summaryrefslogtreecommitdiff
path: root/nsswitch/libwbclient/wbc_sid.c
diff options
context:
space:
mode:
Diffstat (limited to 'nsswitch/libwbclient/wbc_sid.c')
-rw-r--r--nsswitch/libwbclient/wbc_sid.c672
1 files changed, 672 insertions, 0 deletions
diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
new file mode 100644
index 0000000000..e2157b9609
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -0,0 +1,672 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Winbind client API
+
+ Copyright (C) Gerald (Jerry) Carter 2007
+
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "libwbclient.h"
+
+
+/* Convert a binary SID to a character string */
+wbcErr wbcSidToString(const struct wbcDomainSid *sid,
+ char **sid_string)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ uint32_t id_auth;
+ int i;
+ char *tmp = NULL;
+
+ if (!sid) {
+ wbc_status = WBC_ERR_INVALID_SID;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ id_auth = sid->id_auth[5] +
+ (sid->id_auth[4] << 8) +
+ (sid->id_auth[3] << 16) +
+ (sid->id_auth[2] << 24);
+
+ tmp = talloc_asprintf(NULL, "S-%d-%d", sid->sid_rev_num, id_auth);
+ BAIL_ON_PTR_ERROR(tmp, wbc_status);
+
+ for (i=0; i<sid->num_auths; i++) {
+ char *tmp2;
+ tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]);
+ BAIL_ON_PTR_ERROR(tmp2, wbc_status);
+
+ tmp = tmp2;
+ }
+
+ *sid_string = tmp;
+ tmp = NULL;
+
+ wbc_status = WBC_ERR_SUCCESS;
+
+done:
+ talloc_free(tmp);
+
+ return wbc_status;
+}
+
+/* Convert a character string to a binary SID */
+wbcErr wbcStringToSid(const char *str,
+ struct wbcDomainSid *sid)
+{
+ const char *p;
+ char *q;
+ uint32_t x;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+ if (!sid) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ /* Sanity check for either "S-" or "s-" */
+
+ if (!str
+ || (str[0]!='S' && str[0]!='s')
+ || (str[1]!='-'))
+ {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ /* Get the SID revision number */
+
+ p = str+2;
+ x = (uint32_t)strtol(p, &q, 10);
+ if (x==0 || !q || *q!='-') {
+ wbc_status = WBC_ERR_INVALID_SID;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ sid->sid_rev_num = (uint8_t)x;
+
+ /* Next the Identifier Authority. This is stored in big-endian
+ in a 6 byte array. */
+
+ p = q+1;
+ x = (uint32_t)strtol(p, &q, 10);
+ if (!q || *q!='-') {
+ wbc_status = WBC_ERR_INVALID_SID;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ sid->id_auth[5] = (x & 0x000000ff);
+ sid->id_auth[4] = (x & 0x0000ff00) >> 8;
+ sid->id_auth[3] = (x & 0x00ff0000) >> 16;
+ sid->id_auth[2] = (x & 0xff000000) >> 24;
+ sid->id_auth[1] = 0;
+ sid->id_auth[0] = 0;
+
+ /* now read the the subauthorities */
+
+ p = q +1;
+ sid->num_auths = 0;
+ while (sid->num_auths < WBC_MAXSUBAUTHS) {
+ x=(uint32_t)strtoul(p, &q, 10);
+ if (p == q)
+ break;
+ if (q == NULL) {
+ wbc_status = WBC_ERR_INVALID_SID;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ sid->sub_auths[sid->num_auths++] = x;
+
+ if ((*q!='-') || (*q=='\0'))
+ break;
+ p = q + 1;
+ }
+
+ /* IF we ended early, then the SID could not be converted */
+
+ if (q && *q!='\0') {
+ wbc_status = WBC_ERR_INVALID_SID;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = WBC_ERR_SUCCESS;
+
+done:
+ return wbc_status;
+
+}
+
+/* Convert a domain and name to SID */
+wbcErr wbcLookupName(const char *domain,
+ const char *name,
+ struct wbcDomainSid *sid,
+ enum wbcSidType *name_type)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+ if (!sid || !name_type) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ /* Initialize request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ /* dst is already null terminated from the memset above */
+
+ strncpy(request.data.name.dom_name, domain,
+ sizeof(request.data.name.dom_name)-1);
+ strncpy(request.data.name.name, name,
+ sizeof(request.data.name.name)-1);
+
+ wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ wbc_status = wbcStringToSid(response.data.sid.sid, sid);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ *name_type = (enum wbcSidType)response.data.sid.type;
+
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ return wbc_status;
+}
+
+/* Convert a SID to a domain and name */
+wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
+ char **pdomain,
+ char **pname,
+ enum wbcSidType *pname_type)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ char *sid_string = NULL;
+ char *domain = NULL;
+ char *name = NULL;
+ enum wbcSidType name_type = WBC_SID_NAME_USE_NONE;
+
+ if (!sid) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ /* Initialize request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ /* dst is already null terminated from the memset above */
+
+ wbc_status = wbcSidToString(sid, &sid_string);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
+ wbcFreeMemory(sid_string);
+
+ /* Make request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ /* Copy out result */
+
+ domain = talloc_strdup(NULL, response.data.name.dom_name);
+ BAIL_ON_PTR_ERROR(domain, wbc_status);
+
+ name = talloc_strdup(NULL, response.data.name.name);
+ BAIL_ON_PTR_ERROR(name, wbc_status);
+
+ name_type = (enum wbcSidType)response.data.name.type;
+
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ if (pdomain != NULL) {
+ *pdomain = domain;
+ }
+ if (pname != NULL) {
+ *pname = name;
+ }
+ if (pname_type != NULL) {
+ *pname_type = name_type;
+ }
+ }
+ else {
+#if 0
+ /*
+ * Found by Coverity: In this particular routine we can't end
+ * up here with a non-NULL name. Further up there are just two
+ * exit paths that lead here, neither of which leave an
+ * allocated name. If you add more paths up there, re-activate
+ * this.
+ */
+ if (name != NULL) {
+ talloc_free(name);
+ }
+#endif
+ if (domain != NULL) {
+ talloc_free(domain);
+ }
+ }
+
+ return wbc_status;
+}
+
+/* Translate a collection of RIDs within a domain to names */
+
+wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
+ int num_rids,
+ uint32_t *rids,
+ const char **pp_domain_name,
+ const char ***pnames,
+ enum wbcSidType **ptypes)
+{
+ size_t i, len, ridbuf_size;
+ char *ridlist;
+ char *p;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ char *sid_string = NULL;
+ char *domain_name = NULL;
+ const char **names = NULL;
+ enum wbcSidType *types = NULL;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (!dom_sid || (num_rids == 0)) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = wbcSidToString(dom_sid, &sid_string);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
+ wbcFreeMemory(sid_string);
+
+ /* Even if all the Rids were of maximum 32bit values,
+ we would only have 11 bytes per rid in the final array
+ ("4294967296" + \n). Add one more byte for the
+ terminating '\0' */
+
+ ridbuf_size = (sizeof(char)*11) * num_rids + 1;
+
+ ridlist = talloc_zero_array(NULL, char, ridbuf_size);
+ BAIL_ON_PTR_ERROR(ridlist, wbc_status);
+
+ len = 0;
+ for (i=0; i<num_rids && (len-1)>0; i++) {
+ char ridstr[12];
+
+ len = strlen(ridlist);
+ p = ridlist + len;
+
+ snprintf( ridstr, sizeof(ridstr)-1, "%u\n", rids[i]);
+ strncat(p, ridstr, ridbuf_size-len-1);
+ }
+
+ request.extra_data.data = ridlist;
+ request.extra_len = strlen(ridlist)+1;
+
+ wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
+ &request,
+ &response);
+ talloc_free(ridlist);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ domain_name = talloc_strdup(NULL, response.data.domain_name);
+ BAIL_ON_PTR_ERROR(domain_name, wbc_status);
+
+ names = talloc_array(NULL, const char*, num_rids);
+ BAIL_ON_PTR_ERROR(names, wbc_status);
+
+ types = talloc_array(NULL, enum wbcSidType, num_rids);
+ BAIL_ON_PTR_ERROR(types, wbc_status);
+
+ p = (char *)response.extra_data.data;
+
+ for (i=0; i<num_rids; i++) {
+ char *q;
+
+ if (*p == '\0') {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ types[i] = (enum wbcSidType)strtoul(p, &q, 10);
+
+ if (*q != ' ') {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ p = q+1;
+
+ if ((q = strchr(p, '\n')) == NULL) {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ *q = '\0';
+
+ names[i] = talloc_strdup(names, p);
+ BAIL_ON_PTR_ERROR(names[i], wbc_status);
+
+ p = q+1;
+ }
+
+ if (*p != '\0') {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (response.extra_data.data) {
+ free(response.extra_data.data);
+ }
+
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ *pp_domain_name = domain_name;
+ *pnames = names;
+ *ptypes = types;
+ }
+ else {
+ if (domain_name)
+ talloc_free(domain_name);
+ if (names)
+ talloc_free(names);
+ if (types)
+ talloc_free(types);
+ }
+
+ return wbc_status;
+}
+
+/* Get the groups a user belongs to */
+wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
+ bool domain_groups_only,
+ uint32_t *num_sids,
+ struct wbcDomainSid **_sids)
+{
+ uint32_t i;
+ const char *s;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ char *sid_string = NULL;
+ struct wbcDomainSid *sids = NULL;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ int cmd;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (!user_sid) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = wbcSidToString(user_sid, &sid_string);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
+ wbcFreeMemory(sid_string);
+
+ if (domain_groups_only) {
+ cmd = WINBINDD_GETUSERDOMGROUPS;
+ } else {
+ cmd = WINBINDD_GETUSERSIDS;
+ }
+
+ wbc_status = wbcRequestResponse(cmd,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ if (response.data.num_entries &&
+ !response.extra_data.data) {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ sids = talloc_array(NULL, struct wbcDomainSid,
+ response.data.num_entries);
+ BAIL_ON_PTR_ERROR(sids, wbc_status);
+
+ s = (const char *)response.extra_data.data;
+ for (i = 0; i < response.data.num_entries; i++) {
+ char *n = strchr(s, '\n');
+ if (n) {
+ *n = '\0';
+ }
+ wbc_status = wbcStringToSid(s, &sids[i]);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ s += strlen(s) + 1;
+ }
+
+ *num_sids = response.data.num_entries;
+ *_sids = sids;
+ sids = NULL;
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (response.extra_data.data) {
+ free(response.extra_data.data);
+ }
+ if (sids) {
+ talloc_free(sids);
+ }
+
+ return wbc_status;
+}
+
+/* Lists Users */
+wbcErr wbcListUsers(const char *domain_name,
+ uint32_t *_num_users,
+ const char ***_users)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ uint32_t num_users = 0;
+ const char **users = NULL;
+ const char *next;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (domain_name) {
+ strncpy(request.domain_name, domain_name,
+ sizeof(request.domain_name)-1);
+ }
+
+ wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ /* Look through extra data */
+
+ next = (const char *)response.extra_data.data;
+ while (next) {
+ const char **tmp;
+ const char *current = next;
+ char *k = strchr(next, ',');
+ if (k) {
+ k[0] = '\0';
+ next = k+1;
+ } else {
+ next = NULL;
+ }
+
+ tmp = talloc_realloc(NULL, users,
+ const char *,
+ num_users+1);
+ BAIL_ON_PTR_ERROR(tmp, wbc_status);
+ users = tmp;
+
+ users[num_users] = talloc_strdup(users, current);
+ BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
+
+ num_users++;
+ }
+
+ *_num_users = num_users;
+ *_users = users;
+ users = NULL;
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (response.extra_data.data) {
+ free(response.extra_data.data);
+ }
+ if (users) {
+ talloc_free(users);
+ }
+ return wbc_status;
+}
+
+/* Lists Groups */
+wbcErr wbcListGroups(const char *domain_name,
+ uint32_t *_num_groups,
+ const char ***_groups)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ uint32_t num_groups = 0;
+ const char **groups = NULL;
+ const char *next;
+
+ /* Initialise request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (domain_name) {
+ strncpy(request.domain_name, domain_name,
+ sizeof(request.domain_name)-1);
+ }
+
+ wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ /* Look through extra data */
+
+ next = (const char *)response.extra_data.data;
+ while (next) {
+ const char **tmp;
+ const char *current = next;
+ char *k = strchr(next, ',');
+ if (k) {
+ k[0] = '\0';
+ next = k+1;
+ } else {
+ next = NULL;
+ }
+
+ tmp = talloc_realloc(NULL, groups,
+ const char *,
+ num_groups+1);
+ BAIL_ON_PTR_ERROR(tmp, wbc_status);
+ groups = tmp;
+
+ groups[num_groups] = talloc_strdup(groups, current);
+ BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
+
+ num_groups++;
+ }
+
+ *_num_groups = num_groups;
+ *_groups = groups;
+ groups = NULL;
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (response.extra_data.data) {
+ free(response.extra_data.data);
+ }
+ if (groups) {
+ talloc_free(groups);
+ }
+ return wbc_status;
+}
+
+wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
+ char **pdomain,
+ char **pfullname,
+ enum wbcSidType *pname_type)
+{
+ wbcErr wbc_status;
+ char *domain = NULL;
+ char *name = NULL;
+ enum wbcSidType name_type;
+
+ wbc_status = wbcLookupSid(sid, &domain, &name, &name_type);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ if (name_type == WBC_SID_NAME_USER) {
+ uid_t uid;
+ struct passwd *pwd;
+
+ wbc_status = wbcSidToUid(sid, &uid);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ wbc_status = wbcGetpwuid(uid, &pwd);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ wbcFreeMemory(name);
+
+ name = talloc_strdup(NULL, pwd->pw_gecos);
+ BAIL_ON_PTR_ERROR(name, wbc_status);
+ }
+
+ wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ *pdomain = domain;
+ *pfullname = name;
+ *pname_type = name_type;
+ } else {
+ wbcFreeMemory(domain);
+ wbcFreeMemory(name);
+ }
+
+ return wbc_status;
+}