lib/cifs_idmap_sss/cifs_idmap_sss.c

	cifs_idmap_sss.c revision 6469f42ca80bb9b955875d590485b0d9366491df
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/*
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    Authors:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        Benjamin Franzke <benjaminfranzke@googlemail.com>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    Copyright (C) 2013 Benjamin Franzke
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    This program is free software; you can redistribute it and/or modify
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc    it under the terms of the GNU General Public License as published by
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    the Free Software Foundation; either version 3 of the License, or
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    (at your option) any later version.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen
2e545ce2450a9953665f701bb05350f0d3f26275nd    This program is distributed in the hope that it will be useful,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen    but WITHOUT ANY WARRANTY; without even the implied warranty of
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    GNU General Public License for more details.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    You should have received a copy of the GNU General Public License
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen    along with this program.  If not, see <http://www.gnu.org/licenses/>.
3f08db06526d6901aa08c110b5bc7dde6bc39905nd*/
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/* TODO: Support well known SIDs as in samba's
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor *        - librpc/idl/security.idl or
3f08db06526d6901aa08c110b5bc7dde6bc39905nd *        - source4/rpc_server/lsa/lsa_lookup.c?
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/* TODO: Support of [all] samba's Unix SIDs:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor *         Users:  S-1-22-1-%UID
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor *         Groups: S-1-22-2-%GID
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include <stdio.h>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include <stdlib.h>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include <errno.h>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include <string.h>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include <limits.h>
48c64aeceef385e19025b384bd719b2a9789592dnd#include <stdarg.h>
48c64aeceef385e19025b384bd719b2a9789592dnd
48c64aeceef385e19025b384bd719b2a9789592dnd#include <cifsidmap.h>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include "lib/idmap/sss_idmap.h"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include "sss_client/idmap/sss_nss_idmap.h"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define WORLD_SID "S-1-1-0"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#ifdef DEBUG
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include <syslog.h>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define debug(str, ...) \
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    syslog(0, "%s: " str "\n", \
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor           __FUNCTION__, ##__VA_ARGS__)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#else
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define debug(...) do { } while(0)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#endif
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorstruct sssd_ctx {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    struct sss_idmap_ctx *idmap;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    const char **errmsg;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor};
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define ctx_set_error(ctx, error) \
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    do { \
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        *ctx->errmsg = error; \
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        debug("%s", error ? error : ""); \
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    } while (0);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorint cifs_idmap_init_plugin(void **handle, const char **errmsg)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    struct sssd_ctx *ctx;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum idmap_error_code err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (handle == NULL || errmsg == NULL)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return EINVAL;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    ctx = malloc(sizeof *ctx);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (!ctx) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        *errmsg = "Failed to allocate context";
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    ctx->errmsg = errmsg;
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf    ctx_set_error(ctx, NULL);
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf    err = sss_idmap_init(NULL, NULL, NULL, &ctx->idmap);
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf    if (err != IDMAP_SUCCESS) {
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf        ctx_set_error(ctx, idmap_error_string(err));
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf        free(ctx);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    *handle = ctx;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorvoid cifs_idmap_exit_plugin(void *handle)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    struct sssd_ctx *ctx = handle;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    debug("exit");
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh    if (ctx == NULL)
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar        return;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
e3e52ec6993de04bb0100e098ce0a569c7001382lgentis    sss_idmap_free(ctx->idmap);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    free(ctx);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/* Test with `getcifsacl file` on client. */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorint cifs_idmap_sid_to_str(void *handle, const struct cifs_sid *csid,
fed47023e9be04c612b5f6d4a5ee2b8e7c587181rbowen                          char **name)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    struct sssd_ctx *ctx = handle;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum idmap_error_code iderr;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    char *sid;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum sss_id_type id_type;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    int err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    iderr = sss_idmap_bin_sid_to_sid(ctx->idmap, (const uint8_t *) csid,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                                     sizeof(*csid), &sid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (iderr != IDMAP_SUCCESS) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, idmap_error_string(iderr));
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        *name = NULL;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    debug("sid: %s", sid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (strcmp(sid, WORLD_SID) == 0) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        *name = strdup("\\Everyone");
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        if (!*name) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            ctx_set_error(ctx, strerror(ENOMEM));
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            return ENOMEM;
4aa603e6448b99f9371397d439795c91a93637eand        }
4aa603e6448b99f9371397d439795c91a93637eand        return 0;
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    err = sss_nss_getnamebysid(sid, name, &id_type);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (err != 0)  {
f039cf01b271a31e317d5b84f24cb135f1c1b6d7nd        ctx_set_error(ctx, strerror(err));
f039cf01b271a31e317d5b84f24cb135f1c1b6d7nd        *name = NULL;
48c64aeceef385e19025b384bd719b2a9789592dnd        return -err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    /* FIXME: Map Samba Unix SIDs? (sid->id and use getpwuid)? */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    debug("name: %s", *name);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorstatic int sid_to_cifs_sid(struct sssd_ctx *ctx, const char *sid,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                           struct cifs_sid *csid)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
4aa603e6448b99f9371397d439795c91a93637eand    uint8_t *bsid = NULL;
4aa603e6448b99f9371397d439795c91a93637eand    enum idmap_error_code err;
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh    size_t length;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    err = sss_idmap_sid_to_bin_sid(ctx->idmap,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                                   sid, &bsid, &length);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (err != IDMAP_SUCCESS) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, idmap_error_string(err));
4aa603e6448b99f9371397d439795c91a93637eand        return -1;
4aa603e6448b99f9371397d439795c91a93637eand    }
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh    if (length > sizeof(struct cifs_sid)) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, "too large sid length");
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        free(bsid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    memcpy(csid, bsid, length);
20f499565e77defe9dab24dd85c02f38a1175855nd    sss_idmap_free_bin_sid(ctx->idmap, bsid);
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/* Test with setcifsacl -a */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorint cifs_idmap_str_to_sid(void *handle, const char *name,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                          struct cifs_sid *csid)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
20f499565e77defe9dab24dd85c02f38a1175855nd    struct sssd_ctx *ctx = handle;
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh    int err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum sss_id_type id_type;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    char *sid = NULL;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    int success = 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    debug("%s", name);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    err = sss_nss_getsidbyname(name, &sid, &id_type);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (err != 0)  {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        /* Might be a raw string representation of SID,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor         * try converting that before returning an error. */
4aa603e6448b99f9371397d439795c91a93637eand        if (sid_to_cifs_sid(ctx, name, csid) == 0)
4aa603e6448b99f9371397d439795c91a93637eand            return 0;
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, strerror(err));
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return -err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (sid_to_cifs_sid(ctx, sid, csid) != 0)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        success = -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    free(sid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return success;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorstatic int samba_unix_sid_to_id(const char *sid, struct cifs_uxid *cuxid)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    id_t id;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    uint8_t type;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (sscanf(sid, "S-1-22-%hhu-%u", &type, &id) != 2)
4aa603e6448b99f9371397d439795c91a93637eand        return -1;
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh    switch (type) {
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh    case 1:
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh        cuxid->type = CIFS_UXID_TYPE_UID;
4aa603e6448b99f9371397d439795c91a93637eand        cuxid->id.uid = id;
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh        break;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    case 2:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        cuxid->type = CIFS_UXID_TYPE_GID;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        cuxid->id.gid = id;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        break;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    default:
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf        cuxid->type = CIFS_UXID_TYPE_UNKNOWN;
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf        return -1;
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf    }
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf    return 0;
cae0359c9286c8e34cbccd15eee2da90562c1ee2sf}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorstatic int sss_sid_to_id(struct sssd_ctx *ctx, const char *sid,
e3e52ec6993de04bb0100e098ce0a569c7001382lgentis                         struct cifs_uxid *cuxid)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    int err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum sss_id_type id_type;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    err = sss_nss_getidbysid(sid, (uint32_t *)&cuxid->id.uid, &id_type);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (err != 0)  {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, strerror(err));
fed47023e9be04c612b5f6d4a5ee2b8e7c587181rbowen        return -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    switch (id_type) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    case SSS_ID_TYPE_UID:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        cuxid->type = CIFS_UXID_TYPE_UID;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        break;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    case SSS_ID_TYPE_GID:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        cuxid->type = CIFS_UXID_TYPE_GID;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        break;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    case SSS_ID_TYPE_BOTH:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        cuxid->type = CIFS_UXID_TYPE_BOTH;
e3e52ec6993de04bb0100e098ce0a569c7001382lgentis        break;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    case SSS_ID_TYPE_NOT_SPECIFIED:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    default:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
fed47023e9be04c612b5f6d4a5ee2b8e7c587181rbowen
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/**
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor * cifs_idmap_sids_to_ids - convert struct cifs_sids to struct cifs_uxids
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor * usecase: mount.cifs -o sec=krb5,multiuser,cifsacl,nounix
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor * test: ls -n on mounted share
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorint cifs_idmap_sids_to_ids(void *handle, const struct cifs_sid *csid,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                           const size_t num, struct cifs_uxid *cuxid)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    struct sssd_ctx *ctx = handle;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum idmap_error_code err;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    int success = -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    size_t i;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    char *sid;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    debug("num: %zd", num);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (num > UINT_MAX) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, "num is too large.");
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return EINVAL;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    for (i = 0; i < num; ++i) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        err = sss_idmap_bin_sid_to_sid(ctx->idmap, (const uint8_t *) &csid[i],
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                                       sizeof(csid[i]), &sid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        if (err != IDMAP_SUCCESS) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            ctx_set_error(ctx, idmap_error_string(err));
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            continue;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        cuxid[i].type = CIFS_UXID_TYPE_UNKNOWN;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        if (sss_sid_to_id(ctx, sid, &cuxid[i]) == 0 ||
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            samba_unix_sid_to_id(sid, &cuxid[i]) == 0) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            debug("setting uid of %s to %d", sid, cuxid[i].id.uid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            success = 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        free(sid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return success;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorint cifs_idmap_ids_to_sids(void *handle, const struct cifs_uxid *cuxid,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                           const size_t num, struct cifs_sid *csid)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor{
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    struct sssd_ctx *ctx = handle;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    int err, success = -1;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    char *sid;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    enum sss_id_type id_type;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    size_t i;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    debug("num ids: %zd", num);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    if (num > UINT_MAX) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        ctx_set_error(ctx, "num is too large.");
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        return EINVAL;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    for (i = 0; i < num; ++i) {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        err = sss_nss_getsidbyid((uint32_t)cuxid[i].id.uid, &sid, &id_type);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        if (err != 0)  {
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            ctx_set_error(ctx, strerror(err));
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            csid[i].revision = 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            /* FIXME: would it be safe to map *any* uid/gids unknown by sssd to
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor             * SAMBA's UNIX SIDs? */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            continue;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        if (sid_to_cifs_sid(ctx, sid, csid) == 0)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            success = 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        else
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor            csid[i].revision = 0;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor        free(sid);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    }
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    return success;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor