2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2010
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Library General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* Required Headers */
27 #include "libwbclient.h"
28 #include "../winbind_client.h"
30 /* Convert a sid to a string into a buffer. Return the string
31 * length. If buflen is too small, return the string length that would
32 * result if it was long enough. */
33 int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen)
39 strlcpy(buf, "(NULL SID)", buflen);
40 return 10; /* strlen("(NULL SID)") */
44 * BIG NOTE: this function only does SIDS where the identauth is not
45 * >= ^32 in a range of 2^48.
48 id_auth = sid->id_auth[5] +
49 (sid->id_auth[4] << 8) +
50 (sid->id_auth[3] << 16) +
51 (sid->id_auth[2] << 24);
53 ofs = snprintf(buf, buflen, "S-%u-%lu",
54 (unsigned int)sid->sid_rev_num, (unsigned long)id_auth);
56 for (i = 0; i < sid->num_auths; i++) {
57 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%lu",
58 (unsigned long)sid->sub_auths[i]);
63 /* Convert a binary SID to a character string */
64 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
67 char buf[WBC_SID_STRING_BUFLEN];
72 return WBC_ERR_INVALID_SID;
75 len = wbcSidToStringBuf(sid, buf, sizeof(buf));
77 if (len+1 > sizeof(buf)) {
78 return WBC_ERR_INVALID_SID;
81 result = (char *)wbcAllocateMemory(len+1, 1, NULL);
83 return WBC_ERR_NO_MEMORY;
85 memcpy(result, buf, len+1);
88 return WBC_ERR_SUCCESS;
91 #define AUTHORITY_MASK (~(0xffffffffffffULL))
93 /* Convert a character string to a binary SID */
94 wbcErr wbcStringToSid(const char *str,
95 struct wbcDomainSid *sid)
100 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
103 wbc_status = WBC_ERR_INVALID_PARAM;
104 BAIL_ON_WBC_ERROR(wbc_status);
107 /* Sanity check for either "S-" or "s-" */
110 || (str[0]!='S' && str[0]!='s')
113 wbc_status = WBC_ERR_INVALID_PARAM;
114 BAIL_ON_WBC_ERROR(wbc_status);
117 /* Get the SID revision number */
120 x = (uint64_t)strtoul(p, &q, 10);
121 if (x==0 || x > UINT8_MAX || !q || *q!='-') {
122 wbc_status = WBC_ERR_INVALID_SID;
123 BAIL_ON_WBC_ERROR(wbc_status);
125 sid->sid_rev_num = (uint8_t)x;
128 * Next the Identifier Authority. This is stored big-endian in a
129 * 6 byte array. If the authority value is >= UINT_MAX, then it should
130 * be expressed as a hex value, according to MS-DTYP.
133 x = strtoull(p, &q, 0);
134 if (!q || *q!='-' || (x & AUTHORITY_MASK)) {
135 wbc_status = WBC_ERR_INVALID_SID;
136 BAIL_ON_WBC_ERROR(wbc_status);
138 sid->id_auth[5] = (x & 0x0000000000ffULL);
139 sid->id_auth[4] = (x & 0x00000000ff00ULL) >> 8;
140 sid->id_auth[3] = (x & 0x000000ff0000ULL) >> 16;
141 sid->id_auth[2] = (x & 0x0000ff000000ULL) >> 24;
142 sid->id_auth[1] = (x & 0x00ff00000000ULL) >> 32;
143 sid->id_auth[0] = (x & 0xff0000000000ULL) >> 40;
145 /* now read the the subauthorities */
148 while (sid->num_auths < WBC_MAXSUBAUTHS) {
149 x = strtoull(p, &q, 10);
152 if (x > UINT32_MAX) {
153 wbc_status = WBC_ERR_INVALID_SID;
154 BAIL_ON_WBC_ERROR(wbc_status);
156 sid->sub_auths[sid->num_auths++] = x;
164 /* IF we ended early, then the SID could not be converted */
167 wbc_status = WBC_ERR_INVALID_SID;
168 BAIL_ON_WBC_ERROR(wbc_status);
171 wbc_status = WBC_ERR_SUCCESS;
179 /* Convert a domain and name to SID */
180 wbcErr wbcLookupName(const char *domain,
182 struct wbcDomainSid *sid,
183 enum wbcSidType *name_type)
185 struct winbindd_request request;
186 struct winbindd_response response;
187 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
189 if (!sid || !name_type) {
190 wbc_status = WBC_ERR_INVALID_PARAM;
191 BAIL_ON_WBC_ERROR(wbc_status);
194 /* Initialize request */
196 ZERO_STRUCT(request);
197 ZERO_STRUCT(response);
199 /* dst is already null terminated from the memset above */
201 strncpy(request.data.name.dom_name, domain,
202 sizeof(request.data.name.dom_name)-1);
203 strncpy(request.data.name.name, name,
204 sizeof(request.data.name.name)-1);
206 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
209 BAIL_ON_WBC_ERROR(wbc_status);
211 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
212 BAIL_ON_WBC_ERROR(wbc_status);
214 *name_type = (enum wbcSidType)response.data.sid.type;
216 wbc_status = WBC_ERR_SUCCESS;
223 /* Convert a SID to a domain and name */
224 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
227 enum wbcSidType *pname_type)
229 struct winbindd_request request;
230 struct winbindd_response response;
231 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
235 return WBC_ERR_INVALID_PARAM;
238 /* Initialize request */
240 ZERO_STRUCT(request);
241 ZERO_STRUCT(response);
243 wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
247 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID, &request,
249 if (!WBC_ERROR_IS_OK(wbc_status)) {
253 /* Copy out result */
255 wbc_status = WBC_ERR_NO_MEMORY;
259 domain = wbcStrDup(response.data.name.dom_name);
260 if (domain == NULL) {
263 name = wbcStrDup(response.data.name.name);
267 if (pdomain != NULL) {
275 if (pname_type != NULL) {
276 *pname_type = (enum wbcSidType)response.data.name.type;
278 wbc_status = WBC_ERR_SUCCESS;
281 wbcFreeMemory(domain);
285 static void wbcDomainInfosDestructor(void *ptr)
287 struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
289 while (i->short_name != NULL) {
290 wbcFreeMemory(i->short_name);
291 wbcFreeMemory(i->dns_name);
296 static void wbcTranslatedNamesDestructor(void *ptr)
298 struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr;
300 while (n->name != NULL) {
301 wbcFreeMemory(n->name);
306 wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
307 struct wbcDomainInfo **pdomains, int *pnum_domains,
308 struct wbcTranslatedName **pnames)
310 struct winbindd_request request;
311 struct winbindd_response response;
312 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
313 int buflen, i, extra_len, num_domains, num_names;
314 char *sidlist, *p, *q, *extra_data;
315 struct wbcDomainInfo *domains = NULL;
316 struct wbcTranslatedName *names = NULL;
318 buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
320 sidlist = (char *)malloc(buflen);
321 if (sidlist == NULL) {
322 return WBC_ERR_NO_MEMORY;
327 for (i=0; i<num_sids; i++) {
331 remaining = buflen - (p - sidlist);
333 len = wbcSidToStringBuf(&sids[i], p, remaining);
334 if (len > remaining) {
336 return WBC_ERR_UNKNOWN_FAILURE;
344 ZERO_STRUCT(request);
345 ZERO_STRUCT(response);
347 request.extra_data.data = sidlist;
348 request.extra_len = p - sidlist;
350 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSIDS,
351 &request, &response);
353 if (!WBC_ERROR_IS_OK(wbc_status)) {
357 extra_len = response.length - sizeof(struct winbindd_response);
358 extra_data = (char *)response.extra_data.data;
360 if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
361 goto wbc_err_invalid;
366 num_domains = strtoul(p, &q, 10);
368 goto wbc_err_invalid;
372 domains = (struct wbcDomainInfo *)wbcAllocateMemory(
373 num_domains+1, sizeof(struct wbcDomainInfo),
374 wbcDomainInfosDestructor);
375 if (domains == NULL) {
376 wbc_status = WBC_ERR_NO_MEMORY;
380 for (i=0; i<num_domains; i++) {
384 goto wbc_err_invalid;
387 wbc_status = wbcStringToSid(p, &domains[i].sid);
388 if (!WBC_ERROR_IS_OK(wbc_status)) {
395 goto wbc_err_invalid;
398 domains[i].short_name = wbcStrDup(p);
399 if (domains[i].short_name == NULL) {
400 wbc_status = WBC_ERR_NO_MEMORY;
406 num_names = strtoul(p, &q, 10);
408 goto wbc_err_invalid;
412 if (num_names != num_sids) {
413 goto wbc_err_invalid;
416 names = (struct wbcTranslatedName *)wbcAllocateMemory(
417 num_names+1, sizeof(struct wbcTranslatedName),
418 wbcTranslatedNamesDestructor);
420 wbc_status = WBC_ERR_NO_MEMORY;
424 for (i=0; i<num_names; i++) {
426 names[i].domain_index = strtoul(p, &q, 10);
428 goto wbc_err_invalid;
432 names[i].type = strtoul(p, &q, 10);
434 goto wbc_err_invalid;
440 goto wbc_err_invalid;
443 names[i].name = wbcStrDup(p);
444 if (names[i].name == NULL) {
445 wbc_status = WBC_ERR_NO_MEMORY;
451 goto wbc_err_invalid;
456 winbindd_free_response(&response);
457 return WBC_ERR_SUCCESS;
460 wbc_status = WBC_ERR_INVALID_RESPONSE;
462 winbindd_free_response(&response);
463 wbcFreeMemory(domains);
464 wbcFreeMemory(names);
468 /* Translate a collection of RIDs within a domain to names */
470 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
473 const char **pp_domain_name,
474 const char ***pnames,
475 enum wbcSidType **ptypes)
477 size_t i, len, ridbuf_size;
480 struct winbindd_request request;
481 struct winbindd_response response;
482 char *domain_name = NULL;
483 const char **names = NULL;
484 enum wbcSidType *types = NULL;
485 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
487 /* Initialise request */
489 ZERO_STRUCT(request);
490 ZERO_STRUCT(response);
492 if (!dom_sid || (num_rids == 0)) {
493 wbc_status = WBC_ERR_INVALID_PARAM;
494 BAIL_ON_WBC_ERROR(wbc_status);
497 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
499 /* Even if all the Rids were of maximum 32bit values,
500 we would only have 11 bytes per rid in the final array
501 ("4294967296" + \n). Add one more byte for the
504 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
506 ridlist = (char *)malloc(ridbuf_size);
507 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
510 for (i=0; i<num_rids; i++) {
511 len += snprintf(ridlist + len, ridbuf_size - len, "%u\n",
517 request.extra_data.data = ridlist;
518 request.extra_len = len;
520 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
524 BAIL_ON_WBC_ERROR(wbc_status);
526 domain_name = wbcStrDup(response.data.domain_name);
527 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
529 names = wbcAllocateStringArray(num_rids);
530 BAIL_ON_PTR_ERROR(names, wbc_status);
532 types = (enum wbcSidType *)wbcAllocateMemory(
533 num_rids, sizeof(enum wbcSidType), NULL);
534 BAIL_ON_PTR_ERROR(types, wbc_status);
536 p = (char *)response.extra_data.data;
538 for (i=0; i<num_rids; i++) {
542 wbc_status = WBC_ERR_INVALID_RESPONSE;
546 types[i] = (enum wbcSidType)strtoul(p, &q, 10);
549 wbc_status = WBC_ERR_INVALID_RESPONSE;
555 if ((q = strchr(p, '\n')) == NULL) {
556 wbc_status = WBC_ERR_INVALID_RESPONSE;
562 names[i] = strdup(p);
563 BAIL_ON_PTR_ERROR(names[i], wbc_status);
569 wbc_status = WBC_ERR_INVALID_RESPONSE;
573 wbc_status = WBC_ERR_SUCCESS;
576 winbindd_free_response(&response);
578 if (WBC_ERROR_IS_OK(wbc_status)) {
579 *pp_domain_name = domain_name;
584 wbcFreeMemory(domain_name);
585 wbcFreeMemory(names);
586 wbcFreeMemory(types);
592 /* Get the groups a user belongs to */
593 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
594 bool domain_groups_only,
596 struct wbcDomainSid **_sids)
600 struct winbindd_request request;
601 struct winbindd_response response;
602 struct wbcDomainSid *sids = NULL;
603 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
606 /* Initialise request */
608 ZERO_STRUCT(request);
609 ZERO_STRUCT(response);
612 wbc_status = WBC_ERR_INVALID_PARAM;
613 BAIL_ON_WBC_ERROR(wbc_status);
616 wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid));
618 if (domain_groups_only) {
619 cmd = WINBINDD_GETUSERDOMGROUPS;
621 cmd = WINBINDD_GETUSERSIDS;
624 wbc_status = wbcRequestResponse(cmd,
627 BAIL_ON_WBC_ERROR(wbc_status);
629 if (response.data.num_entries &&
630 !response.extra_data.data) {
631 wbc_status = WBC_ERR_INVALID_RESPONSE;
632 BAIL_ON_WBC_ERROR(wbc_status);
635 sids = (struct wbcDomainSid *)wbcAllocateMemory(
636 response.data.num_entries, sizeof(struct wbcDomainSid),
638 BAIL_ON_PTR_ERROR(sids, wbc_status);
640 s = (const char *)response.extra_data.data;
641 for (i = 0; i < response.data.num_entries; i++) {
642 char *n = strchr(s, '\n');
646 wbc_status = wbcStringToSid(s, &sids[i]);
647 BAIL_ON_WBC_ERROR(wbc_status);
651 *num_sids = response.data.num_entries;
654 wbc_status = WBC_ERR_SUCCESS;
657 winbindd_free_response(&response);
666 wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
668 if (sid->num_auths < 1) {
669 return WBC_ERR_INVALID_RESPONSE;
671 *rid = sid->sub_auths[sid->num_auths - 1];
673 return WBC_ERR_SUCCESS;
676 /* Get alias membership for sids */
677 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
678 struct wbcDomainSid *sids,
680 uint32_t **alias_rids,
681 uint32_t *num_alias_rids)
685 struct winbindd_request request;
686 struct winbindd_response response;
687 ssize_t extra_data_len = 0;
688 char * extra_data = NULL;
690 struct wbcDomainSid sid;
691 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
692 uint32_t * rids = NULL;
694 /* Initialise request */
696 ZERO_STRUCT(request);
697 ZERO_STRUCT(response);
700 wbc_status = WBC_ERR_INVALID_PARAM;
704 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
706 /* Lets assume each sid is around 57 characters
707 * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
708 buflen = 57 * num_sids;
709 extra_data = (char *)malloc(buflen);
711 wbc_status = WBC_ERR_NO_MEMORY;
715 /* Build the sid list */
716 for (i=0; i<num_sids; i++) {
717 char sid_str[WBC_SID_STRING_BUFLEN];
720 sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str));
722 if (buflen < extra_data_len + sid_len + 2) {
724 extra_data = (char *)realloc(extra_data, buflen);
726 wbc_status = WBC_ERR_NO_MEMORY;
727 BAIL_ON_WBC_ERROR(wbc_status);
731 strncpy(&extra_data[extra_data_len], sid_str,
732 buflen - extra_data_len);
733 extra_data_len += sid_len;
734 extra_data[extra_data_len++] = '\n';
735 extra_data[extra_data_len] = '\0';
739 request.extra_data.data = extra_data;
740 request.extra_len = extra_data_len;
742 wbc_status = wbcRequestResponse(WINBINDD_GETSIDALIASES,
745 BAIL_ON_WBC_ERROR(wbc_status);
747 if (response.data.num_entries &&
748 !response.extra_data.data) {
749 wbc_status = WBC_ERR_INVALID_RESPONSE;
753 rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries,
754 sizeof(uint32_t), NULL);
755 BAIL_ON_PTR_ERROR(sids, wbc_status);
757 s = (const char *)response.extra_data.data;
758 for (i = 0; i < response.data.num_entries; i++) {
759 char *n = strchr(s, '\n');
763 wbc_status = wbcStringToSid(s, &sid);
764 BAIL_ON_WBC_ERROR(wbc_status);
765 wbc_status = _sid_to_rid(&sid, &rids[i]);
766 BAIL_ON_WBC_ERROR(wbc_status);
770 *num_alias_rids = response.data.num_entries;
773 wbc_status = WBC_ERR_SUCCESS;
777 winbindd_free_response(&response);
784 wbcErr wbcListUsers(const char *domain_name,
785 uint32_t *_num_users,
786 const char ***_users)
788 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
789 struct winbindd_request request;
790 struct winbindd_response response;
791 uint32_t num_users = 0;
792 const char **users = NULL;
795 /* Initialise request */
797 ZERO_STRUCT(request);
798 ZERO_STRUCT(response);
801 strncpy(request.domain_name, domain_name,
802 sizeof(request.domain_name)-1);
805 wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
808 BAIL_ON_WBC_ERROR(wbc_status);
810 users = wbcAllocateStringArray(response.data.num_entries);
812 return WBC_ERR_NO_MEMORY;
815 /* Look through extra data */
817 next = (const char *)response.extra_data.data;
822 if (num_users >= response.data.num_entries) {
823 wbc_status = WBC_ERR_INVALID_RESPONSE;
828 k = strchr(next, ',');
837 users[num_users] = strdup(current);
838 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
841 if (num_users != response.data.num_entries) {
842 wbc_status = WBC_ERR_INVALID_RESPONSE;
846 *_num_users = response.data.num_entries;
849 wbc_status = WBC_ERR_SUCCESS;
852 winbindd_free_response(&response);
853 wbcFreeMemory(users);
858 wbcErr wbcListGroups(const char *domain_name,
859 uint32_t *_num_groups,
860 const char ***_groups)
862 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
863 struct winbindd_request request;
864 struct winbindd_response response;
865 uint32_t num_groups = 0;
866 const char **groups = NULL;
869 /* Initialise request */
871 ZERO_STRUCT(request);
872 ZERO_STRUCT(response);
875 strncpy(request.domain_name, domain_name,
876 sizeof(request.domain_name)-1);
879 wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
882 BAIL_ON_WBC_ERROR(wbc_status);
884 groups = wbcAllocateStringArray(response.data.num_entries);
885 if (groups == NULL) {
886 return WBC_ERR_NO_MEMORY;
889 /* Look through extra data */
891 next = (const char *)response.extra_data.data;
896 if (num_groups >= response.data.num_entries) {
897 wbc_status = WBC_ERR_INVALID_RESPONSE;
902 k = strchr(next, ',');
911 groups[num_groups] = strdup(current);
912 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
915 if (num_groups != response.data.num_entries) {
916 wbc_status = WBC_ERR_INVALID_RESPONSE;
920 *_num_groups = response.data.num_entries;
923 wbc_status = WBC_ERR_SUCCESS;
926 winbindd_free_response(&response);
927 wbcFreeMemory(groups);
931 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
934 enum wbcSidType *pname_type)
939 enum wbcSidType name_type;
941 wbc_status = wbcLookupSid(sid, &domain, &name, &name_type);
942 BAIL_ON_WBC_ERROR(wbc_status);
944 if (name_type == WBC_SID_NAME_USER) {
948 wbc_status = wbcSidToUid(sid, &uid);
949 BAIL_ON_WBC_ERROR(wbc_status);
951 wbc_status = wbcGetpwuid(uid, &pwd);
952 BAIL_ON_WBC_ERROR(wbc_status);
956 name = wbcStrDup(pwd->pw_gecos);
958 BAIL_ON_PTR_ERROR(name, wbc_status);
961 wbc_status = WBC_ERR_SUCCESS;
964 if (WBC_ERROR_IS_OK(wbc_status)) {
967 *pname_type = name_type;
969 wbcFreeMemory(domain);
976 const char* wbcSidTypeString(enum wbcSidType type)
979 case WBC_SID_NAME_USE_NONE: return "SID_NONE";
980 case WBC_SID_NAME_USER: return "SID_USER";
981 case WBC_SID_NAME_DOM_GRP: return "SID_DOM_GROUP";
982 case WBC_SID_NAME_DOMAIN: return "SID_DOMAIN";
983 case WBC_SID_NAME_ALIAS: return "SID_ALIAS";
984 case WBC_SID_NAME_WKN_GRP: return "SID_WKN_GROUP";
985 case WBC_SID_NAME_DELETED: return "SID_DELETED";
986 case WBC_SID_NAME_INVALID: return "SID_INVALID";
987 case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN";
988 case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER";
989 default: return "Unknown type";