winbind_nss_linux.c [plain text]
#include "winbind_client.h"
#define MAX_GETPWENT_USERS 250
#define MAX_GETGRENT_USERS 250
extern int winbindd_fd;
static char *get_static(char **buffer, size_t *buflen, size_t len)
{
char *result;
if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
return NULL;
}
result = *buffer;
*buffer += len;
*buflen -= len;
return result;
}
BOOL next_token(char **ptr,char *buff,char *sep, size_t bufsize)
{
char *s;
BOOL quoted;
size_t len=1;
if (!ptr) return(False);
s = *ptr;
if (!sep) sep = " \t\n\r";
while (*s && strchr(sep,*s)) s++;
if (! *s) return(False);
for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
if (*s == '\"') {
quoted = !quoted;
} else {
len++;
*buff++ = *s;
}
}
*ptr = (*s) ? s+1 : s;
*buff = 0;
return(True);
}
static NSS_STATUS fill_pwent(struct passwd *result,
struct winbindd_pw *pw,
char **buffer, size_t *buflen)
{
if ((result->pw_name =
get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->pw_name, pw->pw_name);
if ((result->pw_passwd =
get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->pw_passwd, pw->pw_passwd);
result->pw_uid = pw->pw_uid;
result->pw_gid = pw->pw_gid;
if ((result->pw_gecos =
get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->pw_gecos, pw->pw_gecos);
if ((result->pw_dir =
get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->pw_dir, pw->pw_dir);
if ((result->pw_shell =
get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->pw_shell, pw->pw_shell);
#if HAVE_PASSWD_PW_COMMENT
result->pw_comment = "";
#endif
#if HAVE_PASSWD_PW_AGE
result->pw_age = "";
#endif
return NSS_STATUS_SUCCESS;
}
static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
char *gr_mem, char **buffer, size_t *buflen)
{
fstring name;
int i;
char *tst;
if ((result->gr_name =
get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->gr_name, gr->gr_name);
if ((result->gr_passwd =
get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy(result->gr_passwd, gr->gr_passwd);
result->gr_gid = gr->gr_gid;
if ((gr->num_gr_mem < 0) || !gr_mem) {
gr->num_gr_mem = 0;
}
if ((i = (unsigned long)(*buffer) % sizeof(char*)) != 0)
i = sizeof(char*) - i;
if ((tst = get_static(buffer, buflen, ((gr->num_gr_mem + 1) *
sizeof(char *)+i))) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
result->gr_mem = (char **)(tst + i);
if (gr->num_gr_mem == 0) {
*(result->gr_mem) = NULL;
return NSS_STATUS_SUCCESS;
}
i = 0;
while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
if (((result->gr_mem)[i] =
get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
return NSS_STATUS_TRYAGAIN;
}
strcpy((result->gr_mem)[i], name);
i++;
}
(result->gr_mem)[i] = NULL;
return NSS_STATUS_SUCCESS;
}
static struct winbindd_response getpwent_response;
static int ndx_pw_cache;
static int num_pw_cache;
NSS_STATUS
_nss_winbind_setpwent(void)
{
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setpwent\n", getpid());
#endif
if (num_pw_cache > 0) {
ndx_pw_cache = num_pw_cache = 0;
free_response(&getpwent_response);
}
return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
}
NSS_STATUS
_nss_winbind_endpwent(void)
{
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endpwent\n", getpid());
#endif
if (num_pw_cache > 0) {
ndx_pw_cache = num_pw_cache = 0;
free_response(&getpwent_response);
}
return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
}
NSS_STATUS
_nss_winbind_getpwent_r(struct passwd *result, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_request request;
static int called_again;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getpwent\n", getpid());
#endif
if ((ndx_pw_cache < num_pw_cache) || called_again) {
goto return_result;
}
if (num_pw_cache > 0) {
free_response(&getpwent_response);
}
ZERO_STRUCT(request);
ZERO_STRUCT(getpwent_response);
request.data.num_entries = MAX_GETPWENT_USERS;
ret = winbindd_request(WINBINDD_GETPWENT, &request,
&getpwent_response);
if (ret == NSS_STATUS_SUCCESS) {
struct winbindd_pw *pw_cache;
ndx_pw_cache = 0;
num_pw_cache = getpwent_response.data.num_entries;
return_result:
pw_cache = getpwent_response.extra_data;
if (pw_cache == NULL) {
return NSS_STATUS_NOTFOUND;
}
ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
called_again = True;
*errnop = errno = ERANGE;
return ret;
}
*errnop = errno = 0;
called_again = False;
ndx_pw_cache++;
if (ndx_pw_cache == num_pw_cache) {
ndx_pw_cache = num_pw_cache = 0;
free_response(&getpwent_response);
}
}
return ret;
}
NSS_STATUS
_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_response response;
struct winbindd_request request;
static int keep_response=0;
if (!keep_response) {
ZERO_STRUCT(response);
ZERO_STRUCT(request);
request.data.uid = uid;
ret = winbindd_request(WINBINDD_GETPWUID, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_pwent(result, &response.data.pw,
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
}
} else {
ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
keep_response = False;
*errnop = errno = 0;
}
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_response response;
struct winbindd_request request;
static int keep_response;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name);
#endif
if (!keep_response) {
ZERO_STRUCT(response);
ZERO_STRUCT(request);
strncpy(request.data.username, name,
sizeof(request.data.username) - 1);
request.data.username
[sizeof(request.data.username) - 1] = '\0';
ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_pwent(result, &response.data.pw, &buffer,
&buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
}
} else {
ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
keep_response = False;
*errnop = errno = 0;
}
free_response(&response);
return ret;
}
static struct winbindd_response getgrent_response;
static int ndx_gr_cache;
static int num_gr_cache;
NSS_STATUS
_nss_winbind_setgrent(void)
{
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setgrent\n", getpid());
#endif
if (num_gr_cache > 0) {
ndx_gr_cache = num_gr_cache = 0;
free_response(&getgrent_response);
}
return winbindd_request(WINBINDD_SETGRENT, NULL, NULL);
}
NSS_STATUS
_nss_winbind_endgrent(void)
{
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endgrent\n", getpid());
#endif
if (num_gr_cache > 0) {
ndx_gr_cache = num_gr_cache = 0;
free_response(&getgrent_response);
}
return winbindd_request(WINBINDD_ENDGRENT, NULL, NULL);
}
static NSS_STATUS
winbind_getgrent(enum winbindd_cmd cmd,
struct group *result,
char *buffer, size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_request request;
static int called_again;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getgrent\n", getpid());
#endif
if ((ndx_gr_cache < num_gr_cache) || called_again) {
goto return_result;
}
if (num_gr_cache > 0) {
free_response(&getgrent_response);
}
ZERO_STRUCT(request);
ZERO_STRUCT(getgrent_response);
request.data.num_entries = MAX_GETGRENT_USERS;
ret = winbindd_request(cmd, &request,
&getgrent_response);
if (ret == NSS_STATUS_SUCCESS) {
struct winbindd_gr *gr_cache;
int mem_ofs;
ndx_gr_cache = 0;
num_gr_cache = getgrent_response.data.num_entries;
return_result:
gr_cache = getgrent_response.extra_data;
if (gr_cache == NULL) {
return NSS_STATUS_NOTFOUND;
}
mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
num_gr_cache * sizeof(struct winbindd_gr);
ret = fill_grent(result, &gr_cache[ndx_gr_cache],
((char *)getgrent_response.extra_data)+mem_ofs,
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
called_again = True;
*errnop = errno = ERANGE;
return ret;
}
*errnop = 0;
called_again = False;
ndx_gr_cache++;
if (ndx_gr_cache == num_gr_cache) {
ndx_gr_cache = num_gr_cache = 0;
free_response(&getgrent_response);
}
}
return ret;
}
NSS_STATUS
_nss_winbind_getgrent_r(struct group *result,
char *buffer, size_t buflen, int *errnop)
{
return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
}
NSS_STATUS
_nss_winbind_getgrlst_r(struct group *result,
char *buffer, size_t buflen, int *errnop)
{
return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
}
NSS_STATUS
_nss_winbind_getgrnam_r(const char *name,
struct group *result, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_response response;
struct winbindd_request request;
static int keep_response;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
#endif
if (!keep_response) {
ZERO_STRUCT(request);
ZERO_STRUCT(response);
strncpy(request.data.groupname, name,
sizeof(request.data.groupname));
request.data.groupname
[sizeof(request.data.groupname) - 1] = '\0';
ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_grent(result, &response.data.gr,
response.extra_data,
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
}
} else {
ret = fill_grent(result, &response.data.gr,
response.extra_data, &buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
keep_response = False;
*errnop = 0;
}
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_getgrgid_r(gid_t gid,
struct group *result, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
static struct winbindd_response response;
struct winbindd_request request;
static int keep_response;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
#endif
if (!keep_response) {
ZERO_STRUCT(request);
ZERO_STRUCT(response);
request.data.gid = gid;
ret = winbindd_request(WINBINDD_GETGRGID, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
ret = fill_grent(result, &response.data.gr,
response.extra_data,
&buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
}
} else {
ret = fill_grent(result, &response.data.gr,
response.extra_data, &buffer, &buflen);
if (ret == NSS_STATUS_TRYAGAIN) {
keep_response = True;
*errnop = errno = ERANGE;
return ret;
}
keep_response = False;
*errnop = 0;
}
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
long int *size, gid_t **groups, long int limit,
int *errnop)
{
NSS_STATUS ret;
struct winbindd_request request;
struct winbindd_response response;
int i;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
user, group);
#endif
ZERO_STRUCT(request);
ZERO_STRUCT(response);
strncpy(request.data.username, user,
sizeof(request.data.username) - 1);
ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
if (ret == NSS_STATUS_SUCCESS) {
int num_gids = response.data.num_entries;
gid_t *gid_list = (gid_t *)response.extra_data;
for (i = 0; i < num_gids; i++) {
if (gid_list[i] == group) {
continue;
}
if (*start == *size) {
long int newsize;
gid_t *newgroups;
newsize = 2 * (*size);
if (limit > 0) {
if (*size == limit) {
goto done;
}
if (newsize > limit) {
newsize = limit;
}
}
newgroups = realloc((*groups), newsize * sizeof(**groups));
if (!newgroups) {
*errnop = ENOMEM;
ret = NSS_STATUS_NOTFOUND;
goto done;
}
*groups = newgroups;
*size = newsize;
}
(*groups)[*start] = gid_list[i];
*start += 1;
}
}
done:
return ret;
}
NSS_STATUS
_nss_winbind_getusersids(const char *user_sid, char **group_sids,
int *num_groups,
char *buffer, size_t buf_size, int *errnop)
{
NSS_STATUS ret;
struct winbindd_request request;
struct winbindd_response response;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getusersids %s\n", getpid(), user_sid);
#endif
ZERO_STRUCT(request);
ZERO_STRUCT(response);
strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
ret = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
goto done;
}
if (buf_size < response.length - sizeof(response)) {
ret = NSS_STATUS_TRYAGAIN;
errno = *errnop = ERANGE;
goto done;
}
*num_groups = response.data.num_entries;
*group_sids = buffer;
memcpy(buffer, response.extra_data, response.length - sizeof(response));
errno = *errnop = 0;
done:
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_nametosid(const char *name, char **sid, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
struct winbindd_request request;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: nametosid %s\n", getpid(), name);
#endif
ZERO_STRUCT(response);
ZERO_STRUCT(request);
strncpy(request.data.name.name, name,
sizeof(request.data.name.name) - 1);
request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
ret = winbindd_request(WINBINDD_LOOKUPNAME, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
if (buflen < strlen(response.data.sid.sid)+1) {
ret = NSS_STATUS_TRYAGAIN;
*errnop = errno = ERANGE;
goto failed;
}
*errnop = errno = 0;
*sid = buffer;
strcpy(*sid, response.data.sid.sid);
failed:
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
struct winbindd_request request;
static char sep_char;
unsigned needed;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: sidtoname %s\n", getpid(), sid);
#endif
if (!sep_char) {
ZERO_STRUCT(response);
ZERO_STRUCT(request);
ret = winbindd_request(WINBINDD_INFO, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
sep_char = response.data.info.winbind_separator;
free_response(&response);
}
strncpy(request.data.sid, sid,
sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
ret = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
needed =
strlen(response.data.name.dom_name) +
strlen(response.data.name.name) + 2;
if (buflen < needed) {
ret = NSS_STATUS_TRYAGAIN;
*errnop = errno = ERANGE;
goto failed;
}
snprintf(buffer, needed, "%s%c%s",
response.data.name.dom_name,
sep_char,
response.data.name.name);
*name = buffer;
*errnop = errno = 0;
failed:
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
struct winbindd_request request;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: sidtouid %s\n", getpid(), sid);
#endif
ZERO_STRUCT(request);
ZERO_STRUCT(response);
strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
ret = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
*uid = response.data.uid;
failed:
return ret;
}
NSS_STATUS
_nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
struct winbindd_request request;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: sidtogid %s\n", getpid(), sid);
#endif
ZERO_STRUCT(request);
ZERO_STRUCT(response);
strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
request.data.sid[sizeof(request.data.sid) - 1] = '\0';
ret = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
*gid = response.data.gid;
failed:
return ret;
}
NSS_STATUS
_nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
struct winbindd_request request;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5u]: uidtosid %u\n", (unsigned int)getpid(), (unsigned int)uid);
#endif
ZERO_STRUCT(response);
ZERO_STRUCT(request);
request.data.uid = uid;
ret = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
if (buflen < strlen(response.data.sid.sid)+1) {
ret = NSS_STATUS_TRYAGAIN;
*errnop = errno = ERANGE;
goto failed;
}
*errnop = errno = 0;
*sid = buffer;
strcpy(*sid, response.data.sid.sid);
failed:
free_response(&response);
return ret;
}
NSS_STATUS
_nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
size_t buflen, int *errnop)
{
NSS_STATUS ret;
struct winbindd_response response;
struct winbindd_request request;
#ifdef DEBUG_NSS
fprintf(stderr, "[%5u]: gidtosid %u\n", (unsigned int)getpid(), (unsigned int)gid);
#endif
ZERO_STRUCT(response);
ZERO_STRUCT(request);
request.data.gid = gid;
ret = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
if (ret != NSS_STATUS_SUCCESS) {
*errnop = errno = EINVAL;
goto failed;
}
if (buflen < strlen(response.data.sid.sid)+1) {
ret = NSS_STATUS_TRYAGAIN;
*errnop = errno = ERANGE;
goto failed;
}
*errnop = errno = 0;
*sid = buffer;
strcpy(*sid, response.data.sid.sid);
failed:
free_response(&response);
return ret;
}