search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Add winbind:online check timeout parameter"
[Samba.git] / source / nsswitch / libwbclient / wbc_sid.c
blob324a19bd564711522ea92a852b4cbb9797d665e5
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind client API
5
6 Copyright (C) Gerald (Jerry) Carter 2007
7
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 3 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 /* Required Headers */
24
25 #include "libwbclient.h"
26
27
28 /** @brief Convert a binary SID to a character string
29 *
30 * @param sid Binary Security Identifier
31 * @param **sid_string Resulting character string
32 *
33 * @return #wbcErr
34 **/
35
36 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
37 char **sid_string)
38 {
39 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
40 uint32_t id_auth;
41 int i;
42 char *tmp = NULL;
43 TALLOC_CTX *ctx = NULL;
44
45 if (!sid) {
46 wbc_status = WBC_ERR_INVALID_SID;
47 BAIL_ON_WBC_ERROR(wbc_status);
48 }
49
50 ctx = talloc_init("wbcSidToString");
51 BAIL_ON_PTR_ERROR(ctx, wbc_status);
52
53 id_auth = sid->id_auth[5] +
54 (sid->id_auth[4] << 8) +
55 (sid->id_auth[3] << 16) +
56 (sid->id_auth[2] << 24);
57
58 tmp = talloc_asprintf(ctx, "S-%d-%d", sid->sid_rev_num, id_auth);
59 BAIL_ON_PTR_ERROR(tmp, wbc_status);
60
61 for (i=0; i<sid->num_auths; i++) {
62 char *tmp2;
63 tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]);
64 BAIL_ON_PTR_ERROR(tmp2, wbc_status);
65
66 tmp = tmp2;
67 }
68
69 *sid_string=talloc_strdup(NULL, tmp);
70 BAIL_ON_PTR_ERROR((*sid_string), wbc_status);
71
72 wbc_status = WBC_ERR_SUCCESS;
73
74 done:
75 talloc_free(ctx);
76
77 return wbc_status;
78 }
79
80 /** @brief Convert a character string to a binary SID
81 *
82 * @param *str Character string in the form of S-...
83 * @param sid Resulting binary SID
84 *
85 * @return #wbcErr
86 **/
87
88 wbcErr wbcStringToSid(const char *str,
89 struct wbcDomainSid *sid)
90 {
91 const char *p;
92 char *q;
93 uint32_t x;
94 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
95
96 if (!sid) {
97 wbc_status = WBC_ERR_INVALID_PARAM;
98 BAIL_ON_WBC_ERROR(wbc_status);
99 }
100
101 /* Sanity check for either "S-" or "s-" */
102
103 if (!str
104 || (str[0]!='S' && str[0]!='s')
105 || (str[1]!='-'))
106 {
107 wbc_status = WBC_ERR_INVALID_PARAM;
108 BAIL_ON_WBC_ERROR(wbc_status);
109 }
110
111 /* Get the SID revision number */
112
113 p = str+2;
114 x = (uint32_t)strtol(p, &q, 10);
115 if (x==0 || !q || *q!='-') {
116 wbc_status = WBC_ERR_INVALID_SID;
117 BAIL_ON_WBC_ERROR(wbc_status);
118 }
119 sid->sid_rev_num = (uint8_t)x;
120
121 /* Next the Identifier Authority. This is stored in big-endian
122 in a 6 byte array. */
123
124 p = q+1;
125 x = (uint32_t)strtol(p, &q, 10);
126 if (!q || *q!='-') {
127 wbc_status = WBC_ERR_INVALID_SID;
128 BAIL_ON_WBC_ERROR(wbc_status);
129 }
130 sid->id_auth[5] = (x & 0x000000ff);
131 sid->id_auth[4] = (x & 0x0000ff00) >> 8;
132 sid->id_auth[3] = (x & 0x00ff0000) >> 16;
133 sid->id_auth[2] = (x & 0xff000000) >> 24;
134 sid->id_auth[1] = 0;
135 sid->id_auth[0] = 0;
136
137 /* now read the the subauthorities */
138
139 p = q +1;
140 sid->num_auths = 0;
141 while (sid->num_auths < WBC_MAXSUBAUTHS) {
142 x=(uint32_t)strtoul(p, &q, 10);
143 if (p == q)
144 break;
145 if (q == NULL) {
146 wbc_status = WBC_ERR_INVALID_SID;
147 BAIL_ON_WBC_ERROR(wbc_status);
148 }
149 sid->sub_auths[sid->num_auths++] = x;
150
151 if ((*q!='-') || (*q=='\0'))
152 break;
153 p = q + 1;
154 }
155
156 /* IF we ended early, then the SID could not be converted */
157
158 if (q && *q!='\0') {
159 wbc_status = WBC_ERR_INVALID_SID;
160 BAIL_ON_WBC_ERROR(wbc_status);
161 }
162
163 wbc_status = WBC_ERR_SUCCESS;
164
165 done:
166 return wbc_status;
167
168 }
169
170 /** @brief Convert a domain and name to SID
171 *
172 * @param domain Domain name (possibly "")
173 * @param name User or group name
174 * @param *sid Pointer to the resolved domain SID
175 * @param *name_type Pointet to the SID type
176 *
177 * @return #wbcErr
178 *
179 **/
180
181 wbcErr wbcLookupName(const char *domain,
182 const char *name,
183 struct wbcDomainSid *sid,
184 enum wbcSidType *name_type)
185 {
186 struct winbindd_request request;
187 struct winbindd_response response;
188 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
189
190 if (!sid || !name_type) {
191 wbc_status = WBC_ERR_INVALID_PARAM;
192 BAIL_ON_WBC_ERROR(wbc_status);
193 }
194
195 /* Initialize request */
196
197 ZERO_STRUCT(request);
198 ZERO_STRUCT(response);
199
200 /* dst is already null terminated from the memset above */
201
202 strncpy(request.data.name.dom_name, domain,
203 sizeof(request.data.name.dom_name)-1);
204 strncpy(request.data.name.name, name,
205 sizeof(request.data.name.name)-1);
206
207 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
208 &request,
209 &response);
210 BAIL_ON_WBC_ERROR(wbc_status);
211
212 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
213 BAIL_ON_WBC_ERROR(wbc_status);
214
215 *name_type = (enum wbcSidType)response.data.sid.type;
216
217 wbc_status = WBC_ERR_SUCCESS;
218
219 done:
220 return wbc_status;
221 }
222
223 /** @brief Convert a SID to a domain and name
224 *
225 * @param *sid Pointer to the domain SID to be resolved
226 * @param domain Resolved Domain name (possibly "")
227 * @param name Resolved User or group name
228 * @param *name_type Pointet to the resolved SID type
229 *
230 * @return #wbcErr
231 *
232 **/
233
234 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
235 char **pdomain,
236 char **pname,
237 enum wbcSidType *pname_type)
238 {
239 struct winbindd_request request;
240 struct winbindd_response response;
241 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
242 char *sid_string = NULL;
243 char *domain = NULL;
244 char *name = NULL;
245 enum wbcSidType name_type = WBC_SID_NAME_USE_NONE;
246
247 if (!sid) {
248 wbc_status = WBC_ERR_INVALID_PARAM;
249 BAIL_ON_WBC_ERROR(wbc_status);
250 }
251
252 /* Initialize request */
253
254 ZERO_STRUCT(request);
255 ZERO_STRUCT(response);
256
257 /* dst is already null terminated from the memset above */
258
259 wbc_status = wbcSidToString(sid, &sid_string);
260 BAIL_ON_WBC_ERROR(wbc_status);
261
262 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
263 wbcFreeMemory(sid_string);
264
265 /* Make request */
266
267 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID,
268 &request,
269 &response);
270 BAIL_ON_WBC_ERROR(wbc_status);
271
272 /* Copy out result */
273
274 domain = talloc_strdup(NULL, response.data.name.dom_name);
275 BAIL_ON_PTR_ERROR(domain, wbc_status);
276
277 name = talloc_strdup(NULL, response.data.name.name);
278 BAIL_ON_PTR_ERROR(name, wbc_status);
279
280 name_type = (enum wbcSidType)response.data.name.type;
281
282 wbc_status = WBC_ERR_SUCCESS;
283
284 done:
285 if (WBC_ERROR_IS_OK(wbc_status)) {
286 if (pdomain != NULL) {
287 *pdomain = domain;
288 }
289 if (pname != NULL) {
290 *pname = name;
291 }
292 if (pname_type != NULL) {
293 *pname_type = name_type;
294 }
295 }
296 else {
297 if (name != NULL) {
298 talloc_free(name);
299 }
300 if (domain != NULL) {
301 talloc_free(domain);
302 }
303 }
304
305 return wbc_status;
306 }
307
308 /** @brief Translate a collection of RIDs within a domain to names
309 *
310 **/
311
312 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
313 int num_rids,
314 uint32_t *rids,
315 const char **pp_domain_name,
316 const char ***pnames,
317 enum wbcSidType **ptypes)
318 {
319 size_t i, len, ridbuf_size;
320 char *ridlist;
321 char *p;
322 struct winbindd_request request;
323 struct winbindd_response response;
324 char *sid_string = NULL;
325 char *domain_name = NULL;
326 const char **names = NULL;
327 enum wbcSidType *types = NULL;
328 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
329
330 /* Initialise request */
331
332 ZERO_STRUCT(request);
333 ZERO_STRUCT(response);
334
335 if (!dom_sid || (num_rids == 0)) {
336 wbc_status = WBC_ERR_INVALID_PARAM;
337 BAIL_ON_WBC_ERROR(wbc_status);
338 }
339
340 wbc_status = wbcSidToString(dom_sid, &sid_string);
341 BAIL_ON_WBC_ERROR(wbc_status);
342
343 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
344 wbcFreeMemory(sid_string);
345
346 /* Even if all the Rids were of maximum 32bit values,
347 we would only have 11 bytes per rid in the final array
348 ("4294967296" + \n). Add one more byte for the
349 terminating '\0' */
350
351 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
352
353 ridlist = talloc_zero_array(NULL, char, ridbuf_size);
354 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
355
356 len = 0;
357 for (i=0; i<num_rids && (len-1)>0; i++) {
358 char ridstr[12];
359
360 len = strlen(ridlist);
361 p = ridlist + len;
362
363 snprintf( ridstr, sizeof(ridstr)-1, "%u\n", rids[i]);
364 strncat(p, ridstr, ridbuf_size-len-1);
365 }
366
367 request.extra_data.data = ridlist;
368 request.extra_len = strlen(ridlist)+1;
369
370 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
371 &request,
372 &response);
373 talloc_free(ridlist);
374 BAIL_ON_WBC_ERROR(wbc_status);
375
376 domain_name = talloc_strdup(NULL, response.data.domain_name);
377 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
378
379 names = talloc_array(NULL, const char*, num_rids);
380 BAIL_ON_PTR_ERROR(names, wbc_status);
381
382 types = talloc_array(NULL, enum wbcSidType, num_rids);
383 BAIL_ON_PTR_ERROR(types, wbc_status);
384
385 p = (char *)response.extra_data.data;
386
387 for (i=0; i<num_rids; i++) {
388 char *q;
389
390 if (*p == '\0') {
391 wbc_status = WBC_ERR_INVALID_RESPONSE;
392 BAIL_ON_WBC_ERROR(wbc_status);
393 }
394
395 types[i] = (enum wbcSidType)strtoul(p, &q, 10);
396
397 if (*q != ' ') {
398 wbc_status = WBC_ERR_INVALID_RESPONSE;
399 BAIL_ON_WBC_ERROR(wbc_status);
400 }
401
402 p = q+1;
403
404 if ((q = strchr(p, '\n')) == NULL) {
405 wbc_status = WBC_ERR_INVALID_RESPONSE;
406 BAIL_ON_WBC_ERROR(wbc_status);
407 }
408
409 *q = '\0';
410
411 names[i] = talloc_strdup(names, p);
412 BAIL_ON_PTR_ERROR(names[i], wbc_status);
413
414 p = q+1;
415 }
416
417 if (*p != '\0') {
418 wbc_status = WBC_ERR_INVALID_RESPONSE;
419 BAIL_ON_WBC_ERROR(wbc_status);
420 }
421
422 wbc_status = WBC_ERR_SUCCESS;
423
424 done:
425 if (response.extra_data.data) {
426 free(response.extra_data.data);
427 }
428
429 if (WBC_ERROR_IS_OK(wbc_status)) {
430 *pp_domain_name = domain_name;
431 *pnames = names;
432 *ptypes = types;
433 }
434 else {
435 if (domain_name)
436 talloc_free(domain_name);
437 if (names)
438 talloc_free(names);
439 if (types)
440 talloc_free(types);
441 }
442
443 return wbc_status;
444 }
445
446 /** @brief Get the groups a user belongs to
447 *
448 **/
449
450 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
451 bool domain_groups_only,
452 uint32_t *num_sids,
453 struct wbcDomainSid **_sids)
454 {
455 uint32_t i;
456 const char *s;
457 struct winbindd_request request;
458 struct winbindd_response response;
459 char *sid_string = NULL;
460 struct wbcDomainSid *sids = NULL;
461 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
462 int cmd;
463
464 /* Initialise request */
465
466 ZERO_STRUCT(request);
467 ZERO_STRUCT(response);
468
469 if (!user_sid) {
470 wbc_status = WBC_ERR_INVALID_PARAM;
471 BAIL_ON_WBC_ERROR(wbc_status);
472 }
473
474 wbc_status = wbcSidToString(user_sid, &sid_string);
475 BAIL_ON_WBC_ERROR(wbc_status);
476
477 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
478 wbcFreeMemory(sid_string);
479
480 if (domain_groups_only) {
481 cmd = WINBINDD_GETUSERDOMGROUPS;
482 } else {
483 cmd = WINBINDD_GETUSERSIDS;
484 }
485
486 wbc_status = wbcRequestResponse(cmd,
487 &request,
488 &response);
489 BAIL_ON_WBC_ERROR(wbc_status);
490
491 if (response.data.num_entries &&
492 !response.extra_data.data) {
493 wbc_status = WBC_ERR_INVALID_RESPONSE;
494 BAIL_ON_WBC_ERROR(wbc_status);
495 }
496
497 sids = talloc_array(NULL, struct wbcDomainSid,
498 response.data.num_entries);
499 BAIL_ON_PTR_ERROR(sids, wbc_status);
500
501 s = (const char *)response.extra_data.data;
502 for (i = 0; i < response.data.num_entries; i++) {
503 char *n = strchr(s, '\n');
504 if (n) {
505 *n = '\0';
506 }
507 wbc_status = wbcStringToSid(s, &sids[i]);
508 BAIL_ON_WBC_ERROR(wbc_status);
509 s += strlen(s) + 1;
510 }
511
512 *num_sids = response.data.num_entries;
513 *_sids = sids;
514 sids = NULL;
515 wbc_status = WBC_ERR_SUCCESS;
516
517 done:
518 if (response.extra_data.data) {
519 free(response.extra_data.data);
520 }
521 if (sids) {
522 talloc_free(sids);
523 }
524
525 return wbc_status;
526 }
527
528 /** @brief Lists Users
529 *
530 **/
531
532 wbcErr wbcListUsers(const char *domain_name,
533 uint32_t *_num_users,
534 const char ***_users)
535 {
536 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
537 struct winbindd_request request;
538 struct winbindd_response response;
539 uint32_t num_users = 0;
540 const char **users = NULL;
541 const char *next;
542
543 /* Initialise request */
544
545 ZERO_STRUCT(request);
546 ZERO_STRUCT(response);
547
548 if (domain_name) {
549 strncpy(request.domain_name, domain_name,
550 sizeof(request.domain_name)-1);
551 }
552
553 wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
554 &request,
555 &response);
556 BAIL_ON_WBC_ERROR(wbc_status);
557
558 /* Look through extra data */
559
560 next = (const char *)response.extra_data.data;
561 while (next) {
562 const char **tmp;
563 const char *current = next;
564 char *k = strchr(next, ',');
565 if (k) {
566 k[0] = '\0';
567 next = k+1;
568 } else {
569 next = NULL;
570 }
571
572 tmp = talloc_realloc(NULL, users,
573 const char *,
574 num_users+1);
575 BAIL_ON_PTR_ERROR(tmp, wbc_status);
576 users = tmp;
577
578 users[num_users] = talloc_strdup(users, current);
579 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
580
581 num_users++;
582 }
583
584 *_num_users = num_users;
585 *_users = users;
586 users = NULL;
587 wbc_status = WBC_ERR_SUCCESS;
588
589 done:
590 if (response.extra_data.data) {
591 free(response.extra_data.data);
592 }
593 if (users) {
594 talloc_free(users);
595 }
596 return wbc_status;
597 }
598
599 /** @brief Lists Groups
600 *
601 **/
602
603 wbcErr wbcListGroups(const char *domain_name,
604 uint32_t *_num_groups,
605 const char ***_groups)
606 {
607 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
608 struct winbindd_request request;
609 struct winbindd_response response;
610 uint32_t num_groups = 0;
611 const char **groups = NULL;
612 const char *next;
613
614 /* Initialise request */
615
616 ZERO_STRUCT(request);
617 ZERO_STRUCT(response);
618
619 if (domain_name) {
620 strncpy(request.domain_name, domain_name,
621 sizeof(request.domain_name)-1);
622 }
623
624 wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
625 &request,
626 &response);
627 BAIL_ON_WBC_ERROR(wbc_status);
628
629 /* Look through extra data */
630
631 next = (const char *)response.extra_data.data;
632 while (next) {
633 const char **tmp;
634 const char *current = next;
635 char *k = strchr(next, ',');
636 if (k) {
637 k[0] = '\0';
638 next = k+1;
639 } else {
640 next = NULL;
641 }
642
643 tmp = talloc_realloc(NULL, groups,
644 const char *,
645 num_groups+1);
646 BAIL_ON_PTR_ERROR(tmp, wbc_status);
647 groups = tmp;
648
649 groups[num_groups] = talloc_strdup(groups, current);
650 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
651
652 num_groups++;
653 }
654
655 *_num_groups = num_groups;
656 *_groups = groups;
657 groups = NULL;
658 wbc_status = WBC_ERR_SUCCESS;
659
660 done:
661 if (response.extra_data.data) {
662 free(response.extra_data.data);
663 }
664 if (groups) {
665 talloc_free(groups);
666 }
667 return wbc_status;
668 }
Samba GIT mirror