2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2010
10 This library is free software; you can redistribute it and/or
11 modify it under the terms of the GNU Lesser General Public
12 License as published by the Free Software Foundation; either
13 version 3 of the License, or (at your option) any later version.
15 This library is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Library General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 /* Required Headers */
27 #include "libwbclient.h"
28 #include "../winbind_client.h"
30 /* Convert a sid to a string into a buffer. Return the string
31 * length. If buflen is too small, return the string length that would
32 * result if it was long enough. */
33 int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen)
39 strlcpy(buf, "(NULL SID)", buflen);
40 return 10; /* strlen("(NULL SID)") */
44 * BIG NOTE: this function only does SIDS where the identauth is not
45 * >= ^32 in a range of 2^48.
48 id_auth = sid->id_auth[5] +
49 (sid->id_auth[4] << 8) +
50 (sid->id_auth[3] << 16) +
51 (sid->id_auth[2] << 24);
53 ofs = snprintf(buf, buflen, "S-%u-%lu",
54 (unsigned int)sid->sid_rev_num, (unsigned long)id_auth);
56 for (i = 0; i < sid->num_auths; i++) {
57 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%lu",
58 (unsigned long)sid->sub_auths[i]);
63 /* Convert a binary SID to a character string */
64 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
67 char buf[WBC_SID_STRING_BUFLEN];
72 return WBC_ERR_INVALID_SID;
75 len = wbcSidToStringBuf(sid, buf, sizeof(buf));
77 if (len+1 > sizeof(buf)) {
78 return WBC_ERR_INVALID_SID;
81 result = (char *)wbcAllocateMemory(len+1, 1, NULL);
83 return WBC_ERR_NO_MEMORY;
85 memcpy(result, buf, len+1);
88 return WBC_ERR_SUCCESS;
91 /* Convert a character string to a binary SID */
92 wbcErr wbcStringToSid(const char *str,
93 struct wbcDomainSid *sid)
98 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
101 wbc_status = WBC_ERR_INVALID_PARAM;
102 BAIL_ON_WBC_ERROR(wbc_status);
105 /* Sanity check for either "S-" or "s-" */
108 || (str[0]!='S' && str[0]!='s')
111 wbc_status = WBC_ERR_INVALID_PARAM;
112 BAIL_ON_WBC_ERROR(wbc_status);
115 /* Get the SID revision number */
118 x = (uint32_t)strtol(p, &q, 10);
119 if (x==0 || !q || *q!='-') {
120 wbc_status = WBC_ERR_INVALID_SID;
121 BAIL_ON_WBC_ERROR(wbc_status);
123 sid->sid_rev_num = (uint8_t)x;
125 /* Next the Identifier Authority. This is stored in big-endian
126 in a 6 byte array. */
129 x = (uint32_t)strtol(p, &q, 10);
131 wbc_status = WBC_ERR_INVALID_SID;
132 BAIL_ON_WBC_ERROR(wbc_status);
134 sid->id_auth[5] = (x & 0x000000ff);
135 sid->id_auth[4] = (x & 0x0000ff00) >> 8;
136 sid->id_auth[3] = (x & 0x00ff0000) >> 16;
137 sid->id_auth[2] = (x & 0xff000000) >> 24;
141 /* now read the the subauthorities */
145 while (sid->num_auths < WBC_MAXSUBAUTHS) {
146 x=(uint32_t)strtoul(p, &q, 10);
150 wbc_status = WBC_ERR_INVALID_SID;
151 BAIL_ON_WBC_ERROR(wbc_status);
153 sid->sub_auths[sid->num_auths++] = x;
161 /* IF we ended early, then the SID could not be converted */
164 wbc_status = WBC_ERR_INVALID_SID;
165 BAIL_ON_WBC_ERROR(wbc_status);
168 wbc_status = WBC_ERR_SUCCESS;
176 /* Convert a domain and name to SID */
177 wbcErr wbcLookupName(const char *domain,
179 struct wbcDomainSid *sid,
180 enum wbcSidType *name_type)
182 struct winbindd_request request;
183 struct winbindd_response response;
184 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
186 if (!sid || !name_type) {
187 wbc_status = WBC_ERR_INVALID_PARAM;
188 BAIL_ON_WBC_ERROR(wbc_status);
191 /* Initialize request */
193 ZERO_STRUCT(request);
194 ZERO_STRUCT(response);
196 /* dst is already null terminated from the memset above */
198 strncpy(request.data.name.dom_name, domain,
199 sizeof(request.data.name.dom_name)-1);
200 strncpy(request.data.name.name, name,
201 sizeof(request.data.name.name)-1);
203 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
206 BAIL_ON_WBC_ERROR(wbc_status);
208 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
209 BAIL_ON_WBC_ERROR(wbc_status);
211 *name_type = (enum wbcSidType)response.data.sid.type;
213 wbc_status = WBC_ERR_SUCCESS;
220 /* Convert a SID to a domain and name */
221 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
224 enum wbcSidType *pname_type)
226 struct winbindd_request request;
227 struct winbindd_response response;
228 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
232 return WBC_ERR_INVALID_PARAM;
235 /* Initialize request */
237 ZERO_STRUCT(request);
238 ZERO_STRUCT(response);
240 wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
244 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID, &request,
246 if (!WBC_ERROR_IS_OK(wbc_status)) {
250 /* Copy out result */
252 wbc_status = WBC_ERR_NO_MEMORY;
256 domain = wbcStrDup(response.data.name.dom_name);
257 if (domain == NULL) {
260 name = wbcStrDup(response.data.name.name);
264 if (pdomain != NULL) {
272 if (pname_type != NULL) {
273 *pname_type = (enum wbcSidType)response.data.name.type;
275 wbc_status = WBC_ERR_SUCCESS;
278 wbcFreeMemory(domain);
282 static void wbcDomainInfosDestructor(void *ptr)
284 struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
286 while (i->short_name != NULL) {
287 wbcFreeMemory(i->short_name);
288 wbcFreeMemory(i->dns_name);
293 static void wbcTranslatedNamesDestructor(void *ptr)
295 struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr;
297 while (n->name != NULL) {
303 wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
304 struct wbcDomainInfo **pdomains, int *pnum_domains,
305 struct wbcTranslatedName **pnames)
307 struct winbindd_request request;
308 struct winbindd_response response;
309 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
310 int buflen, i, extra_len, num_domains, num_names;
311 char *sidlist, *p, *q, *extra_data;
312 struct wbcDomainInfo *domains = NULL;
313 struct wbcTranslatedName *names = NULL;
315 buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
317 sidlist = (char *)malloc(buflen);
318 if (sidlist == NULL) {
319 return WBC_ERR_NO_MEMORY;
324 for (i=0; i<num_sids; i++) {
328 remaining = buflen - (p - sidlist);
330 len = wbcSidToStringBuf(&sids[i], p, remaining);
331 if (len > remaining) {
333 return WBC_ERR_UNKNOWN_FAILURE;
341 ZERO_STRUCT(request);
342 ZERO_STRUCT(response);
344 request.extra_data.data = sidlist;
345 request.extra_len = p - sidlist;
347 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSIDS,
348 &request, &response);
350 if (!WBC_ERROR_IS_OK(wbc_status)) {
354 extra_len = response.length - sizeof(struct winbindd_response);
355 extra_data = (char *)response.extra_data.data;
357 if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
358 goto wbc_err_invalid;
363 num_domains = strtoul(p, &q, 10);
365 goto wbc_err_invalid;
369 domains = (struct wbcDomainInfo *)wbcAllocateMemory(
370 num_domains+1, sizeof(struct wbcDomainInfo),
371 wbcDomainInfosDestructor);
372 if (domains == NULL) {
373 wbc_status = WBC_ERR_NO_MEMORY;
377 for (i=0; i<num_domains; i++) {
381 goto wbc_err_invalid;
384 wbc_status = wbcStringToSid(p, &domains[i].sid);
385 if (!WBC_ERROR_IS_OK(wbc_status)) {
392 goto wbc_err_invalid;
395 domains[i].short_name = wbcStrDup(p);
396 if (domains[i].short_name == NULL) {
397 wbc_status = WBC_ERR_NO_MEMORY;
403 num_names = strtoul(p, &q, 10);
405 goto wbc_err_invalid;
409 if (num_names != num_sids) {
410 goto wbc_err_invalid;
413 names = (struct wbcTranslatedName *)wbcAllocateMemory(
414 num_names+1, sizeof(struct wbcTranslatedName),
415 wbcTranslatedNamesDestructor);
417 wbc_status = WBC_ERR_NO_MEMORY;
421 for (i=0; i<num_names; i++) {
423 names[i].domain_index = strtoul(p, &q, 10);
425 goto wbc_err_invalid;
429 names[i].type = strtoul(p, &q, 10);
431 goto wbc_err_invalid;
437 goto wbc_err_invalid;
440 names[i].name = wbcStrDup(p);
441 if (names[i].name == NULL) {
442 wbc_status = WBC_ERR_NO_MEMORY;
448 goto wbc_err_invalid;
453 winbindd_free_response(&response);
454 return WBC_ERR_SUCCESS;
457 wbc_status = WBC_ERR_INVALID_RESPONSE;
459 winbindd_free_response(&response);
460 wbcFreeMemory(domains);
461 wbcFreeMemory(names);
465 /* Translate a collection of RIDs within a domain to names */
467 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
470 const char **pp_domain_name,
471 const char ***pnames,
472 enum wbcSidType **ptypes)
474 size_t i, len, ridbuf_size;
477 struct winbindd_request request;
478 struct winbindd_response response;
479 char *domain_name = NULL;
480 const char **names = NULL;
481 enum wbcSidType *types = NULL;
482 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
484 /* Initialise request */
486 ZERO_STRUCT(request);
487 ZERO_STRUCT(response);
489 if (!dom_sid || (num_rids == 0)) {
490 wbc_status = WBC_ERR_INVALID_PARAM;
491 BAIL_ON_WBC_ERROR(wbc_status);
494 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
496 /* Even if all the Rids were of maximum 32bit values,
497 we would only have 11 bytes per rid in the final array
498 ("4294967296" + \n). Add one more byte for the
501 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
503 ridlist = (char *)malloc(ridbuf_size);
504 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
507 for (i=0; i<num_rids; i++) {
508 len += snprintf(ridlist + len, ridbuf_size - len, "%u\n",
514 request.extra_data.data = ridlist;
515 request.extra_len = len;
517 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
521 BAIL_ON_WBC_ERROR(wbc_status);
523 domain_name = wbcStrDup(response.data.domain_name);
524 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
526 names = wbcAllocateStringArray(num_rids);
527 BAIL_ON_PTR_ERROR(names, wbc_status);
529 types = (enum wbcSidType *)wbcAllocateMemory(
530 num_rids, sizeof(enum wbcSidType), NULL);
531 BAIL_ON_PTR_ERROR(types, wbc_status);
533 p = (char *)response.extra_data.data;
535 for (i=0; i<num_rids; i++) {
539 wbc_status = WBC_ERR_INVALID_RESPONSE;
543 types[i] = (enum wbcSidType)strtoul(p, &q, 10);
546 wbc_status = WBC_ERR_INVALID_RESPONSE;
552 if ((q = strchr(p, '\n')) == NULL) {
553 wbc_status = WBC_ERR_INVALID_RESPONSE;
559 names[i] = strdup(p);
560 BAIL_ON_PTR_ERROR(names[i], wbc_status);
566 wbc_status = WBC_ERR_INVALID_RESPONSE;
570 wbc_status = WBC_ERR_SUCCESS;
573 winbindd_free_response(&response);
575 if (WBC_ERROR_IS_OK(wbc_status)) {
576 *pp_domain_name = domain_name;
581 wbcFreeMemory(domain_name);
582 wbcFreeMemory(names);
583 wbcFreeMemory(types);
589 /* Get the groups a user belongs to */
590 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
591 bool domain_groups_only,
593 struct wbcDomainSid **_sids)
597 struct winbindd_request request;
598 struct winbindd_response response;
599 struct wbcDomainSid *sids = NULL;
600 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
603 /* Initialise request */
605 ZERO_STRUCT(request);
606 ZERO_STRUCT(response);
609 wbc_status = WBC_ERR_INVALID_PARAM;
610 BAIL_ON_WBC_ERROR(wbc_status);
613 wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid));
615 if (domain_groups_only) {
616 cmd = WINBINDD_GETUSERDOMGROUPS;
618 cmd = WINBINDD_GETUSERSIDS;
621 wbc_status = wbcRequestResponse(cmd,
624 BAIL_ON_WBC_ERROR(wbc_status);
626 if (response.data.num_entries &&
627 !response.extra_data.data) {
628 wbc_status = WBC_ERR_INVALID_RESPONSE;
629 BAIL_ON_WBC_ERROR(wbc_status);
632 sids = (struct wbcDomainSid *)wbcAllocateMemory(
633 response.data.num_entries, sizeof(struct wbcDomainSid),
635 BAIL_ON_PTR_ERROR(sids, wbc_status);
637 s = (const char *)response.extra_data.data;
638 for (i = 0; i < response.data.num_entries; i++) {
639 char *n = strchr(s, '\n');
643 wbc_status = wbcStringToSid(s, &sids[i]);
644 BAIL_ON_WBC_ERROR(wbc_status);
648 *num_sids = response.data.num_entries;
651 wbc_status = WBC_ERR_SUCCESS;
654 winbindd_free_response(&response);
663 wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
665 if (sid->num_auths < 1) {
666 return WBC_ERR_INVALID_RESPONSE;
668 *rid = sid->sub_auths[sid->num_auths - 1];
670 return WBC_ERR_SUCCESS;
673 /* Get alias membership for sids */
674 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
675 struct wbcDomainSid *sids,
677 uint32_t **alias_rids,
678 uint32_t *num_alias_rids)
682 struct winbindd_request request;
683 struct winbindd_response response;
684 ssize_t extra_data_len = 0;
685 char * extra_data = NULL;
687 struct wbcDomainSid sid;
688 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
689 uint32_t * rids = NULL;
691 /* Initialise request */
693 ZERO_STRUCT(request);
694 ZERO_STRUCT(response);
697 wbc_status = WBC_ERR_INVALID_PARAM;
701 wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
703 /* Lets assume each sid is around 57 characters
704 * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
705 buflen = 57 * num_sids;
706 extra_data = (char *)malloc(buflen);
708 wbc_status = WBC_ERR_NO_MEMORY;
712 /* Build the sid list */
713 for (i=0; i<num_sids; i++) {
714 char sid_str[WBC_SID_STRING_BUFLEN];
717 sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str));
719 if (buflen < extra_data_len + sid_len + 2) {
721 extra_data = (char *)realloc(extra_data, buflen);
723 wbc_status = WBC_ERR_NO_MEMORY;
724 BAIL_ON_WBC_ERROR(wbc_status);
728 strncpy(&extra_data[extra_data_len], sid_str,
729 buflen - extra_data_len);
730 extra_data_len += sid_len;
731 extra_data[extra_data_len++] = '\n';
732 extra_data[extra_data_len] = '\0';
736 request.extra_data.data = extra_data;
737 request.extra_len = extra_data_len;
739 wbc_status = wbcRequestResponse(WINBINDD_GETSIDALIASES,
742 BAIL_ON_WBC_ERROR(wbc_status);
744 if (response.data.num_entries &&
745 !response.extra_data.data) {
746 wbc_status = WBC_ERR_INVALID_RESPONSE;
750 rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries,
751 sizeof(uint32_t), NULL);
752 BAIL_ON_PTR_ERROR(sids, wbc_status);
754 s = (const char *)response.extra_data.data;
755 for (i = 0; i < response.data.num_entries; i++) {
756 char *n = strchr(s, '\n');
760 wbc_status = wbcStringToSid(s, &sid);
761 BAIL_ON_WBC_ERROR(wbc_status);
762 wbc_status = _sid_to_rid(&sid, &rids[i]);
763 BAIL_ON_WBC_ERROR(wbc_status);
767 *num_alias_rids = response.data.num_entries;
770 wbc_status = WBC_ERR_SUCCESS;
774 winbindd_free_response(&response);
781 wbcErr wbcListUsers(const char *domain_name,
782 uint32_t *_num_users,
783 const char ***_users)
785 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
786 struct winbindd_request request;
787 struct winbindd_response response;
788 uint32_t num_users = 0;
789 const char **users = NULL;
792 /* Initialise request */
794 ZERO_STRUCT(request);
795 ZERO_STRUCT(response);
798 strncpy(request.domain_name, domain_name,
799 sizeof(request.domain_name)-1);
802 wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
805 BAIL_ON_WBC_ERROR(wbc_status);
807 users = wbcAllocateStringArray(response.data.num_entries);
809 return WBC_ERR_NO_MEMORY;
812 /* Look through extra data */
814 next = (const char *)response.extra_data.data;
819 if (num_users >= response.data.num_entries) {
820 wbc_status = WBC_ERR_INVALID_RESPONSE;
825 k = strchr(next, ',');
834 users[num_users] = strdup(current);
835 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
838 if (num_users != response.data.num_entries) {
839 wbc_status = WBC_ERR_INVALID_RESPONSE;
843 *_num_users = response.data.num_entries;
846 wbc_status = WBC_ERR_SUCCESS;
849 winbindd_free_response(&response);
850 wbcFreeMemory(users);
855 wbcErr wbcListGroups(const char *domain_name,
856 uint32_t *_num_groups,
857 const char ***_groups)
859 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
860 struct winbindd_request request;
861 struct winbindd_response response;
862 uint32_t num_groups = 0;
863 const char **groups = NULL;
866 /* Initialise request */
868 ZERO_STRUCT(request);
869 ZERO_STRUCT(response);
872 strncpy(request.domain_name, domain_name,
873 sizeof(request.domain_name)-1);
876 wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
879 BAIL_ON_WBC_ERROR(wbc_status);
881 groups = wbcAllocateStringArray(response.data.num_entries);
882 if (groups == NULL) {
883 return WBC_ERR_NO_MEMORY;
886 /* Look through extra data */
888 next = (const char *)response.extra_data.data;
893 if (num_groups >= response.data.num_entries) {
894 wbc_status = WBC_ERR_INVALID_RESPONSE;
899 k = strchr(next, ',');
908 groups[num_groups] = strdup(current);
909 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
912 if (num_groups != response.data.num_entries) {
913 wbc_status = WBC_ERR_INVALID_RESPONSE;
917 *_num_groups = response.data.num_entries;
920 wbc_status = WBC_ERR_SUCCESS;
923 winbindd_free_response(&response);
924 wbcFreeMemory(groups);
928 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
931 enum wbcSidType *pname_type)
936 enum wbcSidType name_type;
938 wbc_status = wbcLookupSid(sid, &domain, &name, &name_type);
939 BAIL_ON_WBC_ERROR(wbc_status);
941 if (name_type == WBC_SID_NAME_USER) {
945 wbc_status = wbcSidToUid(sid, &uid);
946 BAIL_ON_WBC_ERROR(wbc_status);
948 wbc_status = wbcGetpwuid(uid, &pwd);
949 BAIL_ON_WBC_ERROR(wbc_status);
953 name = wbcStrDup(pwd->pw_gecos);
955 BAIL_ON_PTR_ERROR(name, wbc_status);
958 wbc_status = WBC_ERR_SUCCESS;
961 if (WBC_ERROR_IS_OK(wbc_status)) {
964 *pname_type = name_type;
966 wbcFreeMemory(domain);
973 const char* wbcSidTypeString(enum wbcSidType type)
976 case WBC_SID_NAME_USE_NONE: return "SID_NONE";
977 case WBC_SID_NAME_USER: return "SID_USER";
978 case WBC_SID_NAME_DOM_GRP: return "SID_DOM_GROUP";
979 case WBC_SID_NAME_DOMAIN: return "SID_DOMAIN";
980 case WBC_SID_NAME_ALIAS: return "SID_ALIAS";
981 case WBC_SID_NAME_WKN_GRP: return "SID_WKN_GROUP";
982 case WBC_SID_NAME_DELETED: return "SID_DELETED";
983 case WBC_SID_NAME_INVALID: return "SID_INVALID";
984 case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN";
985 case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER";
986 default: return "Unknown type";