2 Unix SMB/CIFS implementation.
4 Windows NT Domain nsswitch module
6 Copyright (C) Tim Potter 2000
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "winbind_client.h"
29 static pthread_mutex_t winbind_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
32 /* Maximum number of users to pass back over the unix domain socket
33 per call. This is not a static limit on the total number of users
34 or groups returned in total. */
36 #define MAX_GETPWENT_USERS 250
37 #define MAX_GETGRENT_USERS 250
39 NSS_STATUS _nss_winbind_setpwent(void);
40 NSS_STATUS _nss_winbind_endpwent(void);
41 NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
42 size_t buflen, int *errnop);
43 NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
44 char *buffer, size_t buflen, int *errnop);
45 NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result,
46 char *buffer, size_t buflen, int *errnop);
47 NSS_STATUS _nss_winbind_setgrent(void);
48 NSS_STATUS _nss_winbind_endgrent(void);
49 NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer,
50 size_t buflen, int *errnop);
51 NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer,
52 size_t buflen, int *errnop);
53 NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result,
54 char *buffer, size_t buflen, int *errnop);
55 NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer,
56 size_t buflen, int *errnop);
57 NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
58 long int *size, gid_t **groups,
59 long int limit, int *errnop);
60 NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids,
61 int *num_groups, char *buffer, size_t buf_size,
63 NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
64 size_t buflen, int *errnop);
65 NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
66 size_t buflen, int *errnop);
67 NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
68 NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
69 NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
70 size_t buflen, int *errnop);
71 NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
72 size_t buflen, int *errnop);
74 /* Prototypes from wb_common.c */
76 /* Allocate some space from the nss static buffer. The buffer and buflen
77 are the pointers passed in by the C library to the _nss_ntdom_*
80 static char *get_static(char **buffer, size_t *buflen, size_t len)
84 /* Error check. We return false if things aren't set up right, or
85 there isn't enough buffer space left. */
87 if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
91 /* Return an index into the static buffer */
100 /* I've copied the strtok() replacement function next_token_Xalloc() from
101 lib/util_str.c as I really don't want to have to link in any other
102 objects if I can possibly avoid it. */
104 static bool next_token_alloc(const char **ptr,
121 /* default to simple separators */
126 /* find the first non sep char */
127 while (*s && strchr(sep,*s)) {
136 /* When restarting we need to go from here. */
139 /* Work out the length needed. */
140 for (quoted = false; *s &&
141 (quoted || !strchr(sep,*s)); s++) {
149 /* We started with len = 1 so we have space for the nul. */
150 *pp_buff = (char *)malloc(len);
155 /* copy over the token */
158 for (quoted = false; *s &&
159 (quoted || !strchr(sep,*s)); s++) {
167 *ptr = (*s) ? s+1 : s;
173 /* Fill a pwent structure from a winbindd_response structure. We use
174 the static data passed to us by libc to put strings and stuff in.
175 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
177 static NSS_STATUS fill_pwent(struct passwd *result,
178 struct winbindd_pw *pw,
179 char **buffer, size_t *buflen)
183 if ((result->pw_name =
184 get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
188 return NSS_STATUS_TRYAGAIN;
191 strcpy(result->pw_name, pw->pw_name);
195 if ((result->pw_passwd =
196 get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
200 return NSS_STATUS_TRYAGAIN;
203 strcpy(result->pw_passwd, pw->pw_passwd);
207 result->pw_uid = pw->pw_uid;
208 result->pw_gid = pw->pw_gid;
212 if ((result->pw_gecos =
213 get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
217 return NSS_STATUS_TRYAGAIN;
220 strcpy(result->pw_gecos, pw->pw_gecos);
224 if ((result->pw_dir =
225 get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
229 return NSS_STATUS_TRYAGAIN;
232 strcpy(result->pw_dir, pw->pw_dir);
236 if ((result->pw_shell =
237 get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
241 return NSS_STATUS_TRYAGAIN;
244 strcpy(result->pw_shell, pw->pw_shell);
246 /* The struct passwd for Solaris has some extra fields which must
247 be initialised or nscd crashes. */
249 #if HAVE_PASSWD_PW_COMMENT
250 result->pw_comment = "";
253 #if HAVE_PASSWD_PW_AGE
257 return NSS_STATUS_SUCCESS;
260 /* Fill a grent structure from a winbindd_response structure. We use
261 the static data passed to us by libc to put strings and stuff in.
262 Return NSS_STATUS_TRYAGAIN if we run out of memory. */
264 static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
265 char *gr_mem, char **buffer, size_t *buflen)
273 if ((result->gr_name =
274 get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
278 return NSS_STATUS_TRYAGAIN;
281 strcpy(result->gr_name, gr->gr_name);
285 if ((result->gr_passwd =
286 get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
289 return NSS_STATUS_TRYAGAIN;
292 strcpy(result->gr_passwd, gr->gr_passwd);
296 result->gr_gid = gr->gr_gid;
298 /* Group membership */
300 if ((gr->num_gr_mem < 0) || !gr_mem) {
304 /* this next value is a pointer to a pointer so let's align it */
306 /* Calculate number of extra bytes needed to align on pointer size boundry */
307 if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
308 i = sizeof(char*) - i;
310 if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
311 sizeof(char *)+i))) == NULL) {
315 return NSS_STATUS_TRYAGAIN;
317 result->gr_mem = (char **)(tst + i);
319 if (gr->num_gr_mem == 0) {
323 *(result->gr_mem) = NULL;
324 return NSS_STATUS_SUCCESS;
327 /* Start looking at extra data */
331 while(next_token_alloc((const char **)&gr_mem, &name, ",")) {
332 /* Allocate space for member */
333 if (((result->gr_mem)[i] =
334 get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
337 return NSS_STATUS_TRYAGAIN;
339 strcpy((result->gr_mem)[i], name);
346 (result->gr_mem)[i] = NULL;
348 return NSS_STATUS_SUCCESS;
355 static struct winbindd_response getpwent_response;
357 static int ndx_pw_cache; /* Current index into pwd cache */
358 static int num_pw_cache; /* Current size of pwd cache */
360 /* Rewind "file pointer" to start of ntdom password database */
363 _nss_winbind_setpwent(void)
367 fprintf(stderr, "[%5d]: setpwent\n", getpid());
371 pthread_mutex_lock(&winbind_nss_mutex);
374 if (num_pw_cache > 0) {
375 ndx_pw_cache = num_pw_cache = 0;
376 winbindd_free_response(&getpwent_response);
379 ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
381 fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
382 nss_err_str(ret), ret);
386 pthread_mutex_unlock(&winbind_nss_mutex);
391 /* Close ntdom password database "file pointer" */
394 _nss_winbind_endpwent(void)
398 fprintf(stderr, "[%5d]: endpwent\n", getpid());
402 pthread_mutex_lock(&winbind_nss_mutex);
405 if (num_pw_cache > 0) {
406 ndx_pw_cache = num_pw_cache = 0;
407 winbindd_free_response(&getpwent_response);
410 ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
412 fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
413 nss_err_str(ret), ret);
417 pthread_mutex_unlock(&winbind_nss_mutex);
423 /* Fetch the next password entry from ntdom password database */
426 _nss_winbind_getpwent_r(struct passwd *result, char *buffer,
427 size_t buflen, int *errnop)
430 struct winbindd_request request;
431 static int called_again;
434 fprintf(stderr, "[%5d]: getpwent\n", getpid());
438 pthread_mutex_lock(&winbind_nss_mutex);
441 /* Return an entry from the cache if we have one, or if we are
442 called again because we exceeded our static buffer. */
444 if ((ndx_pw_cache < num_pw_cache) || called_again) {
448 /* Else call winbindd to get a bunch of entries */
450 if (num_pw_cache > 0) {
451 winbindd_free_response(&getpwent_response);
454 ZERO_STRUCT(request);
455 ZERO_STRUCT(getpwent_response);
457 request.data.num_entries = MAX_GETPWENT_USERS;
459 ret = winbindd_request_response(WINBINDD_GETPWENT, &request,
462 if (ret == NSS_STATUS_SUCCESS) {
463 struct winbindd_pw *pw_cache;
468 num_pw_cache = getpwent_response.data.num_entries;
470 /* Return a result */
474 pw_cache = (struct winbindd_pw *)
475 getpwent_response.extra_data.data;
477 /* Check data is valid */
479 if (pw_cache == NULL) {
480 ret = NSS_STATUS_NOTFOUND;
484 ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
487 /* Out of memory - try again */
489 if (ret == NSS_STATUS_TRYAGAIN) {
491 *errnop = errno = ERANGE;
496 called_again = false;
499 /* If we've finished with this lot of results free cache */
501 if (ndx_pw_cache == num_pw_cache) {
502 ndx_pw_cache = num_pw_cache = 0;
503 winbindd_free_response(&getpwent_response);
508 fprintf(stderr, "[%5d]: getpwent returns %s (%d)\n", getpid(),
509 nss_err_str(ret), ret);
513 pthread_mutex_unlock(&winbind_nss_mutex);
518 /* Return passwd struct from uid */
521 _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
522 size_t buflen, int *errnop)
525 static struct winbindd_response response;
526 struct winbindd_request request;
527 static int keep_response;
530 fprintf(stderr, "[%5d]: getpwuid_r %d\n", getpid(), (unsigned int)uid);
534 pthread_mutex_lock(&winbind_nss_mutex);
537 /* If our static buffer needs to be expanded we are called again */
538 if (!keep_response || uid != response.data.pw.pw_uid) {
540 /* Call for the first time */
542 ZERO_STRUCT(response);
543 ZERO_STRUCT(request);
545 request.data.uid = uid;
547 ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
549 if (ret == NSS_STATUS_SUCCESS) {
550 ret = fill_pwent(result, &response.data.pw,
553 if (ret == NSS_STATUS_TRYAGAIN) {
554 keep_response = true;
555 *errnop = errno = ERANGE;
562 /* We've been called again */
564 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
566 if (ret == NSS_STATUS_TRYAGAIN) {
567 *errnop = errno = ERANGE;
571 keep_response = false;
575 winbindd_free_response(&response);
580 fprintf(stderr, "[%5d]: getpwuid %d returns %s (%d)\n", getpid(),
581 (unsigned int)uid, nss_err_str(ret), ret);
585 pthread_mutex_unlock(&winbind_nss_mutex);
591 /* Return passwd struct from username */
593 _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
594 size_t buflen, int *errnop)
597 static struct winbindd_response response;
598 struct winbindd_request request;
599 static int keep_response;
602 fprintf(stderr, "[%5d]: getpwnam_r %s\n", getpid(), name);
606 pthread_mutex_lock(&winbind_nss_mutex);
609 /* If our static buffer needs to be expanded we are called again */
611 if (!keep_response || strcmp(name,response.data.pw.pw_name) != 0) {
613 /* Call for the first time */
615 ZERO_STRUCT(response);
616 ZERO_STRUCT(request);
618 strncpy(request.data.username, name,
619 sizeof(request.data.username) - 1);
620 request.data.username
621 [sizeof(request.data.username) - 1] = '\0';
623 ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
625 if (ret == NSS_STATUS_SUCCESS) {
626 ret = fill_pwent(result, &response.data.pw, &buffer,
629 if (ret == NSS_STATUS_TRYAGAIN) {
630 keep_response = true;
631 *errnop = errno = ERANGE;
638 /* We've been called again */
640 ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
642 if (ret == NSS_STATUS_TRYAGAIN) {
643 keep_response = true;
644 *errnop = errno = ERANGE;
648 keep_response = false;
652 winbindd_free_response(&response);
655 fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
656 name, nss_err_str(ret), ret);
660 pthread_mutex_unlock(&winbind_nss_mutex);
667 * NSS group functions
670 static struct winbindd_response getgrent_response;
672 static int ndx_gr_cache; /* Current index into grp cache */
673 static int num_gr_cache; /* Current size of grp cache */
675 /* Rewind "file pointer" to start of ntdom group database */
678 _nss_winbind_setgrent(void)
682 fprintf(stderr, "[%5d]: setgrent\n", getpid());
686 pthread_mutex_lock(&winbind_nss_mutex);
689 if (num_gr_cache > 0) {
690 ndx_gr_cache = num_gr_cache = 0;
691 winbindd_free_response(&getgrent_response);
694 ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
696 fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
697 nss_err_str(ret), ret);
701 pthread_mutex_unlock(&winbind_nss_mutex);
707 /* Close "file pointer" for ntdom group database */
710 _nss_winbind_endgrent(void)
714 fprintf(stderr, "[%5d]: endgrent\n", getpid());
718 pthread_mutex_lock(&winbind_nss_mutex);
721 if (num_gr_cache > 0) {
722 ndx_gr_cache = num_gr_cache = 0;
723 winbindd_free_response(&getgrent_response);
726 ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
728 fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
729 nss_err_str(ret), ret);
733 pthread_mutex_unlock(&winbind_nss_mutex);
739 /* Get next entry from ntdom group database */
742 winbind_getgrent(enum winbindd_cmd cmd,
743 struct group *result,
744 char *buffer, size_t buflen, int *errnop)
747 static struct winbindd_request request;
748 static int called_again;
752 fprintf(stderr, "[%5d]: getgrent\n", getpid());
756 pthread_mutex_lock(&winbind_nss_mutex);
759 /* Return an entry from the cache if we have one, or if we are
760 called again because we exceeded our static buffer. */
762 if ((ndx_gr_cache < num_gr_cache) || called_again) {
766 /* Else call winbindd to get a bunch of entries */
768 if (num_gr_cache > 0) {
769 winbindd_free_response(&getgrent_response);
772 ZERO_STRUCT(request);
773 ZERO_STRUCT(getgrent_response);
775 request.data.num_entries = MAX_GETGRENT_USERS;
777 ret = winbindd_request_response(cmd, &request,
780 if (ret == NSS_STATUS_SUCCESS) {
781 struct winbindd_gr *gr_cache;
787 num_gr_cache = getgrent_response.data.num_entries;
789 /* Return a result */
793 gr_cache = (struct winbindd_gr *)
794 getgrent_response.extra_data.data;
796 /* Check data is valid */
798 if (gr_cache == NULL) {
799 ret = NSS_STATUS_NOTFOUND;
803 /* Fill group membership. The offset into the extra data
804 for the group membership is the reported offset plus the
805 size of all the winbindd_gr records returned. */
807 mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
808 num_gr_cache * sizeof(struct winbindd_gr);
810 ret = fill_grent(result, &gr_cache[ndx_gr_cache],
811 ((char *)getgrent_response.extra_data.data)+mem_ofs,
814 /* Out of memory - try again */
816 if (ret == NSS_STATUS_TRYAGAIN) {
818 *errnop = errno = ERANGE;
823 called_again = false;
826 /* If we've finished with this lot of results free cache */
828 if (ndx_gr_cache == num_gr_cache) {
829 ndx_gr_cache = num_gr_cache = 0;
830 winbindd_free_response(&getgrent_response);
835 fprintf(stderr, "[%5d]: getgrent returns %s (%d)\n", getpid(),
836 nss_err_str(ret), ret);
840 pthread_mutex_unlock(&winbind_nss_mutex);
848 _nss_winbind_getgrent_r(struct group *result,
849 char *buffer, size_t buflen, int *errnop)
851 return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
855 _nss_winbind_getgrlst_r(struct group *result,
856 char *buffer, size_t buflen, int *errnop)
858 return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
861 /* Return group struct from group name */
864 _nss_winbind_getgrnam_r(const char *name,
865 struct group *result, char *buffer,
866 size_t buflen, int *errnop)
869 static struct winbindd_response response;
870 struct winbindd_request request;
871 static int keep_response;
874 fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
878 pthread_mutex_lock(&winbind_nss_mutex);
881 /* If our static buffer needs to be expanded we are called again */
882 /* Or if the stored response group name differs from the request. */
884 if (!keep_response || strcmp(name,response.data.gr.gr_name) != 0) {
886 /* Call for the first time */
888 ZERO_STRUCT(request);
889 ZERO_STRUCT(response);
891 strncpy(request.data.groupname, name,
892 sizeof(request.data.groupname));
893 request.data.groupname
894 [sizeof(request.data.groupname) - 1] = '\0';
896 ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
898 if (ret == NSS_STATUS_SUCCESS) {
899 ret = fill_grent(result, &response.data.gr,
900 (char *)response.extra_data.data,
903 if (ret == NSS_STATUS_TRYAGAIN) {
904 keep_response = true;
905 *errnop = errno = ERANGE;
912 /* We've been called again */
914 ret = fill_grent(result, &response.data.gr,
915 (char *)response.extra_data.data, &buffer,
918 if (ret == NSS_STATUS_TRYAGAIN) {
919 keep_response = true;
920 *errnop = errno = ERANGE;
924 keep_response = false;
928 winbindd_free_response(&response);
931 fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
932 name, nss_err_str(ret), ret);
936 pthread_mutex_unlock(&winbind_nss_mutex);
942 /* Return group struct from gid */
945 _nss_winbind_getgrgid_r(gid_t gid,
946 struct group *result, char *buffer,
947 size_t buflen, int *errnop)
950 static struct winbindd_response response;
951 struct winbindd_request request;
952 static int keep_response;
955 fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
959 pthread_mutex_lock(&winbind_nss_mutex);
962 /* If our static buffer needs to be expanded we are called again */
963 /* Or if the stored response group name differs from the request. */
965 if (!keep_response || gid != response.data.gr.gr_gid) {
967 /* Call for the first time */
969 ZERO_STRUCT(request);
970 ZERO_STRUCT(response);
972 request.data.gid = gid;
974 ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
976 if (ret == NSS_STATUS_SUCCESS) {
978 ret = fill_grent(result, &response.data.gr,
979 (char *)response.extra_data.data,
982 if (ret == NSS_STATUS_TRYAGAIN) {
983 keep_response = true;
984 *errnop = errno = ERANGE;
991 /* We've been called again */
993 ret = fill_grent(result, &response.data.gr,
994 (char *)response.extra_data.data, &buffer,
997 if (ret == NSS_STATUS_TRYAGAIN) {
998 keep_response = true;
999 *errnop = errno = ERANGE;
1003 keep_response = false;
1007 winbindd_free_response(&response);
1010 fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
1011 (unsigned int)gid, nss_err_str(ret), ret);
1015 pthread_mutex_unlock(&winbind_nss_mutex);
1020 /* Initialise supplementary groups */
1023 _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
1024 long int *size, gid_t **groups, long int limit,
1028 struct winbindd_request request;
1029 struct winbindd_response response;
1033 fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
1037 if (strcmp(user, "root") == 0) {
1038 /* as a special case, don't return groups for
1039 'root'. This ensures that no matter what state
1040 winbind is in, we can still ssh into the host as
1042 return NSS_STATUS_NOTFOUND;
1046 pthread_mutex_lock(&winbind_nss_mutex);
1049 ZERO_STRUCT(request);
1050 ZERO_STRUCT(response);
1052 strncpy(request.data.username, user,
1053 sizeof(request.data.username) - 1);
1055 ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
1057 if (ret == NSS_STATUS_SUCCESS) {
1058 int num_gids = response.data.num_entries;
1059 gid_t *gid_list = (gid_t *)response.extra_data.data;
1062 fprintf(stderr, "[%5d]: initgroups %s: got NSS_STATUS_SUCCESS "
1063 "and %d gids\n", getpid(),
1066 if (gid_list == NULL) {
1067 ret = NSS_STATUS_NOTFOUND;
1071 /* Copy group list to client */
1073 for (i = 0; i < num_gids; i++) {
1076 fprintf(stderr, "[%5d]: initgroups %s (%d): "
1077 "processing gid %d \n", getpid(),
1078 user, group, gid_list[i]);
1081 /* Skip primary group */
1083 if (gid_list[i] == group) {
1087 /* Filled buffer ? If so, resize. */
1089 if (*start == *size) {
1093 newsize = 2 * (*size);
1095 if (*size == limit) {
1098 if (newsize > limit) {
1103 newgroups = (gid_t *)
1105 newsize * sizeof(**groups));
1108 ret = NSS_STATUS_NOTFOUND;
1111 *groups = newgroups;
1117 (*groups)[*start] = gid_list[i];
1122 /* Back to your regularly scheduled programming */
1126 fprintf(stderr, "[%5d]: initgroups %s returns %s (%d)\n", getpid(),
1127 user, nss_err_str(ret), ret);
1131 pthread_mutex_unlock(&winbind_nss_mutex);
1138 /* return a list of group SIDs for a user SID */
1140 _nss_winbind_getusersids(const char *user_sid, char **group_sids,
1142 char *buffer, size_t buf_size, int *errnop)
1145 struct winbindd_request request;
1146 struct winbindd_response response;
1149 fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
1153 pthread_mutex_lock(&winbind_nss_mutex);
1156 ZERO_STRUCT(request);
1157 ZERO_STRUCT(response);
1159 strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
1160 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1162 ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
1164 if (ret != NSS_STATUS_SUCCESS) {
1168 if (buf_size < response.length - sizeof(response)) {
1169 ret = NSS_STATUS_TRYAGAIN;
1170 errno = *errnop = ERANGE;
1174 *num_groups = response.data.num_entries;
1175 *group_sids = buffer;
1176 memcpy(buffer, response.extra_data.data, response.length - sizeof(response));
1177 errno = *errnop = 0;
1180 winbindd_free_response(&response);
1183 pthread_mutex_unlock(&winbind_nss_mutex);
1190 /* map a user or group name to a SID string */
1192 _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
1193 size_t buflen, int *errnop)
1196 struct winbindd_response response;
1197 struct winbindd_request request;
1200 fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
1204 pthread_mutex_lock(&winbind_nss_mutex);
1207 ZERO_STRUCT(response);
1208 ZERO_STRUCT(request);
1210 strncpy(request.data.name.name, name,
1211 sizeof(request.data.name.name) - 1);
1212 request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
1214 ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
1215 if (ret != NSS_STATUS_SUCCESS) {
1216 *errnop = errno = EINVAL;
1220 if (buflen < strlen(response.data.sid.sid)+1) {
1221 ret = NSS_STATUS_TRYAGAIN;
1222 *errnop = errno = ERANGE;
1226 *errnop = errno = 0;
1228 strcpy(*sid, response.data.sid.sid);
1231 winbindd_free_response(&response);
1234 pthread_mutex_unlock(&winbind_nss_mutex);
1240 /* map a sid string to a user or group name */
1242 _nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
1243 size_t buflen, int *errnop)
1246 struct winbindd_response response;
1247 struct winbindd_request request;
1248 static char sep_char;
1252 fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
1256 pthread_mutex_lock(&winbind_nss_mutex);
1259 ZERO_STRUCT(response);
1260 ZERO_STRUCT(request);
1262 /* we need to fetch the separator first time through */
1264 ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
1265 if (ret != NSS_STATUS_SUCCESS) {
1266 *errnop = errno = EINVAL;
1270 sep_char = response.data.info.winbind_separator;
1271 winbindd_free_response(&response);
1275 strncpy(request.data.sid, sid,
1276 sizeof(request.data.sid) - 1);
1277 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1279 ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
1280 if (ret != NSS_STATUS_SUCCESS) {
1281 *errnop = errno = EINVAL;
1286 strlen(response.data.name.dom_name) +
1287 strlen(response.data.name.name) + 2;
1289 if (buflen < needed) {
1290 ret = NSS_STATUS_TRYAGAIN;
1291 *errnop = errno = ERANGE;
1295 snprintf(buffer, needed, "%s%c%s",
1296 response.data.name.dom_name,
1298 response.data.name.name);
1301 *errnop = errno = 0;
1304 winbindd_free_response(&response);
1307 pthread_mutex_unlock(&winbind_nss_mutex);
1313 /* map a sid to a uid */
1315 _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
1318 struct winbindd_response response;
1319 struct winbindd_request request;
1322 fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
1326 pthread_mutex_lock(&winbind_nss_mutex);
1329 ZERO_STRUCT(request);
1330 ZERO_STRUCT(response);
1332 strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
1333 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1335 ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
1336 if (ret != NSS_STATUS_SUCCESS) {
1337 *errnop = errno = EINVAL;
1341 *uid = response.data.uid;
1346 pthread_mutex_unlock(&winbind_nss_mutex);
1352 /* map a sid to a gid */
1354 _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
1357 struct winbindd_response response;
1358 struct winbindd_request request;
1361 fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
1365 pthread_mutex_lock(&winbind_nss_mutex);
1368 ZERO_STRUCT(request);
1369 ZERO_STRUCT(response);
1371 strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
1372 request.data.sid[sizeof(request.data.sid) - 1] = '\0';
1374 ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
1375 if (ret != NSS_STATUS_SUCCESS) {
1376 *errnop = errno = EINVAL;
1380 *gid = response.data.gid;
1385 pthread_mutex_unlock(&winbind_nss_mutex);
1391 /* map a uid to a SID string */
1393 _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
1394 size_t buflen, int *errnop)
1397 struct winbindd_response response;
1398 struct winbindd_request request;
1401 fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
1405 pthread_mutex_lock(&winbind_nss_mutex);
1408 ZERO_STRUCT(response);
1409 ZERO_STRUCT(request);
1411 request.data.uid = uid;
1413 ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
1414 if (ret != NSS_STATUS_SUCCESS) {
1415 *errnop = errno = EINVAL;
1419 if (buflen < strlen(response.data.sid.sid)+1) {
1420 ret = NSS_STATUS_TRYAGAIN;
1421 *errnop = errno = ERANGE;
1425 *errnop = errno = 0;
1427 strcpy(*sid, response.data.sid.sid);
1430 winbindd_free_response(&response);
1433 pthread_mutex_unlock(&winbind_nss_mutex);
1439 /* map a gid to a SID string */
1441 _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
1442 size_t buflen, int *errnop)
1445 struct winbindd_response response;
1446 struct winbindd_request request;
1449 fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
1453 pthread_mutex_lock(&winbind_nss_mutex);
1456 ZERO_STRUCT(response);
1457 ZERO_STRUCT(request);
1459 request.data.gid = gid;
1461 ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
1462 if (ret != NSS_STATUS_SUCCESS) {
1463 *errnop = errno = EINVAL;
1467 if (buflen < strlen(response.data.sid.sid)+1) {
1468 ret = NSS_STATUS_TRYAGAIN;
1469 *errnop = errno = ERANGE;
1473 *errnop = errno = 0;
1475 strcpy(*sid, response.data.sid.sid);
1478 winbindd_free_response(&response);
1481 pthread_mutex_unlock(&winbind_nss_mutex);