2 Unix SMB/CIFS implementation.
4 Windows NT Domain nsswitch module
6 Copyright (C) Tim Potter 2000
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "winbind_client.h"
29 static pthread_mutex_t winbind_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
32 /* Maximum number of users to pass back over the unix domain socket
33 per call. This is not a static limit on the total number of users
34 or groups returned in total. */
36 #define MAX_GETPWENT_USERS 250
37 #define MAX_GETGRENT_USERS 250
39 NSS_STATUS _nss_winbind_setpwent(void);
40 NSS_STATUS _nss_winbind_endpwent(void);
41 NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
42 size_t buflen, int *errnop);
43 NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
44 char *buffer, size_t buflen, int *errnop);
45 NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
46 char *buffer, size_t buflen, int *errnop);
47 NSS_STATUS _nss_winbind_setgrent(void);
48 NSS_STATUS _nss_winbind_endgrent(void);
49 NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
50 size_t buflen, int *errnop);
51 NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
52 size_t buflen, int *errnop);
53 NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
54 char *buffer, size_t buflen, int *errnop);
55 NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
56 size_t buflen, int *errnop);
57 NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
58 long int *size, gid_t **groups,
59 long int limit, int *errnop);
60 NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
61 int *num_groups, char *buffer, size_t buf_size,
63 NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
64 size_t buflen, int *errnop);
65 NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
66 size_t buflen, int *errnop);
67 NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
68 NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
69 NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
70 size_t buflen, int *errnop);
71 NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
72 size_t buflen, int *errnop);
74 /* Prototypes from wb_common.c */
76 extern int winbindd_fd;
78 /* Allocate some space from the nss static buffer. The buffer and buflen
79 are the pointers passed in by the C library to the _nss_ntdom_*
82 static char *get_static(char **buffer, size_t *buflen, size_t len)
86 /* Error check. We return false if things aren't set up right, or
87 there isn't enough buffer space left. */
89 if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
93 /* Return an index into the static buffer */
102 /* I've copied the strtok() replacement function next_token_Xalloc() from
103 lib/util_str.c as I really don't want to have to link in any other
104 objects if I can possibly avoid it. */
106 static bool next_token_alloc(const char **ptr,
123 /* default to simple separators */
128 /* find the first non sep char */
129 while (*s && strchr(sep,*s)) {
138 /* When restarting we need to go from here. */
141 /* Work out the length needed. */
142 for (quoted = false; *s &&
143 (quoted || !strchr(sep,*s)); s++) {
151 /* We started with len = 1 so we have space for the nul. */
152 *pp_buff = malloc(len);
157 /* copy over the token */
160 for (quoted = false; *s &&
161 (quoted || !strchr(sep,*s)); s++) {
169 *ptr = (*s) ? s+1 : s;
175 /* Fill a pwent structure from a winbindd_response structure. We use
176 the static data passed to us by libc to put strings and stuff in.
177 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
179 static NSS_STATUS fill_pwent(struct passwd *result,
180 struct winbindd_pw *pw,
181 char **buffer, size_t *buflen)
185 if ((result->pw_name =
186 get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
190 return NSS_STATUS_TRYAGAIN;
193 strcpy(result->pw_name, pw->pw_name);
197 if ((result->pw_passwd =
198 get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
202 return NSS_STATUS_TRYAGAIN;
205 strcpy(result->pw_passwd, pw->pw_passwd);
209 result->pw_uid = pw->pw_uid;
210 result->pw_gid = pw->pw_gid;
214 if ((result->pw_gecos =
215 get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
219 return NSS_STATUS_TRYAGAIN;
222 strcpy(result->pw_gecos, pw->pw_gecos);
226 if ((result->pw_dir =
227 get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
231 return NSS_STATUS_TRYAGAIN;
234 strcpy(result->pw_dir, pw->pw_dir);
238 if ((result->pw_shell =
239 get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
243 return NSS_STATUS_TRYAGAIN;
246 strcpy(result->pw_shell, pw->pw_shell);
248 /* The struct passwd for Solaris has some extra fields which must
249 be initialised or nscd crashes. */
251 #if HAVE_PASSWD_PW_COMMENT
252 result->pw_comment = "";
255 #if HAVE_PASSWD_PW_AGE
259 return NSS_STATUS_SUCCESS;
262 /* Fill a grent structure from a winbindd_response structure. We use
263 the static data passed to us by libc to put strings and stuff in.
264 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
266 static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
267 char *gr_mem, char **buffer, size_t *buflen)
275 if ((result->gr_name =
276 get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
280 return NSS_STATUS_TRYAGAIN;
283 strcpy(result->gr_name, gr->gr_name);
287 if ((result->gr_passwd =
288 get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
291 return NSS_STATUS_TRYAGAIN;
294 strcpy(result->gr_passwd, gr->gr_passwd);
298 result->gr_gid = gr->gr_gid;
300 /* Group membership */
302 if ((gr->num_gr_mem < 0) || !gr_mem) {
306 /* this next value is a pointer to a pointer so let's align it */
308 /* Calculate number of extra bytes needed to align on pointer size boundry */
309 if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
310 i = sizeof(char*) - i;
312 if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
313 sizeof(char *)+i))) == NULL) {
317 return NSS_STATUS_TRYAGAIN;
319 result->gr_mem = (char **)(tst + i);
321 if (gr->num_gr_mem == 0) {
325 *(result->gr_mem) = NULL;
326 return NSS_STATUS_SUCCESS;
329 /* Start looking at extra data */
333 while(next_token_alloc((const char **)&gr_mem, &name, ",")) {
334 /* Allocate space for member */
335 if (((result->gr_mem)[i] =
336 get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
339 return NSS_STATUS_TRYAGAIN;
341 strcpy((result->gr_mem)[i], name);
348 (result->gr_mem)[i] = NULL;
350 return NSS_STATUS_SUCCESS;
357 static struct winbindd_response getpwent_response;
359 static int ndx_pw_cache; /* Current index into pwd cache */
360 static int num_pw_cache; /* Current size of pwd cache */
362 /* Rewind "file pointer" to start of ntdom password database */
365 _nss_winbind_setpwent(void)
369 fprintf(stderr, "[%5d]: setpwent\n", getpid());
373 pthread_mutex_lock(&winbind_nss_mutex);
376 if (num_pw_cache > 0) {
377 ndx_pw_cache = num_pw_cache = 0;
378 winbindd_free_response(&getpwent_response);
381 ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
383 fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
384 nss_err_str(ret), ret);
388 pthread_mutex_unlock(&winbind_nss_mutex);
393 /* Close ntdom password database "file pointer" */
396 _nss_winbind_endpwent(void)
400 fprintf(stderr, "[%5d]: endpwent\n", getpid());
404 pthread_mutex_lock(&winbind_nss_mutex);
407 if (num_pw_cache > 0) {
408 ndx_pw_cache = num_pw_cache = 0;
409 winbindd_free_response(&getpwent_response);
412 ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
414 fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
415 nss_err_str(ret), ret);
419 pthread_mutex_unlock(&winbind_nss_mutex);
425 /* Fetch the next password entry from ntdom password database */
428 _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
429 size_t buflen, int *errnop)
432 struct winbindd_request request;
433 static int called_again;
436 fprintf(stderr, "[%5d]: getpwent\n", getpid());
440 pthread_mutex_lock(&winbind_nss_mutex);
443 /* Return an entry from the cache if we have one, or if we are
444 called again because we exceeded our static buffer. */
446 if ((ndx_pw_cache < num_pw_cache) || called_again) {
450 /* Else call winbindd to get a bunch of entries */
452 if (num_pw_cache > 0) {
453 winbindd_free_response(&getpwent_response);
456 ZERO_STRUCT(request);
457 ZERO_STRUCT(getpwent_response);
459 request.data.num_entries = MAX_GETPWENT_USERS;
461 ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
464 if (ret == NSS_STATUS_SUCCESS) {
465 struct winbindd_pw *pw_cache;
470 num_pw_cache = getpwent_response.data.num_entries;
472 /* Return a result */
476 pw_cache = (struct winbindd_pw *)
477 getpwent_response.extra_data.data;
479 /* Check data is valid */
481 if (pw_cache == NULL) {
482 ret = NSS_STATUS_NOTFOUND;
486 ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
489 /* Out of memory - try again */
491 if (ret == NSS_STATUS_TRYAGAIN) {
493 *errnop = errno = ERANGE;
498 called_again = false;
501 /* If we've finished with this lot of results free cache */
503 if (ndx_pw_cache == num_pw_cache) {
504 ndx_pw_cache = num_pw_cache = 0;
505 winbindd_free_response(&getpwent_response);
510 fprintf(stderr, "[%5d]: getpwent returns %s (%d)\n", getpid(),
511 nss_err_str(ret), ret);
515 pthread_mutex_unlock(&winbind_nss_mutex);
520 /* Return passwd struct from uid */
523 _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
524 size_t buflen, int *errnop)
527 static struct winbindd_response response;
528 struct winbindd_request request;
529 static int keep_response;
532 fprintf(stderr, "[%5d]: getpwuid_r %d\n", getpid(), (unsigned int)uid);
536 pthread_mutex_lock(&winbind_nss_mutex);
539 /* If our static buffer needs to be expanded we are called again */
540 if (!keep_response || uid != response.data.pw.pw_uid) {
542 /* Call for the first time */
544 ZERO_STRUCT(response);
545 ZERO_STRUCT(request);
547 request.data.uid = uid;
549 ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
551 if (ret == NSS_STATUS_SUCCESS) {
552 ret = fill_pwent(result, &response.data.pw,
555 if (ret == NSS_STATUS_TRYAGAIN) {
556 keep_response = true;
557 *errnop = errno = ERANGE;
564 /* We've been called again */
566 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
568 if (ret == NSS_STATUS_TRYAGAIN) {
569 *errnop = errno = ERANGE;
573 keep_response = false;
577 winbindd_free_response(&response);
582 fprintf(stderr, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(),
583 (unsigned int)uid, nss_err_str(ret), ret);
587 pthread_mutex_unlock(&winbind_nss_mutex);
593 /* Return passwd struct from username */
595 _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
596 size_t buflen, int *errnop)
599 static struct winbindd_response response;
600 struct winbindd_request request;
601 static int keep_response;
604 fprintf(stderr, "[%5d]: getpwnam_r %s\n", getpid(), name);
608 pthread_mutex_lock(&winbind_nss_mutex);
611 /* If our static buffer needs to be expanded we are called again */
613 if (!keep_response || strcmp(name,response.data.pw.pw_name) != 0) {
615 /* Call for the first time */
617 ZERO_STRUCT(response);
618 ZERO_STRUCT(request);
620 strncpy(request.data.username, name,
621 sizeof(request.data.username) - 1);
622 request.data.username
623 [sizeof(request.data.username) - 1] = '\0';
625 ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
627 if (ret == NSS_STATUS_SUCCESS) {
628 ret = fill_pwent(result, &response.data.pw, &buffer,
631 if (ret == NSS_STATUS_TRYAGAIN) {
632 keep_response = true;
633 *errnop = errno = ERANGE;
640 /* We've been called again */
642 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
644 if (ret == NSS_STATUS_TRYAGAIN) {
645 keep_response = true;
646 *errnop = errno = ERANGE;
650 keep_response = false;
654 winbindd_free_response(&response);
657 fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
658 name, nss_err_str(ret), ret);
662 pthread_mutex_unlock(&winbind_nss_mutex);
669 * NSS group functions
672 static struct winbindd_response getgrent_response;
674 static int ndx_gr_cache; /* Current index into grp cache */
675 static int num_gr_cache; /* Current size of grp cache */
677 /* Rewind "file pointer" to start of ntdom group database */
680 _nss_winbind_setgrent(void)
684 fprintf(stderr, "[%5d]: setgrent\n", getpid());
688 pthread_mutex_lock(&winbind_nss_mutex);
691 if (num_gr_cache > 0) {
692 ndx_gr_cache = num_gr_cache = 0;
693 winbindd_free_response(&getgrent_response);
696 ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
698 fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
699 nss_err_str(ret), ret);
703 pthread_mutex_unlock(&winbind_nss_mutex);
709 /* Close "file pointer" for ntdom group database */
712 _nss_winbind_endgrent(void)
716 fprintf(stderr, "[%5d]: endgrent\n", getpid());
720 pthread_mutex_lock(&winbind_nss_mutex);
723 if (num_gr_cache > 0) {
724 ndx_gr_cache = num_gr_cache = 0;
725 winbindd_free_response(&getgrent_response);
728 ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
730 fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
731 nss_err_str(ret), ret);
735 pthread_mutex_unlock(&winbind_nss_mutex);
741 /* Get next entry from ntdom group database */
744 winbind_getgrent(enum winbindd_cmd cmd,
745 struct group *result,
746 char *buffer, size_t buflen, int *errnop)
749 static struct winbindd_request request;
750 static int called_again;
754 fprintf(stderr, "[%5d]: getgrent\n", getpid());
758 pthread_mutex_lock(&winbind_nss_mutex);
761 /* Return an entry from the cache if we have one, or if we are
762 called again because we exceeded our static buffer. */
764 if ((ndx_gr_cache < num_gr_cache) || called_again) {
768 /* Else call winbindd to get a bunch of entries */
770 if (num_gr_cache > 0) {
771 winbindd_free_response(&getgrent_response);
774 ZERO_STRUCT(request);
775 ZERO_STRUCT(getgrent_response);
777 request.data.num_entries = MAX_GETGRENT_USERS;
779 ret = winbindd_request_response(cmd, &request,
782 if (ret == NSS_STATUS_SUCCESS) {
783 struct winbindd_gr *gr_cache;
789 num_gr_cache = getgrent_response.data.num_entries;
791 /* Return a result */
795 gr_cache = (struct winbindd_gr *)
796 getgrent_response.extra_data.data;
798 /* Check data is valid */
800 if (gr_cache == NULL) {
801 ret = NSS_STATUS_NOTFOUND;
805 /* Fill group membership. The offset into the extra data
806 for the group membership is the reported offset plus the
807 size of all the winbindd_gr records returned. */
809 mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
810 num_gr_cache * sizeof(struct winbindd_gr);
812 ret = fill_grent(result, &gr_cache[ndx_gr_cache],
813 ((char *)getgrent_response.extra_data.data)+mem_ofs,
816 /* Out of memory - try again */
818 if (ret == NSS_STATUS_TRYAGAIN) {
820 *errnop = errno = ERANGE;
825 called_again = false;
828 /* If we've finished with this lot of results free cache */
830 if (ndx_gr_cache == num_gr_cache) {
831 ndx_gr_cache = num_gr_cache = 0;
832 winbindd_free_response(&getgrent_response);
837 fprintf(stderr, "[%5d]: getgrent returns %s (%d)\n", getpid(),
838 nss_err_str(ret), ret);
842 pthread_mutex_unlock(&winbind_nss_mutex);
850 _nss_winbind_getgrent_r(struct group *result,
851 char *buffer, size_t buflen, int *errnop)
853 return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
857 _nss_winbind_getgrlst_r(struct group *result,
858 char *buffer, size_t buflen, int *errnop)
860 return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
863 /* Return group struct from group name */
866 _nss_winbind_getgrnam_r(const char *name,
867 struct group *result, char *buffer,
868 size_t buflen, int *errnop)
871 static struct winbindd_response response;
872 struct winbindd_request request;
873 static int keep_response;
876 fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
880 pthread_mutex_lock(&winbind_nss_mutex);
883 /* If our static buffer needs to be expanded we are called again */
884 /* Or if the stored response group name differs from the request. */
886 if (!keep_response || strcmp(name,response.data.gr.gr_name) != 0) {
888 /* Call for the first time */
890 ZERO_STRUCT(request);
891 ZERO_STRUCT(response);
893 strncpy(request.data.groupname, name,
894 sizeof(request.data.groupname));
895 request.data.groupname
896 [sizeof(request.data.groupname) - 1] = '\0';
898 ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
900 if (ret == NSS_STATUS_SUCCESS) {
901 ret = fill_grent(result, &response.data.gr,
902 (char *)response.extra_data.data,
905 if (ret == NSS_STATUS_TRYAGAIN) {
906 keep_response = true;
907 *errnop = errno = ERANGE;
914 /* We've been called again */
916 ret = fill_grent(result, &response.data.gr,
917 (char *)response.extra_data.data, &buffer,
920 if (ret == NSS_STATUS_TRYAGAIN) {
921 keep_response = true;
922 *errnop = errno = ERANGE;
926 keep_response = false;
930 winbindd_free_response(&response);
933 fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
934 name, nss_err_str(ret), ret);
938 pthread_mutex_unlock(&winbind_nss_mutex);
944 /* Return group struct from gid */
947 _nss_winbind_getgrgid_r(gid_t gid,
948 struct group *result, char *buffer,
949 size_t buflen, int *errnop)
952 static struct winbindd_response response;
953 struct winbindd_request request;
954 static int keep_response;
957 fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
961 pthread_mutex_lock(&winbind_nss_mutex);
964 /* If our static buffer needs to be expanded we are called again */
965 /* Or if the stored response group name differs from the request. */
967 if (!keep_response || gid != response.data.gr.gr_gid) {
969 /* Call for the first time */
971 ZERO_STRUCT(request);
972 ZERO_STRUCT(response);
974 request.data.gid = gid;
976 ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
978 if (ret == NSS_STATUS_SUCCESS) {
980 ret = fill_grent(result, &response.data.gr,
981 (char *)response.extra_data.data,
984 if (ret == NSS_STATUS_TRYAGAIN) {
985 keep_response = true;
986 *errnop = errno = ERANGE;
993 /* We've been called again */
995 ret = fill_grent(result, &response.data.gr,
996 (char *)response.extra_data.data, &buffer,
999 if (ret == NSS_STATUS_TRYAGAIN) {
1000 keep_response = true;
1001 *errnop = errno = ERANGE;
1005 keep_response = false;
1009 winbindd_free_response(&response);
1012 fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
1013 (unsigned int)gid, nss_err_str(ret), ret);
1017 pthread_mutex_unlock(&winbind_nss_mutex);
1022 /* Initialise supplementary groups */
1025 _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
1026 long int *size, gid_t **groups, long int limit,
1030 struct winbindd_request request;
1031 struct winbindd_response response;
1035 fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
1040 pthread_mutex_lock(&winbind_nss_mutex);
1043 ZERO_STRUCT(request);
1044 ZERO_STRUCT(response);
1046 strncpy(request.data.username, user,
1047 sizeof(request.data.username) - 1);
1049 ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
1051 if (ret == NSS_STATUS_SUCCESS) {
1052 int num_gids = response.data.num_entries;
1053 gid_t *gid_list = (gid_t *)response.extra_data.data;
1056 fprintf(stderr, "[%5d]: initgroups %s: got NSS_STATUS_SUCCESS "
1057 "and %d gids\n", getpid(),
1060 if (gid_list == NULL) {
1061 ret = NSS_STATUS_NOTFOUND;
1065 /* Copy group list to client */
1067 for (i = 0; i < num_gids; i++) {
1070 fprintf(stderr, "[%5d]: initgroups %s (%d): "
1071 "processing gid %d \n", getpid(),
1072 user, group, gid_list[i]);
1075 /* Skip primary group */
1077 if (gid_list[i] == group) {
1081 /* Filled buffer ? If so, resize. */
1083 if (*start == *size) {
1087 newsize = 2 * (*size);
1089 if (*size == limit) {
1092 if (newsize > limit) {
1097 newgroups = (gid_t *)
1099 newsize * sizeof(**groups));
1102 ret = NSS_STATUS_NOTFOUND;
1105 *groups = newgroups;
1111 (*groups)[*start] = gid_list[i];
1116 /* Back to your regularly scheduled programming */
1120 fprintf(stderr, "[%5d]: initgroups %s returns %s (%d)\n", getpid(),
1121 user, nss_err_str(ret), ret);
1125 pthread_mutex_unlock(&winbind_nss_mutex);
1132 /* return a list of group SIDs for a user SID */
1134 _nss_winbind_getusersids(const char *user_sid, char **group_sids,
1136 char *buffer, size_t buf_size, int *errnop)
1139 struct winbindd_request request;
1140 struct winbindd_response response;
1143 fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
1147 pthread_mutex_lock(&winbind_nss_mutex);
1150 ZERO_STRUCT(request);
1151 ZERO_STRUCT(response);
1153 strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
1154 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1156 ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
1158 if (ret != NSS_STATUS_SUCCESS) {
1162 if (buf_size < response.length - sizeof(response)) {
1163 ret = NSS_STATUS_TRYAGAIN;
1164 errno = *errnop = ERANGE;
1168 *num_groups = response.data.num_entries;
1169 *group_sids = buffer;
1170 memcpy(buffer, response.extra_data.data, response.length - sizeof(response));
1171 errno = *errnop = 0;
1174 winbindd_free_response(&response);
1177 pthread_mutex_unlock(&winbind_nss_mutex);
1184 /* map a user or group name to a SID string */
1186 _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
1187 size_t buflen, int *errnop)
1190 struct winbindd_response response;
1191 struct winbindd_request request;
1194 fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
1198 pthread_mutex_lock(&winbind_nss_mutex);
1201 ZERO_STRUCT(response);
1202 ZERO_STRUCT(request);
1204 strncpy(request.data.name.name, name,
1205 sizeof(request.data.name.name) - 1);
1206 request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
1208 ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
1209 if (ret != NSS_STATUS_SUCCESS) {
1210 *errnop = errno = EINVAL;
1214 if (buflen < strlen(response.data.sid.sid)+1) {
1215 ret = NSS_STATUS_TRYAGAIN;
1216 *errnop = errno = ERANGE;
1220 *errnop = errno = 0;
1222 strcpy(*sid, response.data.sid.sid);
1225 winbindd_free_response(&response);
1228 pthread_mutex_unlock(&winbind_nss_mutex);
1234 /* map a sid string to a user or group name */
1236 _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
1237 size_t buflen, int *errnop)
1240 struct winbindd_response response;
1241 struct winbindd_request request;
1242 static char sep_char;
1246 fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
1250 pthread_mutex_lock(&winbind_nss_mutex);
1253 ZERO_STRUCT(response);
1254 ZERO_STRUCT(request);
1256 /* we need to fetch the separator first time through */
1258 ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
1259 if (ret != NSS_STATUS_SUCCESS) {
1260 *errnop = errno = EINVAL;
1264 sep_char = response.data.info.winbind_separator;
1265 winbindd_free_response(&response);
1269 strncpy(request.data.sid, sid,
1270 sizeof(request.data.sid) - 1);
1271 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1273 ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
1274 if (ret != NSS_STATUS_SUCCESS) {
1275 *errnop = errno = EINVAL;
1280 strlen(response.data.name.dom_name) +
1281 strlen(response.data.name.name) + 2;
1283 if (buflen < needed) {
1284 ret = NSS_STATUS_TRYAGAIN;
1285 *errnop = errno = ERANGE;
1289 snprintf(buffer, needed, "%s%c%s",
1290 response.data.name.dom_name,
1292 response.data.name.name);
1295 *errnop = errno = 0;
1298 winbindd_free_response(&response);
1301 pthread_mutex_unlock(&winbind_nss_mutex);
1307 /* map a sid to a uid */
1309 _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
1312 struct winbindd_response response;
1313 struct winbindd_request request;
1316 fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
1320 pthread_mutex_lock(&winbind_nss_mutex);
1323 ZERO_STRUCT(request);
1324 ZERO_STRUCT(response);
1326 strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
1327 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1329 ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
1330 if (ret != NSS_STATUS_SUCCESS) {
1331 *errnop = errno = EINVAL;
1335 *uid = response.data.uid;
1340 pthread_mutex_unlock(&winbind_nss_mutex);
1346 /* map a sid to a gid */
1348 _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
1351 struct winbindd_response response;
1352 struct winbindd_request request;
1355 fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
1359 pthread_mutex_lock(&winbind_nss_mutex);
1362 ZERO_STRUCT(request);
1363 ZERO_STRUCT(response);
1365 strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
1366 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1368 ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
1369 if (ret != NSS_STATUS_SUCCESS) {
1370 *errnop = errno = EINVAL;
1374 *gid = response.data.gid;
1379 pthread_mutex_unlock(&winbind_nss_mutex);
1385 /* map a uid to a SID string */
1387 _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
1388 size_t buflen, int *errnop)
1391 struct winbindd_response response;
1392 struct winbindd_request request;
1395 fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
1399 pthread_mutex_lock(&winbind_nss_mutex);
1402 ZERO_STRUCT(response);
1403 ZERO_STRUCT(request);
1405 request.data.uid = uid;
1407 ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
1408 if (ret != NSS_STATUS_SUCCESS) {
1409 *errnop = errno = EINVAL;
1413 if (buflen < strlen(response.data.sid.sid)+1) {
1414 ret = NSS_STATUS_TRYAGAIN;
1415 *errnop = errno = ERANGE;
1419 *errnop = errno = 0;
1421 strcpy(*sid, response.data.sid.sid);
1424 winbindd_free_response(&response);
1427 pthread_mutex_unlock(&winbind_nss_mutex);
1433 /* map a gid to a SID string */
1435 _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
1436 size_t buflen, int *errnop)
1439 struct winbindd_response response;
1440 struct winbindd_request request;
1443 fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
1447 pthread_mutex_lock(&winbind_nss_mutex);
1450 ZERO_STRUCT(response);
1451 ZERO_STRUCT(request);
1453 request.data.gid = gid;
1455 ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
1456 if (ret != NSS_STATUS_SUCCESS) {
1457 *errnop = errno = EINVAL;
1461 if (buflen < strlen(response.data.sid.sid)+1) {
1462 ret = NSS_STATUS_TRYAGAIN;
1463 *errnop = errno = ERANGE;
1467 *errnop = errno = 0;
1469 strcpy(*sid, response.data.sid.sid);
1472 winbindd_free_response(&response);
1475 pthread_mutex_unlock(&winbind_nss_mutex);