search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libsmbconf: testsuite: add talloc_stackframe to main().
[Samba.git] / source / nsswitch / winbind_nss_linux.c
blobbfac2ecdd14a106efd5bcb031929d9e8a0953a23
1 /*
2 Unix SMB/CIFS implementation.
3
4 Windows NT Domain nsswitch module
5
6 Copyright (C) Tim Potter 2000
7
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
12
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "winbind_client.h"
23
24 #if HAVE_PTHREAD_H
25 #include <pthread.h>
26 #endif
27
28 #if HAVE_PTHREAD
29 static pthread_mutex_t winbind_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
30 #endif
31
32 /* Maximum number of users to pass back over the unix domain socket
33 per call. This is not a static limit on the total number of users
34 or groups returned in total. */
35
36 #define MAX_GETPWENT_USERS 250
37 #define MAX_GETGRENT_USERS 250
38
39 NSS_STATUS _nss_winbind_setpwent(void);
40 NSS_STATUS _nss_winbind_endpwent(void);
41 NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
42 size_t buflen, int *errnop);
43 NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
44 char *buffer, size_t buflen, int *errnop);
45 NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
46 char *buffer, size_t buflen, int *errnop);
47 NSS_STATUS _nss_winbind_setgrent(void);
48 NSS_STATUS _nss_winbind_endgrent(void);
49 NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
50 size_t buflen, int *errnop);
51 NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
52 size_t buflen, int *errnop);
53 NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
54 char *buffer, size_t buflen, int *errnop);
55 NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
56 size_t buflen, int *errnop);
57 NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
58 long int *size, gid_t **groups,
59 long int limit, int *errnop);
60 NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
61 int *num_groups, char *buffer, size_t buf_size,
62 int *errnop);
63 NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
64 size_t buflen, int *errnop);
65 NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
66 size_t buflen, int *errnop);
67 NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
68 NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
69 NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
70 size_t buflen, int *errnop);
71 NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
72 size_t buflen, int *errnop);
73
74 /* Prototypes from wb_common.c */
75
76 extern int winbindd_fd;
77
78 /* Allocate some space from the nss static buffer. The buffer and buflen
79 are the pointers passed in by the C library to the _nss_ntdom_*
80 functions. */
81
82 static char *get_static(char **buffer, size_t *buflen, size_t len)
83 {
84 char *result;
85
86 /* Error check. We return false if things aren't set up right, or
87 there isn't enough buffer space left. */
88
89 if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
90 return NULL;
91 }
92
93 /* Return an index into the static buffer */
94
95 result = *buffer;
96 *buffer += len;
97 *buflen -= len;
98
99 return result;
100 }
101
102 /* I've copied the strtok() replacement function next_token_Xalloc() from
103 lib/util_str.c as I really don't want to have to link in any other
104 objects if I can possibly avoid it. */
105
106 static bool next_token_alloc(const char **ptr,
107 char **pp_buff,
108 const char *sep)
109 {
110 char *s;
111 char *saved_s;
112 char *pbuf;
113 bool quoted;
114 size_t len=1;
115
116 *pp_buff = NULL;
117 if (!ptr) {
118 return(false);
119 }
120
121 s = (char *)*ptr;
122
123 /* default to simple separators */
124 if (!sep) {
125 sep = " \t\n\r";
126 }
127
128 /* find the first non sep char */
129 while (*s && strchr(sep,*s)) {
130 s++;
131 }
132
133 /* nothing left? */
134 if (!*s) {
135 return false;
136 }
137
138 /* When restarting we need to go from here. */
139 saved_s = s;
140
141 /* Work out the length needed. */
142 for (quoted = false; *s &&
143 (quoted || !strchr(sep,*s)); s++) {
144 if (*s == '\"') {
145 quoted = !quoted;
146 } else {
147 len++;
148 }
149 }
150
151 /* We started with len = 1 so we have space for the nul. */
152 *pp_buff = malloc(len);
153 if (!*pp_buff) {
154 return false;
155 }
156
157 /* copy over the token */
158 pbuf = *pp_buff;
159 s = saved_s;
160 for (quoted = false; *s &&
161 (quoted || !strchr(sep,*s)); s++) {
162 if ( *s == '\"' ) {
163 quoted = !quoted;
164 } else {
165 *pbuf++ = *s;
166 }
167 }
168
169 *ptr = (*s) ? s+1 : s;
170 *pbuf = 0;
171
172 return true;
173 }
174
175 /* Fill a pwent structure from a winbindd_response structure. We use
176 the static data passed to us by libc to put strings and stuff in.
177 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
178
179 static NSS_STATUS fill_pwent(struct passwd *result,
180 struct winbindd_pw *pw,
181 char **buffer, size_t *buflen)
182 {
183 /* User name */
184
185 if ((result->pw_name =
186 get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
187
188 /* Out of memory */
189
190 return NSS_STATUS_TRYAGAIN;
191 }
192
193 strcpy(result->pw_name, pw->pw_name);
194
195 /* Password */
196
197 if ((result->pw_passwd =
198 get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
199
200 /* Out of memory */
201
202 return NSS_STATUS_TRYAGAIN;
203 }
204
205 strcpy(result->pw_passwd, pw->pw_passwd);
206
207 /* [ug]id */
208
209 result->pw_uid = pw->pw_uid;
210 result->pw_gid = pw->pw_gid;
211
212 /* GECOS */
213
214 if ((result->pw_gecos =
215 get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
216
217 /* Out of memory */
218
219 return NSS_STATUS_TRYAGAIN;
220 }
221
222 strcpy(result->pw_gecos, pw->pw_gecos);
223
224 /* Home directory */
225
226 if ((result->pw_dir =
227 get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
228
229 /* Out of memory */
230
231 return NSS_STATUS_TRYAGAIN;
232 }
233
234 strcpy(result->pw_dir, pw->pw_dir);
235
236 /* Logon shell */
237
238 if ((result->pw_shell =
239 get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
240
241 /* Out of memory */
242
243 return NSS_STATUS_TRYAGAIN;
244 }
245
246 strcpy(result->pw_shell, pw->pw_shell);
247
248 /* The struct passwd for Solaris has some extra fields which must
249 be initialised or nscd crashes. */
250
251 #if HAVE_PASSWD_PW_COMMENT
252 result->pw_comment = "";
253 #endif
254
255 #if HAVE_PASSWD_PW_AGE
256 result->pw_age = "";
257 #endif
258
259 return NSS_STATUS_SUCCESS;
260 }
261
262 /* Fill a grent structure from a winbindd_response structure. We use
263 the static data passed to us by libc to put strings and stuff in.
264 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
265
266 static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
267 char *gr_mem, char **buffer, size_t *buflen)
268 {
269 char *name;
270 int i;
271 char *tst;
272
273 /* Group name */
274
275 if ((result->gr_name =
276 get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
277
278 /* Out of memory */
279
280 return NSS_STATUS_TRYAGAIN;
281 }
282
283 strcpy(result->gr_name, gr->gr_name);
284
285 /* Password */
286
287 if ((result->gr_passwd =
288 get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
289
290 /* Out of memory */
291 return NSS_STATUS_TRYAGAIN;
292 }
293
294 strcpy(result->gr_passwd, gr->gr_passwd);
295
296 /* gid */
297
298 result->gr_gid = gr->gr_gid;
299
300 /* Group membership */
301
302 if ((gr->num_gr_mem < 0) || !gr_mem) {
303 gr->num_gr_mem = 0;
304 }
305
306 /* this next value is a pointer to a pointer so let's align it */
307
308 /* Calculate number of extra bytes needed to align on pointer size boundry */
309 if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
310 i = sizeof(char*) - i;
311
312 if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
313 sizeof(char *)+i))) == NULL) {
314
315 /* Out of memory */
316
317 return NSS_STATUS_TRYAGAIN;
318 }
319 result->gr_mem = (char **)(tst + i);
320
321 if (gr->num_gr_mem == 0) {
322
323 /* Group is empty */
324
325 *(result->gr_mem) = NULL;
326 return NSS_STATUS_SUCCESS;
327 }
328
329 /* Start looking at extra data */
330
331 i = 0;
332
333 while(next_token_alloc((const char **)&gr_mem, &name, ",")) {
334 /* Allocate space for member */
335 if (((result->gr_mem)[i] =
336 get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
337 free(name);
338 /* Out of memory */
339 return NSS_STATUS_TRYAGAIN;
340 }
341 strcpy((result->gr_mem)[i], name);
342 free(name);
343 i++;
344 }
345
346 /* Terminate list */
347
348 (result->gr_mem)[i] = NULL;
349
350 return NSS_STATUS_SUCCESS;
351 }
352
353 /*
354 * NSS user functions
355 */
356
357 static struct winbindd_response getpwent_response;
358
359 static int ndx_pw_cache; /* Current index into pwd cache */
360 static int num_pw_cache; /* Current size of pwd cache */
361
362 /* Rewind "file pointer" to start of ntdom password database */
363
364 NSS_STATUS
365 _nss_winbind_setpwent(void)
366 {
367 NSS_STATUS ret;
368 #ifdef DEBUG_NSS
369 fprintf(stderr, "[%5d]: setpwent\n", getpid());
370 #endif
371
372 #if HAVE_PTHREAD
373 pthread_mutex_lock(&winbind_nss_mutex);
374 #endif
375
376 if (num_pw_cache > 0) {
377 ndx_pw_cache = num_pw_cache = 0;
378 winbindd_free_response(&getpwent_response);
379 }
380
381 ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
382 #ifdef DEBUG_NSS
383 fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
384 nss_err_str(ret), ret);
385 #endif
386
387 #if HAVE_PTHREAD
388 pthread_mutex_unlock(&winbind_nss_mutex);
389 #endif
390 return ret;
391 }
392
393 /* Close ntdom password database "file pointer" */
394
395 NSS_STATUS
396 _nss_winbind_endpwent(void)
397 {
398 NSS_STATUS ret;
399 #ifdef DEBUG_NSS
400 fprintf(stderr, "[%5d]: endpwent\n", getpid());
401 #endif
402
403 #if HAVE_PTHREAD
404 pthread_mutex_lock(&winbind_nss_mutex);
405 #endif
406
407 if (num_pw_cache > 0) {
408 ndx_pw_cache = num_pw_cache = 0;
409 winbindd_free_response(&getpwent_response);
410 }
411
412 ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
413 #ifdef DEBUG_NSS
414 fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
415 nss_err_str(ret), ret);
416 #endif
417
418 #if HAVE_PTHREAD
419 pthread_mutex_unlock(&winbind_nss_mutex);
420 #endif
421
422 return ret;
423 }
424
425 /* Fetch the next password entry from ntdom password database */
426
427 NSS_STATUS
428 _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
429 size_t buflen, int *errnop)
430 {
431 NSS_STATUS ret;
432 struct winbindd_request request;
433 static int called_again;
434
435 #ifdef DEBUG_NSS
436 fprintf(stderr, "[%5d]: getpwent\n", getpid());
437 #endif
438
439 #if HAVE_PTHREAD
440 pthread_mutex_lock(&winbind_nss_mutex);
441 #endif
442
443 /* Return an entry from the cache if we have one, or if we are
444 called again because we exceeded our static buffer. */
445
446 if ((ndx_pw_cache < num_pw_cache) || called_again) {
447 goto return_result;
448 }
449
450 /* Else call winbindd to get a bunch of entries */
451
452 if (num_pw_cache > 0) {
453 winbindd_free_response(&getpwent_response);
454 }
455
456 ZERO_STRUCT(request);
457 ZERO_STRUCT(getpwent_response);
458
459 request.data.num_entries = MAX_GETPWENT_USERS;
460
461 ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
462 &getpwent_response);
463
464 if (ret == NSS_STATUS_SUCCESS) {
465 struct winbindd_pw *pw_cache;
466
467 /* Fill cache */
468
469 ndx_pw_cache = 0;
470 num_pw_cache = getpwent_response.data.num_entries;
471
472 /* Return a result */
473
474 return_result:
475
476 pw_cache = (struct winbindd_pw *)
477 getpwent_response.extra_data.data;
478
479 /* Check data is valid */
480
481 if (pw_cache == NULL) {
482 ret = NSS_STATUS_NOTFOUND;
483 goto done;
484 }
485
486 ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
487 &buffer, &buflen);
488
489 /* Out of memory - try again */
490
491 if (ret == NSS_STATUS_TRYAGAIN) {
492 called_again = true;
493 *errnop = errno = ERANGE;
494 goto done;
495 }
496
497 *errnop = errno = 0;
498 called_again = false;
499 ndx_pw_cache++;
500
501 /* If we've finished with this lot of results free cache */
502
503 if (ndx_pw_cache == num_pw_cache) {
504 ndx_pw_cache = num_pw_cache = 0;
505 winbindd_free_response(&getpwent_response);
506 }
507 }
508 done:
509 #ifdef DEBUG_NSS
510 fprintf(stderr, "[%5d]: getpwent returns %s (%d)\n", getpid(),
511 nss_err_str(ret), ret);
512 #endif
513
514 #if HAVE_PTHREAD
515 pthread_mutex_unlock(&winbind_nss_mutex);
516 #endif
517 return ret;
518 }
519
520 /* Return passwd struct from uid */
521
522 NSS_STATUS
523 _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
524 size_t buflen, int *errnop)
525 {
526 NSS_STATUS ret;
527 static struct winbindd_response response;
528 struct winbindd_request request;
529 static int keep_response;
530
531 #ifdef DEBUG_NSS
532 fprintf(stderr, "[%5d]: getpwuid_r %d\n", getpid(), (unsigned int)uid);
533 #endif
534
535 #if HAVE_PTHREAD
536 pthread_mutex_lock(&winbind_nss_mutex);
537 #endif
538
539 /* If our static buffer needs to be expanded we are called again */
540 if (!keep_response || uid != response.data.pw.pw_uid) {
541
542 /* Call for the first time */
543
544 ZERO_STRUCT(response);
545 ZERO_STRUCT(request);
546
547 request.data.uid = uid;
548
549 ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
550
551 if (ret == NSS_STATUS_SUCCESS) {
552 ret = fill_pwent(result, &response.data.pw,
553 &buffer, &buflen);
554
555 if (ret == NSS_STATUS_TRYAGAIN) {
556 keep_response = true;
557 *errnop = errno = ERANGE;
558 goto done;
559 }
560 }
561
562 } else {
563
564 /* We've been called again */
565
566 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
567
568 if (ret == NSS_STATUS_TRYAGAIN) {
569 *errnop = errno = ERANGE;
570 goto done;
571 }
572
573 keep_response = false;
574 *errnop = errno = 0;
575 }
576
577 winbindd_free_response(&response);
578
579 done:
580
581 #ifdef DEBUG_NSS
582 fprintf(stderr, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(),
583 (unsigned int)uid, nss_err_str(ret), ret);
584 #endif
585
586 #if HAVE_PTHREAD
587 pthread_mutex_unlock(&winbind_nss_mutex);
588 #endif
589
590 return ret;
591 }
592
593 /* Return passwd struct from username */
594 NSS_STATUS
595 _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
596 size_t buflen, int *errnop)
597 {
598 NSS_STATUS ret;
599 static struct winbindd_response response;
600 struct winbindd_request request;
601 static int keep_response;
602
603 #ifdef DEBUG_NSS
604 fprintf(stderr, "[%5d]: getpwnam_r %s\n", getpid(), name);
605 #endif
606
607 #if HAVE_PTHREAD
608 pthread_mutex_lock(&winbind_nss_mutex);
609 #endif
610
611 /* If our static buffer needs to be expanded we are called again */
612
613 if (!keep_response || strcmp(name,response.data.pw.pw_name) != 0) {
614
615 /* Call for the first time */
616
617 ZERO_STRUCT(response);
618 ZERO_STRUCT(request);
619
620 strncpy(request.data.username, name,
621 sizeof(request.data.username) - 1);
622 request.data.username
623 [sizeof(request.data.username) - 1] = '\0';
624
625 ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
626
627 if (ret == NSS_STATUS_SUCCESS) {
628 ret = fill_pwent(result, &response.data.pw, &buffer,
629 &buflen);
630
631 if (ret == NSS_STATUS_TRYAGAIN) {
632 keep_response = true;
633 *errnop = errno = ERANGE;
634 goto done;
635 }
636 }
637
638 } else {
639
640 /* We've been called again */
641
642 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
643
644 if (ret == NSS_STATUS_TRYAGAIN) {
645 keep_response = true;
646 *errnop = errno = ERANGE;
647 goto done;
648 }
649
650 keep_response = false;
651 *errnop = errno = 0;
652 }
653
654 winbindd_free_response(&response);
655 done:
656 #ifdef DEBUG_NSS
657 fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
658 name, nss_err_str(ret), ret);
659 #endif
660
661 #if HAVE_PTHREAD
662 pthread_mutex_unlock(&winbind_nss_mutex);
663 #endif
664
665 return ret;
666 }
667
668 /*
669 * NSS group functions
670 */
671
672 static struct winbindd_response getgrent_response;
673
674 static int ndx_gr_cache; /* Current index into grp cache */
675 static int num_gr_cache; /* Current size of grp cache */
676
677 /* Rewind "file pointer" to start of ntdom group database */
678
679 NSS_STATUS
680 _nss_winbind_setgrent(void)
681 {
682 NSS_STATUS ret;
683 #ifdef DEBUG_NSS
684 fprintf(stderr, "[%5d]: setgrent\n", getpid());
685 #endif
686
687 #if HAVE_PTHREAD
688 pthread_mutex_lock(&winbind_nss_mutex);
689 #endif
690
691 if (num_gr_cache > 0) {
692 ndx_gr_cache = num_gr_cache = 0;
693 winbindd_free_response(&getgrent_response);
694 }
695
696 ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
697 #ifdef DEBUG_NSS
698 fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
699 nss_err_str(ret), ret);
700 #endif
701
702 #if HAVE_PTHREAD
703 pthread_mutex_unlock(&winbind_nss_mutex);
704 #endif
705
706 return ret;
707 }
708
709 /* Close "file pointer" for ntdom group database */
710
711 NSS_STATUS
712 _nss_winbind_endgrent(void)
713 {
714 NSS_STATUS ret;
715 #ifdef DEBUG_NSS
716 fprintf(stderr, "[%5d]: endgrent\n", getpid());
717 #endif
718
719 #if HAVE_PTHREAD
720 pthread_mutex_lock(&winbind_nss_mutex);
721 #endif
722
723 if (num_gr_cache > 0) {
724 ndx_gr_cache = num_gr_cache = 0;
725 winbindd_free_response(&getgrent_response);
726 }
727
728 ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
729 #ifdef DEBUG_NSS
730 fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
731 nss_err_str(ret), ret);
732 #endif
733
734 #if HAVE_PTHREAD
735 pthread_mutex_unlock(&winbind_nss_mutex);
736 #endif
737
738 return ret;
739 }
740
741 /* Get next entry from ntdom group database */
742
743 static NSS_STATUS
744 winbind_getgrent(enum winbindd_cmd cmd,
745 struct group *result,
746 char *buffer, size_t buflen, int *errnop)
747 {
748 NSS_STATUS ret;
749 static struct winbindd_request request;
750 static int called_again;
751
752
753 #ifdef DEBUG_NSS
754 fprintf(stderr, "[%5d]: getgrent\n", getpid());
755 #endif
756
757 #if HAVE_PTHREAD
758 pthread_mutex_lock(&winbind_nss_mutex);
759 #endif
760
761 /* Return an entry from the cache if we have one, or if we are
762 called again because we exceeded our static buffer. */
763
764 if ((ndx_gr_cache < num_gr_cache) || called_again) {
765 goto return_result;
766 }
767
768 /* Else call winbindd to get a bunch of entries */
769
770 if (num_gr_cache > 0) {
771 winbindd_free_response(&getgrent_response);
772 }
773
774 ZERO_STRUCT(request);
775 ZERO_STRUCT(getgrent_response);
776
777 request.data.num_entries = MAX_GETGRENT_USERS;
778
779 ret = winbindd_request_response(cmd, &request,
780 &getgrent_response);
781
782 if (ret == NSS_STATUS_SUCCESS) {
783 struct winbindd_gr *gr_cache;
784 int mem_ofs;
785
786 /* Fill cache */
787
788 ndx_gr_cache = 0;
789 num_gr_cache = getgrent_response.data.num_entries;
790
791 /* Return a result */
792
793 return_result:
794
795 gr_cache = (struct winbindd_gr *)
796 getgrent_response.extra_data.data;
797
798 /* Check data is valid */
799
800 if (gr_cache == NULL) {
801 ret = NSS_STATUS_NOTFOUND;
802 goto done;
803 }
804
805 /* Fill group membership. The offset into the extra data
806 for the group membership is the reported offset plus the
807 size of all the winbindd_gr records returned. */
808
809 mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
810 num_gr_cache * sizeof(struct winbindd_gr);
811
812 ret = fill_grent(result, &gr_cache[ndx_gr_cache],
813 ((char *)getgrent_response.extra_data.data)+mem_ofs,
814 &buffer, &buflen);
815
816 /* Out of memory - try again */
817
818 if (ret == NSS_STATUS_TRYAGAIN) {
819 called_again = true;
820 *errnop = errno = ERANGE;
821 goto done;
822 }
823
824 *errnop = 0;
825 called_again = false;
826 ndx_gr_cache++;
827
828 /* If we've finished with this lot of results free cache */
829
830 if (ndx_gr_cache == num_gr_cache) {
831 ndx_gr_cache = num_gr_cache = 0;
832 winbindd_free_response(&getgrent_response);
833 }
834 }
835 done:
836 #ifdef DEBUG_NSS
837 fprintf(stderr, "[%5d]: getgrent returns %s (%d)\n", getpid(),
838 nss_err_str(ret), ret);
839 #endif
840
841 #if HAVE_PTHREAD
842 pthread_mutex_unlock(&winbind_nss_mutex);
843 #endif
844
845 return ret;
846 }
847
848
849 NSS_STATUS
850 _nss_winbind_getgrent_r(struct group *result,
851 char *buffer, size_t buflen, int *errnop)
852 {
853 return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
854 }
855
856 NSS_STATUS
857 _nss_winbind_getgrlst_r(struct group *result,
858 char *buffer, size_t buflen, int *errnop)
859 {
860 return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
861 }
862
863 /* Return group struct from group name */
864
865 NSS_STATUS
866 _nss_winbind_getgrnam_r(const char *name,
867 struct group *result, char *buffer,
868 size_t buflen, int *errnop)
869 {
870 NSS_STATUS ret;
871 static struct winbindd_response response;
872 struct winbindd_request request;
873 static int keep_response;
874
875 #ifdef DEBUG_NSS
876 fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
877 #endif
878
879 #if HAVE_PTHREAD
880 pthread_mutex_lock(&winbind_nss_mutex);
881 #endif
882
883 /* If our static buffer needs to be expanded we are called again */
884 /* Or if the stored response group name differs from the request. */
885
886 if (!keep_response || strcmp(name,response.data.gr.gr_name) != 0) {
887
888 /* Call for the first time */
889
890 ZERO_STRUCT(request);
891 ZERO_STRUCT(response);
892
893 strncpy(request.data.groupname, name,
894 sizeof(request.data.groupname));
895 request.data.groupname
896 [sizeof(request.data.groupname) - 1] = '\0';
897
898 ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
899
900 if (ret == NSS_STATUS_SUCCESS) {
901 ret = fill_grent(result, &response.data.gr,
902 (char *)response.extra_data.data,
903 &buffer, &buflen);
904
905 if (ret == NSS_STATUS_TRYAGAIN) {
906 keep_response = true;
907 *errnop = errno = ERANGE;
908 goto done;
909 }
910 }
911
912 } else {
913
914 /* We've been called again */
915
916 ret = fill_grent(result, &response.data.gr,
917 (char *)response.extra_data.data, &buffer,
918 &buflen);
919
920 if (ret == NSS_STATUS_TRYAGAIN) {
921 keep_response = true;
922 *errnop = errno = ERANGE;
923 goto done;
924 }
925
926 keep_response = false;
927 *errnop = 0;
928 }
929
930 winbindd_free_response(&response);
931 done:
932 #ifdef DEBUG_NSS
933 fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
934 name, nss_err_str(ret), ret);
935 #endif
936
937 #if HAVE_PTHREAD
938 pthread_mutex_unlock(&winbind_nss_mutex);
939 #endif
940
941 return ret;
942 }
943
944 /* Return group struct from gid */
945
946 NSS_STATUS
947 _nss_winbind_getgrgid_r(gid_t gid,
948 struct group *result, char *buffer,
949 size_t buflen, int *errnop)
950 {
951 NSS_STATUS ret;
952 static struct winbindd_response response;
953 struct winbindd_request request;
954 static int keep_response;
955
956 #ifdef DEBUG_NSS
957 fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
958 #endif
959
960 #if HAVE_PTHREAD
961 pthread_mutex_lock(&winbind_nss_mutex);
962 #endif
963
964 /* If our static buffer needs to be expanded we are called again */
965 /* Or if the stored response group name differs from the request. */
966
967 if (!keep_response || gid != response.data.gr.gr_gid) {
968
969 /* Call for the first time */
970
971 ZERO_STRUCT(request);
972 ZERO_STRUCT(response);
973
974 request.data.gid = gid;
975
976 ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
977
978 if (ret == NSS_STATUS_SUCCESS) {
979
980 ret = fill_grent(result, &response.data.gr,
981 (char *)response.extra_data.data,
982 &buffer, &buflen);
983
984 if (ret == NSS_STATUS_TRYAGAIN) {
985 keep_response = true;
986 *errnop = errno = ERANGE;
987 goto done;
988 }
989 }
990
991 } else {
992
993 /* We've been called again */
994
995 ret = fill_grent(result, &response.data.gr,
996 (char *)response.extra_data.data, &buffer,
997 &buflen);
998
999 if (ret == NSS_STATUS_TRYAGAIN) {
1000 keep_response = true;
1001 *errnop = errno = ERANGE;
1002 goto done;
1003 }
1004
1005 keep_response = false;
1006 *errnop = 0;
1007 }
1008
1009 winbindd_free_response(&response);
1010 done:
1011 #ifdef DEBUG_NSS
1012 fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
1013 (unsigned int)gid, nss_err_str(ret), ret);
1014 #endif
1015
1016 #if HAVE_PTHREAD
1017 pthread_mutex_unlock(&winbind_nss_mutex);
1018 #endif
1019 return ret;
1020 }
1021
1022 /* Initialise supplementary groups */
1023
1024 NSS_STATUS
1025 _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
1026 long int *size, gid_t **groups, long int limit,
1027 int *errnop)
1028 {
1029 NSS_STATUS ret;
1030 struct winbindd_request request;
1031 struct winbindd_response response;
1032 int i;
1033
1034 #ifdef DEBUG_NSS
1035 fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
1036 user, group);
1037 #endif
1038
1039 #if HAVE_PTHREAD
1040 pthread_mutex_lock(&winbind_nss_mutex);
1041 #endif
1042
1043 ZERO_STRUCT(request);
1044 ZERO_STRUCT(response);
1045
1046 strncpy(request.data.username, user,
1047 sizeof(request.data.username) - 1);
1048
1049 ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
1050
1051 if (ret == NSS_STATUS_SUCCESS) {
1052 int num_gids = response.data.num_entries;
1053 gid_t *gid_list = (gid_t *)response.extra_data.data;
1054
1055 #ifdef DEBUG_NSS
1056 fprintf(stderr, "[%5d]: initgroups %s: got NSS_STATUS_SUCCESS "
1057 "and %d gids\n", getpid(),
1058 user, num_gids);
1059 #endif
1060 if (gid_list == NULL) {
1061 ret = NSS_STATUS_NOTFOUND;
1062 goto done;
1063 }
1064
1065 /* Copy group list to client */
1066
1067 for (i = 0; i < num_gids; i++) {
1068
1069 #ifdef DEBUG_NSS
1070 fprintf(stderr, "[%5d]: initgroups %s (%d): "
1071 "processing gid %d \n", getpid(),
1072 user, group, gid_list[i]);
1073 #endif
1074
1075 /* Skip primary group */
1076
1077 if (gid_list[i] == group) {
1078 continue;
1079 }
1080
1081 /* Filled buffer ? If so, resize. */
1082
1083 if (*start == *size) {
1084 long int newsize;
1085 gid_t *newgroups;
1086
1087 newsize = 2 * (*size);
1088 if (limit > 0) {
1089 if (*size == limit) {
1090 goto done;
1091 }
1092 if (newsize > limit) {
1093 newsize = limit;
1094 }
1095 }
1096
1097 newgroups = (gid_t *)
1098 realloc((*groups),
1099 newsize * sizeof(**groups));
1100 if (!newgroups) {
1101 *errnop = ENOMEM;
1102 ret = NSS_STATUS_NOTFOUND;
1103 goto done;
1104 }
1105 *groups = newgroups;
1106 *size = newsize;
1107 }
1108
1109 /* Add to buffer */
1110
1111 (*groups)[*start] = gid_list[i];
1112 *start += 1;
1113 }
1114 }
1115
1116 /* Back to your regularly scheduled programming */
1117
1118 done:
1119 #ifdef DEBUG_NSS
1120 fprintf(stderr, "[%5d]: initgroups %s returns %s (%d)\n", getpid(),
1121 user, nss_err_str(ret), ret);
1122 #endif
1123
1124 #if HAVE_PTHREAD
1125 pthread_mutex_unlock(&winbind_nss_mutex);
1126 #endif
1127
1128 return ret;
1129 }
1130
1131
1132 /* return a list of group SIDs for a user SID */
1133 NSS_STATUS
1134 _nss_winbind_getusersids(const char *user_sid, char **group_sids,
1135 int *num_groups,
1136 char *buffer, size_t buf_size, int *errnop)
1137 {
1138 NSS_STATUS ret;
1139 struct winbindd_request request;
1140 struct winbindd_response response;
1141
1142 #ifdef DEBUG_NSS
1143 fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
1144 #endif
1145
1146 #if HAVE_PTHREAD
1147 pthread_mutex_lock(&winbind_nss_mutex);
1148 #endif
1149
1150 ZERO_STRUCT(request);
1151 ZERO_STRUCT(response);
1152
1153 strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
1154 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1155
1156 ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
1157
1158 if (ret != NSS_STATUS_SUCCESS) {
1159 goto done;
1160 }
1161
1162 if (buf_size < response.length - sizeof(response)) {
1163 ret = NSS_STATUS_TRYAGAIN;
1164 errno = *errnop = ERANGE;
1165 goto done;
1166 }
1167
1168 *num_groups = response.data.num_entries;
1169 *group_sids = buffer;
1170 memcpy(buffer, response.extra_data.data, response.length - sizeof(response));
1171 errno = *errnop = 0;
1172
1173 done:
1174 winbindd_free_response(&response);
1175
1176 #if HAVE_PTHREAD
1177 pthread_mutex_unlock(&winbind_nss_mutex);
1178 #endif
1179
1180 return ret;
1181 }
1182
1183
1184 /* map a user or group name to a SID string */
1185 NSS_STATUS
1186 _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
1187 size_t buflen, int *errnop)
1188 {
1189 NSS_STATUS ret;
1190 struct winbindd_response response;
1191 struct winbindd_request request;
1192
1193 #ifdef DEBUG_NSS
1194 fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
1195 #endif
1196
1197 #if HAVE_PTHREAD
1198 pthread_mutex_lock(&winbind_nss_mutex);
1199 #endif
1200
1201 ZERO_STRUCT(response);
1202 ZERO_STRUCT(request);
1203
1204 strncpy(request.data.name.name, name,
1205 sizeof(request.data.name.name) - 1);
1206 request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
1207
1208 ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
1209 if (ret != NSS_STATUS_SUCCESS) {
1210 *errnop = errno = EINVAL;
1211 goto failed;
1212 }
1213
1214 if (buflen < strlen(response.data.sid.sid)+1) {
1215 ret = NSS_STATUS_TRYAGAIN;
1216 *errnop = errno = ERANGE;
1217 goto failed;
1218 }
1219
1220 *errnop = errno = 0;
1221 *sid = buffer;
1222 strcpy(*sid, response.data.sid.sid);
1223
1224 failed:
1225 winbindd_free_response(&response);
1226
1227 #if HAVE_PTHREAD
1228 pthread_mutex_unlock(&winbind_nss_mutex);
1229 #endif
1230
1231 return ret;
1232 }
1233
1234 /* map a sid string to a user or group name */
1235 NSS_STATUS
1236 _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
1237 size_t buflen, int *errnop)
1238 {
1239 NSS_STATUS ret;
1240 struct winbindd_response response;
1241 struct winbindd_request request;
1242 static char sep_char;
1243 unsigned needed;
1244
1245 #ifdef DEBUG_NSS
1246 fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
1247 #endif
1248
1249 #if HAVE_PTHREAD
1250 pthread_mutex_lock(&winbind_nss_mutex);
1251 #endif
1252
1253 ZERO_STRUCT(response);
1254 ZERO_STRUCT(request);
1255
1256 /* we need to fetch the separator first time through */
1257 if (!sep_char) {
1258 ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
1259 if (ret != NSS_STATUS_SUCCESS) {
1260 *errnop = errno = EINVAL;
1261 goto failed;
1262 }
1263
1264 sep_char = response.data.info.winbind_separator;
1265 winbindd_free_response(&response);
1266 }
1267
1268
1269 strncpy(request.data.sid, sid,
1270 sizeof(request.data.sid) - 1);
1271 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1272
1273 ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
1274 if (ret != NSS_STATUS_SUCCESS) {
1275 *errnop = errno = EINVAL;
1276 goto failed;
1277 }
1278
1279 needed =
1280 strlen(response.data.name.dom_name) +
1281 strlen(response.data.name.name) + 2;
1282
1283 if (buflen < needed) {
1284 ret = NSS_STATUS_TRYAGAIN;
1285 *errnop = errno = ERANGE;
1286 goto failed;
1287 }
1288
1289 snprintf(buffer, needed, "%s%c%s",
1290 response.data.name.dom_name,
1291 sep_char,
1292 response.data.name.name);
1293
1294 *name = buffer;
1295 *errnop = errno = 0;
1296
1297 failed:
1298 winbindd_free_response(&response);
1299
1300 #if HAVE_PTHREAD
1301 pthread_mutex_unlock(&winbind_nss_mutex);
1302 #endif
1303
1304 return ret;
1305 }
1306
1307 /* map a sid to a uid */
1308 NSS_STATUS
1309 _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
1310 {
1311 NSS_STATUS ret;
1312 struct winbindd_response response;
1313 struct winbindd_request request;
1314
1315 #ifdef DEBUG_NSS
1316 fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
1317 #endif
1318
1319 #if HAVE_PTHREAD
1320 pthread_mutex_lock(&winbind_nss_mutex);
1321 #endif
1322
1323 ZERO_STRUCT(request);
1324 ZERO_STRUCT(response);
1325
1326 strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
1327 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1328
1329 ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
1330 if (ret != NSS_STATUS_SUCCESS) {
1331 *errnop = errno = EINVAL;
1332 goto failed;
1333 }
1334
1335 *uid = response.data.uid;
1336
1337 failed:
1338
1339 #if HAVE_PTHREAD
1340 pthread_mutex_unlock(&winbind_nss_mutex);
1341 #endif
1342
1343 return ret;
1344 }
1345
1346 /* map a sid to a gid */
1347 NSS_STATUS
1348 _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
1349 {
1350 NSS_STATUS ret;
1351 struct winbindd_response response;
1352 struct winbindd_request request;
1353
1354 #ifdef DEBUG_NSS
1355 fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
1356 #endif
1357
1358 #if HAVE_PTHREAD
1359 pthread_mutex_lock(&winbind_nss_mutex);
1360 #endif
1361
1362 ZERO_STRUCT(request);
1363 ZERO_STRUCT(response);
1364
1365 strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
1366 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1367
1368 ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
1369 if (ret != NSS_STATUS_SUCCESS) {
1370 *errnop = errno = EINVAL;
1371 goto failed;
1372 }
1373
1374 *gid = response.data.gid;
1375
1376 failed:
1377
1378 #if HAVE_PTHREAD
1379 pthread_mutex_unlock(&winbind_nss_mutex);
1380 #endif
1381
1382 return ret;
1383 }
1384
1385 /* map a uid to a SID string */
1386 NSS_STATUS
1387 _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
1388 size_t buflen, int *errnop)
1389 {
1390 NSS_STATUS ret;
1391 struct winbindd_response response;
1392 struct winbindd_request request;
1393
1394 #ifdef DEBUG_NSS
1395 fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
1396 #endif
1397
1398 #if HAVE_PTHREAD
1399 pthread_mutex_lock(&winbind_nss_mutex);
1400 #endif
1401
1402 ZERO_STRUCT(response);
1403 ZERO_STRUCT(request);
1404
1405 request.data.uid = uid;
1406
1407 ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
1408 if (ret != NSS_STATUS_SUCCESS) {
1409 *errnop = errno = EINVAL;
1410 goto failed;
1411 }
1412
1413 if (buflen < strlen(response.data.sid.sid)+1) {
1414 ret = NSS_STATUS_TRYAGAIN;
1415 *errnop = errno = ERANGE;
1416 goto failed;
1417 }
1418
1419 *errnop = errno = 0;
1420 *sid = buffer;
1421 strcpy(*sid, response.data.sid.sid);
1422
1423 failed:
1424 winbindd_free_response(&response);
1425
1426 #if HAVE_PTHREAD
1427 pthread_mutex_unlock(&winbind_nss_mutex);
1428 #endif
1429
1430 return ret;
1431 }
1432
1433 /* map a gid to a SID string */
1434 NSS_STATUS
1435 _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
1436 size_t buflen, int *errnop)
1437 {
1438 NSS_STATUS ret;
1439 struct winbindd_response response;
1440 struct winbindd_request request;
1441
1442 #ifdef DEBUG_NSS
1443 fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
1444 #endif
1445
1446 #if HAVE_PTHREAD
1447 pthread_mutex_lock(&winbind_nss_mutex);
1448 #endif
1449
1450 ZERO_STRUCT(response);
1451 ZERO_STRUCT(request);
1452
1453 request.data.gid = gid;
1454
1455 ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
1456 if (ret != NSS_STATUS_SUCCESS) {
1457 *errnop = errno = EINVAL;
1458 goto failed;
1459 }
1460
1461 if (buflen < strlen(response.data.sid.sid)+1) {
1462 ret = NSS_STATUS_TRYAGAIN;
1463 *errnop = errno = ERANGE;
1464 goto failed;
1465 }
1466
1467 *errnop = errno = 0;
1468 *sid = buffer;
1469 strcpy(*sid, response.data.sid.sid);
1470
1471 failed:
1472 winbindd_free_response(&response);
1473
1474 #if HAVE_PTHREAD
1475 pthread_mutex_unlock(&winbind_nss_mutex);
1476 #endif
1477
1478 return ret;
1479 }
Samba GIT mirror