search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
merge from APPLIANCE_TNG
[Samba/gbeck.git] / source / nsswitch / winbindd_group.c
blobde8ecd45f1e9a44a9f2e3c3a64895b0e0d1cd4ba
1 /*
2 Unix SMB/Netbios implementation.
3 Version 2.0
4
5 Winbind daemon for ntdom nss module
6
7 Copyright (C) Tim Potter 2000
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "winbindd.h"
25
26 /* Fill a grent structure from various other information */
27
28 static BOOL fill_grent(struct winbindd_gr *gr, char *gr_name,
29 gid_t unix_gid)
30 {
31 /* Fill in uid/gid */
32
33 gr->gr_gid = unix_gid;
34
35 /* Group name and password */
36
37 safe_strcpy(gr->gr_name, gr_name, sizeof(gr->gr_name) - 1);
38 safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1);
39
40 return True;
41 }
42
43 /* Fill in the group membership field of a NT group given by group_rid */
44
45 static BOOL fill_grent_mem(struct winbindd_domain *domain,
46 uint32 group_rid,
47 enum SID_NAME_USE group_name_type,
48 int *num_gr_mem, char **gr_mem, int *gr_mem_len)
49 {
50 uint32 *rid_mem = NULL, num_names = 0;
51 enum SID_NAME_USE *name_types = NULL;
52 int buf_len, buf_ndx, i;
53 char **names = NULL, *buf;
54 BOOL result = False;
55
56 if (!num_gr_mem || !gr_mem || !gr_mem_len) return False;
57
58 /* Initialise group membership information */
59
60 DEBUG(10, ("fill_grent_mem(): group %s rid 0x%x\n",
61 domain ? domain->name : "NULL", group_rid));
62
63 *num_gr_mem = 0;
64
65 if (group_name_type != SID_NAME_DOM_GRP) {
66 DEBUG(1, ("fill_grent_mem(): rid %d in domain %s isn't a "
67 "domain group\n", group_rid, domain->name));
68 return False;
69 }
70
71 /* Lookup group members */
72
73 if (!winbindd_lookup_groupmem(domain, group_rid, &num_names,
74 &rid_mem, &names, &name_types)) {
75
76 DEBUG(1, ("fill_grent_mem(): could not lookup membership "
77 "for group rid %d in domain %s\n",
78 group_rid, domain->name));
79
80 return False;
81 }
82
83 DEBUG(10, ("fill_grent_mem(): looked up %d names\n", num_names));
84
85 if (DEBUGLEVEL >= 10) {
86 for (i = 0; i < num_names; i++) {
87 DEBUG(10, ("\t%20s %x %d\n", names[i], rid_mem[i],
88 name_types[i]));
89 }
90 }
91
92 /* Add members to list */
93
94 buf = NULL;
95 buf_len = buf_ndx = 0;
96
97 again:
98
99 for (i = 0; i < num_names; i++) {
100 char *the_name;
101 fstring name;
102 int len;
103
104 the_name = names[i];
105
106 DEBUG(10, ("fill_grent_mem(): processing name %s\n", the_name));
107
108 /* Only add domain users */
109
110 if (name_types[i] != SID_NAME_USER) {
111 DEBUG(3, ("fill_grent_mem(): name %s isn't a domain "
112 "user\n", the_name));
113 continue;
114 }
115
116 /* Don't bother with machine accounts */
117
118 if (the_name[strlen(the_name) - 1] == '$') {
119 DEBUG(10, ("fill_grent_mem(): %s is machine account\n",
120 the_name));
121 continue;
122 }
123
124 /* Append domain name */
125
126 snprintf(name, sizeof(name), "%s%s%s", domain->name,
127 lp_winbind_separator(), the_name);
128
129 len = strlen(name);
130
131 /* Add to list or calculate buffer length */
132
133 if (!buf) {
134 buf_len += len + 1; /* List is comma separated */
135 (*num_gr_mem)++;
136 DEBUG(10, ("fill_grent_mem(): buf_len + %d = %d\n", len + 1,
137 buf_len));
138 } else {
139 DEBUG(10, ("fill_grent_mem(): appending %s at index %d\n",
140 name, len));
141 safe_strcpy(&buf[buf_ndx], name, len);
142 buf_ndx += len;
143 buf[buf_ndx] = ',';
144 buf_ndx++;
145 }
146 }
147
148 /* Allocate buffer */
149
150 if (!buf) {
151 if (!(buf = malloc(buf_len))) {
152 DEBUG(1, ("fill_grent_mem(): out of memory\n"));
153 result = False;
154 goto cleanup;
155 }
156 memset(buf, 0, buf_len);
157 goto again;
158 }
159
160 if (buf && buf_ndx > 0) {
161 buf[buf_ndx - 1] = '\0';
162 }
163
164 *gr_mem = buf;
165 *gr_mem_len = buf_len;
166
167 DEBUG(10, ("fill_grent_mem(): num_mem = %d, len = %d, mem = %s\n", *num_gr_mem,
168 buf_len, buf));
169
170 result = True;
171
172 cleanup:
173
174 /* Free memory allocated in winbindd_lookup_groupmem() */
175
176 safe_free(name_types);
177 safe_free(rid_mem);
178
179 free_char_array(num_names, names);
180
181 DEBUG(10, ("fill_grent_mem(): returning %d\n", result));
182
183 return result;
184 }
185
186 /* Return a group structure from a group name */
187
188 enum winbindd_result winbindd_getgrnam_from_group(struct winbindd_cli_state
189 *state)
190 {
191 DOM_SID group_sid;
192 struct winbindd_domain *domain;
193 enum SID_NAME_USE name_type;
194 uint32 group_rid;
195 fstring name_domain, name_group, name;
196 char *tmp, *gr_mem;
197 gid_t gid;
198 int extra_data_len, gr_mem_len;
199
200 DEBUG(3, ("[%5d]: getgrnam %s\n", state->pid,
201 state->request.data.groupname));
202
203 /* Parse domain and groupname */
204
205 memset(name_group, 0, sizeof(fstring));
206
207 tmp = state->request.data.groupname;
208 parse_domain_user(tmp, name_domain, name_group);
209
210 /* Reject names that don't have a domain - i.e name_domain contains
211 the entire name. */
212
213 if (strequal(name_group, "")) {
214 return WINBINDD_ERROR;
215 }
216
217 /* Get info for the domain */
218
219 if ((domain = find_domain_from_name(name_domain)) == NULL) {
220 DEBUG(0, ("getgrname_from_group(): could not get domain "
221 "sid for domain %s\n", name_domain));
222 return WINBINDD_ERROR;
223 }
224
225 if (!domain_handles_open(domain)) {
226 return WINBINDD_ERROR;
227 }
228
229 /* Check for cached group entry */
230
231 if (winbindd_fetch_group_cache_entry(name_domain, name_group,
232 &state->response.data.gr,
233 &state->response.extra_data,
234 &extra_data_len)) {
235 state->response.length += extra_data_len;
236 return WINBINDD_OK;
237 }
238
239 snprintf(name, sizeof(name), "%s\\%s", name_domain, name_group);
240
241 /* Get rid and name type from name */
242
243 if (!winbindd_lookup_sid_by_name(name, &group_sid, &name_type)) {
244 DEBUG(1, ("group %s in domain %s does not exist\n",
245 name_group, name_domain));
246 return WINBINDD_ERROR;
247 }
248
249 if ((name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_DOM_GRP)) {
250 DEBUG(1, ("from_group: name '%s' is not a local or domain "
251 "group: %d\n", name_group, name_type));
252 return WINBINDD_ERROR;
253 }
254
255 /* Fill in group structure */
256
257 sid_split_rid(&group_sid, &group_rid);
258
259 if (!winbindd_idmap_get_gid_from_rid(domain->name, group_rid, &gid)) {
260 DEBUG(1, ("error sursing unix gid for sid\n"));
261 return WINBINDD_ERROR;
262 }
263
264 if (!fill_grent(&state->response.data.gr,
265 state->request.data.groupname, gid) ||
266 !fill_grent_mem(domain, group_rid, name_type,
267 &state->response.data.gr.num_gr_mem,
268 &gr_mem, &gr_mem_len)) {
269 return WINBINDD_ERROR;
270 }
271
272 /* Group membership lives at start of extra data */
273
274 state->response.data.gr.gr_mem_ofs = 0;
275
276 state->response.length += gr_mem_len;
277 state->response.extra_data = gr_mem;
278
279 /* Update cached group info */
280
281 winbindd_store_group_cache_entry(name_domain, name_group,
282 &state->response.data.gr,
283 state->response.extra_data,
284 gr_mem_len);
285
286 return WINBINDD_OK;
287 }
288
289 /* Return a group structure from a gid number */
290
291 enum winbindd_result winbindd_getgrnam_from_gid(struct winbindd_cli_state
292 *state)
293 {
294 struct winbindd_domain *domain;
295 DOM_SID group_sid;
296 enum SID_NAME_USE name_type;
297 fstring group_name;
298 uint32 group_rid;
299 int extra_data_len, gr_mem_len;
300 char *gr_mem;
301
302 /* Bug out if the gid isn't in the winbind range */
303
304 if ((state->request.data.gid < server_state.gid_low) ||
305 (state->request.data.gid > server_state.gid_high)) {
306 return WINBINDD_ERROR;
307 }
308
309 DEBUG(3, ("[%5d]: getgrgid %d\n", state->pid,
310 state->request.data.gid));
311
312 /* Get rid from gid */
313
314 if (!winbindd_idmap_get_rid_from_gid(state->request.data.gid,
315 &group_rid, &domain)) {
316 DEBUG(1, ("Could not convert gid %d to rid\n",
317 state->request.data.gid));
318 return WINBINDD_ERROR;
319 }
320
321 if (!domain_handles_open(domain)) {
322 return WINBINDD_ERROR;
323 }
324
325 /* Try a cached entry */
326
327 if (winbindd_fetch_gid_cache_entry(domain->name,
328 state->request.data.gid,
329 &state->response.data.gr,
330 &state->response.extra_data,
331 &extra_data_len)) {
332 state->response.length += extra_data_len;
333 return WINBINDD_OK;
334 }
335
336 /* Get sid from gid */
337
338 sid_copy(&group_sid, &domain->sid);
339 sid_append_rid(&group_sid, group_rid);
340
341 if (!winbindd_lookup_name_by_sid(&group_sid, group_name, &name_type)) {
342 DEBUG(1, ("Could not lookup sid\n"));
343 return WINBINDD_ERROR;
344 }
345
346 if (strcmp(lp_winbind_separator(),"\\")) {
347 string_sub(group_name, "\\", lp_winbind_separator(),
348 sizeof(fstring));
349 }
350
351 if (!((name_type == SID_NAME_ALIAS) ||
352 (name_type == SID_NAME_DOM_GRP))) {
353 DEBUG(1, ("from_gid: name '%s' is not a local or domain "
354 "group: %d\n", group_name, name_type));
355 return WINBINDD_ERROR;
356 }
357
358 /* Fill in group structure */
359
360 if (!fill_grent(&state->response.data.gr, group_name,
361 state->request.data.gid) ||
362 !fill_grent_mem(domain, group_rid, name_type,
363 &state->response.data.gr.num_gr_mem,
364 &gr_mem, &gr_mem_len)) {
365 return WINBINDD_ERROR;
366 }
367
368
369 /* Group membership lives at start of extra data */
370
371 state->response.data.gr.gr_mem_ofs = 0;
372
373 state->response.length += gr_mem_len;
374 state->response.extra_data = gr_mem;
375
376 /* Update cached group info */
377
378 winbindd_store_gid_cache_entry(domain->name, state->request.data.gid,
379 &state->response.data.gr,
380 state->response.extra_data,
381 gr_mem_len);
382
383 return WINBINDD_OK;
384 }
385
386 /*
387 * set/get/endgrent functions
388 */
389
390 /* "Rewind" file pointer for group database enumeration */
391
392 enum winbindd_result winbindd_setgrent(struct winbindd_cli_state *state)
393 {
394 struct winbindd_domain *tmp;
395
396 DEBUG(3, ("[%5d]: setgrent\n", state->pid));
397
398 if (state == NULL) return WINBINDD_ERROR;
399
400 /* Check user has enabled this */
401
402 if (!lp_winbind_enum_groups()) {
403 return WINBINDD_ERROR;
404 }
405
406 /* Free old static data if it exists */
407
408 if (state->getgrent_state != NULL) {
409 free_getent_state(state->getgrent_state);
410 state->getgrent_state = NULL;
411 }
412
413 /* Create sam pipes for each domain we know about */
414
415 for (tmp = domain_list; tmp != NULL; tmp = tmp->next) {
416 struct getent_state *domain_state;
417
418 /* Skip domains other than WINBINDD_DOMAIN environment
419 variable */
420
421 if ((strcmp(state->request.domain, "") != 0) &&
422 !check_domain_env(state->request.domain, tmp->name)) {
423 continue;
424 }
425
426 /* Create a state record for this domain */
427
428 if ((domain_state = (struct getent_state *)
429 malloc(sizeof(struct getent_state))) == NULL) {
430
431 return WINBINDD_ERROR;
432 }
433
434 ZERO_STRUCTP(domain_state);
435
436 /* Add to list of open domains */
437
438 domain_state->domain = tmp;
439 DLIST_ADD(state->getgrent_state, domain_state);
440 }
441
442 return WINBINDD_OK;
443 }
444
445 /* Close file pointer to ntdom group database */
446
447 enum winbindd_result winbindd_endgrent(struct winbindd_cli_state *state)
448 {
449 DEBUG(3, ("[%5d]: endgrent\n", state->pid));
450
451 if (state == NULL) return WINBINDD_ERROR;
452
453 free_getent_state(state->getgrent_state);
454 state->getgrent_state = NULL;
455
456 return WINBINDD_OK;
457 }
458
459 /* Get the list of domain groups and domain aliases for a domain. We fill in
460 the sam_entries and num_sam_entries fields with domain group information.
461 The dispinfo_ndx field is incremented to the index of the next group to
462 fetch. Return True if some groups were returned, False otherwise. */
463
464 #define MAX_FETCH_SAM_ENTRIES 100
465
466 static BOOL get_sam_group_entries(struct getent_state *ent)
467 {
468 uint32 status, num_entries;
469 struct acct_info *name_list = NULL;
470
471 if (ent->got_all_sam_entries) {
472 return False;
473 }
474
475 #if 0
476 if (winbindd_fetch_group_cache(ent->domain->name,
477 &ent->sam_entries,
478 &ent->num_sam_entries)) {
479 return True;
480 }
481 #endif
482
483 /* Fetch group entries */
484
485 if (!domain_handles_open(ent->domain)) {
486 return False;
487 }
488
489 /* Free any existing group info */
490
491 if (ent->sam_entries) {
492 free(ent->sam_entries);
493 ent->sam_entries = NULL;
494 ent->num_sam_entries = 0;
495 }
496
497 /* Enumerate domain groups */
498
499 do {
500 struct acct_info *sam_grp_entries = NULL;
501
502 num_entries = 0;
503
504 status = samr_enum_dom_groups(&ent->domain->sam_dom_handle,
505 &ent->grp_query_start_ndx,
506 0x8000, /* buffer size? */
507 (struct acct_info **)
508 &sam_grp_entries,
509 &num_entries);
510
511 /* Copy entries into return buffer */
512
513 if (num_entries) {
514
515 name_list = Realloc(name_list,
516 sizeof(struct acct_info) *
517 (ent->num_sam_entries +
518 num_entries));
519
520 memcpy(&name_list[ent->num_sam_entries],
521 sam_grp_entries,
522 num_entries * sizeof(struct acct_info));
523
524 safe_free(sam_grp_entries);
525 }
526
527 ent->num_sam_entries += num_entries;
528
529 if (status != STATUS_MORE_ENTRIES)
530 break;
531
532 } while (ent->num_sam_entries < MAX_FETCH_SAM_ENTRIES);
533
534 #if 0
535 /* Fill cache with received entries */
536
537 winbindd_store_group_cache(ent->domain->name, ent->sam_entries,
538 ent->num_sam_entries);
539 #endif
540
541 /* Fill in remaining fields */
542
543 ent->sam_entries = name_list;
544 ent->sam_entry_index = 0;
545 ent->got_all_sam_entries = (status != STATUS_MORE_ENTRIES);
546
547 return ent->num_sam_entries > 0;
548 }
549
550 /* Fetch next group entry from ntdom database */
551
552 #define MAX_GETGRENT_GROUPS 500
553
554 enum winbindd_result winbindd_getgrent(struct winbindd_cli_state *state)
555 {
556 struct getent_state *ent;
557 struct winbindd_gr *group_list = NULL;
558 int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0;
559 char *sep, *new_extra_data, *gr_mem_list = NULL;
560
561 DEBUG(3, ("[%5d]: getgrent\n", state->pid));
562
563 if (state == NULL) return WINBINDD_ERROR;
564
565 /* Check user has enabled this */
566
567 if (!lp_winbind_enum_groups()) {
568 return WINBINDD_ERROR;
569 }
570
571 num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
572
573 if ((state->response.extra_data =
574 malloc(num_groups * sizeof(struct winbindd_gr))) == NULL) {
575 return WINBINDD_ERROR;
576 }
577
578 state->response.data.num_entries = 0;
579
580 group_list = (struct winbindd_gr *)state->response.extra_data;
581 sep = lp_winbind_separator();
582
583 if (!(ent = state->getgrent_state)) {
584 return WINBINDD_ERROR;
585 }
586
587 /* Start sending back groups */
588
589 for (i = 0; i < num_groups; i++) {
590 struct acct_info *name_list = NULL;
591 fstring domain_group_name;
592 uint32 result;
593 gid_t group_gid;
594
595 /* Do we need to fetch another chunk of groups? */
596
597 tryagain:
598
599 DEBUG(10, ("getgrent(): entry_index = %d, num_entries = %d\n",
600 ent->sam_entry_index, ent->num_sam_entries));
601
602 if (ent->num_sam_entries == ent->sam_entry_index) {
603
604 while(ent && !get_sam_group_entries(ent)) {
605 struct getent_state *next_ent;
606
607 DEBUG(10, ("getgrent(): freeing state info for "
608 "domain %s\n", ent->domain->name));
609
610 /* Free state information for this domain */
611
612 safe_free(ent->sam_entries);
613 ent->sam_entries = NULL;
614
615 next_ent = ent->next;
616 DLIST_REMOVE(state->getgrent_state, ent);
617
618 free(ent);
619 ent = next_ent;
620 }
621
622 /* No more domains */
623
624 if (!ent) break;
625 }
626
627 name_list = ent->sam_entries;
628
629 /* Lookup group info */
630
631 if (!winbindd_idmap_get_gid_from_rid(
632 ent->domain->name,
633 name_list[ent->sam_entry_index].rid,
634 &group_gid)) {
635
636 DEBUG(1, ("getgrent(): could not look up gid for group %s\n",
637 name_list[ent->sam_entry_index].acct_name));
638
639 ent->sam_entry_index++;
640 goto tryagain;
641 }
642
643 DEBUG(10, ("getgrent(): got gid %d for group %x\n", group_gid,
644 name_list[ent->sam_entry_index].rid));
645
646 /* Fill in group entry */
647
648 slprintf(domain_group_name, sizeof(domain_group_name) - 1,
649 "%s%s%s", ent->domain->name, lp_winbind_separator(),
650 name_list[ent->sam_entry_index].acct_name);
651
652 result = fill_grent(&group_list[group_list_ndx],
653 domain_group_name, group_gid);
654
655 /* Fill in group membership entry */
656
657 if (result) {
658 int gr_mem_len;
659 char *gr_mem, *new_gr_mem_list;
660
661 /* Get group membership */
662
663 result = fill_grent_mem(
664 ent->domain,
665 name_list[ent->sam_entry_index].rid,
666 SID_NAME_DOM_GRP,
667 &group_list[group_list_ndx].num_gr_mem,
668 &gr_mem, &gr_mem_len);
669
670 /* Append to group membership list */
671
672 new_gr_mem_list = Realloc(
673 gr_mem_list,
674 gr_mem_list_len + gr_mem_len);
675
676 if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) {
677 DEBUG(0, ("getgrent(): out of memory\n"));
678 free(gr_mem_list);
679 gr_mem_list_len = 0;
680 break;
681 }
682
683 DEBUG(10, ("getgrent(): list_len = %d, mem_len = %d\n",
684 gr_mem_list_len, gr_mem_len));
685
686 gr_mem_list = new_gr_mem_list;
687
688 memcpy(&gr_mem_list[gr_mem_list_len], gr_mem,
689 gr_mem_len);
690
691 safe_free(gr_mem);
692
693 group_list[group_list_ndx].gr_mem_ofs =
694 gr_mem_list_len;
695
696 gr_mem_list_len += gr_mem_len;
697 }
698
699 ent->sam_entry_index++;
700
701 /* Add group to return list */
702
703 if (result) {
704
705 DEBUG(10, ("getgrent(): adding group num_entries = %d\n",
706 state->response.data.num_entries));
707
708 group_list_ndx++;
709 state->response.data.num_entries++;
710
711 state->response.length +=
712 sizeof(struct winbindd_gr);
713
714 } else {
715 DEBUG(0, ("could not lookup domain group %s\n",
716 domain_group_name));
717 }
718 }
719
720 /* Copy the list of group memberships to the end of the extra data */
721
722 if (group_list_ndx == 0) {
723 goto done;
724 }
725
726 new_extra_data = Realloc(
727 state->response.extra_data,
728 group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
729
730 if (!new_extra_data) {
731 DEBUG(0, ("out of memory\n"));
732 group_list_ndx = 0;
733 safe_free(state->response.extra_data);
734 state->response.extra_data = NULL;
735 safe_free(gr_mem_list);
736
737 return WINBINDD_ERROR;
738 }
739
740 state->response.extra_data = new_extra_data;
741
742 memcpy(&((char *)state->response.extra_data)
743 [group_list_ndx * sizeof(struct winbindd_gr)],
744 gr_mem_list, gr_mem_list_len);
745
746 safe_free(gr_mem_list);
747
748 state->response.length += gr_mem_list_len;
749
750 DEBUG(10, ("getgrent(): returning %d groups, length = %d\n",
751 group_list_ndx, gr_mem_list_len));
752
753 /* Out of domains */
754
755 done:
756 return (group_list_ndx > 0) ? WINBINDD_OK : WINBINDD_ERROR;
757 }
758
759 /* List domain groups without mapping to unix ids */
760
761 enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
762 {
763 uint32 total_entries = 0;
764 uint32 num_domain_entries;
765 struct winbindd_domain *domain;
766 struct getent_state groups;
767 char *extra_data = NULL;
768 char *ted = NULL;
769 int extra_data_len = 0, i;
770 void *sam_entries = NULL;
771
772 DEBUG(3, ("[%5d]: list groups\n", state->pid));
773
774 /* Enumerate over trusted domains */
775 ZERO_STRUCT(groups);
776 for (domain = domain_list; domain; domain = domain->next) {
777
778 /* Skip domains other than WINBINDD_DOMAIN environment
779 variable */
780
781 if ((strcmp(state->request.domain, "") != 0) &&
782 !check_domain_env(state->request.domain, domain->name)) {
783 continue;
784 }
785
786 /* Get list of sam groups */
787
788 ZERO_STRUCT(groups);
789 groups.domain = domain;
790
791 /*
792 * iterate through all groups
793 * total_entries : maintains a total count over **all domains**
794 * num_domain_entries : is the running count for this domain
795 */
796
797 num_domain_entries = 0;
798 while (get_sam_group_entries(&groups))
799 {
800 int new_size;
801 int offset;
802
803 offset = sizeof(struct acct_info) * num_domain_entries;
804 new_size = sizeof(struct acct_info)
805 * (groups.num_sam_entries + num_domain_entries);
806 sam_entries = Realloc(sam_entries, new_size);
807
808 if (!sam_entries)
809 return WINBINDD_ERROR;
810
811 num_domain_entries += groups.num_sam_entries;
812 memcpy (sam_entries+offset, groups.sam_entries,
813 sizeof(struct acct_info) * groups.num_sam_entries);
814
815 groups.sam_entries = NULL;
816 groups.num_sam_entries = 0;
817 }
818
819 /* skip remainder of loop if we idn;t retrieve any groups */
820
821 if (num_domain_entries == 0)
822 continue;
823
824 /* setup the groups struct to contain all the groups
825 retrieved for this domain */
826
827 groups.num_sam_entries = num_domain_entries;
828 groups.sam_entries = sam_entries;
829
830 /* keep track the of the total number of groups seen so
831 far over all domains */
832
833 total_entries += groups.num_sam_entries;
834
835 /* Allocate some memory for extra data. Note that we limit
836 account names to sizeof(fstring) = 128 characters. */
837
838 ted = Realloc(extra_data, sizeof(fstring) * total_entries);
839
840 if (!ted) {
841 DEBUG(0,("winbindd_list_groups: failed to enlarge buffer!\n"));
842 if (extra_data)
843 free(extra_data);
844 return WINBINDD_ERROR;
845 } else
846 extra_data = ted;
847
848 /* Pack group list into extra data fields */
849
850 for (i = 0; i < groups.num_sam_entries; i++) {
851 char *group_name = ((struct acct_info *)
852 groups.sam_entries)[i].acct_name;
853 fstring name;
854
855 /* Convert unistring to ascii */
856
857 snprintf(name, sizeof(name), "%s%s%s", domain->name,
858 lp_winbind_separator(), group_name);
859
860 /* Append to extra data */
861
862 memcpy(&extra_data[extra_data_len], name, strlen(name));
863 extra_data_len += strlen(name);
864
865 extra_data[extra_data_len++] = ',';
866 }
867 }
868
869 /* Assign extra_data fields in response structure */
870
871 if (extra_data) {
872 extra_data[extra_data_len - 1] = '\0';
873 state->response.extra_data = extra_data;
874 state->response.length += extra_data_len;
875 }
876
877 /* No domains may have responded but that's still OK so don't
878 return an error. */
879
880 return WINBINDD_OK;
881 }
882
883 /* Get user supplementary groups. This is much quicker than trying to
884 invert the groups database. */
885
886 enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state)
887 {
888 fstring name_domain, name_user, name;
889 DOM_SID user_sid;
890 enum SID_NAME_USE name_type;
891 uint32 user_rid, num_groups, num_gids;
892 DOM_GID *user_groups = NULL;
893 struct winbindd_domain *domain;
894 enum winbindd_result result;
895 gid_t *gid_list;
896 int i;
897
898 DEBUG(3, ("[%5d]: getgroups %s\n", state->pid,
899 state->request.data.username));
900
901 if (state == NULL) return WINBINDD_ERROR;
902
903 /* Parse domain and username */
904
905 parse_domain_user(state->request.data.username, name_domain,
906 name_user);
907
908 /* Reject names that don't have a domain - i.e name_domain contains
909 the entire name. */
910
911 if (strequal(name_domain, "")) {
912 return WINBINDD_ERROR;
913 }
914
915 /* Get info for the domain */
916
917 if ((domain = find_domain_from_name(name_domain)) == NULL) {
918 DEBUG(0, ("could not find domain entry for domain %s\n",
919 name_domain));
920 return WINBINDD_ERROR;
921 }
922
923 if (!domain_handles_open(domain)) {
924 return WINBINDD_ERROR;
925 }
926
927 slprintf(name, sizeof(name) - 1, "%s\\%s", name_domain, name_user);
928
929 /* Get rid and name type from name. The following costs 1 packet */
930
931 if (!winbindd_lookup_sid_by_name(name, &user_sid, &name_type)) {
932 DEBUG(1, ("user '%s' does not exist\n", name_user));
933 return WINBINDD_ERROR;
934 }
935
936 if (name_type != SID_NAME_USER) {
937 DEBUG(1, ("name '%s' is not a user name: %d\n", name_user,
938 name_type));
939 return WINBINDD_ERROR;
940 }
941
942 sid_split_rid(&user_sid, &user_rid);
943
944 if (!winbindd_lookup_usergroups(domain, user_rid, &num_groups,
945 &user_groups)) {
946 return WINBINDD_ERROR;
947 }
948
949 /* Copy data back to client */
950
951 num_gids = 0;
952 gid_list = malloc(sizeof(gid_t) * num_groups);
953
954 if (state->response.extra_data) {
955 result = WINBINDD_ERROR;
956 goto done;
957 }
958
959 for (i = 0; i < num_groups; i++) {
960 if (!winbindd_idmap_get_gid_from_rid(
961 domain->name, user_groups[i].g_rid,
962 &gid_list[num_gids])) {
963
964 DEBUG(1, ("unable to convert group rid %d to gid\n",
965 user_groups[i].g_rid));
966 continue;
967 }
968
969 num_gids++;
970 }
971
972 state->response.data.num_entries = num_gids;
973 state->response.extra_data = gid_list;
974 state->response.length += num_gids * sizeof(gid_t);
975
976 result = WINBINDD_OK;
977
978 done:
979 safe_free(user_groups);
980
981 return result;
982 }
WIP