nss_winbind.c   [plain text]

/* 
   nss sample code for extended winbindd functionality

   Copyright (C) Andrew Tridgell (tridge@samba.org)   

   you are free to use this code in any way you see fit, including
   without restriction, using this code in your own products. You do
   not need to give any attribution.
*/

#define _GNU_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <nss.h>
#include <dlfcn.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>

#include "nss_winbind.h"

/*
  find a function in the nss library
*/
static void *find_fn(struct nss_state *nss, const char *name)
{
	void *res;
	char *s = NULL;

	asprintf(&s, "_nss_%s_%s", nss->nss_name, name);
	if (!s) {
		errno = ENOMEM;
		return NULL;
	}
	res = dlsym(nss->dl_handle, s);
	free(s);
	if (!res) {
		errno = ENOENT;
		return NULL;
	}
	return res;
}

/*
  establish a link to the nss library
  Return 0 on success and -1 on error
*/
int nss_open(struct nss_state *nss, const char *nss_path)
{
	char *p;
	p = strrchr(nss_path, '_');
	if (!p) {
		errno = EINVAL;
		return -1;
	}

	nss->nss_name = strdup(p+1);
	p = strchr(nss->nss_name, '.');
	if (p) *p = 0;

	nss->dl_handle = dlopen(nss_path, RTLD_LAZY);
	if (!nss->dl_handle) {
		free(nss->nss_name);
		return -1;
	}

	return 0;
}

/*
  close and cleanup a nss state
*/
void nss_close(struct nss_state *nss)
{
	free(nss->nss_name);
	dlclose(nss->dl_handle);
}

/*
  make a getpwnam call. 
  Return 0 on success and -1 on error
*/
int nss_getpwent(struct nss_state *nss, struct passwd *pwd)
{
	enum nss_status (*_nss_getpwent_r)(struct passwd *, char *, 
					   size_t , int *);
	enum nss_status status;
	int nss_errno = 0;

	_nss_getpwent_r = find_fn(nss, "getpwent_r");

	if (!_nss_getpwent_r) {
		return -1;
	}

	status = _nss_getpwent_r(pwd, nss->pwnam_buf, sizeof(nss->pwnam_buf),
				 &nss_errno);
	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}
	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	return 0;
}

/*
  make a setpwent call. 
  Return 0 on success and -1 on error
*/
int nss_setpwent(struct nss_state *nss)
{
	enum nss_status (*_nss_setpwent)(void) = find_fn(nss, "setpwent");
	enum nss_status status;
	if (!_nss_setpwent) {
		return -1;
	}
	status = _nss_setpwent();
	if (status != NSS_STATUS_SUCCESS) {
		errno = EINVAL;
		return -1;
	}
	return 0;
}

/*
  make a endpwent call. 
  Return 0 on success and -1 on error
*/
int nss_endpwent(struct nss_state *nss)
{
	enum nss_status (*_nss_endpwent)(void) = find_fn(nss, "endpwent");
	enum nss_status status;
	if (!_nss_endpwent) {
		return -1;
	}
	status = _nss_endpwent();
	if (status != NSS_STATUS_SUCCESS) {
		errno = EINVAL;
		return -1;
	}
	return 0;
}


/*
  convert a name to a SID
  caller frees
  Return 0 on success and -1 on error
*/
int nss_nametosid(struct nss_state *nss, const char *name, char **sid)
{
	enum nss_status (*_nss_nametosid)(const char *, char **, char *,
					  size_t, int *);
	enum nss_status status;
	int nss_errno = 0;
	char buf[200];

	_nss_nametosid = find_fn(nss, "nametosid");

	if (!_nss_nametosid) {
		return -1;
	}

	status = _nss_nametosid(name, sid, buf, sizeof(buf), &nss_errno);
	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}
	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	*sid = strdup(*sid);

	return 0;
}

/*
  convert a SID to a name
  caller frees
  Return 0 on success and -1 on error
*/
int nss_sidtoname(struct nss_state *nss, const char *sid, char **name)
{
	enum nss_status (*_nss_sidtoname)(const char *, char **, char *,
					  size_t, int *);
	enum nss_status status;
	int nss_errno = 0;
	char buf[200];

	_nss_sidtoname = find_fn(nss, "sidtoname");

	if (!_nss_sidtoname) {
		return -1;
	}

	status = _nss_sidtoname(sid, name, buf, sizeof(buf), &nss_errno);
	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}
	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	*name = strdup(*name);

	return 0;
}

/*
  return a list of group SIDs for a user SID
  the returned list is NULL terminated
  Return 0 on success and -1 on error
*/
int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids)
{
	enum nss_status (*_nss_getusersids)(const char *, char **, int *,
					    char *, size_t, int *);
	enum nss_status status;
	int nss_errno = 0;
	char *s;
	int i, num_groups = 0;
	unsigned bufsize = 10;
	char *buf;

	_nss_getusersids = find_fn(nss, "getusersids");

	if (!_nss_getusersids) {
		return -1;
	}

again:
	buf = malloc(bufsize);
	if (!buf) {
		errno = ENOMEM;
		return -1;
	}

	status = _nss_getusersids(user_sid, &s, &num_groups, buf, bufsize,
				  &nss_errno);

	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		free(buf);
		return -1;
	}
	
	if (status == NSS_STATUS_TRYAGAIN) {
		bufsize *= 2;
		free(buf);
		goto again;
	}

	if (status != NSS_STATUS_SUCCESS) {
		free(buf);
		errno = nss_errno;
		return -1;
	}

	if (num_groups == 0) {
		free(buf);
		return 0;
	}

	*sids = (char **)malloc(sizeof(char *) * (num_groups+1));
	if (! *sids) {
		errno = ENOMEM;
		free(buf);
		return -1;
	}

	for (i=0;i<num_groups;i++) {
		(*sids)[i] = strdup(s);
		s += strlen(s) + 1;
	}
	(*sids)[i] = NULL;

	free(buf);

	return 0;
}

/*
  convert a sid to a uid
  Return 0 on success and -1 on error
*/
int nss_sidtouid(struct nss_state *nss, const char *sid, uid_t *uid)
{
	enum nss_status (*_nss_sidtouid)(const char*, uid_t *, int*);

	enum nss_status status;
	int nss_errno = 0;

	_nss_sidtouid = find_fn(nss, "sidtouid");

	if (!_nss_sidtouid) {
		return -1;
	}

	status = _nss_sidtouid(sid, uid, &nss_errno);

	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}

	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	return 0;
}

/*
  convert a sid to a gid
  Return 0 on success and -1 on error
*/
int nss_sidtogid(struct nss_state *nss, const char *sid, gid_t *gid)
{
	enum nss_status (*_nss_sidtogid)(const char*, gid_t *, int*);

	enum nss_status status;
	int nss_errno = 0;

	_nss_sidtogid = find_fn(nss, "sidtogid");

	if (!_nss_sidtogid) {
		return -1;
	}

	status = _nss_sidtogid(sid, gid, &nss_errno);

	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}

	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	return 0;
}

/*
  convert a uid to a sid
  caller frees
  Return 0 on success and -1 on error
*/
int nss_uidtosid(struct nss_state *nss, uid_t uid, char **sid)
{
	enum nss_status (*_nss_uidtosid)(uid_t, char **, char *,
					 size_t, int *);
	enum nss_status status;
	int nss_errno = 0;
	char buf[200];

	_nss_uidtosid = find_fn(nss, "uidtosid");

	if (!_nss_uidtosid) {
		return -1;
	}

	status = _nss_uidtosid(uid, sid, buf, sizeof(buf), &nss_errno);
	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}
	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	*sid = strdup(*sid);

	return 0;
}

/*
  convert a gid to a sid
  caller frees
  Return 0 on success and -1 on error
*/
int nss_gidtosid(struct nss_state *nss, gid_t gid, char **sid)
{
	enum nss_status (*_nss_gidtosid)(gid_t, char **, char *,
					 size_t, int *);
	enum nss_status status;
	int nss_errno = 0;
	char buf[200];

	_nss_gidtosid = find_fn(nss, "gidtosid");

	if (!_nss_gidtosid) {
		return -1;
	}

	status = _nss_gidtosid(gid, sid, buf, sizeof(buf), &nss_errno);
	if (status == NSS_STATUS_NOTFOUND) {
		errno = ENOENT;
		return -1;
	}
	if (status != NSS_STATUS_SUCCESS) {
		errno = nss_errno;
		return -1;
	}

	*sid = strdup(*sid);

	return 0;
}