lib/cifs_idmap_sss/cifs_idmap_sss.c

af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/*
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    Authors:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        Benjamin Franzke <benjaminfranzke@googlemail.com>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    Copyright (C) 2013 Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    This program is free software; you can redistribute it and/or modify
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    it under the terms of the GNU General Public License as published by
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    the Free Software Foundation; either version 3 of the License, or
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    (at your option) any later version.
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    This program is distributed in the hope that it will be useful,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    but WITHOUT ANY WARRANTY; without even the implied warranty of
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    GNU General Public License for more details.
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    You should have received a copy of the GNU General Public License
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    along with this program.  If not, see <http://www.gnu.org/licenses/>.
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke*/
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/* TODO: Support of [all] samba's Unix SIDs:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke *         Users:  S-1-22-1-%UID
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke *         Groups: S-1-22-2-%GID
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <stdio.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <stdlib.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <errno.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <string.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <limits.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <stdarg.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <cifsidmap.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include "lib/idmap/sss_idmap.h"
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include "sss_client/idmap/sss_nss_idmap.h"
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#ifdef DEBUG
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#include <syslog.h>
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#define debug(str, ...) \
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    syslog(0, "%s: " str "\n", \
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke           __FUNCTION__, ##__VA_ARGS__)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#else
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#define debug(...) do { } while(0)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#endif
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkestruct sssd_ctx {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sss_idmap_ctx *idmap;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    const char **errmsg;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke};
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke#define ctx_set_error(ctx, error) \
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    do { \
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        *ctx->errmsg = error; \
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        debug("%s", error ? error : ""); \
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    } while (0);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint cifs_idmap_init_plugin(void **handle, const char **errmsg)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sssd_ctx *ctx;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum idmap_error_code err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (handle == NULL || errmsg == NULL)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return EINVAL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    ctx = malloc(sizeof *ctx);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (!ctx) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        *errmsg = "Failed to allocate context";
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    ctx->errmsg = errmsg;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    ctx_set_error(ctx, NULL);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    err = sss_idmap_init(NULL, NULL, NULL, &ctx->idmap);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (err != IDMAP_SUCCESS) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, idmap_error_string(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        free(ctx);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    *handle = ctx;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkevoid cifs_idmap_exit_plugin(void *handle)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sssd_ctx *ctx = handle;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    debug("exit");
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (ctx == NULL)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    sss_idmap_free(ctx->idmap);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    free(ctx);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/* Test with `getcifsacl file` on client. */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint cifs_idmap_sid_to_str(void *handle, const struct cifs_sid *csid,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                          char **name)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sssd_ctx *ctx = handle;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum idmap_error_code iderr;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    char *sid;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum sss_id_type id_type;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    int err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    iderr = sss_idmap_bin_sid_to_sid(ctx->idmap, (const uint8_t *) csid,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                                     sizeof(*csid), &sid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (iderr != IDMAP_SUCCESS) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, idmap_error_string(iderr));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        *name = NULL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    debug("sid: %s", sid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    err = sss_nss_getnamebysid(sid, name, &id_type);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (err != 0)  {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, strerror(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        *name = NULL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    /* FIXME: Map Samba Unix SIDs? (sid->id and use getpwuid)? */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    debug("name: %s", *name);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkestatic int sid_to_cifs_sid(struct sssd_ctx *ctx, const char *sid,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                           struct cifs_sid *csid)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    uint8_t *bsid = NULL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum idmap_error_code err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    size_t length;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    err = sss_idmap_sid_to_bin_sid(ctx->idmap,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                                   sid, &bsid, &length);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (err != IDMAP_SUCCESS) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, idmap_error_string(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (length > sizeof(struct cifs_sid)) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, "too large sid length");
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        free(bsid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    memcpy(csid, bsid, length);
6469f42ca80bb9b955875d590485b0d9366491dfPavel Březina    sss_idmap_free_bin_sid(ctx->idmap, bsid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/* Test with setcifsacl -a */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint cifs_idmap_str_to_sid(void *handle, const char *name,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                          struct cifs_sid *csid)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sssd_ctx *ctx = handle;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    int err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum sss_id_type id_type;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    char *sid = NULL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    int success = 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    debug("%s", name);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    err = sss_nss_getsidbyname(name, &sid, &id_type);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (err != 0)  {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        /* Might be a raw string representation of SID,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke         * try converting that before returning an error. */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        if (sid_to_cifs_sid(ctx, name, csid) == 0)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            return 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, strerror(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (sid_to_cifs_sid(ctx, sid, csid) != 0)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        success = -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    free(sid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return success;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkestatic int samba_unix_sid_to_id(const char *sid, struct cifs_uxid *cuxid)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    id_t id;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    uint8_t type;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (sscanf(sid, "S-1-22-%hhu-%u", &type, &id) != 2)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    switch (type) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    case 1:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->type = CIFS_UXID_TYPE_UID;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->id.uid = id;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        break;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    case 2:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->type = CIFS_UXID_TYPE_GID;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->id.gid = id;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        break;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    default:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->type = CIFS_UXID_TYPE_UNKNOWN;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkestatic int sss_sid_to_id(struct sssd_ctx *ctx, const char *sid,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                         struct cifs_uxid *cuxid)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    int err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum sss_id_type id_type;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    err = sss_nss_getidbysid(sid, (uint32_t *)&cuxid->id.uid, &id_type);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (err != 0)  {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, strerror(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    switch (id_type) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    case SSS_ID_TYPE_UID:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->type = CIFS_UXID_TYPE_UID;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        break;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    case SSS_ID_TYPE_GID:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->type = CIFS_UXID_TYPE_GID;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        break;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    case SSS_ID_TYPE_BOTH:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid->type = CIFS_UXID_TYPE_BOTH;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        break;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    case SSS_ID_TYPE_NOT_SPECIFIED:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    default:
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/**
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke * cifs_idmap_sids_to_ids - convert struct cifs_sids to struct cifs_uxids
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke * usecase: mount.cifs -o sec=krb5,multiuser,cifsacl,nounix
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke * test: ls -n on mounted share
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint cifs_idmap_sids_to_ids(void *handle, const struct cifs_sid *csid,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                           const size_t num, struct cifs_uxid *cuxid)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sssd_ctx *ctx = handle;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum idmap_error_code err;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    int success = -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    size_t i;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    char *sid;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    debug("num: %zd", num);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (num > UINT_MAX) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, "num is too large.");
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return EINVAL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    for (i = 0; i < num; ++i) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        err = sss_idmap_bin_sid_to_sid(ctx->idmap, (const uint8_t *) &csid[i],
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                                       sizeof(csid[i]), &sid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        if (err != IDMAP_SUCCESS) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            ctx_set_error(ctx, idmap_error_string(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            continue;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        cuxid[i].type = CIFS_UXID_TYPE_UNKNOWN;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        if (sss_sid_to_id(ctx, sid, &cuxid[i]) == 0 ||
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            samba_unix_sid_to_id(sid, &cuxid[i]) == 0) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            debug("setting uid of %s to %d", sid, cuxid[i].id.uid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            success = 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        free(sid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return success;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint cifs_idmap_ids_to_sids(void *handle, const struct cifs_uxid *cuxid,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke                           const size_t num, struct cifs_sid *csid)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke{
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    struct sssd_ctx *ctx = handle;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    int err, success = -1;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    char *sid;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    enum sss_id_type id_type;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    size_t i;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    debug("num ids: %zd", num);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    if (num > UINT_MAX) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        ctx_set_error(ctx, "num is too large.");
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        return EINVAL;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    for (i = 0; i < num; ++i) {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        err = sss_nss_getsidbyid((uint32_t)cuxid[i].id.uid, &sid, &id_type);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        if (err != 0)  {
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            ctx_set_error(ctx, strerror(err));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            csid[i].revision = 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            /* FIXME: would it be safe to map *any* uid/gids unknown by sssd to
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke             * SAMBA's UNIX SIDs? */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            continue;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        if (sid_to_cifs_sid(ctx, sid, csid) == 0)
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            success = 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        else
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke            csid[i].revision = 0;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke        free(sid);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke    return success;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke}