lib/idmap/sss_idmap_conv.c

b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose/*
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    SSSD
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    ID-mapping library - conversion utilities
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    Authors:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        Sumit Bose <sbose@redhat.com>
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    Copyright (C) 2012 Red Hat
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    This program is free software; you can redistribute it and/or modify
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    it under the terms of the GNU General Public License as published by
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    the Free Software Foundation; either version 3 of the License, or
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    (at your option) any later version.
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    This program is distributed in the hope that it will be useful,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    GNU General Public License for more details.
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    You should have received a copy of the GNU General Public License
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose*/
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include <string.h>
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include <stdio.h>
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include <errno.h>
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include <ctype.h>
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include "lib/idmap/sss_idmap.h"
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include "lib/idmap/sss_idmap_private.h"
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#include "util/util.h"
1658c567191c35beaddffafdb079abe33248037bLukas Slebodnik#include "util/sss_endian.h"
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#define SID_ID_AUTHS 6
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose#define SID_SUB_AUTHS 15
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bosestruct sss_dom_sid {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        uint8_t sid_rev_num;
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        int8_t num_auths;                  /* [range(0,15)] */
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        uint8_t id_auth[SID_ID_AUTHS];     /* highest order byte has index 0 */
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        uint32_t sub_auths[SID_SUB_AUTHS]; /* host byte-order */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose};
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_bin_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                                   const uint8_t *bin_sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                                   size_t length,
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose                                                   struct sss_dom_sid **_dom_sid)
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose{
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    enum idmap_error_code err;
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    struct sss_dom_sid *dom_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t i = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t p = 0;
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose    uint32_t val;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    if (length > sizeof(struct sss_dom_sid)) return IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (dom_sid == NULL) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        return IDMAP_OUT_OF_MEMORY;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    memset(dom_sid, 0, sizeof(struct sss_dom_sid));
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Safely copy in the SID revision number */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->sid_rev_num = (uint8_t) *(bin_sid + p);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    p++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Safely copy in the number of sub auth values */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->num_auths = (uint8_t) *(bin_sid + p);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    p++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Make sure we aren't being told to read more bin_sid
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose     * than can fit in the structure
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose     */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (dom_sid->num_auths > SID_SUB_AUTHS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Safely copy in the id_auth values */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    for (i = 0; i < SID_ID_AUTHS; i++) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        dom_sid->id_auth[i] = (uint8_t) *(bin_sid + p);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        p++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Safely copy in the sub_auths values */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    for (i = 0; i < dom_sid->num_auths; i++) {
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        /* SID sub auth values in Active Directory are stored little-endian,
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose         * we store them in host order */
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        SAFEALIGN_COPY_UINT32(&val, bin_sid + p, &p);
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        dom_sid->sub_auths[i] = le32toh(val);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_dom_sid = dom_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bosedone:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        ctx->free_func(dom_sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    return err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose}
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_dom_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose                                                   struct sss_dom_sid *dom_sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                                   uint8_t **_bin_sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                                   size_t *_length)
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose{
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    enum idmap_error_code err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    uint8_t *bin_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t length;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t i = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t p = 0;
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose    uint32_t val;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (dom_sid->num_auths > SID_SUB_AUTHS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        return IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    length = 2 + SID_ID_AUTHS + dom_sid->num_auths * 4;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    bin_sid = ctx->alloc_func(length, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (bin_sid == NULL) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        return IDMAP_OUT_OF_MEMORY;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    bin_sid[p] = dom_sid->sid_rev_num;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    p++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    bin_sid[p] = dom_sid->num_auths;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    p++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    for (i = 0; i < SID_ID_AUTHS; i++) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        bin_sid[p] = dom_sid->id_auth[i];
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        p++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    for (i = 0; i < dom_sid->num_auths; i++) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        if (p + sizeof(uint32_t) > length) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        }
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        val = htole32(dom_sid->sub_auths[i]);
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        SAFEALIGN_COPY_UINT32(bin_sid + p, &val, &p);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_bin_sid = bin_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_length = length;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bosedone:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        ctx->free_func(bin_sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    return err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose}
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx,
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose                                               struct sss_dom_sid *dom_sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               char **_sid)
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose{
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    enum idmap_error_code err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    char *sid_buf;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t sid_buf_len;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    char *p;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    int nc;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    int8_t i;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    uint32_t id_auth_val = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (dom_sid->num_auths > SID_SUB_AUTHS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        return IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    sid_buf_len = 25 + dom_sid->num_auths * 11;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    sid_buf = ctx->alloc_func(sid_buf_len, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (sid_buf == NULL) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        return IDMAP_OUT_OF_MEMORY;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    memset(sid_buf, 0, sid_buf_len);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Only 32bits are used for the string representation */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    id_auth_val = (dom_sid->id_auth[2] << 24) +
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                  (dom_sid->id_auth[3] << 16) +
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                  (dom_sid->id_auth[4] << 8) +
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                  (dom_sid->id_auth[5]);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    nc = snprintf(sid_buf, sid_buf_len, "S-%u-%lu", dom_sid->sid_rev_num,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                                    (unsigned long) id_auth_val);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (nc < 0 || nc >= sid_buf_len) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* Loop through the sub-auths, if any, prepending a hyphen
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose     * for each one.
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose     */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    p = sid_buf;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    for (i = 0; i < dom_sid->num_auths ; i++) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        p += nc;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        sid_buf_len -= nc;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose        nc = snprintf(p, sid_buf_len, "-%lu",
9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5dSumit Bose                                      (unsigned long) dom_sid->sub_auths[i]);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        if (nc < 0 || nc >= sid_buf_len) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_sid = sid_buf;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bosedone:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        ctx->free_func(sid_buf, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    return err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose}
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               const char *sid,
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose                                               struct sss_dom_sid **_dom_sid)
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose{
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    enum idmap_error_code err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    unsigned long ul;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    char *r;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    char *end;
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    struct sss_dom_sid *dom_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (sid == NULL || (sid[0] != 'S' && sid[0] != 's') || sid[1] != '-') {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            return IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (dom_sid == NULL) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        return IDMAP_OUT_OF_MEMORY;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    memset(dom_sid, 0, sizeof(struct sss_dom_sid));
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (!isdigit(sid[2])) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    errno = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    ul = strtoul(sid + 2, &r, 10);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (errno != 0 || r == NULL || *r != '-' || ul > UINT8_MAX) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->sid_rev_num = (uint8_t) ul;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    r++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (!isdigit(*r)) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    errno = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    ul = strtoul(r, &r, 10);
2d07aa724c93bbaec2cd29470941c0754c74f715Sumit Bose    if (errno != 0 || r == NULL || ul > UINT32_MAX) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* id_auth in the string should always be <2^32 in decimal */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    /* store values in the same order as the binary representation */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->id_auth[0] = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->id_auth[1] = 0;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->id_auth[2] = (ul & 0xff000000) >> 24;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->id_auth[3] = (ul & 0x00ff0000) >> 16;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->id_auth[4] = (ul & 0x0000ff00) >> 8;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    dom_sid->id_auth[5] = (ul & 0x000000ff);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (*r == '\0') {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        /* no sub auths given */
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (*r != '-') {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    do {
726e335681428614c2909b9c2987286a05afb982Jakub Hrozek        if (dom_sid->num_auths >= SID_SUB_AUTHS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        r++;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        if (!isdigit(*r)) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        errno = 0;
2d07aa724c93bbaec2cd29470941c0754c74f715Sumit Bose        ul = strtoul(r, &end, 10);
2d07aa724c93bbaec2cd29470941c0754c74f715Sumit Bose        if (errno != 0 || ul > UINT32_MAX || end == NULL ||
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            (*end != '\0' && *end != '-')) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            err = IDMAP_SID_INVALID;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose            goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        dom_sid->sub_auths[dom_sid->num_auths++] = ul;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        r = end;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    } while (*r != '\0');
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bosedone:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        ctx->free_func(dom_sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    } else {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        *_dom_sid = dom_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    return err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose}
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               const char *sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               uint8_t **_bin_sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               size_t *_length)
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose{
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    enum idmap_error_code err;
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    struct sss_dom_sid *dom_sid = NULL;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    size_t length;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    uint8_t *bin_sid = NULL;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = sss_idmap_sid_to_dom_sid(ctx, sid, &dom_sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = sss_idmap_dom_sid_to_bin_sid(ctx, dom_sid, &bin_sid, &length);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_length = length;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_bin_sid = bin_sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bosedone:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    ctx->free_func(dom_sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        ctx->free_func(bin_sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    return err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose}
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_bin_sid_to_sid(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               const uint8_t *bin_sid,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               size_t length,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose                                               char **_sid)
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose{
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    enum idmap_error_code err;
c51a204a40b8f85f7f525edb3e24520916d8b9c7Sumit Bose    struct sss_dom_sid *dom_sid = NULL;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    char *sid = NULL;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = sss_idmap_bin_sid_to_dom_sid(ctx, bin_sid, length, &dom_sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        goto done;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    *_sid = sid;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    err = IDMAP_SUCCESS;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bosedone:
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    ctx->free_func(dom_sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    if (err != IDMAP_SUCCESS) {
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose        ctx->free_func(sid, ctx->alloc_pvt);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    }
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose    return err;
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose}
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Boseenum idmap_error_code sss_idmap_sid_to_smb_sid(struct sss_idmap_ctx *ctx,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                               const char *sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                               struct dom_sid **_smb_sid)
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose{
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    enum idmap_error_code err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct sss_dom_sid *dom_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct dom_sid *smb_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_sid_to_dom_sid(ctx, sid, &dom_sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_dom_sid_to_smb_sid(ctx, dom_sid, &smb_sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_smb_sid = smb_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = IDMAP_SUCCESS;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bosedone:
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    ctx->free_func(dom_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        ctx->free_func(smb_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    return err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose}
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Boseenum idmap_error_code sss_idmap_smb_sid_to_sid(struct sss_idmap_ctx *ctx,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                               struct dom_sid *smb_sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                               char **_sid)
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose{
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    enum idmap_error_code err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct sss_dom_sid *dom_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    char *sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_smb_sid_to_dom_sid(ctx, smb_sid, &dom_sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_sid = sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = IDMAP_SUCCESS;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bosedone:
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    ctx->free_func(dom_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        ctx->free_func(sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    return err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose}
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Boseenum idmap_error_code sss_idmap_dom_sid_to_smb_sid(struct sss_idmap_ctx *ctx,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   struct sss_dom_sid *dom_sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   struct dom_sid **_smb_sid)
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose{
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct dom_sid *smb_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    size_t c;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    smb_sid = ctx->alloc_func(sizeof(struct dom_sid), ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (smb_sid == NULL) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        return IDMAP_OUT_OF_MEMORY;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    memset(smb_sid, 0, sizeof(struct dom_sid));
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    smb_sid->sid_rev_num = dom_sid->sid_rev_num;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    smb_sid->num_auths = dom_sid->num_auths;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    for (c = 0; c < SID_ID_AUTHS; c++) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        smb_sid->id_auth[c] = dom_sid->id_auth[c];
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    for (c = 0; c < SID_SUB_AUTHS; c++) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        smb_sid->sub_auths[c] = dom_sid->sub_auths[c];
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_smb_sid = smb_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    return IDMAP_SUCCESS;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose}
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Boseenum idmap_error_code sss_idmap_smb_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   struct dom_sid *smb_sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   struct sss_dom_sid **_dom_sid)
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose{
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct sss_dom_sid *dom_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    size_t c;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (dom_sid == NULL) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        return IDMAP_OUT_OF_MEMORY;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    memset(dom_sid, 0, sizeof(struct sss_dom_sid));
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    dom_sid->sid_rev_num = smb_sid->sid_rev_num;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    dom_sid->num_auths = smb_sid->num_auths;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    for (c = 0; c < SID_ID_AUTHS; c++) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        dom_sid->id_auth[c] = smb_sid->id_auth[c];
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    for (c = 0; c < SID_SUB_AUTHS; c++) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        dom_sid->sub_auths[c] = smb_sid->sub_auths[c];
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_dom_sid = dom_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    return IDMAP_SUCCESS;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose}
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Boseenum idmap_error_code sss_idmap_bin_sid_to_smb_sid(struct sss_idmap_ctx *ctx,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   const uint8_t *bin_sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   size_t length,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   struct dom_sid **_smb_sid)
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose{
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    enum idmap_error_code err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct sss_dom_sid *dom_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct dom_sid *smb_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_bin_sid_to_dom_sid(ctx, bin_sid, length, &dom_sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_dom_sid_to_smb_sid(ctx, dom_sid, &smb_sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_smb_sid = smb_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = IDMAP_SUCCESS;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bosedone:
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    ctx->free_func(dom_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        ctx->free_func(smb_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    return err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose}
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Boseenum idmap_error_code sss_idmap_smb_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   struct dom_sid *smb_sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   uint8_t **_bin_sid,
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose                                                   size_t *_length)
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose{
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    enum idmap_error_code err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    struct sss_dom_sid *dom_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    uint8_t *bin_sid = NULL;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    size_t length;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_smb_sid_to_dom_sid(ctx, smb_sid, &dom_sid);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = sss_idmap_dom_sid_to_bin_sid(ctx, dom_sid, &bin_sid, &length);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        goto done;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_bin_sid = bin_sid;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    *_length = length;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    err = IDMAP_SUCCESS;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bosedone:
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    ctx->free_func(dom_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    if (err != IDMAP_SUCCESS) {
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose        ctx->free_func(bin_sid, ctx->alloc_pvt);
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    }
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose    return err;
2998435fcc95857b73049b3955af9889ab595f24Sumit Bose}