2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 3 of the License, or (at your option) any later version.
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* Required Headers */
25 #include "libwbclient.h"
28 /** @brief Convert a binary SID to a character string
30 * @param sid Binary Security Identifier
31 * @param **sid_string Resulting character string
36 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
39 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
43 TALLOC_CTX *ctx = NULL;
46 wbc_status = WBC_ERR_INVALID_SID;
47 BAIL_ON_WBC_ERROR(wbc_status);
50 ctx = talloc_init("wbcSidToString");
51 BAIL_ON_PTR_ERROR(ctx, wbc_status);
53 id_auth = sid->id_auth[5] +
54 (sid->id_auth[4] << 8) +
55 (sid->id_auth[3] << 16) +
56 (sid->id_auth[2] << 24);
58 tmp = talloc_asprintf(ctx, "S-%d-%d", sid->sid_rev_num, id_auth);
59 BAIL_ON_PTR_ERROR(tmp, wbc_status);
61 for (i=0; i<sid->num_auths; i++) {
63 tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]);
64 BAIL_ON_PTR_ERROR(tmp2, wbc_status);
69 *sid_string=talloc_strdup(NULL, tmp);
70 BAIL_ON_PTR_ERROR((*sid_string), wbc_status);
72 wbc_status = WBC_ERR_SUCCESS;
80 /** @brief Convert a character string to a binary SID
82 * @param *str Character string in the form of S-...
83 * @param sid Resulting binary SID
88 wbcErr wbcStringToSid(const char *str,
89 struct wbcDomainSid *sid)
94 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
97 wbc_status = WBC_ERR_INVALID_PARAM;
98 BAIL_ON_WBC_ERROR(wbc_status);
101 /* Sanity check for either "S-" or "s-" */
104 || (str[0]!='S' && str[0]!='s')
107 wbc_status = WBC_ERR_INVALID_PARAM;
108 BAIL_ON_WBC_ERROR(wbc_status);
111 /* Get the SID revision number */
114 x = (uint32_t)strtol(p, &q, 10);
115 if (x==0 || !q || *q!='-') {
116 wbc_status = WBC_ERR_INVALID_SID;
117 BAIL_ON_WBC_ERROR(wbc_status);
119 sid->sid_rev_num = (uint8_t)x;
121 /* Next the Identifier Authority. This is stored in big-endian
122 in a 6 byte array. */
125 x = (uint32_t)strtol(p, &q, 10);
127 wbc_status = WBC_ERR_INVALID_SID;
128 BAIL_ON_WBC_ERROR(wbc_status);
130 sid->id_auth[5] = (x & 0x000000ff);
131 sid->id_auth[4] = (x & 0x0000ff00) >> 8;
132 sid->id_auth[3] = (x & 0x00ff0000) >> 16;
133 sid->id_auth[2] = (x & 0xff000000) >> 24;
137 /* now read the the subauthorities */
141 while (sid->num_auths < WBC_MAXSUBAUTHS) {
142 x=(uint32_t)strtoul(p, &q, 10);
146 wbc_status = WBC_ERR_INVALID_SID;
147 BAIL_ON_WBC_ERROR(wbc_status);
149 sid->sub_auths[sid->num_auths++] = x;
151 if ((*q!='-') || (*q=='\0'))
156 /* IF we ended early, then the SID could not be converted */
159 wbc_status = WBC_ERR_INVALID_SID;
160 BAIL_ON_WBC_ERROR(wbc_status);
163 wbc_status = WBC_ERR_SUCCESS;
170 /** @brief Convert a domain and name to SID
172 * @param domain Domain name (possibly "")
173 * @param name User or group name
174 * @param *sid Pointer to the resolved domain SID
175 * @param *name_type Pointet to the SID type
181 wbcErr wbcLookupName(const char *domain,
183 struct wbcDomainSid *sid,
184 enum wbcSidType *name_type)
186 struct winbindd_request request;
187 struct winbindd_response response;
188 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
190 if (!sid || !name_type) {
191 wbc_status = WBC_ERR_INVALID_PARAM;
192 BAIL_ON_WBC_ERROR(wbc_status);
195 /* Initialize request */
197 ZERO_STRUCT(request);
198 ZERO_STRUCT(response);
200 /* dst is already null terminated from the memset above */
202 strncpy(request.data.name.dom_name, domain,
203 sizeof(request.data.name.dom_name)-1);
204 strncpy(request.data.name.name, name,
205 sizeof(request.data.name.name)-1);
207 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
210 BAIL_ON_WBC_ERROR(wbc_status);
212 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
213 BAIL_ON_WBC_ERROR(wbc_status);
215 *name_type = (enum wbcSidType)response.data.sid.type;
217 wbc_status = WBC_ERR_SUCCESS;
223 /** @brief Convert a SID to a domain and name
225 * @param *sid Pointer to the domain SID to be resolved
226 * @param pdomain Resolved Domain name (possibly "")
227 * @param pname Resolved User or group name
228 * @param *pname_type Pointet to the resolved SID type
234 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
237 enum wbcSidType *pname_type)
239 struct winbindd_request request;
240 struct winbindd_response response;
241 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
242 char *sid_string = NULL;
245 enum wbcSidType name_type = WBC_SID_NAME_USE_NONE;
248 wbc_status = WBC_ERR_INVALID_PARAM;
249 BAIL_ON_WBC_ERROR(wbc_status);
252 /* Initialize request */
254 ZERO_STRUCT(request);
255 ZERO_STRUCT(response);
257 /* dst is already null terminated from the memset above */
259 wbc_status = wbcSidToString(sid, &sid_string);
260 BAIL_ON_WBC_ERROR(wbc_status);
262 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
263 wbcFreeMemory(sid_string);
267 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID,
270 BAIL_ON_WBC_ERROR(wbc_status);
272 /* Copy out result */
274 domain = talloc_strdup(NULL, response.data.name.dom_name);
275 BAIL_ON_PTR_ERROR(domain, wbc_status);
277 name = talloc_strdup(NULL, response.data.name.name);
278 BAIL_ON_PTR_ERROR(name, wbc_status);
280 name_type = (enum wbcSidType)response.data.name.type;
282 wbc_status = WBC_ERR_SUCCESS;
285 if (WBC_ERROR_IS_OK(wbc_status)) {
286 if (pdomain != NULL) {
292 if (pname_type != NULL) {
293 *pname_type = name_type;
299 * Found by Coverity: In this particular routine we can't end
300 * up here with a non-NULL name. Further up there are just two
301 * exit paths that lead here, neither of which leave an
302 * allocated name. If you add more paths up there, re-activate
309 if (domain != NULL) {
317 /** @brief Translate a collection of RIDs within a domain to names
321 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
324 const char **pp_domain_name,
325 const char ***pnames,
326 enum wbcSidType **ptypes)
328 size_t i, len, ridbuf_size;
331 struct winbindd_request request;
332 struct winbindd_response response;
333 char *sid_string = NULL;
334 char *domain_name = NULL;
335 const char **names = NULL;
336 enum wbcSidType *types = NULL;
337 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
339 /* Initialise request */
341 ZERO_STRUCT(request);
342 ZERO_STRUCT(response);
344 if (!dom_sid || (num_rids == 0)) {
345 wbc_status = WBC_ERR_INVALID_PARAM;
346 BAIL_ON_WBC_ERROR(wbc_status);
349 wbc_status = wbcSidToString(dom_sid, &sid_string);
350 BAIL_ON_WBC_ERROR(wbc_status);
352 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
353 wbcFreeMemory(sid_string);
355 /* Even if all the Rids were of maximum 32bit values,
356 we would only have 11 bytes per rid in the final array
357 ("4294967296" + \n). Add one more byte for the
360 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
362 ridlist = talloc_zero_array(NULL, char, ridbuf_size);
363 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
366 for (i=0; i<num_rids && (len-1)>0; i++) {
369 len = strlen(ridlist);
372 snprintf( ridstr, sizeof(ridstr)-1, "%u\n", rids[i]);
373 strncat(p, ridstr, ridbuf_size-len-1);
376 request.extra_data.data = ridlist;
377 request.extra_len = strlen(ridlist)+1;
379 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
382 talloc_free(ridlist);
383 BAIL_ON_WBC_ERROR(wbc_status);
385 domain_name = talloc_strdup(NULL, response.data.domain_name);
386 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
388 names = talloc_array(NULL, const char*, num_rids);
389 BAIL_ON_PTR_ERROR(names, wbc_status);
391 types = talloc_array(NULL, enum wbcSidType, num_rids);
392 BAIL_ON_PTR_ERROR(types, wbc_status);
394 p = (char *)response.extra_data.data;
396 for (i=0; i<num_rids; i++) {
400 wbc_status = WBC_ERR_INVALID_RESPONSE;
401 BAIL_ON_WBC_ERROR(wbc_status);
404 types[i] = (enum wbcSidType)strtoul(p, &q, 10);
407 wbc_status = WBC_ERR_INVALID_RESPONSE;
408 BAIL_ON_WBC_ERROR(wbc_status);
413 if ((q = strchr(p, '\n')) == NULL) {
414 wbc_status = WBC_ERR_INVALID_RESPONSE;
415 BAIL_ON_WBC_ERROR(wbc_status);
420 names[i] = talloc_strdup(names, p);
421 BAIL_ON_PTR_ERROR(names[i], wbc_status);
427 wbc_status = WBC_ERR_INVALID_RESPONSE;
428 BAIL_ON_WBC_ERROR(wbc_status);
431 wbc_status = WBC_ERR_SUCCESS;
434 if (response.extra_data.data) {
435 free(response.extra_data.data);
438 if (WBC_ERROR_IS_OK(wbc_status)) {
439 *pp_domain_name = domain_name;
445 talloc_free(domain_name);
455 /** @brief Get the groups a user belongs to
459 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
460 bool domain_groups_only,
462 struct wbcDomainSid **_sids)
466 struct winbindd_request request;
467 struct winbindd_response response;
468 char *sid_string = NULL;
469 struct wbcDomainSid *sids = NULL;
470 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
473 /* Initialise request */
475 ZERO_STRUCT(request);
476 ZERO_STRUCT(response);
479 wbc_status = WBC_ERR_INVALID_PARAM;
480 BAIL_ON_WBC_ERROR(wbc_status);
483 wbc_status = wbcSidToString(user_sid, &sid_string);
484 BAIL_ON_WBC_ERROR(wbc_status);
486 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
487 wbcFreeMemory(sid_string);
489 if (domain_groups_only) {
490 cmd = WINBINDD_GETUSERDOMGROUPS;
492 cmd = WINBINDD_GETUSERSIDS;
495 wbc_status = wbcRequestResponse(cmd,
498 BAIL_ON_WBC_ERROR(wbc_status);
500 if (response.data.num_entries &&
501 !response.extra_data.data) {
502 wbc_status = WBC_ERR_INVALID_RESPONSE;
503 BAIL_ON_WBC_ERROR(wbc_status);
506 sids = talloc_array(NULL, struct wbcDomainSid,
507 response.data.num_entries);
508 BAIL_ON_PTR_ERROR(sids, wbc_status);
510 s = (const char *)response.extra_data.data;
511 for (i = 0; i < response.data.num_entries; i++) {
512 char *n = strchr(s, '\n');
516 wbc_status = wbcStringToSid(s, &sids[i]);
517 BAIL_ON_WBC_ERROR(wbc_status);
521 *num_sids = response.data.num_entries;
524 wbc_status = WBC_ERR_SUCCESS;
527 if (response.extra_data.data) {
528 free(response.extra_data.data);
537 /** @brief Lists Users
541 wbcErr wbcListUsers(const char *domain_name,
542 uint32_t *_num_users,
543 const char ***_users)
545 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
546 struct winbindd_request request;
547 struct winbindd_response response;
548 uint32_t num_users = 0;
549 const char **users = NULL;
552 /* Initialise request */
554 ZERO_STRUCT(request);
555 ZERO_STRUCT(response);
558 strncpy(request.domain_name, domain_name,
559 sizeof(request.domain_name)-1);
562 wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
565 BAIL_ON_WBC_ERROR(wbc_status);
567 /* Look through extra data */
569 next = (const char *)response.extra_data.data;
572 const char *current = next;
573 char *k = strchr(next, ',');
581 tmp = talloc_realloc(NULL, users,
584 BAIL_ON_PTR_ERROR(tmp, wbc_status);
587 users[num_users] = talloc_strdup(users, current);
588 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
593 *_num_users = num_users;
596 wbc_status = WBC_ERR_SUCCESS;
599 if (response.extra_data.data) {
600 free(response.extra_data.data);
608 /** @brief Lists Groups
612 wbcErr wbcListGroups(const char *domain_name,
613 uint32_t *_num_groups,
614 const char ***_groups)
616 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
617 struct winbindd_request request;
618 struct winbindd_response response;
619 uint32_t num_groups = 0;
620 const char **groups = NULL;
623 /* Initialise request */
625 ZERO_STRUCT(request);
626 ZERO_STRUCT(response);
629 strncpy(request.domain_name, domain_name,
630 sizeof(request.domain_name)-1);
633 wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
636 BAIL_ON_WBC_ERROR(wbc_status);
638 /* Look through extra data */
640 next = (const char *)response.extra_data.data;
643 const char *current = next;
644 char *k = strchr(next, ',');
652 tmp = talloc_realloc(NULL, groups,
655 BAIL_ON_PTR_ERROR(tmp, wbc_status);
658 groups[num_groups] = talloc_strdup(groups, current);
659 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
664 *_num_groups = num_groups;
667 wbc_status = WBC_ERR_SUCCESS;
670 if (response.extra_data.data) {
671 free(response.extra_data.data);