, _sids);
748 }
749
750 static inline
751 wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
752 {
753 if (sid->num_auths < 1) {
754 return WBC_ERR_INVALID_RESPONSE;
755 }
756 *rid = sid->sub_auths[sid->num_auths - 1];
757
758 return WBC_ERR_SUCCESS;
759 }
760
761 /* Get alias membership for sids */
762 _PUBLIC_
763 wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx,
764 const struct wbcDomainSid *dom_sid,
765 struct wbcDomainSid *sids,
766 uint32_t num_sids,
767 uint32_t **alias_rids,
768 uint32_t *num_alias_rids)
769 {
770 uint32_t i;
771 const char *s;
772 struct winbindd_request request;
773 struct winbindd_response response;
774 ssize_t extra_data_len = 0;
775 char * extra_data = NULL;
776 ssize_t buflen = 0;
777 struct wbcDomainSid sid;
778 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
779 uint32_t * rids = NULL;
780
781 /* Initialise request */
782
783 ZERO_STRUCT(request);
784 ZERO_STRUCT(response);
785
786 if (!dom_sid) {
787 wbc_status = WBC_ERR_INVALID_PARAM;
788 goto done;
789 }
790
791 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
792
793 /* Lets assume each sid is around 57 characters
794 * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
795 buflen = 57 * num_sids;
796 extra_data = (char *)malloc(buflen);
797 if (!extra_data) {
798 wbc_status = WBC_ERR_NO_MEMORY;
799 goto done;
800 }
801
802 /* Build the sid list */
803 for (i=0; i<num_sids; i++) {
804 char sid_str[WBC_SID_STRING_BUFLEN];
805 size_t sid_len;
806
807 sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str));
808
809 if (buflen < extra_data_len + sid_len + 2) {
810 char * tmp_data = NULL;
811 buflen *= 2;
812 tmp_data = (char *)realloc(extra_data, buflen);
813 if (!tmp_data) {
814 wbc_status = WBC_ERR_NO_MEMORY;
815 BAIL_ON_WBC_ERROR(wbc_status);
816 }
817 extra_data = tmp_data;
818 }
819
820 strncpy(&extra_data[extra_data_len], sid_str,
821 buflen - extra_data_len);
822 extra_data_len += sid_len;
823 extra_data[extra_data_len++] = '\n';
824 extra_data[extra_data_len] = '\0';
825 }
826 extra_data_len += 1;
827
828 request.extra_data.data = extra_data;
829 request.extra_len = extra_data_len;
830
831 wbc_status = wbcRequestResponse(ctx, WINBINDD_GETSIDALIASES,
832 &request,
833 &response);
834 BAIL_ON_WBC_ERROR(wbc_status);
835
836 if (response.data.num_entries &&
837 !response.extra_data.data) {
838 wbc_status = WBC_ERR_INVALID_RESPONSE;
839 goto done;
840 }
841
842 rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries,
843 sizeof(uint32_t), NULL);
844 BAIL_ON_PTR_ERROR(rids, wbc_status);
845
846 s = (const char *)response.extra_data.data;
847 for (i = 0; i < response.data.num_entries; i++) {
848 char *n = strchr(s, '\n');
849 if (n) {
850 *n = '\0';
851 }
852 wbc_status = wbcStringToSid(s, &sid);
853 BAIL_ON_WBC_ERROR(wbc_status);
854 wbc_status = _sid_to_rid(&sid, &rids[i]);
855 BAIL_ON_WBC_ERROR(wbc_status);
856 s += strlen(s) + 1;
857 }
858
859 *num_alias_rids = response.data.num_entries;
860 *alias_rids = rids;
861 rids = NULL;
862 wbc_status = WBC_ERR_SUCCESS;
863
864 done:
865 free(extra_data);
866 winbindd_free_response(&response);
867 wbcFreeMemory(rids);
868 return wbc_status;
869 }
870
871 _PUBLIC_
872 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
873 struct wbcDomainSid *sids,
874 uint32_t num_sids,
875 uint32_t **alias_rids,
876 uint32_t *num_alias_rids)
877 {
878 return wbcCtxGetSidAliases(NULL, dom_sid, sids, num_sids,
879 alias_rids, num_alias_rids);
880 }
881
882
883 /* Lists Users */
884 _PUBLIC_
885 wbcErr wbcCtxListUsers(struct wbcContext *ctx,
886 const char *domain_name,
887 uint32_t *_num_users,
888 const char ***_users)
889 {
890 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
891 struct winbindd_request request;
892 struct winbindd_response response;
893 uint32_t num_users = 0;
894 const char **users = NULL;
895 const char *next;
896
897 /* Initialise request */
898
899 ZERO_STRUCT(request);
900 ZERO_STRUCT(response);
901
902 if (domain_name) {
903 strncpy(request.domain_name, domain_name,
904 sizeof(request.domain_name)-1);
905 }
906
907 wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_USERS,
908 &request,
909 &response);
910 BAIL_ON_WBC_ERROR(wbc_status);
911
912 users = wbcAllocateStringArray(response.data.num_entries);
913 if (users == NULL) {
914 return WBC_ERR_NO_MEMORY;
915 }
916
917 /* Look through extra data */
918
919 next = (const char *)response.extra_data.data;
920 while (next) {
921 const char *current;
922 char *k;
923
924 if (num_users >= response.data.num_entries) {
925 wbc_status = WBC_ERR_INVALID_RESPONSE;
926 goto done;
927 }
928
929 current = next;
930 k = strchr(next, ',');
931
932 if (k) {
933 k[0] = '\0';
934 next = k+1;
935 } else {
936 next = NULL;
937 }
938
939 users[num_users] = strdup(current);
940 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
941 num_users += 1;
942 }
943 if (num_users != response.data.num_entries) {
944 wbc_status = WBC_ERR_INVALID_RESPONSE;
945 goto done;
946 }
947
948 *_num_users = response.data.num_entries;
949 *_users = users;
950 users = NULL;
951 wbc_status = WBC_ERR_SUCCESS;
952
953 done:
954 winbindd_free_response(&response);
955 wbcFreeMemory(users);
956 return wbc_status;
957 }
958
959 _PUBLIC_
960 wbcErr wbcListUsers(const char *domain_name,
961 uint32_t *_num_users,
962 const char ***_users)
963 {
964 return wbcCtxListUsers(NULL, domain_name, _num_users, _users);
965 }
966
967 /* Lists Groups */
968 _PUBLIC_
969 wbcErr wbcCtxListGroups(struct wbcContext *ctx,
970 const char *domain_name,
971 uint32_t *_num_groups,
972 const char ***_groups)
973 {
974 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
975 struct winbindd_request request;
976 struct winbindd_response response;
977 uint32_t num_groups = 0;
978 const char **groups = NULL;
979 const char *next;
980
981 /* Initialise request */
982
983 ZERO_STRUCT(request);
984 ZERO_STRUCT(response);
985
986 if (domain_name) {
987 strncpy(request.domain_name, domain_name,
988 sizeof(request.domain_name)-1);
989 }
990
991 wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_GROUPS,
992 &request,
993 &response);
994 BAIL_ON_WBC_ERROR(wbc_status);
995
996 groups = wbcAllocateStringArray(response.data.num_entries);
997 if (groups == NULL) {
998 return WBC_ERR_NO_MEMORY;
999 }
1000
1001 /* Look through extra data */
1002
1003 next = (const char *)response.extra_data.data;
1004 while (next) {
1005 const char *current;
1006 char *k;
1007
1008 if (num_groups >= response.data.num_entries) {
1009 wbc_status = WBC_ERR_INVALID_RESPONSE;
1010 goto done;
1011 }
1012
1013 current = next;
1014 k = strchr(next, ',');
1015
1016 if (k) {
1017 k[0] = '\0';
1018 next = k+1;
1019 } else {
1020 next = NULL;
1021 }
1022
1023 groups[num_groups] = strdup(current);
1024 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
1025 num_groups += 1;
1026 }
1027 if (num_groups != response.data.num_entries) {
1028 wbc_status = WBC_ERR_INVALID_RESPONSE;
1029 goto done;
1030 }
1031
1032 *_num_groups = response.data.num_entries;
1033 *_groups = groups;
1034 groups = NULL;
1035 wbc_status = WBC_ERR_SUCCESS;
1036
1037 done:
1038 winbindd_free_response(&response);
1039 wbcFreeMemory(groups);
1040 return wbc_status;
1041 }
1042
1043 _PUBLIC_
1044 wbcErr wbcListGroups(const char *domain_name,
1045 uint32_t *_num_groups,
1046 const char ***_groups)
1047 {
1048 return wbcCtxListGroups(NULL, domain_name, _num_groups, _groups);
1049 }
1050
1051 _PUBLIC_
1052 wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx,
1053 const struct wbcDomainSid *sid,
1054 char **pdomain,
1055 char **pfullname,
1056 enum wbcSidType *pname_type)
1057 {
1058 wbcErr wbc_status;
1059 char *domain = NULL;
1060 char *name = NULL;
1061 enum wbcSidType name_type;
1062
1063 wbc_status = wbcCtxLookupSid(ctx, sid, &domain, &name, &name_type);
1064 BAIL_ON_WBC_ERROR(wbc_status);
1065
1066 if (name_type == WBC_SID_NAME_USER) {
1067 uid_t uid;
1068 struct passwd *pwd;
1069
1070 wbc_status = wbcCtxSidToUid(ctx, sid, &uid);
1071 BAIL_ON_WBC_ERROR(wbc_status);
1072
1073 wbc_status = wbcCtxGetpwuid(ctx, uid, &pwd);
1074 BAIL_ON_WBC_ERROR(wbc_status);
1075
1076 wbcFreeMemory(name);
1077
1078 name = wbcStrDup(pwd->pw_gecos);
1079 wbcFreeMemory(pwd);
1080 BAIL_ON_PTR_ERROR(name, wbc_status);
1081 }
1082
1083 wbc_status = WBC_ERR_SUCCESS;
1084
1085 done:
1086 if (WBC_ERROR_IS_OK(wbc_status)) {
1087 *pdomain = domain;
1088 *pfullname = name;
1089 *pname_type = name_type;
1090 } else {
1091 wbcFreeMemory(domain);
1092 wbcFreeMemory(name);
1093 }
1094
1095 return wbc_status;
1096 }
1097
1098 _PUBLIC_
1099 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
1100 char **pdomain,
1101 char **pfullname,
1102 enum wbcSidType *pname_type)
1103 {
1104 return wbcCtxGetDisplayName(NULL, sid, pdomain, pfullname, pname_type);
1105 }
1106
1107 _PUBLIC_
1108 const char* wbcSidTypeString(enum wbcSidType type)
1109 {
1110 switch (type) {
1111 case WBC_SID_NAME_USE_NONE: return "SID_NONE";
1112 case WBC_SID_NAME_USER: return "SID_USER";
1113 case WBC_SID_NAME_DOM_GRP: return "SID_DOM_GROUP";
1114 case WBC_SID_NAME_DOMAIN: return "SID_DOMAIN";
1115 case WBC_SID_NAME_ALIAS: return "SID_ALIAS";
1116 case WBC_SID_NAME_WKN_GRP: return "SID_WKN_GROUP";
1117 case WBC_SID_NAME_DELETED: return "SID_DELETED";
1118 case WBC_SID_NAME_INVALID: return "SID_INVALID";
1119 case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN";
1120 case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER";
1121 case WBC_SID_NAME_LABEL: return "SID_LABEL";
1122 default: return "Unknown type";
1123 }
1124 }
Samba GIT mirror