885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/*
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose Unix SMB/CIFS implementation.
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose Winbind client API - SSSD version
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose Copyright (C) Sumit Bose <sbose@redhat.com> 2014
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose This library is free software; you can redistribute it and/or
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose modify it under the terms of the GNU Lesser General Public
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose License as published by the Free Software Foundation; either
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose version 3 of the License, or (at your option) any later version.
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose This library is distributed in the hope that it will be useful,
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose Library General Public License for more details.
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose You should have received a copy of the GNU Lesser General Public License
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose*/
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Required Headers */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose#include "sss_client/idmap/sss_nss_idmap.h"
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose#include "libwbclient.h"
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose#include "wbc_sssd_internal.h"
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Convert a Windows SID to a Unix uid, allocating an uid if needed */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose int ret;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose char *sid_str;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose uint32_t id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose enum sss_id_type type;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcErr wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbc_status = wbcSidToString(sid, &sid_str);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (!WBC_ERROR_IS_OK(wbc_status)) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = sss_nss_getidbysid(sid_str, &id, &type);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcFreeMemory(sid_str);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (ret != 0) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_FAILURE;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (type != SSS_ID_TYPE_UID && type != SSS_ID_TYPE_BOTH) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_GROUP;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose *puid = (uid_t) id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_SUCCESS;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Convert a Unix uid to a Windows SID, allocating a SID if needed */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose int ret;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose char *str_sid;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose enum sss_id_type type;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcErr wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = sss_nss_getsidbyid(uid, &str_sid, &type);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (ret != 0) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_FAILURE;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (type != SSS_ID_TYPE_UID && type != SSS_ID_TYPE_BOTH) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose free(str_sid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_USER;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbc_status = wbcStringToSid(str_sid, sid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose free(str_sid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (!WBC_ERROR_IS_OK(wbc_status)) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_SUCCESS;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/** @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose *
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose * @param *sid Pointer to the domain SID to be resolved
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose * @param *pgid Pointer to the resolved gid_t value
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose *
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose * @return #wbcErr
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose *
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose **/
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose int ret;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose char *sid_str;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose uint32_t id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose enum sss_id_type type;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcErr wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbc_status = wbcSidToString(sid, &sid_str);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (!WBC_ERROR_IS_OK(wbc_status)) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = sss_nss_getidbysid(sid_str, &id, &type);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcFreeMemory(sid_str);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (ret != 0) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_FAILURE;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (type != SSS_ID_TYPE_GID && type != SSS_ID_TYPE_BOTH) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_GROUP;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose *pgid = (gid_t) id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_SUCCESS;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Convert a Unix gid to a Windows SID, allocating a SID if needed */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose int ret;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose char *str_sid;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose enum sss_id_type type;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcErr wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = sss_nss_getsidbyid(gid, &str_sid, &type);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (ret != 0) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_FAILURE;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (type != SSS_ID_TYPE_GID && type != SSS_ID_TYPE_BOTH) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose free(str_sid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_UNKNOWN_USER;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbc_status = wbcStringToSid(str_sid, sid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose free(str_sid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose if (!WBC_ERROR_IS_OK(wbc_status)) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_SUCCESS;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Obtain a new uid from Winbind */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcAllocateUid(uid_t *puid)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose /* Not supported by SSSD */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose WBC_SSSD_NOT_IMPLEMENTED;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Obtain a new gid from Winbind */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcAllocateGid(gid_t *pgid)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose /* Not supported by SSSD */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose WBC_SSSD_NOT_IMPLEMENTED;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose/* Convert a list of SIDs */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit BosewbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose struct wbcUnixId *ids)
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose{
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose int ret;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose char *sid_str;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose uint32_t id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose enum sss_id_type type;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose size_t c;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbcErr wbc_status;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose for (c = 0; c < num_sids; c++) {
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose type = SSS_ID_TYPE_NOT_SPECIFIED;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose wbc_status = wbcSidToString(&sids[c], &sid_str);
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose if (WBC_ERROR_IS_OK(wbc_status)) {
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose ret = sss_nss_getidbysid(sid_str, &id, &type);
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose wbcFreeMemory(sid_str);
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose if (ret != 0) {
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose type = SSS_ID_TYPE_NOT_SPECIFIED;
52f1093ef3d7c44132ec10c57436865b2cbb19d7Sumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose switch (type) {
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose case SSS_ID_TYPE_UID:
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].type = WBC_ID_TYPE_UID;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].id.uid = (uid_t) id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose break;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose case SSS_ID_TYPE_GID:
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].type = WBC_ID_TYPE_GID;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].id.gid = (gid_t) id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose break;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose case SSS_ID_TYPE_BOTH:
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].type = WBC_ID_TYPE_BOTH;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].id.uid = (uid_t) id;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose break;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose default:
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ids[c].type = WBC_ID_TYPE_NOT_SPECIFIED;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose }
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose return WBC_ERR_SUCCESS;
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose}
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit BosewbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids,
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose struct wbcDomainSid *sids)
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose{
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose size_t c;
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose wbcErr wbc_status;
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose for (c = 0; c < num_ids; c++) {
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose switch (ids[c].type) {
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose case WBC_ID_TYPE_UID:
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose wbc_status = wbcUidToSid(ids[c].id.uid, &sids[c]);
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose break;
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose case WBC_ID_TYPE_GID:
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose wbc_status = wbcGidToSid(ids[c].id.gid, &sids[c]);
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose break;
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose default:
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose wbc_status = WBC_ERR_INVALID_PARAM;
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose }
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose if (!WBC_ERROR_IS_OK(wbc_status)) {
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose sids[c] = (struct wbcDomainSid){ 0 };
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose };
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose }
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose return WBC_ERR_SUCCESS;
f3347a0c72afc75b4d829e9981d1bac6b05a8306Sumit Bose}