mirror of
https://github.com/samba-team/samba.git
synced 2025-01-06 13:18:07 +03:00
62d05a8108
Some private functions from wbclient_internal.h already leaked into the ABI. With hide_symbols=True we make sure this doesn't happen again. Having wbcRequestResponse[Priv]() as part of the ABI helps us in order to hide winbindd_[priv_]request_response() soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
551 lines
12 KiB
C
551 lines
12 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
Winbind client API
|
|
|
|
Copyright (C) Gerald (Jerry) Carter 2007
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 3 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Library General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/* Required Headers */
|
|
|
|
#include "replace.h"
|
|
#include "libwbclient.h"
|
|
#include "../winbind_client.h"
|
|
#include "lib/util/smb_strtox.h"
|
|
|
|
/* Convert a Windows SID to a Unix uid, allocating an uid if needed */
|
|
_PUBLIC_
|
|
wbcErr wbcCtxSidToUid(struct wbcContext *ctx, const struct wbcDomainSid *sid,
|
|
uid_t *puid)
|
|
{
|
|
struct wbcUnixId xid;
|
|
wbcErr wbc_status;
|
|
|
|
if (!sid || !puid) {
|
|
wbc_status = WBC_ERR_INVALID_PARAM;
|
|
BAIL_ON_WBC_ERROR(wbc_status);
|
|
}
|
|
|
|
wbc_status = wbcCtxSidsToUnixIds(ctx, sid, 1, &xid);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
goto done;
|
|
}
|
|
|
|
if ((xid.type == WBC_ID_TYPE_UID) || (xid.type == WBC_ID_TYPE_BOTH)) {
|
|
*puid = xid.id.uid;
|
|
wbc_status = WBC_ERR_SUCCESS;
|
|
} else {
|
|
wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
|
|
}
|
|
|
|
done:
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid)
|
|
{
|
|
return wbcCtxSidToUid(NULL, sid, puid);
|
|
}
|
|
|
|
/* Convert a Windows SID to a Unix uid if there already is a mapping */
|
|
_PUBLIC_
|
|
wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
|
|
uid_t *puid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Convert a Unix uid to a Windows SID, allocating a SID if needed */
|
|
_PUBLIC_
|
|
wbcErr wbcCtxUidToSid(struct wbcContext *ctx, uid_t uid,
|
|
struct wbcDomainSid *psid)
|
|
{
|
|
struct wbcUnixId xid;
|
|
struct wbcDomainSid sid;
|
|
struct wbcDomainSid null_sid = { 0 };
|
|
wbcErr wbc_status;
|
|
|
|
if (!psid) {
|
|
wbc_status = WBC_ERR_INVALID_PARAM;
|
|
BAIL_ON_WBC_ERROR(wbc_status);
|
|
}
|
|
|
|
xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_UID, .id.uid = uid };
|
|
|
|
wbc_status = wbcCtxUnixIdsToSids(ctx, &xid, 1, &sid);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
goto done;
|
|
}
|
|
|
|
if (memcmp(&sid, &null_sid, sizeof(sid)) != 0) {
|
|
*psid = sid;
|
|
} else {
|
|
wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
|
|
}
|
|
|
|
done:
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid)
|
|
{
|
|
return wbcCtxUidToSid(NULL, uid, sid);
|
|
}
|
|
|
|
/* Convert a Unix uid to a Windows SID if there already is a mapping */
|
|
_PUBLIC_
|
|
wbcErr wbcQueryUidToSid(uid_t uid,
|
|
struct wbcDomainSid *sid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/** @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
|
|
*
|
|
* @param *sid Pointer to the domain SID to be resolved
|
|
* @param *pgid Pointer to the resolved gid_t value
|
|
*
|
|
* @return #wbcErr
|
|
*
|
|
**/
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcCtxSidToGid(struct wbcContext *ctx, const struct wbcDomainSid *sid,
|
|
gid_t *pgid)
|
|
{
|
|
struct wbcUnixId xid;
|
|
wbcErr wbc_status;
|
|
|
|
if (!sid || !pgid) {
|
|
wbc_status = WBC_ERR_INVALID_PARAM;
|
|
BAIL_ON_WBC_ERROR(wbc_status);
|
|
}
|
|
|
|
wbc_status = wbcCtxSidsToUnixIds(ctx, sid, 1, &xid);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
goto done;
|
|
}
|
|
|
|
if ((xid.type == WBC_ID_TYPE_GID) || (xid.type == WBC_ID_TYPE_BOTH)) {
|
|
*pgid = xid.id.gid;
|
|
wbc_status = WBC_ERR_SUCCESS;
|
|
} else {
|
|
wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
|
|
}
|
|
|
|
done:
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid)
|
|
{
|
|
return wbcCtxSidToGid(NULL, sid, pgid);
|
|
}
|
|
|
|
/* Convert a Windows SID to a Unix gid if there already is a mapping */
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
|
|
gid_t *pgid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
|
|
/* Convert a Unix gid to a Windows SID, allocating a SID if needed */
|
|
_PUBLIC_
|
|
wbcErr wbcCtxGidToSid(struct wbcContext *ctx, gid_t gid,
|
|
struct wbcDomainSid *psid)
|
|
{
|
|
struct wbcUnixId xid;
|
|
struct wbcDomainSid sid;
|
|
struct wbcDomainSid null_sid = { 0 };
|
|
wbcErr wbc_status;
|
|
|
|
if (!psid) {
|
|
wbc_status = WBC_ERR_INVALID_PARAM;
|
|
BAIL_ON_WBC_ERROR(wbc_status);
|
|
}
|
|
|
|
xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_GID, .id.gid = gid };
|
|
|
|
wbc_status = wbcCtxUnixIdsToSids(ctx, &xid, 1, &sid);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
goto done;
|
|
}
|
|
|
|
if (memcmp(&sid, &null_sid, sizeof(sid)) != 0) {
|
|
*psid = sid;
|
|
} else {
|
|
wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
|
|
}
|
|
|
|
done:
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid)
|
|
{
|
|
return wbcCtxGidToSid(NULL, gid, sid);
|
|
}
|
|
|
|
/* Convert a Unix gid to a Windows SID if there already is a mapping */
|
|
_PUBLIC_
|
|
wbcErr wbcQueryGidToSid(gid_t gid,
|
|
struct wbcDomainSid *sid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Obtain a new uid from Winbind */
|
|
_PUBLIC_
|
|
wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid)
|
|
{
|
|
struct winbindd_request request;
|
|
struct winbindd_response response;
|
|
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
|
|
|
if (!puid)
|
|
return WBC_ERR_INVALID_PARAM;
|
|
|
|
/* Initialise request */
|
|
|
|
ZERO_STRUCT(request);
|
|
ZERO_STRUCT(response);
|
|
|
|
/* Make request */
|
|
|
|
wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_ALLOCATE_UID,
|
|
&request, &response);
|
|
BAIL_ON_WBC_ERROR(wbc_status);
|
|
|
|
/* Copy out result */
|
|
*puid = response.data.uid;
|
|
|
|
wbc_status = WBC_ERR_SUCCESS;
|
|
|
|
done:
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcAllocateUid(uid_t *puid)
|
|
{
|
|
return wbcCtxAllocateUid(NULL, puid);
|
|
}
|
|
|
|
/* Obtain a new gid from Winbind */
|
|
_PUBLIC_
|
|
wbcErr wbcCtxAllocateGid(struct wbcContext *ctx, gid_t *pgid)
|
|
{
|
|
struct winbindd_request request;
|
|
struct winbindd_response response;
|
|
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
|
|
|
if (!pgid)
|
|
return WBC_ERR_INVALID_PARAM;
|
|
|
|
/* Initialise request */
|
|
|
|
ZERO_STRUCT(request);
|
|
ZERO_STRUCT(response);
|
|
|
|
/* Make request */
|
|
|
|
wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_ALLOCATE_GID,
|
|
&request, &response);
|
|
BAIL_ON_WBC_ERROR(wbc_status);
|
|
|
|
/* Copy out result */
|
|
*pgid = response.data.gid;
|
|
|
|
wbc_status = WBC_ERR_SUCCESS;
|
|
|
|
done:
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcAllocateGid(gid_t *pgid)
|
|
{
|
|
return wbcCtxAllocateGid(NULL, pgid);
|
|
}
|
|
|
|
/* we can't include smb.h here... */
|
|
#define _ID_TYPE_UID 1
|
|
#define _ID_TYPE_GID 2
|
|
|
|
/* Set an user id mapping - not implemented any more */
|
|
_PUBLIC_
|
|
wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Set a group id mapping - not implemented any more */
|
|
_PUBLIC_
|
|
wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Remove a user id mapping - not implemented any more */
|
|
_PUBLIC_
|
|
wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Remove a group id mapping - not implemented any more */
|
|
_PUBLIC_
|
|
wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Set the highwater mark for allocated uids - not implemented any more */
|
|
_PUBLIC_
|
|
wbcErr wbcSetUidHwm(uid_t uid_hwm)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Set the highwater mark for allocated gids - not implemented any more */
|
|
_PUBLIC_
|
|
wbcErr wbcSetGidHwm(gid_t gid_hwm)
|
|
{
|
|
return WBC_ERR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
/* Convert a list of SIDs */
|
|
_PUBLIC_
|
|
wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx,
|
|
const struct wbcDomainSid *sids,
|
|
uint32_t num_sids, struct wbcUnixId *ids)
|
|
{
|
|
struct winbindd_request request;
|
|
struct winbindd_response response;
|
|
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
|
int buflen, extra_len;
|
|
uint32_t i;
|
|
char *sidlist, *p, *extra_data;
|
|
|
|
buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
|
|
|
|
sidlist = (char *)malloc(buflen);
|
|
if (sidlist == NULL) {
|
|
return WBC_ERR_NO_MEMORY;
|
|
}
|
|
|
|
p = sidlist;
|
|
|
|
for (i=0; i<num_sids; i++) {
|
|
int remaining;
|
|
int len;
|
|
|
|
remaining = buflen - (p - sidlist);
|
|
|
|
len = wbcSidToStringBuf(&sids[i], p, remaining);
|
|
if (len > remaining) {
|
|
free(sidlist);
|
|
return WBC_ERR_UNKNOWN_FAILURE;
|
|
}
|
|
|
|
p += len;
|
|
*p++ = '\n';
|
|
}
|
|
*p++ = '\0';
|
|
|
|
ZERO_STRUCT(request);
|
|
ZERO_STRUCT(response);
|
|
|
|
request.extra_data.data = sidlist;
|
|
request.extra_len = p - sidlist;
|
|
|
|
wbc_status = wbcRequestResponse(ctx, WINBINDD_SIDS_TO_XIDS,
|
|
&request, &response);
|
|
free(sidlist);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
return wbc_status;
|
|
}
|
|
|
|
extra_len = response.length - sizeof(struct winbindd_response);
|
|
extra_data = (char *)response.extra_data.data;
|
|
|
|
if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
|
|
goto wbc_err_invalid;
|
|
}
|
|
|
|
p = extra_data;
|
|
|
|
for (i=0; i<num_sids; i++) {
|
|
struct wbcUnixId *id = &ids[i];
|
|
char *q;
|
|
int error = 0;
|
|
|
|
switch (p[0]) {
|
|
case 'U':
|
|
id->type = WBC_ID_TYPE_UID;
|
|
id->id.uid = smb_strtoul(p+1,
|
|
&q,
|
|
10,
|
|
&error,
|
|
SMB_STR_STANDARD);
|
|
break;
|
|
case 'G':
|
|
id->type = WBC_ID_TYPE_GID;
|
|
id->id.gid = smb_strtoul(p+1,
|
|
&q,
|
|
10,
|
|
&error,
|
|
SMB_STR_STANDARD);
|
|
break;
|
|
case 'B':
|
|
id->type = WBC_ID_TYPE_BOTH;
|
|
id->id.uid = smb_strtoul(p+1,
|
|
&q,
|
|
10,
|
|
&error,
|
|
SMB_STR_STANDARD);
|
|
break;
|
|
default:
|
|
id->type = WBC_ID_TYPE_NOT_SPECIFIED;
|
|
q = strchr(p, '\n');
|
|
break;
|
|
};
|
|
if (q == NULL || q[0] != '\n' || error != 0) {
|
|
goto wbc_err_invalid;
|
|
}
|
|
p = q+1;
|
|
}
|
|
wbc_status = WBC_ERR_SUCCESS;
|
|
goto done;
|
|
|
|
wbc_err_invalid:
|
|
wbc_status = WBC_ERR_INVALID_RESPONSE;
|
|
done:
|
|
winbindd_free_response(&response);
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
|
|
struct wbcUnixId *ids)
|
|
{
|
|
return wbcCtxSidsToUnixIds(NULL, sids, num_sids, ids);
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
|
|
const struct wbcUnixId *ids, uint32_t num_ids,
|
|
struct wbcDomainSid *sids)
|
|
{
|
|
struct winbindd_request request;
|
|
struct winbindd_response response;
|
|
wbcErr wbc_status;
|
|
char *buf;
|
|
char *s;
|
|
const size_t sidlen = (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */);
|
|
size_t ofs, buflen;
|
|
uint32_t i;
|
|
|
|
if (num_ids > SIZE_MAX / sidlen) {
|
|
return WBC_ERR_NO_MEMORY; /* overflow */
|
|
}
|
|
buflen = num_ids * sidlen;
|
|
|
|
buflen += 1; /* trailing \0 */
|
|
if (buflen < 1) {
|
|
return WBC_ERR_NO_MEMORY; /* overflow */
|
|
}
|
|
|
|
buf = malloc(buflen);
|
|
if (buf == NULL) {
|
|
return WBC_ERR_NO_MEMORY;
|
|
}
|
|
|
|
ofs = 0;
|
|
|
|
for (i=0; i<num_ids; i++) {
|
|
const struct wbcUnixId *id = &ids[i];
|
|
int len;
|
|
|
|
switch (id->type) {
|
|
case WBC_ID_TYPE_UID:
|
|
len = snprintf(buf+ofs, buflen-ofs, "U%"PRIu32"\n",
|
|
(uint32_t)id->id.uid);
|
|
break;
|
|
case WBC_ID_TYPE_GID:
|
|
len = snprintf(buf+ofs, buflen-ofs, "G%"PRIu32"\n",
|
|
(uint32_t)id->id.gid);
|
|
break;
|
|
default:
|
|
free(buf);
|
|
return WBC_ERR_INVALID_PARAM;
|
|
}
|
|
|
|
if (len + ofs >= buflen) { /* >= for the terminating '\0' */
|
|
free(buf);
|
|
return WBC_ERR_UNKNOWN_FAILURE;
|
|
}
|
|
ofs += len;
|
|
}
|
|
|
|
request = (struct winbindd_request) {
|
|
.extra_data.data = buf, .extra_len = ofs+1
|
|
};
|
|
response = (struct winbindd_response) {0};
|
|
|
|
wbc_status = wbcRequestResponse(ctx, WINBINDD_XIDS_TO_SIDS,
|
|
&request, &response);
|
|
free(buf);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
return wbc_status;
|
|
}
|
|
|
|
s = response.extra_data.data;
|
|
for (i=0; i<num_ids; i++) {
|
|
char *n = strchr(s, '\n');
|
|
|
|
if (n == NULL) {
|
|
goto fail;
|
|
}
|
|
*n = '\0';
|
|
|
|
wbc_status = wbcStringToSid(s, &sids[i]);
|
|
if (!WBC_ERROR_IS_OK(wbc_status)) {
|
|
sids[i] = (struct wbcDomainSid) {0};
|
|
}
|
|
s = n+1;
|
|
}
|
|
|
|
wbc_status = WBC_ERR_SUCCESS;
|
|
fail:
|
|
winbindd_free_response(&response);
|
|
return wbc_status;
|
|
}
|
|
|
|
_PUBLIC_
|
|
wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids,
|
|
struct wbcDomainSid *sids)
|
|
{
|
|
return wbcCtxUnixIdsToSids(NULL, ids, num_ids, sids);
|
|
}
|