CVE-2018-10919 security: Add more comments to the object-specific access checks
[vlendec/samba-autobuild/.git] / nsswitch / winbind_nss_linux.c
index 2b51a8e15dbf6de4c7d848b745c53ab189e173f3..442c06e612ff34c7cb4c69fb61a65bfc5ab01089 100644 (file)
@@ -36,40 +36,30 @@ static pthread_mutex_t winbind_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
 #define MAX_GETPWENT_USERS 250
 #define MAX_GETGRENT_USERS 250
 
-NSS_STATUS _nss_winbind_setpwent(void);
-NSS_STATUS _nss_winbind_endpwent(void);
-NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
-                                  size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
-                                  char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
-                                  char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_setgrent(void);
-NSS_STATUS _nss_winbind_endgrent(void);
-NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
-                                  size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
-                                  size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
-                                  char *buffer, size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
-                                  size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
-                                      long int *size, gid_t **groups,
-                                      long int limit, int *errnop);
-NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
-                                   int *num_groups, char *buffer, size_t buf_size,
-                                   int *errnop);
-NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
-                                 size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
-                                 size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
-NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
-NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
-                                size_t buflen, int *errnop);
-NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
-                                size_t buflen, int *errnop);
+/*************************************************************************
+ ************************************************************************/
+
+#ifdef DEBUG_NSS
+static const char *nss_err_str(NSS_STATUS ret)
+{
+       switch (ret) {
+               case NSS_STATUS_TRYAGAIN:
+                       return "NSS_STATUS_TRYAGAIN";
+               case NSS_STATUS_SUCCESS:
+                       return "NSS_STATUS_SUCCESS";
+               case NSS_STATUS_NOTFOUND:
+                       return "NSS_STATUS_NOTFOUND";
+               case NSS_STATUS_UNAVAIL:
+                       return "NSS_STATUS_UNAVAIL";
+#ifdef NSS_STATUS_RETURN
+               case NSS_STATUS_RETURN:
+                       return "NSS_STATUS_RETURN";
+#endif
+               default:
+                       return "UNKNOWN RETURN CODE!!!!!!!";
+       }
+}
+#endif
 
 /* Prototypes from wb_common.c */
 
@@ -105,8 +95,8 @@ static bool next_token_alloc(const char **ptr,
                                 char **pp_buff,
                                 const char *sep)
 {
-       char *s;
-       char *saved_s;
+       const char *s;
+       const char *saved_s;
        char *pbuf;
        bool quoted;
        size_t len=1;
@@ -116,7 +106,7 @@ static bool next_token_alloc(const char **ptr,
                return(false);
        }
 
-       s = (char *)*ptr;
+       s = *ptr;
 
        /* default to simple separators */
        if (!sep) {
@@ -178,29 +168,33 @@ static NSS_STATUS fill_pwent(struct passwd *result,
                                  struct winbindd_pw *pw,
                                  char **buffer, size_t *buflen)
 {
+       size_t len;
+
        /* User name */
+       len = strlen(pw->pw_name) + 1;
 
        if ((result->pw_name =
-            get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
 
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->pw_name, pw->pw_name);
+       memcpy(result->pw_name, pw->pw_name, len);
 
        /* Password */
+       len = strlen(pw->pw_passwd) + 1;
 
        if ((result->pw_passwd =
-            get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
 
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->pw_passwd, pw->pw_passwd);
+       memcpy(result->pw_passwd, pw->pw_passwd, len);
 
        /* [ug]id */
 
@@ -208,40 +202,43 @@ static NSS_STATUS fill_pwent(struct passwd *result,
        result->pw_gid = pw->pw_gid;
 
        /* GECOS */
+       len = strlen(pw->pw_gecos) + 1;
 
        if ((result->pw_gecos =
-            get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
 
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->pw_gecos, pw->pw_gecos);
+       memcpy(result->pw_gecos, pw->pw_gecos, len);
 
        /* Home directory */
+       len = strlen(pw->pw_dir) + 1;
 
        if ((result->pw_dir =
-            get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
 
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->pw_dir, pw->pw_dir);
+       memcpy(result->pw_dir, pw->pw_dir, len);
 
        /* Logon shell */
+       len = strlen(pw->pw_shell) + 1;
 
        if ((result->pw_shell =
-            get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
 
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->pw_shell, pw->pw_shell);
+       memcpy(result->pw_shell, pw->pw_shell, len);
 
        /* The struct passwd for Solaris has some extra fields which must
           be initialised or nscd crashes. */
@@ -262,34 +259,37 @@ static NSS_STATUS fill_pwent(struct passwd *result,
    Return NSS_STATUS_TRYAGAIN if we run out of memory. */
 
 static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
-                     char *gr_mem, char **buffer, size_t *buflen)
+                     const char *gr_mem, char **buffer, size_t *buflen)
 {
        char *name;
        int i;
        char *tst;
+       size_t len;
 
        /* Group name */
+       len = strlen(gr->gr_name) + 1;
 
        if ((result->gr_name =
-            get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
 
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->gr_name, gr->gr_name);
+       memcpy(result->gr_name, gr->gr_name, len);
 
        /* Password */
+       len = strlen(gr->gr_passwd) + 1;
 
        if ((result->gr_passwd =
-            get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
+            get_static(buffer, buflen, len)) == NULL) {
 
                /* Out of memory */
                return NSS_STATUS_TRYAGAIN;
        }
 
-       strcpy(result->gr_passwd, gr->gr_passwd);
+       memcpy(result->gr_passwd, gr->gr_passwd, len);
 
        /* gid */
 
@@ -297,7 +297,7 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
 
        /* Group membership */
 
-       if ((gr->num_gr_mem < 0) || !gr_mem) {
+       if (!gr_mem) {
                gr->num_gr_mem = 0;
        }
 
@@ -330,13 +330,15 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
 
        while(next_token_alloc((const char **)&gr_mem, &name, ",")) {
                /* Allocate space for member */
+               len = strlen(name) + 1;
+
                if (((result->gr_mem)[i] =
-                    get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
+                    get_static(buffer, buflen, len)) == NULL) {
                        free(name);
                        /* Out of memory */
                        return NSS_STATUS_TRYAGAIN;
                }
-               strcpy((result->gr_mem)[i], name);
+               memcpy((result->gr_mem)[i], name, len);
                free(name);
                i++;
        }
@@ -376,7 +378,7 @@ _nss_winbind_setpwent(void)
                winbindd_free_response(&getpwent_response);
        }
 
-       ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
+       ret = winbindd_request_response(NULL, WINBINDD_SETPWENT, NULL, NULL);
 #ifdef DEBUG_NSS
        fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
                nss_err_str(ret), ret);
@@ -407,7 +409,7 @@ _nss_winbind_endpwent(void)
                winbindd_free_response(&getpwent_response);
        }
 
-       ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
+       ret = winbindd_request_response(NULL, WINBINDD_ENDPWENT, NULL, NULL);
 #ifdef DEBUG_NSS
        fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
                nss_err_str(ret), ret);
@@ -456,7 +458,7 @@ _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
 
        request.data.num_entries = MAX_GETPWENT_USERS;
 
-       ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
+       ret = winbindd_request_response(NULL, WINBINDD_GETPWENT, &request,
                               &getpwent_response);
 
        if (ret == NSS_STATUS_SUCCESS) {
@@ -544,7 +546,7 @@ _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
 
                request.data.uid = uid;
 
-               ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
+               ret = winbindd_request_response(NULL, WINBINDD_GETPWUID, &request, &response);
 
                if (ret == NSS_STATUS_SUCCESS) {
                        ret = fill_pwent(result, &response.data.pw,
@@ -620,7 +622,7 @@ _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
                request.data.username
                        [sizeof(request.data.username) - 1] = '\0';
 
-               ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
+               ret = winbindd_request_response(NULL, WINBINDD_GETPWNAM, &request, &response);
 
                if (ret == NSS_STATUS_SUCCESS) {
                        ret = fill_pwent(result, &response.data.pw, &buffer,
@@ -691,7 +693,7 @@ _nss_winbind_setgrent(void)
                winbindd_free_response(&getgrent_response);
        }
 
-       ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
+       ret = winbindd_request_response(NULL, WINBINDD_SETGRENT, NULL, NULL);
 #ifdef DEBUG_NSS
        fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
                nss_err_str(ret), ret);
@@ -723,7 +725,7 @@ _nss_winbind_endgrent(void)
                winbindd_free_response(&getgrent_response);
        }
 
-       ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
+       ret = winbindd_request_response(NULL, WINBINDD_ENDGRENT, NULL, NULL);
 #ifdef DEBUG_NSS
        fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
                nss_err_str(ret), ret);
@@ -774,7 +776,7 @@ winbind_getgrent(enum winbindd_cmd cmd,
 
        request.data.num_entries = MAX_GETGRENT_USERS;
 
-       ret = winbindd_request_response(cmd, &request,
+       ret = winbindd_request_response(NULL, cmd, &request,
                               &getgrent_response);
 
        if (ret == NSS_STATUS_SUCCESS) {
@@ -893,7 +895,8 @@ _nss_winbind_getgrnam_r(const char *name,
                request.data.groupname
                        [sizeof(request.data.groupname) - 1] = '\0';
 
-               ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
+               ret = winbindd_request_response(NULL, WINBINDD_GETGRNAM,
+                                               &request, &response);
 
                if (ret == NSS_STATUS_SUCCESS) {
                        ret = fill_grent(result, &response.data.gr,
@@ -971,7 +974,8 @@ _nss_winbind_getgrgid_r(gid_t gid,
 
                request.data.gid = gid;
 
-               ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
+               ret = winbindd_request_response(NULL, WINBINDD_GETGRGID,
+                                               &request, &response);
 
                if (ret == NSS_STATUS_SUCCESS) {
 
@@ -1020,7 +1024,7 @@ _nss_winbind_getgrgid_r(gid_t gid,
 /* Initialise supplementary groups */
 
 NSS_STATUS
-_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
+_nss_winbind_initgroups_dyn(const char *user, gid_t group, long int *start,
                            long int *size, gid_t **groups, long int limit,
                            int *errnop)
 {
@@ -1044,7 +1048,8 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
        strncpy(request.data.username, user,
                sizeof(request.data.username) - 1);
 
-       ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
+       ret = winbindd_request_response(NULL, WINBINDD_GETGROUPS,
+                                       &request, &response);
 
        if (ret == NSS_STATUS_SUCCESS) {
                int num_gids = response.data.num_entries;
@@ -1076,6 +1081,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
                                continue;
                        }
 
+                       /* Skip groups without a mapping */
+                       if (gid_list[i] == (uid_t)-1) {
+                               continue;
+                       }
+
                        /* Filled buffer ? If so, resize. */
 
                        if (*start == *size) {
@@ -1125,353 +1135,3 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
 
        return ret;
 }
-
-
-/* return a list of group SIDs for a user SID */
-NSS_STATUS
-_nss_winbind_getusersids(const char *user_sid, char **group_sids,
-                        int *num_groups,
-                        char *buffer, size_t buf_size, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_request request;
-       struct winbindd_response response;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(request);
-       ZERO_STRUCT(response);
-
-       strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
-       request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
-       ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
-
-       if (ret != NSS_STATUS_SUCCESS) {
-               goto done;
-       }
-
-       if (buf_size < response.length - sizeof(response)) {
-               ret = NSS_STATUS_TRYAGAIN;
-               errno = *errnop = ERANGE;
-               goto done;
-       }
-
-       *num_groups = response.data.num_entries;
-       *group_sids = buffer;
-       memcpy(buffer, response.extra_data.data, response.length - sizeof(response));
-       errno = *errnop = 0;
-
- done:
-       winbindd_free_response(&response);
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}
-
-
-/* map a user or group name to a SID string */
-NSS_STATUS
-_nss_winbind_nametosid(const char *name, char **sid, char *buffer,
-                      size_t buflen, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_response response;
-       struct winbindd_request request;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(response);
-       ZERO_STRUCT(request);
-
-       strncpy(request.data.name.name, name,
-               sizeof(request.data.name.name) - 1);
-       request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
-
-       ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
-       if (ret != NSS_STATUS_SUCCESS) {
-               *errnop = errno = EINVAL;
-               goto failed;
-       }
-
-       if (buflen < strlen(response.data.sid.sid)+1) {
-               ret = NSS_STATUS_TRYAGAIN;
-               *errnop = errno = ERANGE;
-               goto failed;
-       }
-
-       *errnop = errno = 0;
-       *sid = buffer;
-       strcpy(*sid, response.data.sid.sid);
-
-failed:
-       winbindd_free_response(&response);
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}
-
-/* map a sid string to a user or group name */
-NSS_STATUS
-_nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
-                      size_t buflen, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_response response;
-       struct winbindd_request request;
-       static char sep_char;
-       unsigned needed;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(response);
-       ZERO_STRUCT(request);
-
-       /* we need to fetch the separator first time through */
-       if (!sep_char) {
-               ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
-               if (ret != NSS_STATUS_SUCCESS) {
-                       *errnop = errno = EINVAL;
-                       goto failed;
-               }
-
-               sep_char = response.data.info.winbind_separator;
-               winbindd_free_response(&response);
-       }
-
-
-       strncpy(request.data.sid, sid,
-               sizeof(request.data.sid) - 1);
-       request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
-       ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
-       if (ret != NSS_STATUS_SUCCESS) {
-               *errnop = errno = EINVAL;
-               goto failed;
-       }
-
-       needed =
-               strlen(response.data.name.dom_name) +
-               strlen(response.data.name.name) + 2;
-
-       if (buflen < needed) {
-               ret = NSS_STATUS_TRYAGAIN;
-               *errnop = errno = ERANGE;
-               goto failed;
-       }
-
-       snprintf(buffer, needed, "%s%c%s",
-                response.data.name.dom_name,
-                sep_char,
-                response.data.name.name);
-
-       *name = buffer;
-       *errnop = errno = 0;
-
-failed:
-       winbindd_free_response(&response);
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}
-
-/* map a sid to a uid */
-NSS_STATUS
-_nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_response response;
-       struct winbindd_request request;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(request);
-       ZERO_STRUCT(response);
-
-       strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
-       request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
-       ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
-       if (ret != NSS_STATUS_SUCCESS) {
-               *errnop = errno = EINVAL;
-               goto failed;
-       }
-
-       *uid = response.data.uid;
-
-failed:
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}
-
-/* map a sid to a gid */
-NSS_STATUS
-_nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_response response;
-       struct winbindd_request request;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(request);
-       ZERO_STRUCT(response);
-
-       strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
-       request.data.sid[sizeof(request.data.sid) - 1] = '\0';
-
-       ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
-       if (ret != NSS_STATUS_SUCCESS) {
-               *errnop = errno = EINVAL;
-               goto failed;
-       }
-
-       *gid = response.data.gid;
-
-failed:
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}
-
-/* map a uid to a SID string */
-NSS_STATUS
-_nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
-                     size_t buflen, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_response response;
-       struct winbindd_request request;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(response);
-       ZERO_STRUCT(request);
-
-       request.data.uid = uid;
-
-       ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
-       if (ret != NSS_STATUS_SUCCESS) {
-               *errnop = errno = EINVAL;
-               goto failed;
-       }
-
-       if (buflen < strlen(response.data.sid.sid)+1) {
-               ret = NSS_STATUS_TRYAGAIN;
-               *errnop = errno = ERANGE;
-               goto failed;
-       }
-
-       *errnop = errno = 0;
-       *sid = buffer;
-       strcpy(*sid, response.data.sid.sid);
-
-failed:
-       winbindd_free_response(&response);
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}
-
-/* map a gid to a SID string */
-NSS_STATUS
-_nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
-                     size_t buflen, int *errnop)
-{
-       NSS_STATUS ret;
-       struct winbindd_response response;
-       struct winbindd_request request;
-
-#ifdef DEBUG_NSS
-       fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
-#endif
-
-#if HAVE_PTHREAD
-       pthread_mutex_lock(&winbind_nss_mutex);
-#endif
-
-       ZERO_STRUCT(response);
-       ZERO_STRUCT(request);
-
-       request.data.gid = gid;
-
-       ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
-       if (ret != NSS_STATUS_SUCCESS) {
-               *errnop = errno = EINVAL;
-               goto failed;
-       }
-
-       if (buflen < strlen(response.data.sid.sid)+1) {
-               ret = NSS_STATUS_TRYAGAIN;
-               *errnop = errno = ERANGE;
-               goto failed;
-       }
-
-       *errnop = errno = 0;
-       *sid = buffer;
-       strcpy(*sid, response.data.sid.sid);
-
-failed:
-       winbindd_free_response(&response);
-
-#if HAVE_PTHREAD
-       pthread_mutex_unlock(&winbind_nss_mutex);
-#endif
-
-       return ret;
-}