2 Unix SMB/CIFS implementation.
4 Windows NT Domain nsswitch module
6 Copyright (C) Tim Potter 2000
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either
11 version 2 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Library General Public
19 License along with this library; if not, write to the
20 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
21 Boston, MA 02111-1307, USA.
24 #include "winbind_client.h"
26 /* Maximum number of users to pass back over the unix domain socket
27 per call. This is not a static limit on the total number of users
28 or groups returned in total. */
30 #define MAX_GETPWENT_USERS 250
31 #define MAX_GETGRENT_USERS 250
33 /* Prototypes from wb_common.c */
35 extern int winbindd_fd;
37 /* Allocate some space from the nss static buffer. The buffer and buflen
38 are the pointers passed in by the C library to the _nss_ntdom_*
41 static char *get_static(char **buffer, int *buflen, int len)
45 /* Error check. We return false if things aren't set up right, or
46 there isn't enough buffer space left. */
48 if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
52 /* Return an index into the static buffer */
61 /* I've copied the strtok() replacement function next_token() from
62 lib/util_str.c as I really don't want to have to link in any other
63 objects if I can possibly avoid it. */
65 BOOL next_token(char **ptr,char *buff,char *sep, size_t bufsize)
71 if (!ptr) return(False);
75 /* default to simple separators */
76 if (!sep) sep = " \t\n\r";
78 /* find the first non sep char */
79 while (*s && strchr(sep,*s)) s++;
82 if (! *s) return(False);
84 /* copy over the token */
85 for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
94 *ptr = (*s) ? s+1 : s;
101 /* Fill a pwent structure from a winbindd_response structure. We use
102 the static data passed to us by libc to put strings and stuff in.
103 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
105 static NSS_STATUS fill_pwent(struct passwd *result,
106 struct winbindd_pw *pw,
107 char **buffer, size_t *buflen)
111 if ((result->pw_name =
112 get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
116 return NSS_STATUS_TRYAGAIN;
119 strcpy(result->pw_name, pw->pw_name);
123 if ((result->pw_passwd =
124 get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
128 return NSS_STATUS_TRYAGAIN;
131 strcpy(result->pw_passwd, pw->pw_passwd);
135 result->pw_uid = pw->pw_uid;
136 result->pw_gid = pw->pw_gid;
140 if ((result->pw_gecos =
141 get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
145 return NSS_STATUS_TRYAGAIN;
148 strcpy(result->pw_gecos, pw->pw_gecos);
152 if ((result->pw_dir =
153 get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
157 return NSS_STATUS_TRYAGAIN;
160 strcpy(result->pw_dir, pw->pw_dir);
164 if ((result->pw_shell =
165 get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
169 return NSS_STATUS_TRYAGAIN;
172 strcpy(result->pw_shell, pw->pw_shell);
174 /* The struct passwd for Solaris has some extra fields which must
175 be initialised or nscd crashes. */
177 #if HAVE_PASSWD_PW_COMMENT
178 result->pw_comment = "";
181 #if HAVE_PASSWD_PW_AGE
185 return NSS_STATUS_SUCCESS;
188 /* Fill a grent structure from a winbindd_response structure. We use
189 the static data passed to us by libc to put strings and stuff in.
190 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
192 static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
193 char *gr_mem, char **buffer, size_t *buflen)
201 if ((result->gr_name =
202 get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
206 return NSS_STATUS_TRYAGAIN;
209 strcpy(result->gr_name, gr->gr_name);
213 if ((result->gr_passwd =
214 get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
218 return NSS_STATUS_TRYAGAIN;
221 strcpy(result->gr_passwd, gr->gr_passwd);
225 result->gr_gid = gr->gr_gid;
227 /* Group membership */
229 if ((gr->num_gr_mem < 0) || !gr_mem) {
233 /* this next value is a pointer to a pointer so let's align it */
235 /* Calculate number of extra bytes needed to align on pointer size boundry */
236 if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
237 i = sizeof(char*) - i;
239 if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
240 sizeof(char *)+i))) == NULL) {
244 return NSS_STATUS_TRYAGAIN;
246 result->gr_mem = (char **)(tst + i);
248 if (gr->num_gr_mem == 0) {
252 *(result->gr_mem) = NULL;
253 return NSS_STATUS_SUCCESS;
256 /* Start looking at extra data */
260 while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
262 /* Allocate space for member */
264 if (((result->gr_mem)[i] =
265 get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
269 return NSS_STATUS_TRYAGAIN;
272 strcpy((result->gr_mem)[i], name);
278 (result->gr_mem)[i] = NULL;
280 return NSS_STATUS_SUCCESS;
287 static struct winbindd_response getpwent_response;
289 static int ndx_pw_cache; /* Current index into pwd cache */
290 static int num_pw_cache; /* Current size of pwd cache */
292 /* Rewind "file pointer" to start of ntdom password database */
295 _nss_winbind_setpwent(void)
298 fprintf(stderr, "[%5d]: setpwent\n", getpid());
301 if (num_pw_cache > 0) {
302 ndx_pw_cache = num_pw_cache = 0;
303 free_response(&getpwent_response);
306 return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
309 /* Close ntdom password database "file pointer" */
312 _nss_winbind_endpwent(void)
315 fprintf(stderr, "[%5d]: endpwent\n", getpid());
318 if (num_pw_cache > 0) {
319 ndx_pw_cache = num_pw_cache = 0;
320 free_response(&getpwent_response);
323 return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
326 /* Fetch the next password entry from ntdom password database */
329 _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
330 size_t buflen, int *errnop)
333 struct winbindd_request request;
334 static int called_again;
337 fprintf(stderr, "[%5d]: getpwent\n", getpid());
340 /* Return an entry from the cache if we have one, or if we are
341 called again because we exceeded our static buffer. */
343 if ((ndx_pw_cache < num_pw_cache) || called_again) {
347 /* Else call winbindd to get a bunch of entries */
349 if (num_pw_cache > 0) {
350 free_response(&getpwent_response);
353 ZERO_STRUCT(request);
354 ZERO_STRUCT(getpwent_response);
356 request.data.num_entries = MAX_GETPWENT_USERS;
358 ret = winbindd_request(WINBINDD_GETPWENT, &request,
361 if (ret == NSS_STATUS_SUCCESS) {
362 struct winbindd_pw *pw_cache;
367 num_pw_cache = getpwent_response.data.num_entries;
369 /* Return a result */
373 pw_cache = getpwent_response.extra_data;
375 /* Check data is valid */
377 if (pw_cache == NULL) {
378 return NSS_STATUS_NOTFOUND;
381 ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
384 /* Out of memory - try again */
386 if (ret == NSS_STATUS_TRYAGAIN) {
388 *errnop = errno = ERANGE;
393 called_again = False;
396 /* If we've finished with this lot of results free cache */
398 if (ndx_pw_cache == num_pw_cache) {
399 ndx_pw_cache = num_pw_cache = 0;
400 free_response(&getpwent_response);
407 /* Return passwd struct from uid */
410 _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
411 size_t buflen, int *errnop)
414 static struct winbindd_response response;
415 struct winbindd_request request;
416 static int keep_response=0;
418 /* If our static buffer needs to be expanded we are called again */
419 if (!keep_response) {
421 /* Call for the first time */
423 ZERO_STRUCT(response);
424 ZERO_STRUCT(request);
426 request.data.uid = uid;
428 ret = winbindd_request(WINBINDD_GETPWUID, &request, &response);
430 if (ret == NSS_STATUS_SUCCESS) {
431 ret = fill_pwent(result, &response.data.pw,
434 if (ret == NSS_STATUS_TRYAGAIN) {
435 keep_response = True;
436 *errnop = errno = ERANGE;
443 /* We've been called again */
445 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
447 if (ret == NSS_STATUS_TRYAGAIN) {
448 keep_response = True;
449 *errnop = errno = ERANGE;
453 keep_response = False;
457 free_response(&response);
461 /* Return passwd struct from username */
464 _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
465 size_t buflen, int *errnop)
468 static struct winbindd_response response;
469 struct winbindd_request request;
470 static int keep_response;
473 fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name);
476 /* If our static buffer needs to be expanded we are called again */
478 if (!keep_response) {
480 /* Call for the first time */
482 ZERO_STRUCT(response);
483 ZERO_STRUCT(request);
485 strncpy(request.data.username, name,
486 sizeof(request.data.username) - 1);
487 request.data.username
488 [sizeof(request.data.username) - 1] = '\0';
490 ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
492 if (ret == NSS_STATUS_SUCCESS) {
493 ret = fill_pwent(result, &response.data.pw, &buffer,
496 if (ret == NSS_STATUS_TRYAGAIN) {
497 keep_response = True;
498 *errnop = errno = ERANGE;
505 /* We've been called again */
507 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
509 if (ret == NSS_STATUS_TRYAGAIN) {
510 keep_response = True;
511 *errnop = errno = ERANGE;
515 keep_response = False;
519 free_response(&response);
524 * NSS group functions
527 static struct winbindd_response getgrent_response;
529 static int ndx_gr_cache; /* Current index into grp cache */
530 static int num_gr_cache; /* Current size of grp cache */
532 /* Rewind "file pointer" to start of ntdom group database */
535 _nss_winbind_setgrent(void)
538 fprintf(stderr, "[%5d]: setgrent\n", getpid());
541 if (num_gr_cache > 0) {
542 ndx_gr_cache = num_gr_cache = 0;
543 free_response(&getgrent_response);
546 return winbindd_request(WINBINDD_SETGRENT, NULL, NULL);
549 /* Close "file pointer" for ntdom group database */
552 _nss_winbind_endgrent(void)
555 fprintf(stderr, "[%5d]: endgrent\n", getpid());
558 if (num_gr_cache > 0) {
559 ndx_gr_cache = num_gr_cache = 0;
560 free_response(&getgrent_response);
563 return winbindd_request(WINBINDD_ENDGRENT, NULL, NULL);
566 /* Get next entry from ntdom group database */
569 winbind_getgrent(enum winbindd_cmd cmd,
570 struct group *result,
571 char *buffer, size_t buflen, int *errnop)
574 static struct winbindd_request request;
575 static int called_again;
579 fprintf(stderr, "[%5d]: getgrent\n", getpid());
582 /* Return an entry from the cache if we have one, or if we are
583 called again because we exceeded our static buffer. */
585 if ((ndx_gr_cache < num_gr_cache) || called_again) {
589 /* Else call winbindd to get a bunch of entries */
591 if (num_gr_cache > 0) {
592 free_response(&getgrent_response);
595 ZERO_STRUCT(request);
596 ZERO_STRUCT(getgrent_response);
598 request.data.num_entries = MAX_GETGRENT_USERS;
600 ret = winbindd_request(cmd, &request,
603 if (ret == NSS_STATUS_SUCCESS) {
604 struct winbindd_gr *gr_cache;
610 num_gr_cache = getgrent_response.data.num_entries;
612 /* Return a result */
616 gr_cache = getgrent_response.extra_data;
618 /* Check data is valid */
620 if (gr_cache == NULL) {
621 return NSS_STATUS_NOTFOUND;
624 /* Fill group membership. The offset into the extra data
625 for the group membership is the reported offset plus the
626 size of all the winbindd_gr records returned. */
628 mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
629 num_gr_cache * sizeof(struct winbindd_gr);
631 ret = fill_grent(result, &gr_cache[ndx_gr_cache],
632 ((char *)getgrent_response.extra_data)+mem_ofs,
635 /* Out of memory - try again */
637 if (ret == NSS_STATUS_TRYAGAIN) {
639 *errnop = errno = ERANGE;
644 called_again = False;
647 /* If we've finished with this lot of results free cache */
649 if (ndx_gr_cache == num_gr_cache) {
650 ndx_gr_cache = num_gr_cache = 0;
651 free_response(&getgrent_response);
660 _nss_winbind_getgrent_r(struct group *result,
661 char *buffer, size_t buflen, int *errnop)
663 return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
667 _nss_winbind_getgrlst_r(struct group *result,
668 char *buffer, size_t buflen, int *errnop)
670 return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
673 /* Return group struct from group name */
676 _nss_winbind_getgrnam_r(const char *name,
677 struct group *result, char *buffer,
678 size_t buflen, int *errnop)
681 static struct winbindd_response response;
682 struct winbindd_request request;
683 static int keep_response;
686 fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
689 /* If our static buffer needs to be expanded we are called again */
691 if (!keep_response) {
693 /* Call for the first time */
695 ZERO_STRUCT(request);
696 ZERO_STRUCT(response);
698 strncpy(request.data.groupname, name,
699 sizeof(request.data.groupname));
700 request.data.groupname
701 [sizeof(request.data.groupname) - 1] = '\0';
703 ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response);
705 if (ret == NSS_STATUS_SUCCESS) {
706 ret = fill_grent(result, &response.data.gr,
710 if (ret == NSS_STATUS_TRYAGAIN) {
711 keep_response = True;
712 *errnop = errno = ERANGE;
719 /* We've been called again */
721 ret = fill_grent(result, &response.data.gr,
722 response.extra_data, &buffer, &buflen);
724 if (ret == NSS_STATUS_TRYAGAIN) {
725 keep_response = True;
726 *errnop = errno = ERANGE;
730 keep_response = False;
734 free_response(&response);
738 /* Return group struct from gid */
741 _nss_winbind_getgrgid_r(gid_t gid,
742 struct group *result, char *buffer,
743 size_t buflen, int *errnop)
746 static struct winbindd_response response;
747 struct winbindd_request request;
748 static int keep_response;
751 fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
754 /* If our static buffer needs to be expanded we are called again */
756 if (!keep_response) {
758 /* Call for the first time */
760 ZERO_STRUCT(request);
761 ZERO_STRUCT(response);
763 request.data.gid = gid;
765 ret = winbindd_request(WINBINDD_GETGRGID, &request, &response);
767 if (ret == NSS_STATUS_SUCCESS) {
769 ret = fill_grent(result, &response.data.gr,
773 if (ret == NSS_STATUS_TRYAGAIN) {
774 keep_response = True;
775 *errnop = errno = ERANGE;
782 /* We've been called again */
784 ret = fill_grent(result, &response.data.gr,
785 response.extra_data, &buffer, &buflen);
787 if (ret == NSS_STATUS_TRYAGAIN) {
788 keep_response = True;
789 *errnop = errno = ERANGE;
793 keep_response = False;
797 free_response(&response);
801 /* Initialise supplementary groups */
804 _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
805 long int *size, gid_t **groups, long int limit,
809 struct winbindd_request request;
810 struct winbindd_response response;
814 fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
818 ZERO_STRUCT(request);
819 ZERO_STRUCT(response);
821 strncpy(request.data.username, user,
822 sizeof(request.data.username) - 1);
824 ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
826 if (ret == NSS_STATUS_SUCCESS) {
827 int num_gids = response.data.num_entries;
828 gid_t *gid_list = (gid_t *)response.extra_data;
830 /* Copy group list to client */
832 for (i = 0; i < num_gids; i++) {
834 /* Skip primary group */
836 if (gid_list[i] == group) continue;
840 if (*start == *size && limit <= 0) {
842 (*groups), (2 * (*size) + 1) * sizeof(**groups));
843 if (! *groups) goto done;
844 *size = 2 * (*size) + 1;
847 if (*start == *size) goto done;
849 (*groups)[*start] = gid_list[i];
854 if (*start == limit) goto done;
858 /* Back to your regularly scheduled programming */
865 /* return a list of group SIDs for a user SID */
867 _nss_winbind_getusersids(const char *user_sid, char **group_sids,
869 char *buffer, size_t buf_size, int *errnop)
872 struct winbindd_request request;
873 struct winbindd_response response;
876 fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
879 ZERO_STRUCT(request);
880 ZERO_STRUCT(response);
882 strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
883 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
885 ret = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
887 if (ret != NSS_STATUS_SUCCESS) {
891 if (buf_size < response.length - sizeof(response)) {
892 ret = NSS_STATUS_TRYAGAIN;
893 errno = *errnop = ERANGE;
897 *num_groups = response.data.num_entries;
898 *group_sids = buffer;
899 memcpy(buffer, response.extra_data, response.length - sizeof(response));
903 free_response(&response);
908 /* map a user or group name to a SID string */
910 _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
911 size_t buflen, int *errnop)
914 struct winbindd_response response;
915 struct winbindd_request request;
918 fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
921 ZERO_STRUCT(response);
922 ZERO_STRUCT(request);
924 strncpy(request.data.name.name, name,
925 sizeof(request.data.name.name) - 1);
926 request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
928 ret = winbindd_request(WINBINDD_LOOKUPNAME, &request, &response);
929 if (ret != NSS_STATUS_SUCCESS) {
930 *errnop = errno = EINVAL;
934 if (buflen < strlen(response.data.sid.sid)+1) {
935 ret = NSS_STATUS_TRYAGAIN;
936 *errnop = errno = ERANGE;
942 strcpy(*sid, response.data.sid.sid);
945 free_response(&response);
949 /* map a sid string to a user or group name */
951 _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
952 size_t buflen, int *errnop)
955 struct winbindd_response response;
956 struct winbindd_request request;
957 static char sep_char;
961 fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
964 /* we need to fetch the separator first time through */
966 ZERO_STRUCT(response);
967 ZERO_STRUCT(request);
969 ret = winbindd_request(WINBINDD_INFO, &request, &response);
970 if (ret != NSS_STATUS_SUCCESS) {
971 *errnop = errno = EINVAL;
975 sep_char = response.data.info.winbind_separator;
976 free_response(&response);
980 strncpy(request.data.sid, sid,
981 sizeof(request.data.sid) - 1);
982 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
984 ret = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
985 if (ret != NSS_STATUS_SUCCESS) {
986 *errnop = errno = EINVAL;
991 strlen(response.data.name.dom_name) +
992 strlen(response.data.name.name) + 2;
994 if (buflen < needed) {
995 ret = NSS_STATUS_TRYAGAIN;
996 *errnop = errno = ERANGE;
1000 snprintf(buffer, needed, "%s%c%s",
1001 response.data.name.dom_name,
1003 response.data.name.name);
1006 *errnop = errno = 0;
1009 free_response(&response);
git.samba.org / bbaumbach / samba-autobuild / .git / blob