2 Unix SMB/CIFS implementation.
4 Windows NT Domain nsswitch module
6 Copyright (C) Tim Potter 2000
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "winbind_client.h"
29 static pthread_mutex_t winbind_nss_mutex
= PTHREAD_MUTEX_INITIALIZER
;
32 /* Maximum number of users to pass back over the unix domain socket
33 per call. This is not a static limit on the total number of users
34 or groups returned in total. */
36 #define MAX_GETPWENT_USERS 250
37 #define MAX_GETGRENT_USERS 250
39 NSS_STATUS
_nss_winbind_setpwent(void);
40 NSS_STATUS
_nss_winbind_endpwent(void);
41 NSS_STATUS
_nss_winbind_getpwent_r(struct passwd
*result
, char *buffer
,
42 size_t buflen
, int *errnop
);
43 NSS_STATUS
_nss_winbind_getpwuid_r(uid_t uid
, struct passwd
*result
,
44 char *buffer
, size_t buflen
, int *errnop
);
45 NSS_STATUS
_nss_winbind_getpwnam_r(const char *name
, struct passwd
*result
,
46 char *buffer
, size_t buflen
, int *errnop
);
47 NSS_STATUS
_nss_winbind_setgrent(void);
48 NSS_STATUS
_nss_winbind_endgrent(void);
49 NSS_STATUS
_nss_winbind_getgrent_r(struct group
*result
, char *buffer
,
50 size_t buflen
, int *errnop
);
51 NSS_STATUS
_nss_winbind_getgrlst_r(struct group
*result
, char *buffer
,
52 size_t buflen
, int *errnop
);
53 NSS_STATUS
_nss_winbind_getgrnam_r(const char *name
, struct group
*result
,
54 char *buffer
, size_t buflen
, int *errnop
);
55 NSS_STATUS
_nss_winbind_getgrgid_r(gid_t gid
, struct group
*result
, char *buffer
,
56 size_t buflen
, int *errnop
);
57 NSS_STATUS
_nss_winbind_initgroups_dyn(char *user
, gid_t group
, long int *start
,
58 long int *size
, gid_t
**groups
,
59 long int limit
, int *errnop
);
60 NSS_STATUS
_nss_winbind_getusersids(const char *user_sid
, char **group_sids
,
61 int *num_groups
, char *buffer
, size_t buf_size
,
63 NSS_STATUS
_nss_winbind_nametosid(const char *name
, char **sid
, char *buffer
,
64 size_t buflen
, int *errnop
);
65 NSS_STATUS
_nss_winbind_sidtoname(const char *sid
, char **name
, char *buffer
,
66 size_t buflen
, int *errnop
);
67 NSS_STATUS
_nss_winbind_sidtouid(const char *sid
, uid_t
*uid
, int *errnop
);
68 NSS_STATUS
_nss_winbind_sidtogid(const char *sid
, gid_t
*gid
, int *errnop
);
69 NSS_STATUS
_nss_winbind_uidtosid(uid_t uid
, char **sid
, char *buffer
,
70 size_t buflen
, int *errnop
);
71 NSS_STATUS
_nss_winbind_gidtosid(gid_t gid
, char **sid
, char *buffer
,
72 size_t buflen
, int *errnop
);
74 /* Prototypes from wb_common.c */
76 extern int winbindd_fd
;
78 /* Allocate some space from the nss static buffer. The buffer and buflen
79 are the pointers passed in by the C library to the _nss_ntdom_*
82 static char *get_static(char **buffer
, size_t *buflen
, size_t len
)
86 /* Error check. We return false if things aren't set up right, or
87 there isn't enough buffer space left. */
89 if ((buffer
== NULL
) || (buflen
== NULL
) || (*buflen
< len
)) {
93 /* Return an index into the static buffer */
102 /* I've copied the strtok() replacement function next_token() from
103 lib/util_str.c as I really don't want to have to link in any other
104 objects if I can possibly avoid it. */
106 static bool next_token(char **ptr
,char *buff
,const char *sep
, size_t bufsize
)
112 if (!ptr
) return false;
116 /* default to simple separators */
117 if (!sep
) sep
= " \t\n\r";
119 /* find the first non sep char */
120 while (*s
&& strchr(sep
,*s
)) s
++;
123 if (! *s
) return false;
125 /* copy over the token */
126 for (quoted
= false; len
< bufsize
&& *s
&& (quoted
|| !strchr(sep
,*s
)); s
++) {
135 *ptr
= (*s
) ? s
+1 : s
;
142 /* Fill a pwent structure from a winbindd_response structure. We use
143 the static data passed to us by libc to put strings and stuff in.
144 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
146 static NSS_STATUS
fill_pwent(struct passwd
*result
,
147 struct winbindd_pw
*pw
,
148 char **buffer
, size_t *buflen
)
152 if ((result
->pw_name
=
153 get_static(buffer
, buflen
, strlen(pw
->pw_name
) + 1)) == NULL
) {
157 return NSS_STATUS_TRYAGAIN
;
160 strcpy(result
->pw_name
, pw
->pw_name
);
164 if ((result
->pw_passwd
=
165 get_static(buffer
, buflen
, strlen(pw
->pw_passwd
) + 1)) == NULL
) {
169 return NSS_STATUS_TRYAGAIN
;
172 strcpy(result
->pw_passwd
, pw
->pw_passwd
);
176 result
->pw_uid
= pw
->pw_uid
;
177 result
->pw_gid
= pw
->pw_gid
;
181 if ((result
->pw_gecos
=
182 get_static(buffer
, buflen
, strlen(pw
->pw_gecos
) + 1)) == NULL
) {
186 return NSS_STATUS_TRYAGAIN
;
189 strcpy(result
->pw_gecos
, pw
->pw_gecos
);
193 if ((result
->pw_dir
=
194 get_static(buffer
, buflen
, strlen(pw
->pw_dir
) + 1)) == NULL
) {
198 return NSS_STATUS_TRYAGAIN
;
201 strcpy(result
->pw_dir
, pw
->pw_dir
);
205 if ((result
->pw_shell
=
206 get_static(buffer
, buflen
, strlen(pw
->pw_shell
) + 1)) == NULL
) {
210 return NSS_STATUS_TRYAGAIN
;
213 strcpy(result
->pw_shell
, pw
->pw_shell
);
215 /* The struct passwd for Solaris has some extra fields which must
216 be initialised or nscd crashes. */
218 #if HAVE_PASSWD_PW_COMMENT
219 result
->pw_comment
= "";
222 #if HAVE_PASSWD_PW_AGE
226 return NSS_STATUS_SUCCESS
;
229 /* Fill a grent structure from a winbindd_response structure. We use
230 the static data passed to us by libc to put strings and stuff in.
231 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
233 static NSS_STATUS
fill_grent(struct group
*result
, struct winbindd_gr
*gr
,
234 char *gr_mem
, char **buffer
, size_t *buflen
)
242 if ((result
->gr_name
=
243 get_static(buffer
, buflen
, strlen(gr
->gr_name
) + 1)) == NULL
) {
247 return NSS_STATUS_TRYAGAIN
;
250 strcpy(result
->gr_name
, gr
->gr_name
);
254 if ((result
->gr_passwd
=
255 get_static(buffer
, buflen
, strlen(gr
->gr_passwd
) + 1)) == NULL
) {
259 return NSS_STATUS_TRYAGAIN
;
262 strcpy(result
->gr_passwd
, gr
->gr_passwd
);
266 result
->gr_gid
= gr
->gr_gid
;
268 /* Group membership */
270 if ((gr
->num_gr_mem
< 0) || !gr_mem
) {
274 /* this next value is a pointer to a pointer so let's align it */
276 /* Calculate number of extra bytes needed to align on pointer size boundry */
277 if ((i
= (unsigned long)(*buffer
) % sizeof(char*)) != 0)
278 i
= sizeof(char*) - i
;
280 if ((tst
= get_static(buffer
, buflen
, ((gr
->num_gr_mem
+ 1) *
281 sizeof(char *)+i
))) == NULL
) {
285 return NSS_STATUS_TRYAGAIN
;
287 result
->gr_mem
= (char **)(tst
+ i
);
289 if (gr
->num_gr_mem
== 0) {
293 *(result
->gr_mem
) = NULL
;
294 return NSS_STATUS_SUCCESS
;
297 /* Start looking at extra data */
301 while(next_token((char **)&gr_mem
, name
, ",", sizeof(fstring
))) {
303 /* Allocate space for member */
305 if (((result
->gr_mem
)[i
] =
306 get_static(buffer
, buflen
, strlen(name
) + 1)) == NULL
) {
310 return NSS_STATUS_TRYAGAIN
;
313 strcpy((result
->gr_mem
)[i
], name
);
319 (result
->gr_mem
)[i
] = NULL
;
321 return NSS_STATUS_SUCCESS
;
328 static struct winbindd_response getpwent_response
;
330 static int ndx_pw_cache
; /* Current index into pwd cache */
331 static int num_pw_cache
; /* Current size of pwd cache */
333 /* Rewind "file pointer" to start of ntdom password database */
336 _nss_winbind_setpwent(void)
340 fprintf(stderr
, "[%5d]: setpwent\n", getpid());
344 pthread_mutex_lock(&winbind_nss_mutex
);
347 if (num_pw_cache
> 0) {
348 ndx_pw_cache
= num_pw_cache
= 0;
349 winbindd_free_response(&getpwent_response
);
352 ret
= winbindd_request_response(WINBINDD_SETPWENT
, NULL
, NULL
);
354 fprintf(stderr
, "[%5d]: setpwent returns %s (%d)\n", getpid(),
355 nss_err_str(ret
), ret
);
359 pthread_mutex_unlock(&winbind_nss_mutex
);
364 /* Close ntdom password database "file pointer" */
367 _nss_winbind_endpwent(void)
371 fprintf(stderr
, "[%5d]: endpwent\n", getpid());
375 pthread_mutex_lock(&winbind_nss_mutex
);
378 if (num_pw_cache
> 0) {
379 ndx_pw_cache
= num_pw_cache
= 0;
380 winbindd_free_response(&getpwent_response
);
383 ret
= winbindd_request_response(WINBINDD_ENDPWENT
, NULL
, NULL
);
385 fprintf(stderr
, "[%5d]: endpwent returns %s (%d)\n", getpid(),
386 nss_err_str(ret
), ret
);
390 pthread_mutex_unlock(&winbind_nss_mutex
);
396 /* Fetch the next password entry from ntdom password database */
399 _nss_winbind_getpwent_r(struct passwd
*result
, char *buffer
,
400 size_t buflen
, int *errnop
)
403 struct winbindd_request request
;
404 static int called_again
;
407 fprintf(stderr
, "[%5d]: getpwent\n", getpid());
411 pthread_mutex_lock(&winbind_nss_mutex
);
414 /* Return an entry from the cache if we have one, or if we are
415 called again because we exceeded our static buffer. */
417 if ((ndx_pw_cache
< num_pw_cache
) || called_again
) {
421 /* Else call winbindd to get a bunch of entries */
423 if (num_pw_cache
> 0) {
424 winbindd_free_response(&getpwent_response
);
427 ZERO_STRUCT(request
);
428 ZERO_STRUCT(getpwent_response
);
430 request
.data
.num_entries
= MAX_GETPWENT_USERS
;
432 ret
= winbindd_request_response(WINBINDD_GETPWENT
, &request
,
435 if (ret
== NSS_STATUS_SUCCESS
) {
436 struct winbindd_pw
*pw_cache
;
441 num_pw_cache
= getpwent_response
.data
.num_entries
;
443 /* Return a result */
447 pw_cache
= (struct winbindd_pw
*)
448 getpwent_response
.extra_data
.data
;
450 /* Check data is valid */
452 if (pw_cache
== NULL
) {
453 ret
= NSS_STATUS_NOTFOUND
;
457 ret
= fill_pwent(result
, &pw_cache
[ndx_pw_cache
],
460 /* Out of memory - try again */
462 if (ret
== NSS_STATUS_TRYAGAIN
) {
464 *errnop
= errno
= ERANGE
;
469 called_again
= false;
472 /* If we've finished with this lot of results free cache */
474 if (ndx_pw_cache
== num_pw_cache
) {
475 ndx_pw_cache
= num_pw_cache
= 0;
476 winbindd_free_response(&getpwent_response
);
481 fprintf(stderr
, "[%5d]: getpwent returns %s (%d)\n", getpid(),
482 nss_err_str(ret
), ret
);
486 pthread_mutex_unlock(&winbind_nss_mutex
);
491 /* Return passwd struct from uid */
494 _nss_winbind_getpwuid_r(uid_t uid
, struct passwd
*result
, char *buffer
,
495 size_t buflen
, int *errnop
)
498 static struct winbindd_response response
;
499 struct winbindd_request request
;
500 static int keep_response
;
503 fprintf(stderr
, "[%5d]: getpwuid_r %d\n", getpid(), (unsigned int)uid
);
507 pthread_mutex_lock(&winbind_nss_mutex
);
510 /* If our static buffer needs to be expanded we are called again */
511 if (!keep_response
|| uid
!= response
.data
.pw
.pw_uid
) {
513 /* Call for the first time */
515 ZERO_STRUCT(response
);
516 ZERO_STRUCT(request
);
518 request
.data
.uid
= uid
;
520 ret
= winbindd_request_response(WINBINDD_GETPWUID
, &request
, &response
);
522 if (ret
== NSS_STATUS_SUCCESS
) {
523 ret
= fill_pwent(result
, &response
.data
.pw
,
526 if (ret
== NSS_STATUS_TRYAGAIN
) {
527 keep_response
= true;
528 *errnop
= errno
= ERANGE
;
535 /* We've been called again */
537 ret
= fill_pwent(result
, &response
.data
.pw
, &buffer
, &buflen
);
539 if (ret
== NSS_STATUS_TRYAGAIN
) {
540 *errnop
= errno
= ERANGE
;
544 keep_response
= false;
548 winbindd_free_response(&response
);
553 fprintf(stderr
, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(),
554 (unsigned int)uid
, nss_err_str(ret
), ret
);
558 pthread_mutex_unlock(&winbind_nss_mutex
);
564 /* Return passwd struct from username */
566 _nss_winbind_getpwnam_r(const char *name
, struct passwd
*result
, char *buffer
,
567 size_t buflen
, int *errnop
)
570 static struct winbindd_response response
;
571 struct winbindd_request request
;
572 static int keep_response
;
575 fprintf(stderr
, "[%5d]: getpwnam_r %s\n", getpid(), name
);
579 pthread_mutex_lock(&winbind_nss_mutex
);
582 /* If our static buffer needs to be expanded we are called again */
584 if (!keep_response
|| strcmp(name
,response
.data
.pw
.pw_name
) != 0) {
586 /* Call for the first time */
588 ZERO_STRUCT(response
);
589 ZERO_STRUCT(request
);
591 strncpy(request
.data
.username
, name
,
592 sizeof(request
.data
.username
) - 1);
593 request
.data
.username
594 [sizeof(request
.data
.username
) - 1] = '\0';
596 ret
= winbindd_request_response(WINBINDD_GETPWNAM
, &request
, &response
);
598 if (ret
== NSS_STATUS_SUCCESS
) {
599 ret
= fill_pwent(result
, &response
.data
.pw
, &buffer
,
602 if (ret
== NSS_STATUS_TRYAGAIN
) {
603 keep_response
= true;
604 *errnop
= errno
= ERANGE
;
611 /* We've been called again */
613 ret
= fill_pwent(result
, &response
.data
.pw
, &buffer
, &buflen
);
615 if (ret
== NSS_STATUS_TRYAGAIN
) {
616 keep_response
= true;
617 *errnop
= errno
= ERANGE
;
621 keep_response
= false;
625 winbindd_free_response(&response
);
628 fprintf(stderr
, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
629 name
, nss_err_str(ret
), ret
);
633 pthread_mutex_unlock(&winbind_nss_mutex
);
640 * NSS group functions
643 static struct winbindd_response getgrent_response
;
645 static int ndx_gr_cache
; /* Current index into grp cache */
646 static int num_gr_cache
; /* Current size of grp cache */
648 /* Rewind "file pointer" to start of ntdom group database */
651 _nss_winbind_setgrent(void)
655 fprintf(stderr
, "[%5d]: setgrent\n", getpid());
659 pthread_mutex_lock(&winbind_nss_mutex
);
662 if (num_gr_cache
> 0) {
663 ndx_gr_cache
= num_gr_cache
= 0;
664 winbindd_free_response(&getgrent_response
);
667 ret
= winbindd_request_response(WINBINDD_SETGRENT
, NULL
, NULL
);
669 fprintf(stderr
, "[%5d]: setgrent returns %s (%d)\n", getpid(),
670 nss_err_str(ret
), ret
);
674 pthread_mutex_unlock(&winbind_nss_mutex
);
680 /* Close "file pointer" for ntdom group database */
683 _nss_winbind_endgrent(void)
687 fprintf(stderr
, "[%5d]: endgrent\n", getpid());
691 pthread_mutex_lock(&winbind_nss_mutex
);
694 if (num_gr_cache
> 0) {
695 ndx_gr_cache
= num_gr_cache
= 0;
696 winbindd_free_response(&getgrent_response
);
699 ret
= winbindd_request_response(WINBINDD_ENDGRENT
, NULL
, NULL
);
701 fprintf(stderr
, "[%5d]: endgrent returns %s (%d)\n", getpid(),
702 nss_err_str(ret
), ret
);
706 pthread_mutex_unlock(&winbind_nss_mutex
);
712 /* Get next entry from ntdom group database */
715 winbind_getgrent(enum winbindd_cmd cmd
,
716 struct group
*result
,
717 char *buffer
, size_t buflen
, int *errnop
)
720 static struct winbindd_request request
;
721 static int called_again
;
725 fprintf(stderr
, "[%5d]: getgrent\n", getpid());
729 pthread_mutex_lock(&winbind_nss_mutex
);
732 /* Return an entry from the cache if we have one, or if we are
733 called again because we exceeded our static buffer. */
735 if ((ndx_gr_cache
< num_gr_cache
) || called_again
) {
739 /* Else call winbindd to get a bunch of entries */
741 if (num_gr_cache
> 0) {
742 winbindd_free_response(&getgrent_response
);
745 ZERO_STRUCT(request
);
746 ZERO_STRUCT(getgrent_response
);
748 request
.data
.num_entries
= MAX_GETGRENT_USERS
;
750 ret
= winbindd_request_response(cmd
, &request
,
753 if (ret
== NSS_STATUS_SUCCESS
) {
754 struct winbindd_gr
*gr_cache
;
760 num_gr_cache
= getgrent_response
.data
.num_entries
;
762 /* Return a result */
766 gr_cache
= (struct winbindd_gr
*)
767 getgrent_response
.extra_data
.data
;
769 /* Check data is valid */
771 if (gr_cache
== NULL
) {
772 ret
= NSS_STATUS_NOTFOUND
;
776 /* Fill group membership. The offset into the extra data
777 for the group membership is the reported offset plus the
778 size of all the winbindd_gr records returned. */
780 mem_ofs
= gr_cache
[ndx_gr_cache
].gr_mem_ofs
+
781 num_gr_cache
* sizeof(struct winbindd_gr
);
783 ret
= fill_grent(result
, &gr_cache
[ndx_gr_cache
],
784 ((char *)getgrent_response
.extra_data
.data
)+mem_ofs
,
787 /* Out of memory - try again */
789 if (ret
== NSS_STATUS_TRYAGAIN
) {
791 *errnop
= errno
= ERANGE
;
796 called_again
= false;
799 /* If we've finished with this lot of results free cache */
801 if (ndx_gr_cache
== num_gr_cache
) {
802 ndx_gr_cache
= num_gr_cache
= 0;
803 winbindd_free_response(&getgrent_response
);
808 fprintf(stderr
, "[%5d]: getgrent returns %s (%d)\n", getpid(),
809 nss_err_str(ret
), ret
);
813 pthread_mutex_unlock(&winbind_nss_mutex
);
821 _nss_winbind_getgrent_r(struct group
*result
,
822 char *buffer
, size_t buflen
, int *errnop
)
824 return winbind_getgrent(WINBINDD_GETGRENT
, result
, buffer
, buflen
, errnop
);
828 _nss_winbind_getgrlst_r(struct group
*result
,
829 char *buffer
, size_t buflen
, int *errnop
)
831 return winbind_getgrent(WINBINDD_GETGRLST
, result
, buffer
, buflen
, errnop
);
834 /* Return group struct from group name */
837 _nss_winbind_getgrnam_r(const char *name
,
838 struct group
*result
, char *buffer
,
839 size_t buflen
, int *errnop
)
842 static struct winbindd_response response
;
843 struct winbindd_request request
;
844 static int keep_response
;
847 fprintf(stderr
, "[%5d]: getgrnam %s\n", getpid(), name
);
851 pthread_mutex_lock(&winbind_nss_mutex
);
854 /* If our static buffer needs to be expanded we are called again */
855 /* Or if the stored response group name differs from the request. */
857 if (!keep_response
|| strcmp(name
,response
.data
.gr
.gr_name
) != 0) {
859 /* Call for the first time */
861 ZERO_STRUCT(request
);
862 ZERO_STRUCT(response
);
864 strncpy(request
.data
.groupname
, name
,
865 sizeof(request
.data
.groupname
));
866 request
.data
.groupname
867 [sizeof(request
.data
.groupname
) - 1] = '\0';
869 ret
= winbindd_request_response(WINBINDD_GETGRNAM
, &request
, &response
);
871 if (ret
== NSS_STATUS_SUCCESS
) {
872 ret
= fill_grent(result
, &response
.data
.gr
,
873 (char *)response
.extra_data
.data
,
876 if (ret
== NSS_STATUS_TRYAGAIN
) {
877 keep_response
= true;
878 *errnop
= errno
= ERANGE
;
885 /* We've been called again */
887 ret
= fill_grent(result
, &response
.data
.gr
,
888 (char *)response
.extra_data
.data
, &buffer
,
891 if (ret
== NSS_STATUS_TRYAGAIN
) {
892 keep_response
= true;
893 *errnop
= errno
= ERANGE
;
897 keep_response
= false;
901 winbindd_free_response(&response
);
904 fprintf(stderr
, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
905 name
, nss_err_str(ret
), ret
);
909 pthread_mutex_unlock(&winbind_nss_mutex
);
915 /* Return group struct from gid */
918 _nss_winbind_getgrgid_r(gid_t gid
,
919 struct group
*result
, char *buffer
,
920 size_t buflen
, int *errnop
)
923 static struct winbindd_response response
;
924 struct winbindd_request request
;
925 static int keep_response
;
928 fprintf(stderr
, "[%5d]: getgrgid %d\n", getpid(), gid
);
932 pthread_mutex_lock(&winbind_nss_mutex
);
935 /* If our static buffer needs to be expanded we are called again */
936 /* Or if the stored response group name differs from the request. */
938 if (!keep_response
|| gid
!= response
.data
.gr
.gr_gid
) {
940 /* Call for the first time */
942 ZERO_STRUCT(request
);
943 ZERO_STRUCT(response
);
945 request
.data
.gid
= gid
;
947 ret
= winbindd_request_response(WINBINDD_GETGRGID
, &request
, &response
);
949 if (ret
== NSS_STATUS_SUCCESS
) {
951 ret
= fill_grent(result
, &response
.data
.gr
,
952 (char *)response
.extra_data
.data
,
955 if (ret
== NSS_STATUS_TRYAGAIN
) {
956 keep_response
= true;
957 *errnop
= errno
= ERANGE
;
964 /* We've been called again */
966 ret
= fill_grent(result
, &response
.data
.gr
,
967 (char *)response
.extra_data
.data
, &buffer
,
970 if (ret
== NSS_STATUS_TRYAGAIN
) {
971 keep_response
= true;
972 *errnop
= errno
= ERANGE
;
976 keep_response
= false;
980 winbindd_free_response(&response
);
983 fprintf(stderr
, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
984 (unsigned int)gid
, nss_err_str(ret
), ret
);
988 pthread_mutex_unlock(&winbind_nss_mutex
);
993 /* Initialise supplementary groups */
996 _nss_winbind_initgroups_dyn(char *user
, gid_t group
, long int *start
,
997 long int *size
, gid_t
**groups
, long int limit
,
1001 struct winbindd_request request
;
1002 struct winbindd_response response
;
1006 fprintf(stderr
, "[%5d]: initgroups %s (%d)\n", getpid(),
1011 pthread_mutex_lock(&winbind_nss_mutex
);
1014 ZERO_STRUCT(request
);
1015 ZERO_STRUCT(response
);
1017 strncpy(request
.data
.username
, user
,
1018 sizeof(request
.data
.username
) - 1);
1020 ret
= winbindd_request_response(WINBINDD_GETGROUPS
, &request
, &response
);
1022 if (ret
== NSS_STATUS_SUCCESS
) {
1023 int num_gids
= response
.data
.num_entries
;
1024 gid_t
*gid_list
= (gid_t
*)response
.extra_data
.data
;
1027 fprintf(stderr
, "[%5d]: initgroups %s: got NSS_STATUS_SUCCESS "
1028 "and %d gids\n", getpid(),
1031 if (gid_list
== NULL
) {
1032 ret
= NSS_STATUS_NOTFOUND
;
1036 /* Copy group list to client */
1038 for (i
= 0; i
< num_gids
; i
++) {
1041 fprintf(stderr
, "[%5d]: initgroups %s (%d): "
1042 "processing gid %d \n", getpid(),
1043 user
, group
, gid_list
[i
]);
1046 /* Skip primary group */
1048 if (gid_list
[i
] == group
) {
1052 /* Filled buffer ? If so, resize. */
1054 if (*start
== *size
) {
1058 newsize
= 2 * (*size
);
1060 if (*size
== limit
) {
1063 if (newsize
> limit
) {
1068 newgroups
= (gid_t
*)
1070 newsize
* sizeof(**groups
));
1073 ret
= NSS_STATUS_NOTFOUND
;
1076 *groups
= newgroups
;
1082 (*groups
)[*start
] = gid_list
[i
];
1087 /* Back to your regularly scheduled programming */
1091 fprintf(stderr
, "[%5d]: initgroups %s returns %s (%d)\n", getpid(),
1092 user
, nss_err_str(ret
), ret
);
1096 pthread_mutex_unlock(&winbind_nss_mutex
);
1103 /* return a list of group SIDs for a user SID */
1105 _nss_winbind_getusersids(const char *user_sid
, char **group_sids
,
1107 char *buffer
, size_t buf_size
, int *errnop
)
1110 struct winbindd_request request
;
1111 struct winbindd_response response
;
1114 fprintf(stderr
, "[%5d]: getusersids %s\n", getpid(), user_sid
);
1118 pthread_mutex_lock(&winbind_nss_mutex
);
1121 ZERO_STRUCT(request
);
1122 ZERO_STRUCT(response
);
1124 strncpy(request
.data
.sid
, user_sid
,sizeof(request
.data
.sid
) - 1);
1125 request
.data
.sid
[sizeof(request
.data
.sid
) - 1] = '\0';
1127 ret
= winbindd_request_response(WINBINDD_GETUSERSIDS
, &request
, &response
);
1129 if (ret
!= NSS_STATUS_SUCCESS
) {
1133 if (buf_size
< response
.length
- sizeof(response
)) {
1134 ret
= NSS_STATUS_TRYAGAIN
;
1135 errno
= *errnop
= ERANGE
;
1139 *num_groups
= response
.data
.num_entries
;
1140 *group_sids
= buffer
;
1141 memcpy(buffer
, response
.extra_data
.data
, response
.length
- sizeof(response
));
1142 errno
= *errnop
= 0;
1145 winbindd_free_response(&response
);
1148 pthread_mutex_unlock(&winbind_nss_mutex
);
1155 /* map a user or group name to a SID string */
1157 _nss_winbind_nametosid(const char *name
, char **sid
, char *buffer
,
1158 size_t buflen
, int *errnop
)
1161 struct winbindd_response response
;
1162 struct winbindd_request request
;
1165 fprintf(stderr
, "[%5d]: nametosid %s\n", getpid(), name
);
1169 pthread_mutex_lock(&winbind_nss_mutex
);
1172 ZERO_STRUCT(response
);
1173 ZERO_STRUCT(request
);
1175 strncpy(request
.data
.name
.name
, name
,
1176 sizeof(request
.data
.name
.name
) - 1);
1177 request
.data
.name
.name
[sizeof(request
.data
.name
.name
) - 1] = '\0';
1179 ret
= winbindd_request_response(WINBINDD_LOOKUPNAME
, &request
, &response
);
1180 if (ret
!= NSS_STATUS_SUCCESS
) {
1181 *errnop
= errno
= EINVAL
;
1185 if (buflen
< strlen(response
.data
.sid
.sid
)+1) {
1186 ret
= NSS_STATUS_TRYAGAIN
;
1187 *errnop
= errno
= ERANGE
;
1191 *errnop
= errno
= 0;
1193 strcpy(*sid
, response
.data
.sid
.sid
);
1196 winbindd_free_response(&response
);
1199 pthread_mutex_unlock(&winbind_nss_mutex
);
1205 /* map a sid string to a user or group name */
1207 _nss_winbind_sidtoname(const char *sid
, char **name
, char *buffer
,
1208 size_t buflen
, int *errnop
)
1211 struct winbindd_response response
;
1212 struct winbindd_request request
;
1213 static char sep_char
;
1217 fprintf(stderr
, "[%5d]: sidtoname %s\n", getpid(), sid
);
1221 pthread_mutex_lock(&winbind_nss_mutex
);
1224 ZERO_STRUCT(response
);
1225 ZERO_STRUCT(request
);
1227 /* we need to fetch the separator first time through */
1229 ret
= winbindd_request_response(WINBINDD_INFO
, &request
, &response
);
1230 if (ret
!= NSS_STATUS_SUCCESS
) {
1231 *errnop
= errno
= EINVAL
;
1235 sep_char
= response
.data
.info
.winbind_separator
;
1236 winbindd_free_response(&response
);
1240 strncpy(request
.data
.sid
, sid
,
1241 sizeof(request
.data
.sid
) - 1);
1242 request
.data
.sid
[sizeof(request
.data
.sid
) - 1] = '\0';
1244 ret
= winbindd_request_response(WINBINDD_LOOKUPSID
, &request
, &response
);
1245 if (ret
!= NSS_STATUS_SUCCESS
) {
1246 *errnop
= errno
= EINVAL
;
1251 strlen(response
.data
.name
.dom_name
) +
1252 strlen(response
.data
.name
.name
) + 2;
1254 if (buflen
< needed
) {
1255 ret
= NSS_STATUS_TRYAGAIN
;
1256 *errnop
= errno
= ERANGE
;
1260 snprintf(buffer
, needed
, "%s%c%s",
1261 response
.data
.name
.dom_name
,
1263 response
.data
.name
.name
);
1266 *errnop
= errno
= 0;
1269 winbindd_free_response(&response
);
1272 pthread_mutex_unlock(&winbind_nss_mutex
);
1278 /* map a sid to a uid */
1280 _nss_winbind_sidtouid(const char *sid
, uid_t
*uid
, int *errnop
)
1283 struct winbindd_response response
;
1284 struct winbindd_request request
;
1287 fprintf(stderr
, "[%5d]: sidtouid %s\n", getpid(), sid
);
1291 pthread_mutex_lock(&winbind_nss_mutex
);
1294 ZERO_STRUCT(request
);
1295 ZERO_STRUCT(response
);
1297 strncpy(request
.data
.sid
, sid
, sizeof(request
.data
.sid
) - 1);
1298 request
.data
.sid
[sizeof(request
.data
.sid
) - 1] = '\0';
1300 ret
= winbindd_request_response(WINBINDD_SID_TO_UID
, &request
, &response
);
1301 if (ret
!= NSS_STATUS_SUCCESS
) {
1302 *errnop
= errno
= EINVAL
;
1306 *uid
= response
.data
.uid
;
1311 pthread_mutex_unlock(&winbind_nss_mutex
);
1317 /* map a sid to a gid */
1319 _nss_winbind_sidtogid(const char *sid
, gid_t
*gid
, int *errnop
)
1322 struct winbindd_response response
;
1323 struct winbindd_request request
;
1326 fprintf(stderr
, "[%5d]: sidtogid %s\n", getpid(), sid
);
1330 pthread_mutex_lock(&winbind_nss_mutex
);
1333 ZERO_STRUCT(request
);
1334 ZERO_STRUCT(response
);
1336 strncpy(request
.data
.sid
, sid
, sizeof(request
.data
.sid
) - 1);
1337 request
.data
.sid
[sizeof(request
.data
.sid
) - 1] = '\0';
1339 ret
= winbindd_request_response(WINBINDD_SID_TO_GID
, &request
, &response
);
1340 if (ret
!= NSS_STATUS_SUCCESS
) {
1341 *errnop
= errno
= EINVAL
;
1345 *gid
= response
.data
.gid
;
1350 pthread_mutex_unlock(&winbind_nss_mutex
);
1356 /* map a uid to a SID string */
1358 _nss_winbind_uidtosid(uid_t uid
, char **sid
, char *buffer
,
1359 size_t buflen
, int *errnop
)
1362 struct winbindd_response response
;
1363 struct winbindd_request request
;
1366 fprintf(stderr
, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid
);
1370 pthread_mutex_lock(&winbind_nss_mutex
);
1373 ZERO_STRUCT(response
);
1374 ZERO_STRUCT(request
);
1376 request
.data
.uid
= uid
;
1378 ret
= winbindd_request_response(WINBINDD_UID_TO_SID
, &request
, &response
);
1379 if (ret
!= NSS_STATUS_SUCCESS
) {
1380 *errnop
= errno
= EINVAL
;
1384 if (buflen
< strlen(response
.data
.sid
.sid
)+1) {
1385 ret
= NSS_STATUS_TRYAGAIN
;
1386 *errnop
= errno
= ERANGE
;
1390 *errnop
= errno
= 0;
1392 strcpy(*sid
, response
.data
.sid
.sid
);
1395 winbindd_free_response(&response
);
1398 pthread_mutex_unlock(&winbind_nss_mutex
);
1404 /* map a gid to a SID string */
1406 _nss_winbind_gidtosid(gid_t gid
, char **sid
, char *buffer
,
1407 size_t buflen
, int *errnop
)
1410 struct winbindd_response response
;
1411 struct winbindd_request request
;
1414 fprintf(stderr
, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid
);
1418 pthread_mutex_lock(&winbind_nss_mutex
);
1421 ZERO_STRUCT(response
);
1422 ZERO_STRUCT(request
);
1424 request
.data
.gid
= gid
;
1426 ret
= winbindd_request_response(WINBINDD_GID_TO_SID
, &request
, &response
);
1427 if (ret
!= NSS_STATUS_SUCCESS
) {
1428 *errnop
= errno
= EINVAL
;
1432 if (buflen
< strlen(response
.data
.sid
.sid
)+1) {
1433 ret
= NSS_STATUS_TRYAGAIN
;
1434 *errnop
= errno
= ERANGE
;
1438 *errnop
= errno
= 0;
1440 strcpy(*sid
, response
.data
.sid
.sid
);
1443 winbindd_free_response(&response
);
1446 pthread_mutex_unlock(&winbind_nss_mutex
);