2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2010
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Library General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* Required Headers */
27 #include "libwbclient.h"
28 #include "../winbind_client.h"
30 /* Convert a sid to a string into a buffer. Return the string
31 * length. If buflen is too small, return the string length that would
32 * result if it was long enough. */
33 int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen)
39 strlcpy(buf, "(NULL SID)", buflen);
40 return 10; /* strlen("(NULL SID)") */
43 id_auth = (uint64_t)sid->id_auth[5] +
44 ((uint64_t)sid->id_auth[4] << 8) +
45 ((uint64_t)sid->id_auth[3] << 16) +
46 ((uint64_t)sid->id_auth[2] << 24) +
47 ((uint64_t)sid->id_auth[1] << 32) +
48 ((uint64_t)sid->id_auth[0] << 40);
50 ofs = snprintf(buf, buflen, "S-%hhu-", (unsigned char)sid->sid_rev_num);
51 if (id_auth >= UINT32_MAX) {
52 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "0x%llx",
53 (unsigned long long)id_auth);
55 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "%llu",
56 (unsigned long long)id_auth);
59 for (i = 0; i < sid->num_auths; i++) {
60 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%u",
61 (unsigned int)sid->sub_auths[i]);
66 /* Convert a binary SID to a character string */
67 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
70 char buf[WBC_SID_STRING_BUFLEN];
75 return WBC_ERR_INVALID_SID;
78 len = wbcSidToStringBuf(sid, buf, sizeof(buf));
80 if (len+1 > sizeof(buf)) {
81 return WBC_ERR_INVALID_SID;
84 result = (char *)wbcAllocateMemory(len+1, 1, NULL);
86 return WBC_ERR_NO_MEMORY;
88 memcpy(result, buf, len+1);
91 return WBC_ERR_SUCCESS;
94 #define AUTHORITY_MASK (~(0xffffffffffffULL))
96 /* Convert a character string to a binary SID */
97 wbcErr wbcStringToSid(const char *str,
98 struct wbcDomainSid *sid)
103 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
106 wbc_status = WBC_ERR_INVALID_PARAM;
107 BAIL_ON_WBC_ERROR(wbc_status);
110 /* Sanity check for either "S-" or "s-" */
113 || (str[0]!='S' && str[0]!='s')
116 wbc_status = WBC_ERR_INVALID_PARAM;
117 BAIL_ON_WBC_ERROR(wbc_status);
120 /* Get the SID revision number */
123 x = (uint64_t)strtoul(p, &q, 10);
124 if (x==0 || x > UINT8_MAX || !q || *q!='-') {
125 wbc_status = WBC_ERR_INVALID_SID;
126 BAIL_ON_WBC_ERROR(wbc_status);
128 sid->sid_rev_num = (uint8_t)x;
131 * Next the Identifier Authority. This is stored big-endian in a
132 * 6 byte array. If the authority value is >= UINT_MAX, then it should
133 * be expressed as a hex value, according to MS-DTYP.
136 x = strtoull(p, &q, 0);
137 if (!q || *q!='-' || (x & AUTHORITY_MASK)) {
138 wbc_status = WBC_ERR_INVALID_SID;
139 BAIL_ON_WBC_ERROR(wbc_status);
141 sid->id_auth[5] = (x & 0x0000000000ffULL);
142 sid->id_auth[4] = (x & 0x00000000ff00ULL) >> 8;
143 sid->id_auth[3] = (x & 0x000000ff0000ULL) >> 16;
144 sid->id_auth[2] = (x & 0x0000ff000000ULL) >> 24;
145 sid->id_auth[1] = (x & 0x00ff00000000ULL) >> 32;
146 sid->id_auth[0] = (x & 0xff0000000000ULL) >> 40;
148 /* now read the the subauthorities */
151 while (sid->num_auths < WBC_MAXSUBAUTHS) {
152 x = strtoull(p, &q, 10);
155 if (x > UINT32_MAX) {
156 wbc_status = WBC_ERR_INVALID_SID;
157 BAIL_ON_WBC_ERROR(wbc_status);
159 sid->sub_auths[sid->num_auths++] = x;
167 /* IF we ended early, then the SID could not be converted */
170 wbc_status = WBC_ERR_INVALID_SID;
171 BAIL_ON_WBC_ERROR(wbc_status);
174 wbc_status = WBC_ERR_SUCCESS;
182 /* Convert a domain and name to SID */
183 wbcErr wbcLookupName(const char *domain,
185 struct wbcDomainSid *sid,
186 enum wbcSidType *name_type)
188 struct winbindd_request request;
189 struct winbindd_response response;
190 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
192 if (!sid || !name_type) {
193 wbc_status = WBC_ERR_INVALID_PARAM;
194 BAIL_ON_WBC_ERROR(wbc_status);
197 /* Initialize request */
199 ZERO_STRUCT(request);
200 ZERO_STRUCT(response);
202 /* dst is already null terminated from the memset above */
204 strncpy(request.data.name.dom_name, domain,
205 sizeof(request.data.name.dom_name)-1);
206 strncpy(request.data.name.name, name,
207 sizeof(request.data.name.name)-1);
209 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
212 BAIL_ON_WBC_ERROR(wbc_status);
214 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
215 BAIL_ON_WBC_ERROR(wbc_status);
217 *name_type = (enum wbcSidType)response.data.sid.type;
219 wbc_status = WBC_ERR_SUCCESS;
226 /* Convert a SID to a domain and name */
227 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
230 enum wbcSidType *pname_type)
232 struct winbindd_request request;
233 struct winbindd_response response;
234 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
238 return WBC_ERR_INVALID_PARAM;
241 /* Initialize request */
243 ZERO_STRUCT(request);
244 ZERO_STRUCT(response);
246 wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
250 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID, &request,
252 if (!WBC_ERROR_IS_OK(wbc_status)) {
256 /* Copy out result */
258 wbc_status = WBC_ERR_NO_MEMORY;
262 domain = wbcStrDup(response.data.name.dom_name);
263 if (domain == NULL) {
266 name = wbcStrDup(response.data.name.name);
270 if (pdomain != NULL) {
278 if (pname_type != NULL) {
279 *pname_type = (enum wbcSidType)response.data.name.type;
281 wbc_status = WBC_ERR_SUCCESS;
284 wbcFreeMemory(domain);
288 static void wbcDomainInfosDestructor(void *ptr)
290 struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
292 while (i->short_name != NULL) {
293 wbcFreeMemory(i->short_name);
294 wbcFreeMemory(i->dns_name);
299 static void wbcTranslatedNamesDestructor(void *ptr)
301 struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr;
303 while (n->name != NULL) {
304 wbcFreeMemory(n->name);
309 wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
310 struct wbcDomainInfo **pdomains, int *pnum_domains,
311 struct wbcTranslatedName **pnames)
313 struct winbindd_request request;
314 struct winbindd_response response;
315 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
316 int buflen, i, extra_len, num_domains, num_names;
317 char *sidlist, *p, *q, *extra_data;
318 struct wbcDomainInfo *domains = NULL;
319 struct wbcTranslatedName *names = NULL;
321 buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
323 sidlist = (char *)malloc(buflen);
324 if (sidlist == NULL) {
325 return WBC_ERR_NO_MEMORY;
330 for (i=0; i<num_sids; i++) {
334 remaining = buflen - (p - sidlist);
336 len = wbcSidToStringBuf(&sids[i], p, remaining);
337 if (len > remaining) {
339 return WBC_ERR_UNKNOWN_FAILURE;
347 ZERO_STRUCT(request);
348 ZERO_STRUCT(response);
350 request.extra_data.data = sidlist;
351 request.extra_len = p - sidlist;
353 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSIDS,
354 &request, &response);
356 if (!WBC_ERROR_IS_OK(wbc_status)) {
360 extra_len = response.length - sizeof(struct winbindd_response);
361 extra_data = (char *)response.extra_data.data;
363 if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
364 goto wbc_err_invalid;
369 num_domains = strtoul(p, &q, 10);
371 goto wbc_err_invalid;
375 domains = (struct wbcDomainInfo *)wbcAllocateMemory(
376 num_domains+1, sizeof(struct wbcDomainInfo),
377 wbcDomainInfosDestructor);
378 if (domains == NULL) {
379 wbc_status = WBC_ERR_NO_MEMORY;
383 for (i=0; i<num_domains; i++) {
387 goto wbc_err_invalid;
390 wbc_status = wbcStringToSid(p, &domains[i].sid);
391 if (!WBC_ERROR_IS_OK(wbc_status)) {
398 goto wbc_err_invalid;
401 domains[i].short_name = wbcStrDup(p);
402 if (domains[i].short_name == NULL) {
403 wbc_status = WBC_ERR_NO_MEMORY;
409 num_names = strtoul(p, &q, 10);
411 goto wbc_err_invalid;
415 if (num_names != num_sids) {
416 goto wbc_err_invalid;
419 names = (struct wbcTranslatedName *)wbcAllocateMemory(
420 num_names+1, sizeof(struct wbcTranslatedName),
421 wbcTranslatedNamesDestructor);
423 wbc_status = WBC_ERR_NO_MEMORY;
427 for (i=0; i<num_names; i++) {
429 names[i].domain_index = strtoul(p, &q, 10);
431 goto wbc_err_invalid;
435 names[i].type = strtoul(p, &q, 10);
437 goto wbc_err_invalid;
443 goto wbc_err_invalid;
446 names[i].name = wbcStrDup(p);
447 if (names[i].name == NULL) {
448 wbc_status = WBC_ERR_NO_MEMORY;
454 goto wbc_err_invalid;
459 winbindd_free_response(&response);
460 return WBC_ERR_SUCCESS;
463 wbc_status = WBC_ERR_INVALID_RESPONSE;
465 winbindd_free_response(&response);
466 wbcFreeMemory(domains);
467 wbcFreeMemory(names);
471 /* Translate a collection of RIDs within a domain to names */
473 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
476 const char **pp_domain_name,
477 const char ***pnames,
478 enum wbcSidType **ptypes)
480 size_t i, len, ridbuf_size;
483 struct winbindd_request request;
484 struct winbindd_response response;
485 char *domain_name = NULL;
486 const char **names = NULL;
487 enum wbcSidType *types = NULL;
488 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
490 /* Initialise request */
492 ZERO_STRUCT(request);
493 ZERO_STRUCT(response);
495 if (!dom_sid || (num_rids == 0)) {
496 wbc_status = WBC_ERR_INVALID_PARAM;
497 BAIL_ON_WBC_ERROR(wbc_status);
500 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
502 /* Even if all the Rids were of maximum 32bit values,
503 we would only have 11 bytes per rid in the final array
504 ("4294967296" + \n). Add one more byte for the
507 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
509 ridlist = (char *)malloc(ridbuf_size);
510 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
513 for (i=0; i<num_rids; i++) {
514 len += snprintf(ridlist + len, ridbuf_size - len, "%u\n",
520 request.extra_data.data = ridlist;
521 request.extra_len = len;
523 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
527 BAIL_ON_WBC_ERROR(wbc_status);
529 domain_name = wbcStrDup(response.data.domain_name);
530 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
532 names = wbcAllocateStringArray(num_rids);
533 BAIL_ON_PTR_ERROR(names, wbc_status);
535 types = (enum wbcSidType *)wbcAllocateMemory(
536 num_rids, sizeof(enum wbcSidType), NULL);
537 BAIL_ON_PTR_ERROR(types, wbc_status);
539 p = (char *)response.extra_data.data;
541 for (i=0; i<num_rids; i++) {
545 wbc_status = WBC_ERR_INVALID_RESPONSE;
549 types[i] = (enum wbcSidType)strtoul(p, &q, 10);
552 wbc_status = WBC_ERR_INVALID_RESPONSE;
558 if ((q = strchr(p, '\n')) == NULL) {
559 wbc_status = WBC_ERR_INVALID_RESPONSE;
565 names[i] = strdup(p);
566 BAIL_ON_PTR_ERROR(names[i], wbc_status);
572 wbc_status = WBC_ERR_INVALID_RESPONSE;
576 wbc_status = WBC_ERR_SUCCESS;
579 winbindd_free_response(&response);
581 if (WBC_ERROR_IS_OK(wbc_status)) {
582 *pp_domain_name = domain_name;
587 wbcFreeMemory(domain_name);
588 wbcFreeMemory(names);
589 wbcFreeMemory(types);
595 /* Get the groups a user belongs to */
596 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
597 bool domain_groups_only,
599 struct wbcDomainSid **_sids)
603 struct winbindd_request request;
604 struct winbindd_response response;
605 struct wbcDomainSid *sids = NULL;
606 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
609 /* Initialise request */
611 ZERO_STRUCT(request);
612 ZERO_STRUCT(response);
615 wbc_status = WBC_ERR_INVALID_PARAM;
616 BAIL_ON_WBC_ERROR(wbc_status);
619 wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid));
621 if (domain_groups_only) {
622 cmd = WINBINDD_GETUSERDOMGROUPS;
624 cmd = WINBINDD_GETUSERSIDS;
627 wbc_status = wbcRequestResponse(cmd,
630 BAIL_ON_WBC_ERROR(wbc_status);
632 if (response.data.num_entries &&
633 !response.extra_data.data) {
634 wbc_status = WBC_ERR_INVALID_RESPONSE;
635 BAIL_ON_WBC_ERROR(wbc_status);
638 sids = (struct wbcDomainSid *)wbcAllocateMemory(
639 response.data.num_entries, sizeof(struct wbcDomainSid),
641 BAIL_ON_PTR_ERROR(sids, wbc_status);
643 s = (const char *)response.extra_data.data;
644 for (i = 0; i < response.data.num_entries; i++) {
645 char *n = strchr(s, '\n');
649 wbc_status = wbcStringToSid(s, &sids[i]);
650 BAIL_ON_WBC_ERROR(wbc_status);
654 *num_sids = response.data.num_entries;
657 wbc_status = WBC_ERR_SUCCESS;
660 winbindd_free_response(&response);
669 wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
671 if (sid->num_auths < 1) {
672 return WBC_ERR_INVALID_RESPONSE;
674 *rid = sid->sub_auths[sid->num_auths - 1];
676 return WBC_ERR_SUCCESS;
679 /* Get alias membership for sids */
680 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
681 struct wbcDomainSid *sids,
683 uint32_t **alias_rids,
684 uint32_t *num_alias_rids)
688 struct winbindd_request request;
689 struct winbindd_response response;
690 ssize_t extra_data_len = 0;
691 char * extra_data = NULL;
693 struct wbcDomainSid sid;
694 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
695 uint32_t * rids = NULL;
697 /* Initialise request */
699 ZERO_STRUCT(request);
700 ZERO_STRUCT(response);
703 wbc_status = WBC_ERR_INVALID_PARAM;
707 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
709 /* Lets assume each sid is around 57 characters
710 * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
711 buflen = 57 * num_sids;
712 extra_data = (char *)malloc(buflen);
714 wbc_status = WBC_ERR_NO_MEMORY;
718 /* Build the sid list */
719 for (i=0; i<num_sids; i++) {
720 char sid_str[WBC_SID_STRING_BUFLEN];
723 sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str));
725 if (buflen < extra_data_len + sid_len + 2) {
727 extra_data = (char *)realloc(extra_data, buflen);
729 wbc_status = WBC_ERR_NO_MEMORY;
730 BAIL_ON_WBC_ERROR(wbc_status);
734 strncpy(&extra_data[extra_data_len], sid_str,
735 buflen - extra_data_len);
736 extra_data_len += sid_len;
737 extra_data[extra_data_len++] = '\n';
738 extra_data[extra_data_len] = '\0';
742 request.extra_data.data = extra_data;
743 request.extra_len = extra_data_len;
745 wbc_status = wbcRequestResponse(WINBINDD_GETSIDALIASES,
748 BAIL_ON_WBC_ERROR(wbc_status);
750 if (response.data.num_entries &&
751 !response.extra_data.data) {
752 wbc_status = WBC_ERR_INVALID_RESPONSE;
756 rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries,
757 sizeof(uint32_t), NULL);
758 BAIL_ON_PTR_ERROR(sids, wbc_status);
760 s = (const char *)response.extra_data.data;
761 for (i = 0; i < response.data.num_entries; i++) {
762 char *n = strchr(s, '\n');
766 wbc_status = wbcStringToSid(s, &sid);
767 BAIL_ON_WBC_ERROR(wbc_status);
768 wbc_status = _sid_to_rid(&sid, &rids[i]);
769 BAIL_ON_WBC_ERROR(wbc_status);
773 *num_alias_rids = response.data.num_entries;
776 wbc_status = WBC_ERR_SUCCESS;
780 winbindd_free_response(&response);
787 wbcErr wbcListUsers(const char *domain_name,
788 uint32_t *_num_users,
789 const char ***_users)
791 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
792 struct winbindd_request request;
793 struct winbindd_response response;
794 uint32_t num_users = 0;
795 const char **users = NULL;
798 /* Initialise request */
800 ZERO_STRUCT(request);
801 ZERO_STRUCT(response);
804 strncpy(request.domain_name, domain_name,
805 sizeof(request.domain_name)-1);
808 wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
811 BAIL_ON_WBC_ERROR(wbc_status);
813 users = wbcAllocateStringArray(response.data.num_entries);
815 return WBC_ERR_NO_MEMORY;
818 /* Look through extra data */
820 next = (const char *)response.extra_data.data;
825 if (num_users >= response.data.num_entries) {
826 wbc_status = WBC_ERR_INVALID_RESPONSE;
831 k = strchr(next, ',');
840 users[num_users] = strdup(current);
841 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
844 if (num_users != response.data.num_entries) {
845 wbc_status = WBC_ERR_INVALID_RESPONSE;
849 *_num_users = response.data.num_entries;
852 wbc_status = WBC_ERR_SUCCESS;
855 winbindd_free_response(&response);
856 wbcFreeMemory(users);
861 wbcErr wbcListGroups(const char *domain_name,
862 uint32_t *_num_groups,
863 const char ***_groups)
865 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
866 struct winbindd_request request;
867 struct winbindd_response response;
868 uint32_t num_groups = 0;
869 const char **groups = NULL;
872 /* Initialise request */
874 ZERO_STRUCT(request);
875 ZERO_STRUCT(response);
878 strncpy(request.domain_name, domain_name,
879 sizeof(request.domain_name)-1);
882 wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
885 BAIL_ON_WBC_ERROR(wbc_status);
887 groups = wbcAllocateStringArray(response.data.num_entries);
888 if (groups == NULL) {
889 return WBC_ERR_NO_MEMORY;
892 /* Look through extra data */
894 next = (const char *)response.extra_data.data;
899 if (num_groups >= response.data.num_entries) {
900 wbc_status = WBC_ERR_INVALID_RESPONSE;
905 k = strchr(next, ',');
914 groups[num_groups] = strdup(current);
915 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
918 if (num_groups != response.data.num_entries) {
919 wbc_status = WBC_ERR_INVALID_RESPONSE;
923 *_num_groups = response.data.num_entries;
926 wbc_status = WBC_ERR_SUCCESS;
929 winbindd_free_response(&response);
930 wbcFreeMemory(groups);
934 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
937 enum wbcSidType *pname_type)
942 enum wbcSidType name_type;
944 wbc_status = wbcLookupSid(sid, &domain, &name, &name_type);
945 BAIL_ON_WBC_ERROR(wbc_status);
947 if (name_type == WBC_SID_NAME_USER) {
951 wbc_status = wbcSidToUid(sid, &uid);
952 BAIL_ON_WBC_ERROR(wbc_status);
954 wbc_status = wbcGetpwuid(uid, &pwd);
955 BAIL_ON_WBC_ERROR(wbc_status);
959 name = wbcStrDup(pwd->pw_gecos);
961 BAIL_ON_PTR_ERROR(name, wbc_status);
964 wbc_status = WBC_ERR_SUCCESS;
967 if (WBC_ERROR_IS_OK(wbc_status)) {
970 *pname_type = name_type;
972 wbcFreeMemory(domain);
979 const char* wbcSidTypeString(enum wbcSidType type)
982 case WBC_SID_NAME_USE_NONE: return "SID_NONE";
983 case WBC_SID_NAME_USER: return "SID_USER";
984 case WBC_SID_NAME_DOM_GRP: return "SID_DOM_GROUP";
985 case WBC_SID_NAME_DOMAIN: return "SID_DOMAIN";
986 case WBC_SID_NAME_ALIAS: return "SID_ALIAS";
987 case WBC_SID_NAME_WKN_GRP: return "SID_WKN_GROUP";
988 case WBC_SID_NAME_DELETED: return "SID_DELETED";
989 case WBC_SID_NAME_INVALID: return "SID_INVALID";
990 case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN";
991 case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER";
992 default: return "Unknown type";
git.samba.org / kai / samba-autobuild / .git / blob