diff options
Diffstat (limited to 'nsswitch/libwbclient')
-rw-r--r-- | nsswitch/libwbclient/wbc_pwd.c | 39 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbc_sid.c | 139 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbclient.h | 24 |
3 files changed, 201 insertions, 1 deletions
diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c index cd945996c8..dacd9499dd 100644 --- a/nsswitch/libwbclient/wbc_pwd.c +++ b/nsswitch/libwbclient/wbc_pwd.c @@ -190,6 +190,45 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) return wbc_status; } +/* Fill in a struct passwd* for a domain user based on sid */ +wbcErr wbcGetpwsid(struct wbcDomainSid *sid, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + char * sid_string = NULL; + + if (!pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)); + + wbc_status = wbcRequestResponse(WINBINDD_GETPWSID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + if (sid_string) { + wbcFreeMemory(sid_string); + } + + return wbc_status; +} + /* Fill in a struct passwd* for a domain user based on username */ wbcErr wbcGetgrnam(const char *name, struct group **grp) { diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c index e2157b9609..46c59a9513 100644 --- a/nsswitch/libwbclient/wbc_sid.c +++ b/nsswitch/libwbclient/wbc_sid.c @@ -491,6 +491,145 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, return wbc_status; } +static inline +wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid) +{ + if (sid->num_auths < 1) { + return WBC_ERR_INVALID_RESPONSE; + } + *rid = sid->sub_auths[sid->num_auths - 1]; + + return WBC_ERR_SUCCESS; +} + +/* Get alias membership for sids */ +wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid, + struct wbcDomainSid *sids, + uint32_t num_sids, + uint32_t **alias_rids, + uint32_t *num_alias_rids) +{ + uint32_t i; + const char *s; + struct winbindd_request request; + struct winbindd_response response; + char *sid_string = NULL; + ssize_t sid_len; + ssize_t extra_data_len = 0; + char * extra_data = NULL; + ssize_t buflen = 0; + struct wbcDomainSid sid; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + uint32_t * rids = NULL; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!dom_sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcSidToString(dom_sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1); + wbcFreeMemory(sid_string); + sid_string = NULL; + + /* Lets assume each sid is around 54 characters + * S-1-5-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */ + buflen = 54 * num_sids; + extra_data = talloc_array(NULL, char, buflen); + if (!extra_data) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Build the sid list */ + for (i=0; i<num_sids; i++) { + if (sid_string) { + wbcFreeMemory(sid_string); + sid_string = NULL; + } + wbc_status = wbcSidToString(&sids[i], &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + sid_len = strlen(sid_string); + + if (buflen < extra_data_len + sid_len + 2) { + buflen *= 2; + extra_data = talloc_realloc(NULL, extra_data, + char, buflen); + if (!extra_data) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + } + + strncpy(&extra_data[extra_data_len], sid_string, + buflen - extra_data_len); + extra_data_len += sid_len; + extra_data[extra_data_len++] = '\n'; + extra_data[extra_data_len] = '\0'; + } + + request.extra_data.data = extra_data; + request.extra_len = extra_data_len; + + wbc_status = wbcRequestResponse(WINBINDD_GETSIDALIASES, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + if (response.data.num_entries && + !response.extra_data.data) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + rids = talloc_array(NULL, uint32_t, + response.data.num_entries); + BAIL_ON_PTR_ERROR(sids, wbc_status); + + s = (const char *)response.extra_data.data; + for (i = 0; i < response.data.num_entries; i++) { + char *n = strchr(s, '\n'); + if (n) { + *n = '\0'; + } + wbc_status = wbcStringToSid(s, &sid); + BAIL_ON_WBC_ERROR(wbc_status); + wbc_status = _sid_to_rid(&sid, &rids[i]); + BAIL_ON_WBC_ERROR(wbc_status); + s += strlen(s) + 1; + } + + *num_alias_rids = response.data.num_entries; + *alias_rids = rids; + rids = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + if (sid_string) { + wbcFreeMemory(sid_string); + } + if (extra_data) { + talloc_free(extra_data); + } + if (response.extra_data.data) { + free(response.extra_data.data); + } + if (rids) { + talloc_free(rids); + } + + return wbc_status; +} + + /* Lists Users */ wbcErr wbcListUsers(const char *domain_name, uint32_t *_num_users, diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 990cc52df7..9d29951ae5 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -60,9 +60,11 @@ const char *wbcErrorString(wbcErr error); * 0.1: Initial version * 0.2: Added wbcRemoveUidMapping() * Added wbcRemoveGidMapping() + * 0.3: Added wbcGetpwsid() + * Added wbcGetSidAliases() **/ #define WBCLIENT_MAJOR_VERSION 0 -#define WBCLIENT_MINOR_VERSION 2 +#define WBCLIENT_MINOR_VERSION 3 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" struct wbcLibraryDetails { uint16_t major_version; @@ -615,6 +617,15 @@ wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, uint32_t *num_sids, struct wbcDomainSid **sids); +/* + * @brief Get alias membership for sids + **/ +wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid, + struct wbcDomainSid *sids, + uint32_t num_sids, + uint32_t **alias_rids, + uint32_t *num_alias_rids); + /** * @brief Lists Users **/ @@ -838,6 +849,17 @@ wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); /** * @brief Fill in a struct passwd* for a domain user based + * on sid + * + * @param sid Sid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based * on username * * @param *name Username to lookup |