2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 3 of the License, or (at your option) any later version.
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* Required Headers */
25 #include "libwbclient.h"
28 /** @brief Convert a binary SID to a character string
30 * @param sid Binary Security Identifier
31 * @param **sid_string Resulting character string
36 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
39 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
43 TALLOC_CTX *ctx = NULL;
46 wbc_status = WBC_ERR_INVALID_SID;
47 BAIL_ON_WBC_ERROR(wbc_status);
50 ctx = talloc_init("wbcSidToString");
51 BAIL_ON_PTR_ERROR(ctx, wbc_status);
53 id_auth = sid->id_auth[5] +
54 (sid->id_auth[4] << 8) +
55 (sid->id_auth[3] << 16) +
56 (sid->id_auth[2] << 24);
58 tmp = talloc_asprintf(ctx, "S-%d-%d", sid->sid_rev_num, id_auth);
59 BAIL_ON_PTR_ERROR(tmp, wbc_status);
61 for (i=0; i<sid->num_auths; i++) {
63 tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]);
64 BAIL_ON_PTR_ERROR(tmp2, wbc_status);
69 *sid_string=talloc_strdup(NULL, tmp);
70 BAIL_ON_PTR_ERROR((*sid_string), wbc_status);
72 wbc_status = WBC_ERR_SUCCESS;
80 /** @brief Convert a character string to a binary SID
82 * @param *str Character string in the form of S-...
83 * @param sid Resulting binary SID
88 wbcErr wbcStringToSid(const char *str,
89 struct wbcDomainSid *sid)
94 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
97 wbc_status = WBC_ERR_INVALID_PARAM;
98 BAIL_ON_WBC_ERROR(wbc_status);
101 /* Sanity check for either "S-" or "s-" */
104 || (str[0]!='S' && str[0]!='s')
108 wbc_status = WBC_ERR_INVALID_PARAM;
109 BAIL_ON_WBC_ERROR(wbc_status);
112 /* Get the SID revision number */
115 x = (uint32_t)strtol(p, &q, 10);
116 if (x==0 || !q || *q!='-') {
117 wbc_status = WBC_ERR_INVALID_SID;
118 BAIL_ON_WBC_ERROR(wbc_status);
120 sid->sid_rev_num = (uint8_t)x;
122 /* Next the Identifier Authority. This is stored in big-endian
123 in a 6 byte array. */
126 x = (uint32_t)strtol(p, &q, 10);
127 if (x==0 || !q || *q!='-') {
128 wbc_status = WBC_ERR_INVALID_SID;
129 BAIL_ON_WBC_ERROR(wbc_status);
131 sid->id_auth[5] = (x & 0x000000ff);
132 sid->id_auth[4] = (x & 0x0000ff00) >> 8;
133 sid->id_auth[3] = (x & 0x00ff0000) >> 16;
134 sid->id_auth[2] = (x & 0xff000000) >> 24;
138 /* now read the the subauthorities */
142 while (sid->num_auths < WBC_MAXSUBAUTHS) {
143 if ((x=(uint32_t)strtoul(p, &q, 10)) == 0)
145 sid->sub_auths[sid->num_auths++] = x;
147 if (q && ((*q!='-') || (*q=='\0')))
152 /* IF we ended early, then the SID could not be converted */
155 wbc_status = WBC_ERR_INVALID_SID;
156 BAIL_ON_WBC_ERROR(wbc_status);
159 wbc_status = WBC_ERR_SUCCESS;
166 /** @brief Convert a domain and name to SID
168 * @param domain Domain name (possibly "")
169 * @param name User or group name
170 * @param *sid Pointer to the resolved domain SID
171 * @param *name_type Pointet to the SID type
177 wbcErr wbcLookupName(const char *domain,
179 struct wbcDomainSid *sid,
180 enum wbcSidType *name_type)
182 struct winbindd_request request;
183 struct winbindd_response response;
184 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
186 if (!sid || !name_type) {
187 wbc_status = WBC_ERR_INVALID_PARAM;
188 BAIL_ON_WBC_ERROR(wbc_status);
191 /* Initialize request */
193 ZERO_STRUCT(request);
194 ZERO_STRUCT(response);
196 /* dst is already null terminated from the memset above */
198 strncpy(request.data.name.dom_name, domain,
199 sizeof(request.data.name.dom_name)-1);
200 strncpy(request.data.name.name, name,
201 sizeof(request.data.name.name)-1);
203 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPNAME,
206 BAIL_ON_WBC_ERROR(wbc_status);
208 wbc_status = wbcStringToSid(response.data.sid.sid, sid);
209 BAIL_ON_WBC_ERROR(wbc_status);
211 *name_type = (enum wbcSidType)response.data.sid.type;
213 wbc_status = WBC_ERR_SUCCESS;
219 /** @brief Convert a SID to a domain and name
221 * @param *sid Pointer to the domain SID to be resolved
222 * @param domain Resolved Domain name (possibly "")
223 * @param name Resolved User or group name
224 * @param *name_type Pointet to the resolved SID type
230 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
233 enum wbcSidType *pname_type)
235 struct winbindd_request request;
236 struct winbindd_response response;
237 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
238 char *sid_string = NULL;
241 enum wbcSidType name_type;
244 wbc_status = WBC_ERR_INVALID_PARAM;
245 BAIL_ON_WBC_ERROR(wbc_status);
248 /* Initialize request */
250 ZERO_STRUCT(request);
251 ZERO_STRUCT(response);
253 /* dst is already null terminated from the memset above */
255 wbc_status = wbcSidToString(sid, &sid_string);
256 BAIL_ON_WBC_ERROR(wbc_status);
258 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
259 wbcFreeMemory(sid_string);
263 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPSID,
266 BAIL_ON_WBC_ERROR(wbc_status);
268 /* Copy out result */
270 domain = talloc_strdup(NULL, response.data.name.dom_name);
271 BAIL_ON_PTR_ERROR(domain, wbc_status);
273 name = talloc_strdup(NULL, response.data.name.name);
274 BAIL_ON_PTR_ERROR(name, wbc_status);
276 name_type = (enum wbcSidType)response.data.name.type;
278 wbc_status = WBC_ERR_SUCCESS;
281 if (WBC_ERROR_IS_OK(wbc_status)) {
282 if (pdomain != NULL) {
288 if (pname_type != NULL) {
289 *pname_type = name_type;
296 if (domain != NULL) {
304 /** @brief Translate a collection of RIDs within a domain to names
308 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
311 const char **pp_domain_name,
312 const char ***pnames,
313 enum wbcSidType **ptypes)
315 size_t i, len, ridbuf_size;
318 struct winbindd_request request;
319 struct winbindd_response response;
320 char *sid_string = NULL;
321 char *domain_name = NULL;
322 const char **names = NULL;
323 enum wbcSidType *types = NULL;
324 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
326 /* Initialise request */
328 ZERO_STRUCT(request);
329 ZERO_STRUCT(response);
331 if (!dom_sid || (num_rids == 0)) {
332 wbc_status = WBC_ERR_INVALID_PARAM;
333 BAIL_ON_WBC_ERROR(wbc_status);
336 wbc_status = wbcSidToString(dom_sid, &sid_string);
337 BAIL_ON_WBC_ERROR(wbc_status);
339 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
340 wbcFreeMemory(sid_string);
342 /* Even if all the Rids were of maximum 32bit values,
343 we would only have 11 bytes per rid in the final array
344 ("4294967296" + \n). Add one more byte for the
347 ridbuf_size = (sizeof(char)*11) * num_rids + 1;
349 ridlist = talloc_zero_array(NULL, char, ridbuf_size);
350 BAIL_ON_PTR_ERROR(ridlist, wbc_status);
353 for (i=0; i<num_rids && (len-1)>0; i++) {
356 len = strlen(ridlist);
359 snprintf( ridstr, sizeof(ridstr)-1, "%u\n", rids[i]);
360 strncat(p, ridstr, ridbuf_size-len-1);
363 request.extra_data.data = ridlist;
364 request.extra_len = strlen(ridlist)+1;
366 wbc_status = wbcRequestResponse(WINBINDD_LOOKUPRIDS,
369 talloc_free(ridlist);
370 BAIL_ON_WBC_ERROR(wbc_status);
372 domain_name = talloc_strdup(NULL, response.data.domain_name);
373 BAIL_ON_PTR_ERROR(domain_name, wbc_status);
375 names = talloc_array(NULL, const char*, num_rids);
376 BAIL_ON_PTR_ERROR(names, wbc_status);
378 types = talloc_array(NULL, enum wbcSidType, num_rids);
379 BAIL_ON_PTR_ERROR(types, wbc_status);
381 p = (char *)response.extra_data.data;
383 for (i=0; i<num_rids; i++) {
387 wbc_status = WBC_ERR_INVALID_RESPONSE;
388 BAIL_ON_WBC_ERROR(wbc_status);
391 types[i] = (enum wbcSidType)strtoul(p, &q, 10);
394 wbc_status = WBC_ERR_INVALID_RESPONSE;
395 BAIL_ON_WBC_ERROR(wbc_status);
400 if ((q = strchr(p, '\n')) == NULL) {
401 wbc_status = WBC_ERR_INVALID_RESPONSE;
402 BAIL_ON_WBC_ERROR(wbc_status);
407 names[i] = talloc_strdup(names, p);
408 BAIL_ON_PTR_ERROR(names[i], wbc_status);
414 wbc_status = WBC_ERR_INVALID_RESPONSE;
415 BAIL_ON_WBC_ERROR(wbc_status);
418 wbc_status = WBC_ERR_SUCCESS;
421 if (response.extra_data.data) {
422 free(response.extra_data.data);
425 if (WBC_ERROR_IS_OK(wbc_status)) {
426 *pp_domain_name = domain_name;
432 talloc_free(domain_name);
442 /** @brief Get the groups a user belongs to
446 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
447 bool domain_groups_only,
449 struct wbcDomainSid **_sids)
453 struct winbindd_request request;
454 struct winbindd_response response;
455 char *sid_string = NULL;
456 struct wbcDomainSid *sids = NULL;
457 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
460 /* Initialise request */
462 ZERO_STRUCT(request);
463 ZERO_STRUCT(response);
466 wbc_status = WBC_ERR_INVALID_PARAM;
467 BAIL_ON_WBC_ERROR(wbc_status);
470 wbc_status = wbcSidToString(user_sid, &sid_string);
471 BAIL_ON_WBC_ERROR(wbc_status);
473 strncpy(request.data.sid, sid_string, sizeof(request.data.sid)-1);
474 wbcFreeMemory(sid_string);
476 if (domain_groups_only) {
477 cmd = WINBINDD_GETUSERDOMGROUPS;
479 cmd = WINBINDD_GETUSERSIDS;
482 wbc_status = wbcRequestResponse(cmd,
485 BAIL_ON_WBC_ERROR(wbc_status);
487 if (response.data.num_entries &&
488 !response.extra_data.data) {
489 wbc_status = WBC_ERR_INVALID_RESPONSE;
490 BAIL_ON_WBC_ERROR(wbc_status);
493 sids = talloc_array(NULL, struct wbcDomainSid,
494 response.data.num_entries);
495 BAIL_ON_PTR_ERROR(sids, wbc_status);
497 s = (const char *)response.extra_data.data;
498 for (i = 0; i < response.data.num_entries; i++) {
499 char *n = strchr(s, '\n');
503 wbc_status = wbcStringToSid(s, &sids[i]);
504 BAIL_ON_WBC_ERROR(wbc_status);
508 *num_sids = response.data.num_entries;
511 wbc_status = WBC_ERR_SUCCESS;
514 if (response.extra_data.data) {
515 free(response.extra_data.data);
524 /** @brief Lists Users
528 wbcErr wbcListUsers(const char *domain_name,
529 uint32_t *_num_users,
530 const char ***_users)
532 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
533 struct winbindd_request request;
534 struct winbindd_response response;
535 uint32_t num_users = 0;
536 const char **users = NULL;
539 /* Initialise request */
541 ZERO_STRUCT(request);
542 ZERO_STRUCT(response);
545 strncpy(request.domain_name, domain_name,
546 sizeof(request.domain_name)-1);
549 wbc_status = wbcRequestResponse(WINBINDD_LIST_USERS,
552 BAIL_ON_WBC_ERROR(wbc_status);
554 /* Look through extra data */
556 next = (const char *)response.extra_data.data;
559 const char *current = next;
560 char *k = strchr(next, ',');
568 tmp = talloc_realloc(NULL, users,
571 BAIL_ON_PTR_ERROR(tmp, wbc_status);
574 users[num_users] = talloc_strdup(users, current);
575 BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
580 *_num_users = num_users;
583 wbc_status = WBC_ERR_SUCCESS;
586 if (response.extra_data.data) {
587 free(response.extra_data.data);
595 /** @brief Lists Groups
599 wbcErr wbcListGroups(const char *domain_name,
600 uint32_t *_num_groups,
601 const char ***_groups)
603 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
604 struct winbindd_request request;
605 struct winbindd_response response;
606 uint32_t num_groups = 0;
607 const char **groups = NULL;
610 /* Initialise request */
612 ZERO_STRUCT(request);
613 ZERO_STRUCT(response);
616 strncpy(request.domain_name, domain_name,
617 sizeof(request.domain_name)-1);
620 wbc_status = wbcRequestResponse(WINBINDD_LIST_GROUPS,
623 BAIL_ON_WBC_ERROR(wbc_status);
625 /* Look through extra data */
627 next = (const char *)response.extra_data.data;
630 const char *current = next;
631 char *k = strchr(next, ',');
639 tmp = talloc_realloc(NULL, groups,
642 BAIL_ON_PTR_ERROR(tmp, wbc_status);
645 groups[num_groups] = talloc_strdup(groups, current);
646 BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
651 *_num_groups = num_groups;
654 wbc_status = WBC_ERR_SUCCESS;
657 if (response.extra_data.data) {
658 free(response.extra_data.data);