diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /nsswitch/libwbclient | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'nsswitch/libwbclient')
22 files changed, 10693 insertions, 0 deletions
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.10.sigs b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs new file mode 100644 index 0000000..eda96f4 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs @@ -0,0 +1,76 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.11.sigs b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs new file mode 100644 index 0000000..eda96f4 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs @@ -0,0 +1,76 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.12.sigs b/nsswitch/libwbclient/ABI/wbclient-0.12.sigs new file mode 100644 index 0000000..3b71917 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.12.sigs @@ -0,0 +1,130 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *) +wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *) +wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *) +wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxCreate: struct wbcContext *(void) +wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***) +wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **) +wbcCtxEndgrent: wbcErr (struct wbcContext *) +wbcCtxEndpwent: wbcErr (struct wbcContext *) +wbcCtxFree: void (struct wbcContext *) +wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **) +wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **) +wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **) +wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **) +wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **) +wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **) +wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **) +wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *) +wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **) +wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *) +wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *) +wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcCtxPing: wbcErr (struct wbcContext *) +wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **) +wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxSetgrent: wbcErr (struct wbcContext *) +wbcCtxSetpwent: wbcErr (struct wbcContext *) +wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *) +wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *) +wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGlobalCtx: struct wbcContext *(void) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.13.sigs b/nsswitch/libwbclient/ABI/wbclient-0.13.sigs new file mode 100644 index 0000000..b07a6a8 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.13.sigs @@ -0,0 +1,132 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *) +wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *) +wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *) +wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxCreate: struct wbcContext *(void) +wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***) +wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **) +wbcCtxEndgrent: wbcErr (struct wbcContext *) +wbcCtxEndpwent: wbcErr (struct wbcContext *) +wbcCtxFree: void (struct wbcContext *) +wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **) +wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **) +wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **) +wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **) +wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **) +wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **) +wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **) +wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *) +wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **) +wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *) +wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *) +wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcCtxPing: wbcErr (struct wbcContext *) +wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **) +wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxSetgrent: wbcErr (struct wbcContext *) +wbcCtxSetpwent: wbcErr (struct wbcContext *) +wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *) +wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *) +wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *) +wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGlobalCtx: struct wbcContext *(void) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.14.sigs b/nsswitch/libwbclient/ABI/wbclient-0.14.sigs new file mode 100644 index 0000000..b07a6a8 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.14.sigs @@ -0,0 +1,132 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *) +wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *) +wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *) +wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxCreate: struct wbcContext *(void) +wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***) +wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **) +wbcCtxEndgrent: wbcErr (struct wbcContext *) +wbcCtxEndpwent: wbcErr (struct wbcContext *) +wbcCtxFree: void (struct wbcContext *) +wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **) +wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **) +wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **) +wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **) +wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **) +wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **) +wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **) +wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *) +wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **) +wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *) +wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *) +wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcCtxPing: wbcErr (struct wbcContext *) +wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **) +wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxSetgrent: wbcErr (struct wbcContext *) +wbcCtxSetpwent: wbcErr (struct wbcContext *) +wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *) +wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *) +wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *) +wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGlobalCtx: struct wbcContext *(void) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.15.sigs b/nsswitch/libwbclient/ABI/wbclient-0.15.sigs new file mode 100644 index 0000000..a3019b5 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.15.sigs @@ -0,0 +1,133 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *) +wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *) +wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *) +wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxCreate: struct wbcContext *(void) +wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *) +wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***) +wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **) +wbcCtxEndgrent: wbcErr (struct wbcContext *) +wbcCtxEndpwent: wbcErr (struct wbcContext *) +wbcCtxFree: void (struct wbcContext *) +wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **) +wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **) +wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **) +wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **) +wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **) +wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **) +wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **) +wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **) +wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *) +wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **) +wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *) +wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***) +wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *) +wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcCtxPing: wbcErr (struct wbcContext *) +wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **) +wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **) +wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **) +wbcCtxSetgrent: wbcErr (struct wbcContext *) +wbcCtxSetpwent: wbcErr (struct wbcContext *) +wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *) +wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *) +wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *) +wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGlobalCtx: struct wbcContext *(void) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetClientProcessName: void (const char *) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/ABI/wbclient-0.9.sigs b/nsswitch/libwbclient/ABI/wbclient-0.9.sigs new file mode 100644 index 0000000..ec25e76 --- /dev/null +++ b/nsswitch/libwbclient/ABI/wbclient-0.9.sigs @@ -0,0 +1,75 @@ +wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t) +wbcAllocateGid: wbcErr (gid_t *) +wbcAllocateMemory: void *(size_t, size_t, void (*)(void *)) +wbcAllocateStringArray: const char **(int) +wbcAllocateUid: wbcErr (uid_t *) +wbcAuthenticateUser: wbcErr (const char *, const char *) +wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **) +wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcChangeUserPassword: wbcErr (const char *, const char *, const char *) +wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **) +wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **) +wbcCredentialSave: wbcErr (const char *, const char *) +wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***) +wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **) +wbcEndgrent: wbcErr (void) +wbcEndpwent: wbcErr (void) +wbcErrorString: const char *(wbcErr) +wbcFreeMemory: void (void *) +wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **) +wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *) +wbcGetgrent: wbcErr (struct group **) +wbcGetgrgid: wbcErr (gid_t, struct group **) +wbcGetgrlist: wbcErr (struct group **) +wbcGetgrnam: wbcErr (const char *, struct group **) +wbcGetpwent: wbcErr (struct passwd **) +wbcGetpwnam: wbcErr (const char *, struct passwd **) +wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **) +wbcGetpwuid: wbcErr (uid_t, struct passwd **) +wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcGuidToString: wbcErr (const struct wbcGuid *, char **) +wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **) +wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **) +wbcListGroups: wbcErr (const char *, uint32_t *, const char ***) +wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *) +wbcListUsers: wbcErr (const char *, uint32_t *, const char ***) +wbcLogoffUser: wbcErr (const char *, uid_t, const char *) +wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **) +wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **) +wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **) +wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **) +wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *) +wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **) +wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *) +wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **) +wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **) +wbcPing: wbcErr (void) +wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **) +wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *) +wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *) +wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *) +wbcResolveWinsByIP: wbcErr (const char *, char **) +wbcResolveWinsByName: wbcErr (const char *, char **) +wbcSetGidHwm: wbcErr (gid_t) +wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *) +wbcSetUidHwm: wbcErr (uid_t) +wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *) +wbcSetgrent: wbcErr (void) +wbcSetpwent: wbcErr (void) +wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *) +wbcSidToString: wbcErr (const struct wbcDomainSid *, char **) +wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int) +wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *) +wbcSidTypeString: const char *(enum wbcSidType) +wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *) +wbcStrDup: char *(const char *) +wbcStringToGuid: wbcErr (const char *, struct wbcGuid *) +wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *) +wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *) diff --git a/nsswitch/libwbclient/Doxyfile b/nsswitch/libwbclient/Doxyfile new file mode 100644 index 0000000..529a16f --- /dev/null +++ b/nsswitch/libwbclient/Doxyfile @@ -0,0 +1,1297 @@ +# Doxyfile 1.5.3 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file that +# follow. The default is UTF-8 which is also the encoding used for all text before +# the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into +# libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of +# possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = Samba + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = HEAD + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = dox + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian, +# Italian, Japanese, Japanese-en (Japanese with English messages), Korean, +# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, +# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = $(PWD)/ + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = YES + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for Java. +# For instance, namespaces will be presented as packages, qualified scopes +# will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to +# include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = YES + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = YES + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be extracted +# and appear in the documentation as a namespace called 'anonymous_namespace{file}', +# where file will be replaced with the base name of the file that contains the anonymous +# namespace. By default anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = YES + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = YES + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = NO + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from the +# version control system). Doxygen will invoke the program by executing (via +# popen()) the command <command> <input-file>, where <command> is the value of +# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = YES + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = NO + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = NO + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text " + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = . + +# This tag can be used to specify the character encoding of the source files that +# doxygen parses. Internally doxygen uses the UTF-8 encoding, which is also the default +# input encoding. Doxygen uses libiconv (or the iconv built into libc) for the transcoding. +# See http://www.gnu.org/software/libiconv for the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py + +FILE_PATTERNS = *.c \ + *.h \ + *.idl + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = include/includes.h \ + include/proto.h + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the output. +# The symbol name can be a fully qualified name, a word, or if the wildcard * is used, +# a substring. Examples: ANamespace, AClass, AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command <filter> <input-file>, where <filter> +# is the value of the INPUT_FILTER tag, and <input-file> is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. If you have enabled CALL_GRAPH or CALLER_GRAPH +# then you must also enable this option. If you don't then doxygen will produce +# a warning and turn it on anyway + +SOURCE_BROWSER = YES + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = YES + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = NO + +# If the REFERENCED_BY_RELATION tag is set to YES (the default) +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = YES + +# If the REFERENCES_RELATION tag is set to YES (the default) +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = YES + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = YES + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 1 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = . + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 3 + +# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be +# generated containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. + +GENERATE_TREEVIEW = NO + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = YES + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = NO + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see http://www.mcternan.me.uk/mscgen/) to +# produce the chart and insert it in the documentation. The MSCGEN_PATH tag allows you to +# specify the directory where the mscgen tool resides. If left empty the tool is assumed to +# be found in the default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will +# generate a call dependency graph for every global function or class method. +# Note that enabling this option will significantly increase the time of a run. +# So in most cases it will be better to enable call graphs for selected +# functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will +# generate a caller dependency graph for every global function or class method. +# Note that enabling this option will significantly increase the time of a run. +# So in most cases it will be better to enable caller graphs for selected +# functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the number +# of direct children of the root node in a graph is already larger than +# MAX_DOT_GRAPH_NOTES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is disabled by default, which results in a white background. +# Warning: Depending on the platform used, enabling this option may lead to +# badly anti-aliased labels on the edges of a graph (i.e. they become hard to +# read). + +DOT_TRANSPARENT = NO + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/nsswitch/libwbclient/libwbclient.h b/nsswitch/libwbclient/libwbclient.h new file mode 100644 index 0000000..867eb4d --- /dev/null +++ b/nsswitch/libwbclient/libwbclient.h @@ -0,0 +1,44 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LIBWBCLIENT_H +#define _LIBWBCLIENT_H + +/* Super header including necessary public and private header files + for building the wbclient library. __DO NOT__ define anything + in this file. Only include other headers. */ + +/* Winbind headers */ + +#include "nsswitch/winbind_nss_config.h" +#include "nsswitch/winbind_struct_protocol.h" + +/* Public headers */ + +#include "wbclient.h" + +/* Private headers */ + +#include "wbc_err_internal.h" +#include "wbclient_internal.h" + + +#endif /* _LIBWBCLIENT_H */ diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c new file mode 100644 index 0000000..01fa289 --- /dev/null +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -0,0 +1,1121 @@ +/* + Unix SMB/CIFS implementation. + SMB torture tester + Copyright (C) Guenther Deschner 2009-2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "source3/include/includes.h" +#include "lib/replace/replace.h" +#include "libcli/util/ntstatus.h" +#include "libcli/util/werror.h" +#include "lib/util/data_blob.h" +#include "lib/util/time.h" +#include "libcli/resolve/resolve.h" +#include "nsswitch/libwbclient/wbclient.h" +#include "nsswitch/winbind_client.h" +#include "torture/smbtorture.h" +#include "torture/winbind/proto.h" +#include "lib/util/util_net.h" +#include "lib/util/charset/charset.h" +#include "libcli/auth/libcli_auth.h" +#include "lib/param/param.h" +#include "lib/util/samba_util.h" +#include "auth/credentials/credentials.h" +#include "lib/cmdline/cmdline.h" +#include "winbindd.h" + +#include <gnutls/gnutls.h> +#include <gnutls/crypto.h> + +#define WBC_ERROR_EQUAL(x,y) (x == y) + +#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \ + do { wbcErr __got = got, __expected = expected; \ + if (!WBC_ERROR_EQUAL(__got, __expected)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \ + return false; \ + } \ + } while (0) + +#define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \ + torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg) + +#define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg) \ + do { wbcErr __got = got, __expected = expected; \ + if (!WBC_ERROR_EQUAL(__got, __expected)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \ + goto fail; \ + } \ + } while (0) + +#define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg) \ + torture_assert_wbc_equal_goto_fail(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg) + +#define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\ + do { const char *__got = (got), *__expected = (expected); \ + if (strcmp(__got, __expected) != 0) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got" was %s, expected %s: %s", \ + __got, __expected, cmt); \ + goto fail;; \ + } \ + } while(0) + +static bool test_wbc_ping(struct torture_context *tctx) +{ + torture_assert_wbc_ok(tctx, wbcPing(), + "%s", "wbcPing failed"); + + return true; +} + +static bool test_wbc_pingdc(struct torture_context *tctx) +{ + struct wbcInterfaceDetails *details = NULL; + wbcErr ret = false; + + torture_assert_wbc_equal_goto_fail(tctx, + wbcPingDc("random_string", NULL), + WBC_ERR_DOMAIN_NOT_FOUND, + "%s", + "wbcPingDc failed"); + torture_assert_wbc_ok_goto_fail(tctx, wbcPingDc(NULL, NULL), + "%s", "wbcPingDc failed"); + + torture_assert_wbc_ok_goto_fail(tctx, wbcInterfaceDetails(&details), + "%s", "wbcInterfaceDetails failed"); + torture_assert_goto(tctx, details, ret, fail, + "wbcInterfaceDetails returned NULL pointer"); + torture_assert_goto(tctx, details->netbios_domain, ret, fail, + "wbcInterfaceDetails returned NULL netbios_domain"); + + torture_assert_wbc_ok_goto_fail(tctx, + wbcPingDc(details->netbios_domain, NULL), + "wbcPingDc(%s) failed", + details->netbios_domain); + + torture_assert_wbc_ok_goto_fail(tctx, + wbcPingDc("BUILTIN", NULL), + "%s", + "wbcPingDc(BUILTIN) failed"); + + ret = true; +fail: + wbcFreeMemory(details); + return ret; +} + +static bool test_wbc_pingdc2(struct torture_context *tctx) +{ + struct wbcInterfaceDetails *details = NULL; + char *name = NULL; + wbcErr ret = false; + + torture_assert_wbc_equal_goto_fail(tctx, + wbcPingDc2("random_string", NULL, &name), + WBC_ERR_DOMAIN_NOT_FOUND, + "%s", + "wbcPingDc2 failed"); + torture_assert_wbc_ok_goto_fail(tctx, + wbcPingDc2(NULL, NULL, &name), + "%s", + "wbcPingDc2 failed"); + wbcFreeMemory(name); + name = NULL; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcInterfaceDetails(&details), + "%s", + "wbcInterfaceDetails failed"); + torture_assert_goto(tctx, + details, + ret, + fail, + "wbcInterfaceDetails returned NULL pointer"); + torture_assert_goto(tctx, + details->netbios_domain, + ret, + fail, + "wbcInterfaceDetails returned NULL netbios_domain"); + + torture_assert_wbc_ok_goto_fail(tctx, + wbcPingDc2(details->netbios_domain, NULL, &name), + "wbcPingDc2(%s) failed", + details->netbios_domain); + wbcFreeMemory(name); + name = NULL; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcPingDc2("BUILTIN", NULL, &name), + "%s", + "wbcPingDc2(BUILTIN) failed"); + + ret = true; +fail: + wbcFreeMemory(name); + wbcFreeMemory(details); + + return ret; +} + +static bool test_wbc_library_details(struct torture_context *tctx) +{ + struct wbcLibraryDetails *details; + + torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details), + "%s", "wbcLibraryDetails failed"); + torture_assert(tctx, details, + "wbcLibraryDetails returned NULL pointer"); + + wbcFreeMemory(details); + + return true; +} + +static bool test_wbc_interface_details(struct torture_context *tctx) +{ + struct wbcInterfaceDetails *details; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "%s", "wbcInterfaceDetails failed"); + torture_assert(tctx, details, + "wbcInterfaceDetails returned NULL pointer"); + + wbcFreeMemory(details); + + return true; +} + +static bool test_wbc_sidtypestring(struct torture_context *tctx) +{ + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE), + "SID_NONE", "SID_NONE failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER), + "SID_USER", "SID_USER failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP), + "SID_DOM_GROUP", "SID_DOM_GROUP failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN), + "SID_DOMAIN", "SID_DOMAIN failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS), + "SID_ALIAS", "SID_ALIAS failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP), + "SID_WKN_GROUP", "SID_WKN_GROUP failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED), + "SID_DELETED", "SID_DELETED failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID), + "SID_INVALID", "SID_INVALID failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN), + "SID_UNKNOWN", "SID_UNKNOWN failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER), + "SID_COMPUTER", "SID_COMPUTER failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_LABEL), + "SID_LABEL", "SID_LABEL failed"); + return true; +} + +static bool test_wbc_sidtostring(struct torture_context *tctx) +{ + struct wbcDomainSid sid; + const char *sid_string = "S-1-5-32"; + char *sid_string2; + + torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid), + "wbcStringToSid of %s failed", sid_string); + torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2), + "wbcSidToString of %s failed", sid_string); + torture_assert_str_equal(tctx, sid_string, sid_string2, + "sid strings differ"); + wbcFreeMemory(sid_string2); + + return true; +} + +static bool test_wbc_guidtostring(struct torture_context *tctx) +{ + struct wbcGuid guid; + const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811"; + char *guid_string2; + + torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid), + "wbcStringToGuid of %s failed", guid_string); + torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2), + "wbcGuidToString of %s failed", guid_string); + torture_assert_str_equal(tctx, guid_string, guid_string2, + "guid strings differ"); + wbcFreeMemory(guid_string2); + + return true; +} + +static bool test_wbc_domain_info(struct torture_context *tctx) +{ + struct wbcDomainInfo *info = NULL; + struct wbcInterfaceDetails *details = NULL; + wbcErr ret = false; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcInterfaceDetails(&details), + "%s", + "wbcInterfaceDetails failed"); + torture_assert_wbc_ok_goto_fail(tctx, + wbcDomainInfo(details->netbios_domain, &info), + "%s", + "wbcDomainInfo failed"); + + torture_assert_goto(tctx, + info, + ret, + fail, + "wbcDomainInfo returned NULL pointer"); + + ret = true; +fail: + wbcFreeMemory(details); + wbcFreeMemory(info); + + return ret; +} + +static bool test_wbc_users(struct torture_context *tctx) +{ + const char *domain_name = NULL; + uint32_t num_users; + const char **users = NULL; + uint32_t i; + struct wbcInterfaceDetails *details = NULL; + struct wbcDomainSid *sids = NULL; + char *domain = NULL; + char *name = NULL; + char *sid_string = NULL; + wbcErr ret = false; + char separator; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "%s", "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + torture_assert_goto(tctx, + domain_name != NULL, + ret, + fail, + "Failed to allocate domain_name"); + separator = details->winbind_separator; + wbcFreeMemory(details); + details = NULL; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcListUsers(domain_name, &num_users, &users), + "%s", + "wbcListUsers failed"); + torture_assert_goto(tctx, + !(num_users > 0 && !users), + ret, + fail, + "wbcListUsers returned invalid results"); + + for (i = 0; i < MIN(num_users, 100); i++) { + struct wbcDomainSid sid; + enum wbcSidType name_type; + uint32_t num_sids; + const char *user; + char *c; + + c = strchr(users[i], separator); + + if (c == NULL) { + /* + * NT4 DC + * user name does not contain DOMAIN SEPARATOR prefix. + */ + + user = users[i]; + } else { + /* + * AD DC + * user name starts with DOMAIN SEPARATOR prefix. + */ + const char *dom; + + *c = '\0'; + dom = users[i]; + user = c + 1; + + torture_assert_str_equal_goto(tctx, dom, domain_name, + ret, fail, "Domain part " + "of user name does not " + "match domain name.\n"); + } + + torture_assert_wbc_ok_goto_fail(tctx, + wbcLookupName(domain_name, user, + &sid, &name_type), + "wbcLookupName of %s failed", + users[i]); + torture_assert_int_equal_goto(tctx, + name_type, WBC_SID_NAME_USER, + ret, + fail, + "wbcLookupName expected WBC_SID_NAME_USER"); + wbcSidToString(&sid, &sid_string); + torture_assert_wbc_ok_goto_fail(tctx, + wbcLookupSid(&sid, + &domain, + &name, + &name_type), + "wbcLookupSid of %s failed", + sid_string); + torture_assert_int_equal_goto(tctx, + name_type, WBC_SID_NAME_USER, + ret, + fail, + "wbcLookupSid of expected WBC_SID_NAME_USER"); + torture_assert_goto(tctx, + name, + ret, + fail, + "wbcLookupSid returned no name"); + wbcFreeMemory(domain); + domain = NULL; + wbcFreeMemory(name); + name = NULL; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcLookupUserSids(&sid, true, &num_sids, &sids), + "wbcLookupUserSids of %s failed", sid_string); + torture_assert_wbc_ok_goto_fail(tctx, + wbcGetDisplayName(&sid, + &domain, + &name, + &name_type), + "wbcGetDisplayName of %s failed", + sid_string); + wbcFreeMemory(domain); + domain = NULL; + wbcFreeMemory(name); + name = NULL; + wbcFreeMemory(sids); + sids = NULL; + wbcFreeMemory(sid_string); + sid_string = NULL; + } + + ret = true; +fail: + wbcFreeMemory(details); + wbcFreeMemory(users); + wbcFreeMemory(domain); + wbcFreeMemory(name); + wbcFreeMemory(sids); + wbcFreeMemory(sid_string); + + return ret; +} + +static bool test_wbc_groups(struct torture_context *tctx) +{ + wbcErr ret = false; + const char *domain_name = NULL; + uint32_t num_groups; + const char **groups = NULL; + uint32_t i; + struct wbcInterfaceDetails *details = NULL; + char *domain = NULL; + char *name = NULL; + char *sid_string = NULL; + char separator; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "%s", "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + torture_assert_goto(tctx, + domain_name != NULL, + ret, + fail, + "Failed to allocate domain_name"); + separator = details->winbind_separator; + wbcFreeMemory(details); + details = NULL; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcListGroups(domain_name, &num_groups, &groups), + "wbcListGroups in %s failed", + domain_name); + torture_assert_goto(tctx, + !(num_groups > 0 && !groups), + ret, + fail, + "wbcListGroups returned invalid results"); + + for (i=0; i < MIN(num_groups,100); i++) { + struct wbcDomainSid sid; + enum wbcSidType name_type; + const char *group; + char *c; + + c = strchr(groups[i], separator); + + if (c == NULL) { + /* + * NT4 DC + * group name does not contain DOMAIN SEPARATOR prefix. + */ + + group = groups[i]; + } else { + /* + * AD DC + * group name starts with DOMAIN SEPARATOR prefix. + */ + const char *dom; + + + *c = '\0'; + dom = groups[i]; + group = c + 1; + + torture_assert_str_equal_goto(tctx, dom, domain_name, + ret, fail, "Domain part " + "of group name does not " + "match domain name.\n"); + } + + torture_assert_wbc_ok_goto_fail(tctx, + wbcLookupName(domain_name, + group, + &sid, + &name_type), + "wbcLookupName for %s failed", + domain_name); + wbcSidToString(&sid, &sid_string); + torture_assert_wbc_ok_goto_fail(tctx, + wbcLookupSid(&sid, + &domain, + &name, + &name_type), + "wbcLookupSid of %s failed", + sid_string); + torture_assert_goto(tctx, + name, + ret, + fail, + "wbcLookupSid returned no name"); + + wbcFreeMemory(domain); + domain = NULL; + wbcFreeMemory(name); + name = NULL; + wbcFreeMemory(sid_string); + sid_string = NULL; + } + + ret = true; +fail: + wbcFreeMemory(details); + wbcFreeMemory(groups); + wbcFreeMemory(domain); + wbcFreeMemory(name); + wbcFreeMemory(sid_string); + + return ret; +} + +static bool test_wbc_trusts(struct torture_context *tctx) +{ + struct wbcDomainInfo *domains = NULL; + struct wbcAuthErrorInfo *error = NULL; + size_t num_domains; + uint32_t i; + wbcErr ret = false; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcListTrusts(&domains, &num_domains), + "%s", + "wbcListTrusts failed"); + torture_assert_goto(tctx, + !(num_domains > 0 && !domains), + ret, + fail, + "wbcListTrusts returned invalid results"); + + for (i=0; i < MIN(num_domains,100); i++) { + + /* + struct wbcDomainSid sid; + enum wbcSidType name_type; + char *domain; + char *name; + */ + torture_assert_wbc_ok_goto_fail(tctx, + wbcCheckTrustCredentials(domains[i].short_name, + &error), + "%s", + "wbcCheckTrustCredentials failed"); + /* + torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type), + "wbcLookupName failed"); + torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN, + "wbcLookupName expected WBC_SID_NAME_DOMAIN"); + torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type), + "wbcLookupSid failed"); + torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN, + "wbcLookupSid expected WBC_SID_NAME_DOMAIN"); + torture_assert(tctx, name, + "wbcLookupSid returned no name"); + */ + wbcFreeMemory(error); + error = NULL; + } + + ret = true; +fail: + wbcFreeMemory(domains); + wbcFreeMemory(error); + + return ret; +} + +static bool test_wbc_lookupdc(struct torture_context *tctx) +{ + const char *domain_name = NULL; + struct wbcInterfaceDetails *details; + struct wbcDomainControllerInfo *dc_info; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "%s", "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info), + "wbcLookupDomainController for %s failed", domain_name); + wbcFreeMemory(dc_info); + + return true; +} + +static bool test_wbc_lookupdcex(struct torture_context *tctx) +{ + const char *domain_name = NULL; + struct wbcInterfaceDetails *details; + struct wbcDomainControllerInfoEx *dc_info; + + torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details), + "%s", "wbcInterfaceDetails failed"); + + domain_name = talloc_strdup(tctx, details->netbios_domain); + wbcFreeMemory(details); + + torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info), + "wbcLookupDomainControllerEx for %s failed", domain_name); + wbcFreeMemory(dc_info); + + return true; +} + +static bool test_wbc_resolve_winsbyname(struct torture_context *tctx) +{ + const char *name; + char *ip; + wbcErr ret; + + name = torture_setting_string(tctx, "host", NULL); + + torture_comment(tctx, "test-WinsByName: host='%s'\n", name); + + ret = wbcResolveWinsByName(name, &ip); + + if (is_ipaddress(name)) { + torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name); + } else { + torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name); + } + + return true; +} + +static bool test_wbc_resolve_winsbyip(struct torture_context *tctx) +{ + const char *ip; + const char *host; + struct nbt_name nbt_name; + char *name; + wbcErr ret; + NTSTATUS status; + + host = torture_setting_string(tctx, "host", NULL); + + torture_comment(tctx, "test-WinsByIp: host='%s'\n", host); + + make_nbt_name_server(&nbt_name, host); + + status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx), + 0, 0, &nbt_name, tctx, &ip, tctx->ev); + torture_assert_ntstatus_ok(tctx, status, + talloc_asprintf(tctx,"Failed to resolve %s: %s", + nbt_name.name, nt_errstr(status))); + + torture_comment(tctx, "test-WinsByIp: ip='%s'\n", ip); + + ret = wbcResolveWinsByIP(ip, &name); + + torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip); + + wbcFreeMemory(name); + + return true; +} + +static bool test_wbc_lookup_rids(struct torture_context *tctx) +{ + struct wbcDomainSid builtin; + uint32_t rids[2] = { 544, 545 }; + const char *domain_name = NULL; + const char **names = NULL; + enum wbcSidType *types; + wbcErr ret = false; + + wbcStringToSid("S-1-5-32", &builtin); + + ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names, + &types); + torture_assert_wbc_ok_goto_fail( + tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed"); + + torture_assert_str_equal( + tctx, names[0], "Administrators", + "S-1-5-32-544 not mapped to 'Administrators'"); + torture_assert_str_equal_goto_fail( + tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'"); + + ret = true; +fail: + wbcFreeMemory(discard_const_p(char ,domain_name)); + wbcFreeMemory(names); + wbcFreeMemory(types); + return ret; +} + +static bool test_wbc_get_sidaliases(struct torture_context *tctx) +{ + struct wbcDomainSid builtin; + struct wbcDomainInfo *info = NULL; + struct wbcInterfaceDetails *details = NULL; + struct wbcDomainSid sids[2]; + uint32_t *rids = NULL; + uint32_t num_rids; + wbcErr ret = false; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcInterfaceDetails(&details), + "%s", + "wbcInterfaceDetails failed"); + torture_assert_wbc_ok_goto_fail(tctx, + wbcDomainInfo(details->netbios_domain, &info), + "wbcDomainInfo of %s failed", + details->netbios_domain); + + sids[0] = info->sid; + sids[0].sub_auths[sids[0].num_auths++] = 500; + sids[1] = info->sid; + sids[1].sub_auths[sids[1].num_auths++] = 512; + + torture_assert_wbc_ok_goto_fail(tctx, + wbcStringToSid("S-1-5-32", &builtin), + "wbcStringToSid of %s failed", + "S-1-5-32"); + + ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids); + torture_assert_wbc_ok_goto_fail(tctx, + ret, + "%s", + "wbcGetSidAliases failed"); + + ret = true; +fail: + wbcFreeMemory(details); + wbcFreeMemory(info); + wbcFreeMemory(rids); + return ret; +} + +static bool test_wbc_authenticate_user_int(struct torture_context *tctx, + const char *correct_password) +{ + struct wbcAuthUserParams params; + struct wbcAuthUserInfo *info = NULL; + struct wbcAuthErrorInfo *error = NULL; + wbcErr ret; + struct cli_credentials *creds = samba_cmdline_get_creds(); + + ret = wbcAuthenticateUser(cli_credentials_get_username( + creds), correct_password); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcAuthenticateUser of %s failed", + cli_credentials_get_username(creds)); + + ZERO_STRUCT(params); + params.account_name = + cli_credentials_get_username(creds); + params.level = WBC_AUTH_USER_LEVEL_PLAIN; + params.password.plaintext = correct_password; + + ret = wbcAuthenticateUserEx(¶ms, &info, &error); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcAuthenticateUserEx of %s failed", params.account_name); + wbcFreeMemory(info); + info = NULL; + + wbcFreeMemory(error); + error = NULL; + + params.password.plaintext = "wrong"; + ret = wbcAuthenticateUserEx(¶ms, &info, &error); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, + "wbcAuthenticateUserEx for %s succeeded where it " + "should have failed", params.account_name); + wbcFreeMemory(info); + info = NULL; + + wbcFreeMemory(error); + error = NULL; + + return true; +} + +static bool test_wbc_authenticate_user(struct torture_context *tctx) +{ + struct cli_credentials *creds = samba_cmdline_get_creds(); + + return test_wbc_authenticate_user_int(tctx, + cli_credentials_get_password(creds)); +} + +static bool test_wbc_change_password(struct torture_context *tctx) +{ + wbcErr ret; + struct cli_credentials *creds = samba_cmdline_get_creds(); + const char *oldpass = + cli_credentials_get_password(creds); + const char *newpass = "Koo8irei%$"; + + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lanman_hash_enc; + + gnutls_cipher_hd_t cipher_hnd = NULL; + + uint8_t old_nt_hash[16]; + uint8_t old_lanman_hash[16]; + uint8_t new_nt_hash[16]; + uint8_t new_lanman_hash[16]; + gnutls_datum_t old_nt_key = { + .data = old_nt_hash, + .size = sizeof(old_nt_hash), + }; + + struct wbcChangePasswordParams params; + + if (oldpass == NULL) { + torture_skip(tctx, + "skipping wbcChangeUserPassword test as old password cannot be retrieved\n"); + } + + ZERO_STRUCT(params); + + E_md4hash(oldpass, old_nt_hash); + E_md4hash(newpass, new_nt_hash); + + if (lpcfg_client_lanman_auth(tctx->lp_ctx) && + E_deshash(newpass, new_lanman_hash) && + E_deshash(oldpass, old_lanman_hash)) { + + /* E_deshash returns false for 'long' passwords (> 14 + DOS chars). This allows us to match Win2k, which + does not store a LM hash for these passwords (which + would reduce the effective password length to 14) */ + + encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE); + + gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &old_nt_key, + NULL); + gnutls_cipher_encrypt(cipher_hnd, + new_lm_password.data, + 516); + gnutls_cipher_deinit(cipher_hnd); + + E_old_pw_hash(new_nt_hash, old_lanman_hash, + old_lanman_hash_enc.hash); + + params.old_password.response.old_lm_hash_enc_length = + sizeof(old_lanman_hash_enc.hash); + params.old_password.response.old_lm_hash_enc_data = + old_lanman_hash_enc.hash; + params.new_password.response.lm_length = + sizeof(new_lm_password.data); + params.new_password.response.lm_data = + new_lm_password.data; + } else { + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_lanman_hash_enc); + } + + encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE); + + gnutls_cipher_init(&cipher_hnd, + GNUTLS_CIPHER_ARCFOUR_128, + &old_nt_key, + NULL); + gnutls_cipher_encrypt(cipher_hnd, + new_nt_password.data, + 516); + gnutls_cipher_deinit(cipher_hnd); + + E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); + + params.old_password.response.old_nt_hash_enc_length = + sizeof(old_nt_hash_enc.hash); + params.old_password.response.old_nt_hash_enc_data = + old_nt_hash_enc.hash; + params.new_password.response.nt_length = sizeof(new_nt_password.data); + params.new_password.response.nt_data = new_nt_password.data; + + params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE; + params.account_name = + cli_credentials_get_username(creds); + params.domain_name = + cli_credentials_get_domain(creds); + + ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcChangeUserPassword for %s failed", params.account_name); + + if (!test_wbc_authenticate_user_int(tctx, newpass)) { + return false; + } + + ret = wbcChangeUserPassword( + cli_credentials_get_username(creds), + newpass, + cli_credentials_get_password(creds)); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcChangeUserPassword for %s failed", params.account_name); + + return test_wbc_authenticate_user_int(tctx, + cli_credentials_get_password(creds)); +} + +static bool test_wbc_logon_user(struct torture_context *tctx) +{ + struct wbcLogonUserParams params; + struct wbcLogonUserInfo *info = NULL; + struct wbcAuthErrorInfo *error = NULL; + struct wbcUserPasswordPolicyInfo *policy = NULL; + struct wbcInterfaceDetails *iface; + struct wbcDomainSid sid; + enum wbcSidType sidtype; + char *sidstr; + wbcErr ret; + struct cli_credentials *creds = samba_cmdline_get_creds(); + uint32_t i, flags = 0; + const char *expected_unix_username = NULL; + const char *unix_username = NULL; + + ZERO_STRUCT(params); + + ret = wbcLogonUser(¶ms, &info, &error, &policy); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM, + "%s", "wbcLogonUser succeeded for NULL where it should " + "have failed"); + + params.username = + cli_credentials_get_username(creds); + params.password = + cli_credentials_get_password(creds); + + ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, + "foo", 0, discard_const_p(uint8_t, "bar"), 4); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "%s", "wbcAddNamedBlob failed"); + + ret = wbcLogonUser(¶ms, &info, &error, &policy); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcLogonUser for %s failed", params.username); + wbcFreeMemory(info); info = NULL; + wbcFreeMemory(error); error = NULL; + wbcFreeMemory(policy); policy = NULL; + + params.password = "wrong"; + + ret = wbcLogonUser(¶ms, &info, &error, &policy); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, + "wbcLogonUser for %s should have failed with " + "WBC_ERR_AUTH_ERROR", params.username); + wbcFreeMemory(info); info = NULL; + wbcFreeMemory(error); error = NULL; + wbcFreeMemory(policy); policy = NULL; + + ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, + "membership_of", 0, + discard_const_p(uint8_t, "S-1-2-3-4"), + strlen("S-1-2-3-4")+1); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "%s", "wbcAddNamedBlob failed"); + params.password = + cli_credentials_get_password(creds); + ret = wbcLogonUser(¶ms, &info, &error, &policy); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR, + "wbcLogonUser for %s should have failed with " + "WBC_ERR_AUTH_ERROR", params.username); + wbcFreeMemory(info); info = NULL; + wbcFreeMemory(error); error = NULL; + wbcFreeMemory(policy); policy = NULL; + wbcFreeMemory(params.blobs); + params.blobs = NULL; params.num_blobs = 0; + + ret = wbcInterfaceDetails(&iface); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "%s", "wbcInterfaceDetails failed"); + + ret = wbcLookupName(iface->netbios_domain, + cli_credentials_get_username(creds), + &sid, + &sidtype); + wbcFreeMemory(iface); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcLookupName for %s failed", + cli_credentials_get_username(creds)); + + ret = wbcSidToString(&sid, &sidstr); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "%s", "wbcSidToString failed"); + + ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, + "membership_of", 0, + (uint8_t *)sidstr, strlen(sidstr)+1); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "%s", "wbcAddNamedBlob failed"); + wbcFreeMemory(sidstr); + params.password = + cli_credentials_get_password(creds); + ret = wbcLogonUser(¶ms, &info, &error, &policy); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcLogonUser for %s failed", params.username); + wbcFreeMemory(info); info = NULL; + wbcFreeMemory(error); error = NULL; + wbcFreeMemory(policy); policy = NULL; + wbcFreeMemory(params.blobs); + params.blobs = NULL; params.num_blobs = 0; + + /* Test WBFLAG_PAM_UNIX_NAME */ + params.username = cli_credentials_get_username(creds); + params.password = cli_credentials_get_password(creds); + flags = WBFLAG_PAM_UNIX_NAME; + + torture_assert(tctx, + lp_load_global(lpcfg_configfile(tctx->lp_ctx)), + "lp_load_global() failed\n"); + expected_unix_username = fill_domain_username_talloc(tctx, + cli_credentials_get_domain(creds), + cli_credentials_get_username(creds), + true); + + ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs, "flags", 0, + (uint8_t *)&flags, sizeof(flags)); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "%s", "wbcAddNamedBlob failed"); + + ret = wbcLogonUser(¶ms, &info, &error, &policy); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcLogonUser for %s failed", + params.username); + + for (unix_username=NULL, i=0; i<info->num_blobs; i++) { + torture_comment(tctx, "Found named blob '%s'\n", info->blobs[i].name); + if (strequal(info->blobs[i].name, "unix_username")) { + unix_username = (const char *)info->blobs[i].blob.data; + } + } + torture_assert_not_null(tctx, unix_username, + "wbcLogonUserInfo does not have unix_username blob\n"); + torture_assert_str_equal(tctx, unix_username, + expected_unix_username, + "Unexpected unix_username"); + wbcFreeMemory(info); info = NULL; + wbcFreeMemory(error); error = NULL; + wbcFreeMemory(policy); policy = NULL; + wbcFreeMemory(params.blobs); + params.blobs = NULL; params.num_blobs = 0; + + return true; +} + +static bool test_wbc_getgroups(struct torture_context *tctx) +{ + wbcErr ret; + uint32_t num_groups; + gid_t *groups; + struct cli_credentials *creds = samba_cmdline_get_creds(); + + ret = wbcGetGroups( + cli_credentials_get_username(creds), + &num_groups, + &groups); + torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, + "wbcGetGroups for %s failed", + cli_credentials_get_username(creds)); + wbcFreeMemory(groups); + return true; +} + +struct torture_suite *torture_wbclient(TALLOC_CTX *ctx) +{ + struct torture_suite *suite = torture_suite_create(ctx, "wbclient"); + + torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping); + torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc); + torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2); + torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details); + torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details); + torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring); + torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring); + torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring); + torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info); + torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users); + torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups); + torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts); + torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc); + torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex); + torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname); + torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip); + torture_suite_add_simple_test(suite, "wbcLookupRids", + test_wbc_lookup_rids); + torture_suite_add_simple_test(suite, "wbcGetSidAliases", + test_wbc_get_sidaliases); + torture_suite_add_simple_test(suite, "wbcAuthenticateUser", + test_wbc_authenticate_user); + torture_suite_add_simple_test(suite, "wbcLogonUser", + test_wbc_logon_user); + torture_suite_add_simple_test(suite, "wbcChangeUserPassword", + test_wbc_change_password); + torture_suite_add_simple_test(suite, "wbcGetGroups", + test_wbc_getgroups); + + return suite; +} diff --git a/nsswitch/libwbclient/wbc_err_internal.h b/nsswitch/libwbclient/wbc_err_internal.h new file mode 100644 index 0000000..dd8e7f2 --- /dev/null +++ b/nsswitch/libwbclient/wbc_err_internal.h @@ -0,0 +1,45 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _WBC_ERR_INTERNAL_H +#define _WBC_ERR_INTERNAL_H + +/* Private macros */ + +#define BAIL_ON_WBC_ERROR(x) \ + do { \ + if (!WBC_ERROR_IS_OK(x)) { \ + goto done; \ + } \ + } while(0) + +#define BAIL_ON_PTR_ERROR(x, status) \ + do { \ + if ((x) == NULL) { \ + status = WBC_ERR_NO_MEMORY; \ + goto done; \ + } else { \ + status = WBC_ERR_SUCCESS; \ + } \ + } while (0) + + +#endif /* _WBC_ERR_INTERNAL_H */ diff --git a/nsswitch/libwbclient/wbc_guid.c b/nsswitch/libwbclient/wbc_guid.c new file mode 100644 index 0000000..72701c8 --- /dev/null +++ b/nsswitch/libwbclient/wbc_guid.c @@ -0,0 +1,103 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" + +/* Convert a binary GUID to a character string */ +_PUBLIC_ +wbcErr wbcGuidToString(const struct wbcGuid *guid, + char **guid_string) +{ + char *result; + + result = (char *)wbcAllocateMemory(37, 1, NULL); + if (result == NULL) { + return WBC_ERR_NO_MEMORY; + } + snprintf(result, 37, + "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + guid->time_low, guid->time_mid, + guid->time_hi_and_version, + guid->clock_seq[0], + guid->clock_seq[1], + guid->node[0], guid->node[1], + guid->node[2], guid->node[3], + guid->node[4], guid->node[5]); + *guid_string = result; + + return WBC_ERR_SUCCESS; +} + +/* @brief Convert a character string to a binary GUID */ +_PUBLIC_ +wbcErr wbcStringToGuid(const char *str, + struct wbcGuid *guid) +{ + unsigned int time_low; + unsigned int time_mid, time_hi_and_version; + unsigned int clock_seq[2]; + unsigned int node[6]; + int i; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!guid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (!str) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (11 == sscanf(str, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + &time_low, &time_mid, &time_hi_and_version, + &clock_seq[0], &clock_seq[1], + &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { + wbc_status = WBC_ERR_SUCCESS; + } else if (11 == sscanf(str, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}", + &time_low, &time_mid, &time_hi_and_version, + &clock_seq[0], &clock_seq[1], + &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { + wbc_status = WBC_ERR_SUCCESS; + } + + BAIL_ON_WBC_ERROR(wbc_status); + + guid->time_low = time_low; + guid->time_mid = time_mid; + guid->time_hi_and_version = time_hi_and_version; + guid->clock_seq[0] = clock_seq[0]; + guid->clock_seq[1] = clock_seq[1]; + + for (i=0;i<6;i++) { + guid->node[i] = node[i]; + } + + wbc_status = WBC_ERR_SUCCESS; + +done: + return wbc_status; +} diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c new file mode 100644 index 0000000..c3acced --- /dev/null +++ b/nsswitch/libwbclient/wbc_idmap.c @@ -0,0 +1,550 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" +#include "../winbind_client.h" +#include "lib/util/smb_strtox.h" + +/* Convert a Windows SID to a Unix uid, allocating an uid if needed */ +_PUBLIC_ +wbcErr wbcCtxSidToUid(struct wbcContext *ctx, const struct wbcDomainSid *sid, + uid_t *puid) +{ + struct wbcUnixId xid; + wbcErr wbc_status; + + if (!sid || !puid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcCtxSidsToUnixIds(ctx, sid, 1, &xid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + if ((xid.type == WBC_ID_TYPE_UID) || (xid.type == WBC_ID_TYPE_BOTH)) { + *puid = xid.id.uid; + wbc_status = WBC_ERR_SUCCESS; + } else { + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + } + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) +{ + return wbcCtxSidToUid(NULL, sid, puid); +} + +/* Convert a Windows SID to a Unix uid if there already is a mapping */ +_PUBLIC_ +wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, + uid_t *puid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Convert a Unix uid to a Windows SID, allocating a SID if needed */ +_PUBLIC_ +wbcErr wbcCtxUidToSid(struct wbcContext *ctx, uid_t uid, + struct wbcDomainSid *psid) +{ + struct wbcUnixId xid; + struct wbcDomainSid sid; + struct wbcDomainSid null_sid = { 0 }; + wbcErr wbc_status; + + if (!psid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_UID, .id.uid = uid }; + + wbc_status = wbcCtxUnixIdsToSids(ctx, &xid, 1, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + if (memcmp(&sid, &null_sid, sizeof(sid)) != 0) { + *psid = sid; + } else { + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + } + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid) +{ + return wbcCtxUidToSid(NULL, uid, sid); +} + +/* Convert a Unix uid to a Windows SID if there already is a mapping */ +_PUBLIC_ +wbcErr wbcQueryUidToSid(uid_t uid, + struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Windows SID to a Unix gid, allocating a gid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ + +_PUBLIC_ +wbcErr wbcCtxSidToGid(struct wbcContext *ctx, const struct wbcDomainSid *sid, + gid_t *pgid) +{ + struct wbcUnixId xid; + wbcErr wbc_status; + + if (!sid || !pgid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcCtxSidsToUnixIds(ctx, sid, 1, &xid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + if ((xid.type == WBC_ID_TYPE_GID) || (xid.type == WBC_ID_TYPE_BOTH)) { + *pgid = xid.id.gid; + wbc_status = WBC_ERR_SUCCESS; + } else { + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + } + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid) +{ + return wbcCtxSidToGid(NULL, sid, pgid); +} + +/* Convert a Windows SID to a Unix gid if there already is a mapping */ + +_PUBLIC_ +wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, + gid_t *pgid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + + +/* Convert a Unix gid to a Windows SID, allocating a SID if needed */ +_PUBLIC_ +wbcErr wbcCtxGidToSid(struct wbcContext *ctx, gid_t gid, + struct wbcDomainSid *psid) +{ + struct wbcUnixId xid; + struct wbcDomainSid sid; + struct wbcDomainSid null_sid = { 0 }; + wbcErr wbc_status; + + if (!psid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_GID, .id.gid = gid }; + + wbc_status = wbcCtxUnixIdsToSids(ctx, &xid, 1, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + if (memcmp(&sid, &null_sid, sizeof(sid)) != 0) { + *psid = sid; + } else { + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + } + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid) +{ + return wbcCtxGidToSid(NULL, gid, sid); +} + +/* Convert a Unix gid to a Windows SID if there already is a mapping */ +_PUBLIC_ +wbcErr wbcQueryGidToSid(gid_t gid, + struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Obtain a new uid from Winbind */ +_PUBLIC_ +wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!puid) + return WBC_ERR_INVALID_PARAM; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_ALLOCATE_UID, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Copy out result */ + *puid = response.data.uid; + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcAllocateUid(uid_t *puid) +{ + return wbcCtxAllocateUid(NULL, puid); +} + +/* Obtain a new gid from Winbind */ +_PUBLIC_ +wbcErr wbcCtxAllocateGid(struct wbcContext *ctx, gid_t *pgid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!pgid) + return WBC_ERR_INVALID_PARAM; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_ALLOCATE_GID, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Copy out result */ + *pgid = response.data.gid; + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcAllocateGid(gid_t *pgid) +{ + return wbcCtxAllocateGid(NULL, pgid); +} + +/* we can't include smb.h here... */ +#define _ID_TYPE_UID 1 +#define _ID_TYPE_GID 2 + +/* Set an user id mapping - not implemented any more */ +_PUBLIC_ +wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Set a group id mapping - not implemented any more */ +_PUBLIC_ +wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Remove a user id mapping - not implemented any more */ +_PUBLIC_ +wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Remove a group id mapping - not implemented any more */ +_PUBLIC_ +wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Set the highwater mark for allocated uids - not implemented any more */ +_PUBLIC_ +wbcErr wbcSetUidHwm(uid_t uid_hwm) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Set the highwater mark for allocated gids - not implemented any more */ +_PUBLIC_ +wbcErr wbcSetGidHwm(gid_t gid_hwm) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/* Convert a list of SIDs */ +_PUBLIC_ +wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx, + const struct wbcDomainSid *sids, + uint32_t num_sids, struct wbcUnixId *ids) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int buflen, extra_len; + uint32_t i; + char *sidlist, *p, *extra_data; + + buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1; + + sidlist = (char *)malloc(buflen); + if (sidlist == NULL) { + return WBC_ERR_NO_MEMORY; + } + + p = sidlist; + + for (i=0; i<num_sids; i++) { + int remaining; + int len; + + remaining = buflen - (p - sidlist); + + len = wbcSidToStringBuf(&sids[i], p, remaining); + if (len > remaining) { + free(sidlist); + return WBC_ERR_UNKNOWN_FAILURE; + } + + p += len; + *p++ = '\n'; + } + *p++ = '\0'; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.extra_data.data = sidlist; + request.extra_len = p - sidlist; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_SIDS_TO_XIDS, + &request, &response); + free(sidlist); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return wbc_status; + } + + extra_len = response.length - sizeof(struct winbindd_response); + extra_data = (char *)response.extra_data.data; + + if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) { + goto wbc_err_invalid; + } + + p = extra_data; + + for (i=0; i<num_sids; i++) { + struct wbcUnixId *id = &ids[i]; + char *q; + int error = 0; + + switch (p[0]) { + case 'U': + id->type = WBC_ID_TYPE_UID; + id->id.uid = smb_strtoul(p+1, + &q, + 10, + &error, + SMB_STR_STANDARD); + break; + case 'G': + id->type = WBC_ID_TYPE_GID; + id->id.gid = smb_strtoul(p+1, + &q, + 10, + &error, + SMB_STR_STANDARD); + break; + case 'B': + id->type = WBC_ID_TYPE_BOTH; + id->id.uid = smb_strtoul(p+1, + &q, + 10, + &error, + SMB_STR_STANDARD); + break; + default: + id->type = WBC_ID_TYPE_NOT_SPECIFIED; + q = strchr(p, '\n'); + break; + }; + if (q == NULL || q[0] != '\n' || error != 0) { + goto wbc_err_invalid; + } + p = q+1; + } + wbc_status = WBC_ERR_SUCCESS; + goto done; + +wbc_err_invalid: + wbc_status = WBC_ERR_INVALID_RESPONSE; +done: + winbindd_free_response(&response); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids, + struct wbcUnixId *ids) +{ + return wbcCtxSidsToUnixIds(NULL, sids, num_sids, ids); +} + +_PUBLIC_ +wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx, + const struct wbcUnixId *ids, uint32_t num_ids, + struct wbcDomainSid *sids) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status; + char *buf; + char *s; + const size_t sidlen = (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */); + size_t ofs, buflen; + uint32_t i; + + if (num_ids > SIZE_MAX / sidlen) { + return WBC_ERR_NO_MEMORY; /* overflow */ + } + buflen = num_ids * sidlen; + + buflen += 1; /* trailing \0 */ + if (buflen < 1) { + return WBC_ERR_NO_MEMORY; /* overflow */ + } + + buf = malloc(buflen); + if (buf == NULL) { + return WBC_ERR_NO_MEMORY; + } + + ofs = 0; + + for (i=0; i<num_ids; i++) { + const struct wbcUnixId *id = &ids[i]; + int len; + + switch (id->type) { + case WBC_ID_TYPE_UID: + len = snprintf(buf+ofs, buflen-ofs, "U%"PRIu32"\n", + (uint32_t)id->id.uid); + break; + case WBC_ID_TYPE_GID: + len = snprintf(buf+ofs, buflen-ofs, "G%"PRIu32"\n", + (uint32_t)id->id.gid); + break; + default: + free(buf); + return WBC_ERR_INVALID_PARAM; + } + + if (len + ofs >= buflen) { /* >= for the terminating '\0' */ + free(buf); + return WBC_ERR_UNKNOWN_FAILURE; + } + ofs += len; + } + + request = (struct winbindd_request) { + .extra_data.data = buf, .extra_len = ofs+1 + }; + response = (struct winbindd_response) {0}; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_XIDS_TO_SIDS, + &request, &response); + free(buf); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return wbc_status; + } + + s = response.extra_data.data; + for (i=0; i<num_ids; i++) { + char *n = strchr(s, '\n'); + + if (n == NULL) { + goto fail; + } + *n = '\0'; + + wbc_status = wbcStringToSid(s, &sids[i]); + if (!WBC_ERROR_IS_OK(wbc_status)) { + sids[i] = (struct wbcDomainSid) {0}; + } + s = n+1; + } + + wbc_status = WBC_ERR_SUCCESS; +fail: + winbindd_free_response(&response); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids, + struct wbcDomainSid *sids) +{ + return wbcCtxUnixIdsToSids(NULL, ids, num_ids, sids); +} diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c new file mode 100644 index 0000000..4df0ffe --- /dev/null +++ b/nsswitch/libwbclient/wbc_pam.c @@ -0,0 +1,1484 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Guenther Deschner 2008 + Copyright (C) Volker Lendecke 2009 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" +#include "../winbind_client.h" + +/* Authenticate a username/password pair */ +_PUBLIC_ +wbcErr wbcCtxAuthenticateUser(struct wbcContext *ctx, + const char *username, const char *password) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthUserParams params; + + ZERO_STRUCT(params); + + params.account_name = username; + params.level = WBC_AUTH_USER_LEVEL_PLAIN; + params.password.plaintext = password; + + wbc_status = wbcCtxAuthenticateUserEx(ctx, ¶ms, NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcAuthenticateUser(const char *username, const char *password) +{ + return wbcCtxAuthenticateUser(NULL, username, password); +} + +static bool sid_attr_compose(struct wbcSidWithAttr *s, + const struct wbcDomainSid *d, + uint32_t rid, uint32_t attr) +{ + if (d->num_auths >= WBC_MAXSUBAUTHS) { + return false; + } + s->sid = *d; + s->sid.sub_auths[s->sid.num_auths++] = rid; + s->attributes = attr; + return true; +} + +static void wbcAuthUserInfoDestructor(void *ptr) +{ + struct wbcAuthUserInfo *i = (struct wbcAuthUserInfo *)ptr; + free(i->account_name); + free(i->user_principal); + free(i->full_name); + free(i->domain_name); + free(i->dns_domain_name); + free(i->logon_server); + free(i->logon_script); + free(i->profile_path); + free(i->home_directory); + free(i->home_drive); + free(i->sids); +} + +static wbcErr wbc_create_auth_info(const struct winbindd_response *resp, + struct wbcAuthUserInfo **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthUserInfo *i; + struct wbcDomainSid domain_sid; + char *p; + uint32_t sn = 0; + uint32_t j; + + i = (struct wbcAuthUserInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcAuthUserInfo), + wbcAuthUserInfoDestructor); + BAIL_ON_PTR_ERROR(i, wbc_status); + + i->user_flags = resp->data.auth.info3.user_flgs; + + i->account_name = strdup(resp->data.auth.info3.user_name); + BAIL_ON_PTR_ERROR(i->account_name, wbc_status); + if (resp->data.auth.validation_level == 6) { + i->user_principal = strdup(resp->data.auth.info6.principal_name); + BAIL_ON_PTR_ERROR(i->user_principal, wbc_status); + } else { + i->user_principal = NULL; + } + i->full_name = strdup(resp->data.auth.info3.full_name); + BAIL_ON_PTR_ERROR(i->full_name, wbc_status); + i->domain_name = strdup(resp->data.auth.info3.logon_dom); + BAIL_ON_PTR_ERROR(i->domain_name, wbc_status); + if (resp->data.auth.validation_level == 6) { + i->dns_domain_name = strdup(resp->data.auth.info6.dns_domainname); + BAIL_ON_PTR_ERROR(i->dns_domain_name, wbc_status); + } else { + i->dns_domain_name = NULL; + } + + i->acct_flags = resp->data.auth.info3.acct_flags; + memcpy(i->user_session_key, + resp->data.auth.user_session_key, + sizeof(i->user_session_key)); + memcpy(i->lm_session_key, + resp->data.auth.first_8_lm_hash, + sizeof(i->lm_session_key)); + + i->logon_count = resp->data.auth.info3.logon_count; + i->bad_password_count = resp->data.auth.info3.bad_pw_count; + + i->logon_time = resp->data.auth.info3.logon_time; + i->logoff_time = resp->data.auth.info3.logoff_time; + i->kickoff_time = resp->data.auth.info3.kickoff_time; + i->pass_last_set_time = resp->data.auth.info3.pass_last_set_time; + i->pass_can_change_time = resp->data.auth.info3.pass_can_change_time; + i->pass_must_change_time= resp->data.auth.info3.pass_must_change_time; + + i->logon_server = strdup(resp->data.auth.info3.logon_srv); + BAIL_ON_PTR_ERROR(i->logon_server, wbc_status); + i->logon_script = strdup(resp->data.auth.info3.logon_script); + BAIL_ON_PTR_ERROR(i->logon_script, wbc_status); + i->profile_path = strdup(resp->data.auth.info3.profile_path); + BAIL_ON_PTR_ERROR(i->profile_path, wbc_status); + i->home_directory= strdup(resp->data.auth.info3.home_dir); + BAIL_ON_PTR_ERROR(i->home_directory, wbc_status); + i->home_drive = strdup(resp->data.auth.info3.dir_drive); + BAIL_ON_PTR_ERROR(i->home_drive, wbc_status); + + i->num_sids = 2; + i->num_sids += resp->data.auth.info3.num_groups; + i->num_sids += resp->data.auth.info3.num_other_sids; + + i->sids = (struct wbcSidWithAttr *)calloc( + sizeof(struct wbcSidWithAttr), i->num_sids); + BAIL_ON_PTR_ERROR(i->sids, wbc_status); + + wbc_status = wbcStringToSid(resp->data.auth.info3.dom_sid, + &domain_sid); + BAIL_ON_WBC_ERROR(wbc_status); + + sn = 0; + if (!sid_attr_compose(&i->sids[sn], &domain_sid, + resp->data.auth.info3.user_rid, 0)) { + wbc_status = WBC_ERR_INVALID_SID; + goto done; + } + sn++; + if (!sid_attr_compose(&i->sids[sn], &domain_sid, + resp->data.auth.info3.group_rid, 0)) { + wbc_status = WBC_ERR_INVALID_SID; + goto done; + } + sn++; + + p = (char *)resp->extra_data.data; + if (!p) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + for (j=0; j < resp->data.auth.info3.num_groups; j++) { + uint32_t rid; + uint32_t attrs; + int ret; + char *s = p; + char *e = strchr(p, '\n'); + if (!e) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + e[0] = '\0'; + p = &e[1]; + + ret = sscanf(s, "0x%08X:0x%08X", &rid, &attrs); + if (ret != 2) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (!sid_attr_compose(&i->sids[sn], &domain_sid, + rid, attrs)) { + wbc_status = WBC_ERR_INVALID_SID; + goto done; + } + sn++; + } + + for (j=0; j < resp->data.auth.info3.num_other_sids; j++) { + uint32_t attrs; + int ret; + char *s = p; + char *a; + char *e = strchr(p, '\n'); + if (!e) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + e[0] = '\0'; + p = &e[1]; + + e = strchr(s, ':'); + if (!e) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + e[0] = '\0'; + a = &e[1]; + + ret = sscanf(a, "0x%08X", + &attrs); + if (ret != 1) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = wbcStringToSid(s, &i->sids[sn].sid); + BAIL_ON_WBC_ERROR(wbc_status); + + i->sids[sn].attributes = attrs; + sn++; + } + + i->num_sids = sn; + + *_i = i; + i = NULL; +done: + wbcFreeMemory(i); + return wbc_status; +} + +static void wbcAuthErrorInfoDestructor(void *ptr) +{ + struct wbcAuthErrorInfo *e = (struct wbcAuthErrorInfo *)ptr; + free(e->nt_string); + free(e->display_string); +} + +static wbcErr wbc_create_error_info(const struct winbindd_response *resp, + struct wbcAuthErrorInfo **_e) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcAuthErrorInfo *e; + + e = (struct wbcAuthErrorInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcAuthErrorInfo), + wbcAuthErrorInfoDestructor); + BAIL_ON_PTR_ERROR(e, wbc_status); + + e->nt_status = resp->data.auth.nt_status; + e->pam_error = resp->data.auth.pam_error; + e->authoritative = resp->data.auth.authoritative; + e->nt_string = strdup(resp->data.auth.nt_status_string); + BAIL_ON_PTR_ERROR(e->nt_string, wbc_status); + + e->display_string = strdup(resp->data.auth.error_string); + BAIL_ON_PTR_ERROR(e->display_string, wbc_status); + + *_e = e; + e = NULL; + +done: + wbcFreeMemory(e); + return wbc_status; +} + +static wbcErr wbc_create_password_policy_info(const struct winbindd_response *resp, + struct wbcUserPasswordPolicyInfo **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcUserPasswordPolicyInfo *i; + + i = (struct wbcUserPasswordPolicyInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcUserPasswordPolicyInfo), NULL); + BAIL_ON_PTR_ERROR(i, wbc_status); + + i->min_passwordage = resp->data.auth.policy.min_passwordage; + i->min_length_password = resp->data.auth.policy.min_length_password; + i->password_history = resp->data.auth.policy.password_history; + i->password_properties = resp->data.auth.policy.password_properties; + i->expire = resp->data.auth.policy.expire; + + *_i = i; + i = NULL; + +done: + wbcFreeMemory(i); + return wbc_status; +} + +static void wbcLogonUserInfoDestructor(void *ptr) +{ + struct wbcLogonUserInfo *i = (struct wbcLogonUserInfo *)ptr; + wbcFreeMemory(i->info); + wbcFreeMemory(i->blobs); +} + +static wbcErr wbc_create_logon_info(struct winbindd_response *resp, + struct wbcLogonUserInfo **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcLogonUserInfo *i; + + i = (struct wbcLogonUserInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcLogonUserInfo), + wbcLogonUserInfoDestructor); + BAIL_ON_PTR_ERROR(i, wbc_status); + + wbc_status = wbc_create_auth_info(resp, &i->info); + BAIL_ON_WBC_ERROR(wbc_status); + + if (resp->data.auth.krb5ccname[0] != '\0') { + wbc_status = wbcAddNamedBlob(&i->num_blobs, + &i->blobs, + "krb5ccname", + 0, + (uint8_t *)resp->data.auth.krb5ccname, + strlen(resp->data.auth.krb5ccname)+1); + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (resp->data.auth.unix_username[0] != '\0') { + wbc_status = wbcAddNamedBlob(&i->num_blobs, + &i->blobs, + "unix_username", + 0, + (uint8_t *)resp->data.auth.unix_username, + strlen(resp->data.auth.unix_username)+1); + BAIL_ON_WBC_ERROR(wbc_status); + } + + *_i = i; + i = NULL; +done: + wbcFreeMemory(i); + return wbc_status; +} + + +/* Authenticate with more detailed information */ +_PUBLIC_ +wbcErr wbcCtxAuthenticateUserEx(struct wbcContext *ctx, + const struct wbcAuthUserParams *params, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd = 0; + struct winbindd_request request; + struct winbindd_response response; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (error) { + *error = NULL; + } + + if (!params) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->level != WBC_AUTH_USER_LEVEL_PAC && !params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + switch (params->level) { + case WBC_AUTH_USER_LEVEL_PLAIN: + cmd = WINBINDD_PAM_AUTH; + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (!params->password.plaintext) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->domain_name && params->domain_name[0]) { + /* We need to get the winbind separator :-( */ + struct winbindd_response sep_response; + + ZERO_STRUCT(sep_response); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_INFO, + NULL, &sep_response); + BAIL_ON_WBC_ERROR(wbc_status); + + snprintf(request.data.auth.user, + sizeof(request.data.auth.user)-1, + "%s%c%s", + params->domain_name, + sep_response.data.info.winbind_separator, + params->account_name); + } else { + strncpy(request.data.auth.user, + params->account_name, + sizeof(request.data.auth.user)-1); + } + + strncpy(request.data.auth.pass, + params->password.plaintext, + sizeof(request.data.auth.pass)-1); + break; + + case WBC_AUTH_USER_LEVEL_HASH: + wbc_status = WBC_ERR_NOT_IMPLEMENTED; + BAIL_ON_WBC_ERROR(wbc_status); + break; + + case WBC_AUTH_USER_LEVEL_RESPONSE: + cmd = WINBINDD_PAM_AUTH_CRAP; + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (params->password.response.lm_length && + !params->password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if (params->password.response.lm_length == 0 && + params->password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->password.response.nt_length && + !params->password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if (params->password.response.nt_length == 0&& + params->password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + strncpy(request.data.auth_crap.user, + params->account_name, + sizeof(request.data.auth_crap.user)-1); + if (params->domain_name) { + strncpy(request.data.auth_crap.domain, + params->domain_name, + sizeof(request.data.auth_crap.domain)-1); + } + if (params->workstation_name) { + strncpy(request.data.auth_crap.workstation, + params->workstation_name, + sizeof(request.data.auth_crap.workstation)-1); + } + + request.data.auth_crap.logon_parameters = + params->parameter_control; + + memcpy(request.data.auth_crap.chal, + params->password.response.challenge, + sizeof(request.data.auth_crap.chal)); + + request.data.auth_crap.lm_resp_len = + MIN(params->password.response.lm_length, + sizeof(request.data.auth_crap.lm_resp)); + if (params->password.response.lm_data) { + memcpy(request.data.auth_crap.lm_resp, + params->password.response.lm_data, + request.data.auth_crap.lm_resp_len); + } + request.data.auth_crap.nt_resp_len = params->password.response.nt_length; + if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) { + request.flags |= WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = params->password.response.nt_length; + request.extra_data.data = (char *)malloc( + request.extra_len); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } else if (params->password.response.nt_data) { + memcpy(request.data.auth_crap.nt_resp, + params->password.response.nt_data, + request.data.auth_crap.nt_resp_len); + } + break; + + case WBC_AUTH_USER_LEVEL_PAC: + cmd = WINBINDD_PAM_AUTH_CRAP; + request.flags = WBFLAG_PAM_AUTH_PAC | WBFLAG_PAM_INFO3_TEXT; + request.extra_data.data = malloc(params->password.pac.length); + if (request.extra_data.data == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + memcpy(request.extra_data.data, params->password.pac.data, + params->password.pac.length); + request.extra_len = params->password.pac.length; + break; + + default: + break; + } + + if (cmd == 0) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (params->flags) { + request.flags |= params->flags; + } + + if (cmd == WINBINDD_PAM_AUTH_CRAP) { + wbc_status = wbcRequestResponsePriv(ctx, cmd, + &request, &response); + } else { + wbc_status = wbcRequestResponse(ctx, cmd, + &request, &response); + } + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + if (info) { + wbc_status = wbc_create_auth_info(&response, info); + BAIL_ON_WBC_ERROR(wbc_status); + } + +done: + winbindd_free_response(&response); + + free(request.extra_data.data); + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error) +{ + return wbcCtxAuthenticateUserEx(NULL, params, info, error); +} + +/* Trigger a verification of the trust credentials of a specific domain */ +_PUBLIC_ +wbcErr wbcCtxCheckTrustCredentials(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_CHECK_MACHACC, + &request, &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcCheckTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error) +{ + return wbcCtxCheckTrustCredentials(NULL, domain, error); +} + +/* Trigger a change of the trust credentials for a specific domain */ +_PUBLIC_ +wbcErr wbcCtxChangeTrustCredentials(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_CHANGE_MACHACC, + &request, &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcChangeTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error) +{ + return wbcCtxChangeTrustCredentials(NULL, domain, error); +} + +/* + * Trigger a no-op NETLOGON call. Lightweight version of + * wbcCheckTrustCredentials + */ +_PUBLIC_ +wbcErr wbcCtxPingDc(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error) +{ + return wbcCtxPingDc2(ctx, domain, error, NULL); +} + +_PUBLIC_ +wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error) +{ + return wbcPingDc2(domain, error, NULL); +} + +/* + * Trigger a no-op NETLOGON call. Lightweight version of + * wbcCheckTrustCredentials, optionally return attempted DC + */ +_PUBLIC_ +wbcErr wbcCtxPingDc2(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error, char **dcname) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_PING_DC, + &request, + &response); + + if (dcname && response.extra_data.data) { + size_t len; + + len = response.length - sizeof(struct winbindd_response); + *dcname = wbcAllocateMemory(1, len, NULL); + BAIL_ON_PTR_ERROR(*dcname, wbc_status); + + strlcpy(*dcname, response.extra_data.data, len); + } + + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + winbindd_free_response(&response); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error, + char **dcname) +{ + return wbcCtxPingDc2(NULL, domain, error, dcname); +} + +/* Trigger an extended logoff notification to Winbind for a specific user */ +_PUBLIC_ +wbcErr wbcCtxLogoffUserEx(struct wbcContext *ctx, + const struct wbcLogoffUserParams *params, + struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + size_t i; + + /* validate input */ + + if (!params || !params->username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if ((params->num_blobs > 0) && (params->blobs == NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if ((params->num_blobs == 0) && (params->blobs != NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.logoff.user, params->username, + sizeof(request.data.logoff.user)-1); + + for (i=0; i<params->num_blobs; i++) { + + if (strcasecmp(params->blobs[i].name, "ccfilename") == 0) { + if (params->blobs[i].blob.data) { + strncpy(request.data.logoff.krb5ccname, + (const char *)params->blobs[i].blob.data, + sizeof(request.data.logoff.krb5ccname) - 1); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "user_uid") == 0) { + if (params->blobs[i].blob.data) { + memcpy(&request.data.logoff.uid, + params->blobs[i].blob.data, + MIN(params->blobs[i].blob.length, + sizeof(request.data.logoff.uid))); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "flags") == 0) { + if (params->blobs[i].blob.data) { + memcpy(&request.flags, + params->blobs[i].blob.data, + MIN(params->blobs[i].blob.length, + sizeof(request.flags))); + } + continue; + } + } + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_PAM_LOGOFF, + &request, + &response); + + /* Take the response above and return it to the caller */ + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, + struct wbcAuthErrorInfo **error) +{ + return wbcCtxLogoffUserEx(NULL, params, error); +} + +/* Trigger a logoff notification to Winbind for a specific user */ +_PUBLIC_ +wbcErr wbcCtxLogoffUser(struct wbcContext *ctx, + const char *username, uid_t uid, + const char *ccfilename) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + /* validate input */ + + if (!username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.logoff.user, username, + sizeof(request.data.logoff.user)-1); + request.data.logoff.uid = uid; + + if (ccfilename) { + strncpy(request.data.logoff.krb5ccname, ccfilename, + sizeof(request.data.logoff.krb5ccname)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_PAM_LOGOFF, + &request, + &response); + + /* Take the response above and return it to the caller */ + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename) +{ + return wbcCtxLogoffUser(NULL, username, uid, ccfilename); +} + +/* Change a password for a user with more detailed information upon failure */ +_PUBLIC_ +wbcErr wbcCtxChangeUserPasswordEx(struct wbcContext *ctx, + const struct wbcChangePasswordParams *params, + struct wbcAuthErrorInfo **error, + enum wbcPasswordChangeRejectReason *reject_reason, + struct wbcUserPasswordPolicyInfo **policy) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd = 0; + + /* validate input */ + + if (!params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (error) { + *error = NULL; + } + + if (policy) { + *policy = NULL; + } + + if (reject_reason) { + *reject_reason = -1; + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + switch (params->level) { + case WBC_CHANGE_PASSWORD_LEVEL_PLAIN: + cmd = WINBINDD_PAM_CHAUTHTOK; + + if (!params->account_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + strncpy(request.data.chauthtok.user, params->account_name, + sizeof(request.data.chauthtok.user) - 1); + + if (params->old_password.plaintext) { + strncpy(request.data.chauthtok.oldpass, + params->old_password.plaintext, + sizeof(request.data.chauthtok.oldpass) - 1); + } + + if (params->new_password.plaintext) { + strncpy(request.data.chauthtok.newpass, + params->new_password.plaintext, + sizeof(request.data.chauthtok.newpass) - 1); + } + break; + + case WBC_CHANGE_PASSWORD_LEVEL_RESPONSE: + cmd = WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP; + + if (!params->account_name || !params->domain_name) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->old_password.response.old_lm_hash_enc_length && + !params->old_password.response.old_lm_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->old_password.response.old_lm_hash_enc_length == 0 && + params->old_password.response.old_lm_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->old_password.response.old_nt_hash_enc_length && + !params->old_password.response.old_nt_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->old_password.response.old_nt_hash_enc_length == 0 && + params->old_password.response.old_nt_hash_enc_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->new_password.response.lm_length && + !params->new_password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->new_password.response.lm_length == 0 && + params->new_password.response.lm_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->new_password.response.nt_length && + !params->new_password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + if (params->new_password.response.nt_length == 0 && + params->new_password.response.nt_data) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + strncpy(request.data.chng_pswd_auth_crap.user, + params->account_name, + sizeof(request.data.chng_pswd_auth_crap.user) - 1); + + strncpy(request.data.chng_pswd_auth_crap.domain, + params->domain_name, + sizeof(request.data.chng_pswd_auth_crap.domain) - 1); + + if (params->new_password.response.nt_data) { + request.data.chng_pswd_auth_crap.new_nt_pswd_len = + params->new_password.response.nt_length; + memcpy(request.data.chng_pswd_auth_crap.new_nt_pswd, + params->new_password.response.nt_data, + request.data.chng_pswd_auth_crap.new_nt_pswd_len); + } + + if (params->new_password.response.lm_data) { + request.data.chng_pswd_auth_crap.new_lm_pswd_len = + params->new_password.response.lm_length; + memcpy(request.data.chng_pswd_auth_crap.new_lm_pswd, + params->new_password.response.lm_data, + request.data.chng_pswd_auth_crap.new_lm_pswd_len); + } + + if (params->old_password.response.old_nt_hash_enc_data) { + request.data.chng_pswd_auth_crap.old_nt_hash_enc_len = + params->old_password.response.old_nt_hash_enc_length; + memcpy(request.data.chng_pswd_auth_crap.old_nt_hash_enc, + params->old_password.response.old_nt_hash_enc_data, + request.data.chng_pswd_auth_crap.old_nt_hash_enc_len); + } + + if (params->old_password.response.old_lm_hash_enc_data) { + request.data.chng_pswd_auth_crap.old_lm_hash_enc_len = + params->old_password.response.old_lm_hash_enc_length; + memcpy(request.data.chng_pswd_auth_crap.old_lm_hash_enc, + params->old_password.response.old_lm_hash_enc_data, + request.data.chng_pswd_auth_crap.old_lm_hash_enc_len); + } + + break; + default: + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + break; + } + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, cmd, + &request, + &response); + if (WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + /* Take the response above and return it to the caller */ + + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + } + + if (policy) { + wbc_status = wbc_create_password_policy_info(&response, + policy); + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (reject_reason) { + *reject_reason = response.data.auth.reject_reason; + } + + wbc_status = WBC_ERR_PWD_CHANGE_FAILED; + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, + struct wbcAuthErrorInfo **error, + enum wbcPasswordChangeRejectReason *reject_reason, + struct wbcUserPasswordPolicyInfo **policy) +{ + return wbcCtxChangeUserPasswordEx(NULL, params, error, + reject_reason, policy); +} + +/* Change a password for a user */ +_PUBLIC_ +wbcErr wbcCtxChangeUserPassword(struct wbcContext *ctx, + const char *username, + const char *old_password, + const char *new_password) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcChangePasswordParams params; + + ZERO_STRUCT(params); + + params.account_name = username; + params.level = WBC_CHANGE_PASSWORD_LEVEL_PLAIN; + params.old_password.plaintext = old_password; + params.new_password.plaintext = new_password; + + wbc_status = wbcCtxChangeUserPasswordEx(ctx, ¶ms, + NULL, + NULL, + NULL); + BAIL_ON_WBC_ERROR(wbc_status); + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcChangeUserPassword(const char *username, + const char *old_password, + const char *new_password) +{ + return wbcCtxChangeUserPassword(NULL, username, + old_password, new_password); +} + +/* Logon a User */ +_PUBLIC_ +wbcErr wbcCtxLogonUser(struct wbcContext *ctx, + const struct wbcLogonUserParams *params, + struct wbcLogonUserInfo **info, + struct wbcAuthErrorInfo **error, + struct wbcUserPasswordPolicyInfo **policy) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t i; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (info) { + *info = NULL; + } + if (error) { + *error = NULL; + } + if (policy) { + *policy = NULL; + } + + if (!params) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (!params->username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if ((params->num_blobs > 0) && (params->blobs == NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if ((params->num_blobs == 0) && (params->blobs != NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (!params->password) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + strncpy(request.data.auth.user, + params->username, + sizeof(request.data.auth.user)-1); + + strncpy(request.data.auth.pass, + params->password, + sizeof(request.data.auth.pass)-1); + + for (i=0; i<params->num_blobs; i++) { + + if (strcasecmp(params->blobs[i].name, "krb5_cc_type") == 0) { + if (params->blobs[i].blob.data) { + strncpy(request.data.auth.krb5_cc_type, + (const char *)params->blobs[i].blob.data, + sizeof(request.data.auth.krb5_cc_type) - 1); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "user_uid") == 0) { + if (params->blobs[i].blob.data) { + memcpy(&request.data.auth.uid, + params->blobs[i].blob.data, + MIN(sizeof(request.data.auth.uid), + params->blobs[i].blob.length)); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "flags") == 0) { + if (params->blobs[i].blob.data) { + uint32_t flags; + memcpy(&flags, + params->blobs[i].blob.data, + MIN(sizeof(flags), + params->blobs[i].blob.length)); + request.flags |= flags; + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "membership_of") == 0) { + if (params->blobs[i].blob.data && + params->blobs[i].blob.data[0] > 0) { + strncpy(request.data.auth.require_membership_of_sid, + (const char *)params->blobs[i].blob.data, + sizeof(request.data.auth.require_membership_of_sid) - 1); + } + continue; + } + } + + wbc_status = wbcRequestResponse(ctx, WINBINDD_PAM_AUTH, + &request, + &response); + + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(&response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + if (info) { + wbc_status = wbc_create_logon_info(&response, + info); + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (policy) { + wbc_status = wbc_create_password_policy_info(&response, + policy); + BAIL_ON_WBC_ERROR(wbc_status); + } + +done: + winbindd_free_response(&response); + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, + struct wbcLogonUserInfo **info, + struct wbcAuthErrorInfo **error, + struct wbcUserPasswordPolicyInfo **policy) +{ + return wbcCtxLogonUser(NULL, params, info, error, policy); +} + +static void wbcCredentialCacheInfoDestructor(void *ptr) +{ + struct wbcCredentialCacheInfo *i = + (struct wbcCredentialCacheInfo *)ptr; + wbcFreeMemory(i->blobs); +} + +/* Authenticate a user with cached credentials */ +_PUBLIC_ +wbcErr wbcCtxCredentialCache(struct wbcContext *ctx, + struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error) +{ + wbcErr status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcCredentialCacheInfo *result = NULL; + struct winbindd_request request; + struct winbindd_response response; + struct wbcNamedBlob *initial_blob = NULL; + struct wbcNamedBlob *challenge_blob = NULL; + size_t i; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + *info = NULL; + + if (error != NULL) { + *error = NULL; + } + if ((params == NULL) + || (params->account_name == NULL) + || (params->level != WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP)) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + + for (i=0; i<params->num_blobs; i++) { + /* + * Older callers may used to provide the NEGOTIATE request + * as "initial_blob", but it was completely ignored by winbindd. + * + * So we keep ignoring it. + * + * A new callers that is capable to support "new_spnego", + * will provide the NEGOTIATE request as "negotiate_blob" + * instead. + */ + if (strcasecmp(params->blobs[i].name, "negotiate_blob") == 0) { + if (initial_blob != NULL) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + initial_blob = ¶ms->blobs[i]; + continue; + } + if (strcasecmp(params->blobs[i].name, "challenge_blob") == 0) { + if (challenge_blob != NULL) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + challenge_blob = ¶ms->blobs[i]; + continue; + } + } + + if (params->domain_name != NULL) { + status = wbcRequestResponse(ctx, WINBINDD_INFO, + NULL, &response); + if (!WBC_ERROR_IS_OK(status)) { + goto fail; + } + snprintf(request.data.ccache_ntlm_auth.user, + sizeof(request.data.ccache_ntlm_auth.user)-1, + "%s%c%s", params->domain_name, + response.data.info.winbind_separator, + params->account_name); + } else { + strncpy(request.data.ccache_ntlm_auth.user, + params->account_name, + sizeof(request.data.ccache_ntlm_auth.user)-1); + } + request.data.ccache_ntlm_auth.uid = getuid(); + + request.data.ccache_ntlm_auth.initial_blob_len = 0; + request.data.ccache_ntlm_auth.challenge_blob_len = 0; + request.extra_len = 0; + + if (initial_blob != NULL) { + request.data.ccache_ntlm_auth.initial_blob_len = + initial_blob->blob.length; + request.extra_len += initial_blob->blob.length; + } + if (challenge_blob != NULL) { + request.data.ccache_ntlm_auth.challenge_blob_len = + challenge_blob->blob.length; + request.extra_len += challenge_blob->blob.length; + } + + if (request.extra_len != 0) { + request.extra_data.data = (char *)malloc(request.extra_len); + if (request.extra_data.data == NULL) { + status = WBC_ERR_NO_MEMORY; + goto fail; + } + } + if (initial_blob != NULL) { + memcpy(request.extra_data.data, + initial_blob->blob.data, initial_blob->blob.length); + } + if (challenge_blob != NULL) { + memcpy(request.extra_data.data + + request.data.ccache_ntlm_auth.initial_blob_len, + challenge_blob->blob.data, + challenge_blob->blob.length); + } + + status = wbcRequestResponse(ctx, WINBINDD_CCACHE_NTLMAUTH, + &request, &response); + if (!WBC_ERROR_IS_OK(status)) { + goto fail; + } + + result = (struct wbcCredentialCacheInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcCredentialCacheInfo), + wbcCredentialCacheInfoDestructor); + if (result == NULL) { + status = WBC_ERR_NO_MEMORY; + goto fail; + } + result->num_blobs = 0; + result->blobs = NULL; + status = wbcAddNamedBlob(&result->num_blobs, &result->blobs, + "auth_blob", 0, + (uint8_t *)response.extra_data.data, + response.data.ccache_ntlm_auth.auth_blob_len); + if (!WBC_ERROR_IS_OK(status)) { + goto fail; + } + status = wbcAddNamedBlob( + &result->num_blobs, &result->blobs, "session_key", 0, + response.data.ccache_ntlm_auth.session_key, + sizeof(response.data.ccache_ntlm_auth.session_key)); + if (!WBC_ERROR_IS_OK(status)) { + goto fail; + } + if (response.data.ccache_ntlm_auth.new_spnego) { + status = wbcAddNamedBlob( + &result->num_blobs, &result->blobs, "new_spnego", 0, + &response.data.ccache_ntlm_auth.new_spnego, + sizeof(response.data.ccache_ntlm_auth.new_spnego)); + if (!WBC_ERROR_IS_OK(status)) { + goto fail; + } + } + + *info = result; + result = NULL; + status = WBC_ERR_SUCCESS; +fail: + free(request.extra_data.data); + winbindd_free_response(&response); + wbcFreeMemory(result); + return status; +} + +_PUBLIC_ +wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error) +{ + return wbcCtxCredentialCache(NULL, params, info, error); +} + +/* Authenticate a user with cached credentials */ +_PUBLIC_ +wbcErr wbcCtxCredentialSave(struct wbcContext *ctx, + const char *user, const char *password) +{ + struct winbindd_request request; + struct winbindd_response response; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.ccache_save.user, user, + sizeof(request.data.ccache_save.user)-1); + strncpy(request.data.ccache_save.pass, password, + sizeof(request.data.ccache_save.pass)-1); + request.data.ccache_save.uid = getuid(); + + return wbcRequestResponse(ctx, WINBINDD_CCACHE_SAVE, &request, &response); +} + +_PUBLIC_ +wbcErr wbcCredentialSave(const char *user, const char *password) +{ + return wbcCtxCredentialSave(NULL, user, password); +} diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c new file mode 100644 index 0000000..4e83fbf --- /dev/null +++ b/nsswitch/libwbclient/wbc_pwd.c @@ -0,0 +1,722 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Matthew Newton 2015 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" +#include "../winbind_client.h" + +/** @brief The maximum number of pwent structs to get from winbindd + * + */ +#define MAX_GETPWENT_USERS 500 + +/** @brief The maximum number of grent structs to get from winbindd + * + */ +#define MAX_GETGRENT_GROUPS 500 + +/** + * + **/ + +static void wbcPasswdDestructor(void *ptr) +{ + struct passwd *pw = (struct passwd *)ptr; + free(pw->pw_name); + free(pw->pw_passwd); + free(pw->pw_gecos); + free(pw->pw_shell); + free(pw->pw_dir); +} + +static struct passwd *copy_passwd_entry(struct winbindd_pw *p) +{ + struct passwd *pw = NULL; + + pw = (struct passwd *)wbcAllocateMemory(1, sizeof(struct passwd), + wbcPasswdDestructor); + if (pw == NULL) { + return NULL; + } + pw->pw_name = strdup(p->pw_name); + if (pw->pw_name == NULL) { + goto fail; + } + pw->pw_passwd = strdup(p->pw_passwd); + if (pw->pw_passwd == NULL) { + goto fail; + } + pw->pw_gecos = strdup(p->pw_gecos); + if (pw->pw_gecos == NULL) { + goto fail; + } + pw->pw_shell = strdup(p->pw_shell); + if (pw->pw_shell == NULL) { + goto fail; + } + pw->pw_dir = strdup(p->pw_dir); + if (pw->pw_dir == NULL) { + goto fail; + } + pw->pw_uid = p->pw_uid; + pw->pw_gid = p->pw_gid; + return pw; + +fail: + wbcFreeMemory(pw); + return NULL; +} + +/** + * + **/ + +static void wbcGroupDestructor(void *ptr) +{ + struct group *gr = (struct group *)ptr; + int i; + + free(gr->gr_name); + free(gr->gr_passwd); + + /* if the array was partly created this can be NULL */ + if (gr->gr_mem == NULL) { + return; + } + + for (i=0; gr->gr_mem[i] != NULL; i++) { + free(gr->gr_mem[i]); + } + free(gr->gr_mem); +} + +static struct group *copy_group_entry(struct winbindd_gr *g, + char *mem_buf) +{ + struct group *gr = NULL; + int i; + char *mem_p, *mem_q; + + gr = (struct group *)wbcAllocateMemory( + 1, sizeof(struct group), wbcGroupDestructor); + if (gr == NULL) { + return NULL; + } + + gr->gr_name = strdup(g->gr_name); + if (gr->gr_name == NULL) { + goto fail; + } + gr->gr_passwd = strdup(g->gr_passwd); + if (gr->gr_passwd == NULL) { + goto fail; + } + gr->gr_gid = g->gr_gid; + + gr->gr_mem = (char **)calloc(g->num_gr_mem+1, sizeof(char *)); + if (gr->gr_mem == NULL) { + goto fail; + } + + mem_p = mem_q = mem_buf; + for (i=0; i<g->num_gr_mem && mem_p; i++) { + mem_q = strchr(mem_p, ','); + if (mem_q != NULL) { + *mem_q = '\0'; + } + + gr->gr_mem[i] = strdup(mem_p); + if (gr->gr_mem[i] == NULL) { + goto fail; + } + + if (mem_q == NULL) { + i += 1; + break; + } + mem_p = mem_q + 1; + } + gr->gr_mem[i] = NULL; + + return gr; + +fail: + wbcFreeMemory(gr); + return NULL; +} + +/* Fill in a struct passwd* for a domain user based on username */ +_PUBLIC_ +wbcErr wbcCtxGetpwnam(struct wbcContext *ctx, + const char *name, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!name || !pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.username, name, sizeof(request.data.username)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWNAM, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetpwnam(const char *name, struct passwd **pwd) +{ + return wbcCtxGetpwnam(NULL, name, pwd); +} + +/* Fill in a struct passwd* for a domain user based on uid */ +_PUBLIC_ +wbcErr wbcCtxGetpwuid(struct wbcContext *ctx, uid_t uid, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.uid = uid; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWUID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd) +{ + return wbcCtxGetpwuid(NULL, uid, pwd); +} + +/* Fill in a struct passwd* for a domain user based on sid */ +_PUBLIC_ +wbcErr wbcCtxGetpwsid(struct wbcContext *ctx, + struct wbcDomainSid *sid, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + if (!pwd) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid)); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWSID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *pwd = copy_passwd_entry(&response.data.pw); + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetpwsid(struct wbcDomainSid *sid, struct passwd **pwd) +{ + return wbcCtxGetpwsid(NULL, sid, pwd); +} + +/* Fill in a struct passwd* for a domain user based on username */ +_PUBLIC_ +wbcErr wbcCtxGetgrnam(struct wbcContext *ctx, + const char *name, struct group **grp) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!name || !grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.groupname, name, sizeof(request.data.groupname)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRNAM, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *grp = copy_group_entry(&response.data.gr, + (char*)response.extra_data.data); + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + done: + winbindd_free_response(&response); + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetgrnam(const char *name, struct group **grp) +{ + return wbcCtxGetgrnam(NULL, name, grp); +} + +/* Fill in a struct passwd* for a domain user based on uid */ +_PUBLIC_ +wbcErr wbcCtxGetgrgid(struct wbcContext *ctx, gid_t gid, struct group **grp) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + request.data.gid = gid; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRGID, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + *grp = copy_group_entry(&response.data.gr, + (char*)response.extra_data.data); + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + done: + winbindd_free_response(&response); + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetgrgid(gid_t gid, struct group **grp) +{ + return wbcCtxGetgrgid(NULL, gid, grp); +} + +/** @brief Winbindd response containing the passwd structs + * + */ +static struct winbindd_response pw_response; + +/* Reset the passwd iterator */ +_PUBLIC_ +wbcErr wbcCtxSetpwent(struct wbcContext *ctx) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + if (ctx->pw_cache_size > 0) { + ctx->pw_cache_idx = ctx->pw_cache_size = 0; + winbindd_free_response(&pw_response); + } + + ZERO_STRUCT(pw_response); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_SETPWENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcSetpwent(void) +{ + return wbcCtxSetpwent(NULL); +} + +/* Close the passwd iterator */ +_PUBLIC_ +wbcErr wbcCtxEndpwent(struct wbcContext *ctx) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + if (ctx->pw_cache_size > 0) { + ctx->pw_cache_idx = ctx->pw_cache_size = 0; + winbindd_free_response(&pw_response); + } + + wbc_status = wbcRequestResponse(ctx, WINBINDD_ENDPWENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcEndpwent(void) +{ + return wbcCtxEndpwent(NULL); +} + +/* Return the next struct passwd* entry from the pwent iterator */ +_PUBLIC_ +wbcErr wbcCtxGetpwent(struct wbcContext *ctx, struct passwd **pwd) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_pw *wb_pw; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + /* If there's a cached result, return that. */ + if (ctx->pw_cache_idx < ctx->pw_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + ctx->pw_cache_idx = 0; + + winbindd_free_response(&pw_response); + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETPWENT_USERS; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWENT, &request, + &pw_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + ctx->pw_cache_size = pw_response.data.num_entries; + +return_result: + + wb_pw = (struct winbindd_pw *) pw_response.extra_data.data; + + *pwd = copy_passwd_entry(&wb_pw[ctx->pw_cache_idx]); + + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + ctx->pw_cache_idx++; + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetpwent(struct passwd **pwd) +{ + return wbcCtxGetpwent(NULL, pwd); +} + +/** @brief Winbindd response containing the group structs + * + */ +static struct winbindd_response gr_response; + +/* Reset the group iterator */ +_PUBLIC_ +wbcErr wbcCtxSetgrent(struct wbcContext *ctx) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + if (ctx->gr_cache_size > 0) { + ctx->gr_cache_idx = ctx->gr_cache_size = 0; + winbindd_free_response(&gr_response); + } + + ZERO_STRUCT(gr_response); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_SETGRENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcSetgrent(void) +{ + return wbcCtxSetgrent(NULL); +} + +/* Close the group iterator */ +_PUBLIC_ +wbcErr wbcCtxEndgrent(struct wbcContext *ctx) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + if (ctx->gr_cache_size > 0) { + ctx->gr_cache_idx = ctx->gr_cache_size = 0; + winbindd_free_response(&gr_response); + } + + wbc_status = wbcRequestResponse(ctx, WINBINDD_ENDGRENT, + NULL, NULL); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcEndgrent(void) +{ + return wbcCtxEndgrent(NULL); +} + +/* Return the next struct group* entry from the pwent iterator */ +_PUBLIC_ +wbcErr wbcCtxGetgrent(struct wbcContext *ctx, struct group **grp) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_gr *wb_gr; + uint32_t mem_ofs; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + /* If there's a cached result, return that. */ + if (ctx->gr_cache_idx < ctx->gr_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + ctx->gr_cache_idx = 0; + + winbindd_free_response(&gr_response); + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETGRENT_GROUPS; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRENT, + &request, &gr_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + ctx->gr_cache_size = gr_response.data.num_entries; + +return_result: + + wb_gr = (struct winbindd_gr *) gr_response.extra_data.data; + + mem_ofs = wb_gr[ctx->gr_cache_idx].gr_mem_ofs + + ctx->gr_cache_size * sizeof(struct winbindd_gr); + + *grp = copy_group_entry(&wb_gr[ctx->gr_cache_idx], + ((char *)gr_response.extra_data.data)+mem_ofs); + + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + ctx->gr_cache_idx++; + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetgrent(struct group **grp) +{ + return wbcCtxGetgrent(NULL, grp); +} + +/* Return the next struct group* entry from the pwent iterator */ +_PUBLIC_ +wbcErr wbcCtxGetgrlist(struct wbcContext *ctx, struct group **grp) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_gr *wb_gr; + + if (!ctx) { + ctx = wbcGetGlobalCtx(); + } + + /* If there's a cached result, return that. */ + if (ctx->gr_cache_idx < ctx->gr_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + ctx->gr_cache_idx = 0; + + winbindd_free_response(&gr_response); + ZERO_STRUCT(gr_response); + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETGRENT_GROUPS; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRLST, + &request, &gr_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + ctx->gr_cache_size = gr_response.data.num_entries; + +return_result: + + wb_gr = (struct winbindd_gr *) gr_response.extra_data.data; + + *grp = copy_group_entry(&wb_gr[ctx->gr_cache_idx], NULL); + + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + ctx->gr_cache_idx++; + +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetgrlist(struct group **grp) +{ + return wbcCtxGetgrlist(NULL, grp); +} + +/* Return the unix group array belonging to the given user */ +_PUBLIC_ +wbcErr wbcCtxGetGroups(struct wbcContext *ctx, const char *account, + uint32_t *num_groups, gid_t **_groups) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t i; + gid_t *groups = NULL; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!account) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Send request */ + + strncpy(request.data.username, account, sizeof(request.data.username)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGROUPS, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + groups = (gid_t *)wbcAllocateMemory( + response.data.num_entries, sizeof(gid_t), NULL); + BAIL_ON_PTR_ERROR(groups, wbc_status); + + for (i = 0; i < response.data.num_entries; i++) { + groups[i] = ((gid_t *)response.extra_data.data)[i]; + } + + *num_groups = response.data.num_entries; + *_groups = groups; + groups = NULL; + + wbc_status = WBC_ERR_SUCCESS; + + done: + winbindd_free_response(&response); + wbcFreeMemory(groups); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups) +{ + return wbcCtxGetGroups(NULL, account, num_groups, _groups); +} diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c new file mode 100644 index 0000000..e4b6376 --- /dev/null +++ b/nsswitch/libwbclient/wbc_sid.c @@ -0,0 +1,1123 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Volker Lendecke 2010 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" +#include "../winbind_client.h" +#include "lib/util/smb_strtox.h" + +/* Convert a sid to a string into a buffer. Return the string + * length. If buflen is too small, return the string length that would + * result if it was long enough. */ +_PUBLIC_ +int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen) +{ + uint64_t id_auth; + int i, ofs; + + if (!sid) { + strlcpy(buf, "(NULL SID)", buflen); + return 10; /* strlen("(NULL SID)") */ + } + + id_auth = (uint64_t)sid->id_auth[5] + + ((uint64_t)sid->id_auth[4] << 8) + + ((uint64_t)sid->id_auth[3] << 16) + + ((uint64_t)sid->id_auth[2] << 24) + + ((uint64_t)sid->id_auth[1] << 32) + + ((uint64_t)sid->id_auth[0] << 40); + + ofs = snprintf(buf, buflen, "S-%hhu-", (unsigned char)sid->sid_rev_num); + if (id_auth >= UINT32_MAX) { + ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "0x%llx", + (unsigned long long)id_auth); + } else { + ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "%llu", + (unsigned long long)id_auth); + } + + for (i = 0; i < sid->num_auths; i++) { + ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%u", + (unsigned int)sid->sub_auths[i]); + } + return ofs; +} + +/* Convert a binary SID to a character string */ +_PUBLIC_ +wbcErr wbcSidToString(const struct wbcDomainSid *sid, + char **sid_string) +{ + char buf[WBC_SID_STRING_BUFLEN]; + char *result; + int len; + + if (!sid) { + return WBC_ERR_INVALID_SID; + } + + len = wbcSidToStringBuf(sid, buf, sizeof(buf)); + + if (len >= WBC_SID_STRING_BUFLEN) { + return WBC_ERR_INVALID_SID; + } + + result = (char *)wbcAllocateMemory(len+1, 1, NULL); + if (result == NULL) { + return WBC_ERR_NO_MEMORY; + } + memcpy(result, buf, len+1); + + *sid_string = result; + return WBC_ERR_SUCCESS; +} + +#define AUTHORITY_MASK (~(0xffffffffffffULL)) + +/* Convert a character string to a binary SID */ +_PUBLIC_ +wbcErr wbcStringToSid(const char *str, + struct wbcDomainSid *sid) +{ + const char *p; + char *q; + int error = 0; + uint64_t x; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Sanity check for either "S-" or "s-" */ + + if (!str + || (str[0]!='S' && str[0]!='s') + || (str[1]!='-')) + { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Get the SID revision number */ + + p = str+2; + x = (uint64_t)smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD); + if (x == 0 || x > UINT8_MAX || !q || *q != '-' || error != 0) { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + sid->sid_rev_num = (uint8_t)x; + + /* + * Next the Identifier Authority. This is stored big-endian in a + * 6 byte array. If the authority value is >= UINT_MAX, then it should + * be expressed as a hex value, according to MS-DTYP. + */ + p = q+1; + x = smb_strtoull(p, &q, 0, &error, SMB_STR_STANDARD); + if (!q || *q != '-' || (x & AUTHORITY_MASK) || error != 0) { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + sid->id_auth[5] = (x & 0x0000000000ffULL); + sid->id_auth[4] = (x & 0x00000000ff00ULL) >> 8; + sid->id_auth[3] = (x & 0x000000ff0000ULL) >> 16; + sid->id_auth[2] = (x & 0x0000ff000000ULL) >> 24; + sid->id_auth[1] = (x & 0x00ff00000000ULL) >> 32; + sid->id_auth[0] = (x & 0xff0000000000ULL) >> 40; + + /* now read the the subauthorities */ + p = q +1; + sid->num_auths = 0; + while (sid->num_auths < WBC_MAXSUBAUTHS) { + x = smb_strtoull(p, &q, 10, &error, SMB_STR_ALLOW_NO_CONVERSION); + if (p == q) + break; + if (x > UINT32_MAX || error != 0) { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + sid->sub_auths[sid->num_auths++] = x; + + if (*q != '-') { + break; + } + p = q + 1; + } + + /* IF we ended early, then the SID could not be converted */ + + if (q && *q!='\0') { + wbc_status = WBC_ERR_INVALID_SID; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_SUCCESS; + +done: + return wbc_status; + +} + + +/* Convert a domain and name to SID */ +_PUBLIC_ +wbcErr wbcCtxLookupName(struct wbcContext *ctx, + const char *domain, + const char *name, + struct wbcDomainSid *sid, + enum wbcSidType *name_type) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!sid || !name_type) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* dst is already null terminated from the memset above */ + + strncpy(request.data.name.dom_name, domain, + sizeof(request.data.name.dom_name)-1); + strncpy(request.data.name.name, name, + sizeof(request.data.name.name)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + wbc_status = wbcStringToSid(response.data.sid.sid, sid); + BAIL_ON_WBC_ERROR(wbc_status); + + *name_type = (enum wbcSidType)response.data.sid.type; + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupName(const char *domain, + const char *name, + struct wbcDomainSid *sid, + enum wbcSidType *name_type) +{ + return wbcCtxLookupName(NULL, domain, name, sid, name_type); +} + + +/* Convert a SID to a domain and name */ +_PUBLIC_ +wbcErr wbcCtxLookupSid(struct wbcContext *ctx, + const struct wbcDomainSid *sid, + char **pdomain, + char **pname, + enum wbcSidType *pname_type) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *domain, *name; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid)); + + /* Make request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSID, + &request, + &response); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return wbc_status; + } + + /* Copy out result */ + + wbc_status = WBC_ERR_NO_MEMORY; + domain = NULL; + name = NULL; + + domain = wbcStrDup(response.data.name.dom_name); + if (domain == NULL) { + goto done; + } + name = wbcStrDup(response.data.name.name); + if (name == NULL) { + goto done; + } + if (pdomain != NULL) { + *pdomain = domain; + domain = NULL; + } + if (pname != NULL) { + *pname = name; + name = NULL; + } + if (pname_type != NULL) { + *pname_type = (enum wbcSidType)response.data.name.type; + } + wbc_status = WBC_ERR_SUCCESS; +done: + wbcFreeMemory(name); + wbcFreeMemory(domain); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupSid(const struct wbcDomainSid *sid, + char **pdomain, + char **pname, + enum wbcSidType *pname_type) +{ + return wbcCtxLookupSid(NULL, sid, pdomain, pname, pname_type); +} + +static void wbcDomainInfosDestructor(void *ptr) +{ + struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr; + + while (i->short_name != NULL) { + wbcFreeMemory(i->short_name); + wbcFreeMemory(i->dns_name); + i += 1; + } +} + +static void wbcTranslatedNamesDestructor(void *ptr) +{ + struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr; + + while (n->name != NULL) { + wbcFreeMemory(n->name); + n += 1; + } +} + +_PUBLIC_ +wbcErr wbcCtxLookupSids(struct wbcContext *ctx, + const struct wbcDomainSid *sids, int num_sids, + struct wbcDomainInfo **pdomains, int *pnum_domains, + struct wbcTranslatedName **pnames) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int buflen, i, extra_len, num_domains, num_names; + char *sidlist, *p, *q, *extra_data; + struct wbcDomainInfo *domains = NULL; + struct wbcTranslatedName *names = NULL; + int error = 0; + + buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1; + + sidlist = (char *)malloc(buflen); + if (sidlist == NULL) { + return WBC_ERR_NO_MEMORY; + } + + p = sidlist; + + for (i=0; i<num_sids; i++) { + int remaining; + int len; + + remaining = buflen - (p - sidlist); + + len = wbcSidToStringBuf(&sids[i], p, remaining); + if (len > remaining) { + free(sidlist); + return WBC_ERR_UNKNOWN_FAILURE; + } + + p += len; + *p++ = '\n'; + } + *p++ = '\0'; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.extra_data.data = sidlist; + request.extra_len = p - sidlist; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSIDS, + &request, &response); + free(sidlist); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return wbc_status; + } + + extra_len = response.length - sizeof(struct winbindd_response); + extra_data = (char *)response.extra_data.data; + + if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) { + goto wbc_err_invalid; + } + + p = extra_data; + + num_domains = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD); + if (*q != '\n' || error != 0) { + goto wbc_err_invalid; + } + p = q+1; + + domains = (struct wbcDomainInfo *)wbcAllocateMemory( + num_domains+1, sizeof(struct wbcDomainInfo), + wbcDomainInfosDestructor); + if (domains == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + + for (i=0; i<num_domains; i++) { + + q = strchr(p, ' '); + if (q == NULL) { + goto wbc_err_invalid; + } + *q = '\0'; + wbc_status = wbcStringToSid(p, &domains[i].sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto fail; + } + p = q+1; + + q = strchr(p, '\n'); + if (q == NULL) { + goto wbc_err_invalid; + } + *q = '\0'; + domains[i].short_name = wbcStrDup(p); + if (domains[i].short_name == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + p = q+1; + } + + num_names = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD); + if (*q != '\n' || error != 0) { + goto wbc_err_invalid; + } + p = q+1; + + if (num_names != num_sids) { + goto wbc_err_invalid; + } + + names = (struct wbcTranslatedName *)wbcAllocateMemory( + num_names+1, sizeof(struct wbcTranslatedName), + wbcTranslatedNamesDestructor); + if (names == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + + for (i=0; i<num_names; i++) { + + names[i].domain_index = smb_strtoul(p, + &q, + 10, + &error, + SMB_STR_STANDARD); + if (names[i].domain_index < 0 || error != 0) { + goto wbc_err_invalid; + } + if (names[i].domain_index >= num_domains) { + goto wbc_err_invalid; + } + + if (*q != ' ') { + goto wbc_err_invalid; + } + p = q+1; + + names[i].type = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD); + if (*q != ' ' || error != 0) { + goto wbc_err_invalid; + } + p = q+1; + + q = strchr(p, '\n'); + if (q == NULL) { + goto wbc_err_invalid; + } + *q = '\0'; + names[i].name = wbcStrDup(p); + if (names[i].name == NULL) { + wbc_status = WBC_ERR_NO_MEMORY; + goto fail; + } + p = q+1; + } + if (*p != '\0') { + goto wbc_err_invalid; + } + + *pdomains = domains; + *pnames = names; + winbindd_free_response(&response); + return WBC_ERR_SUCCESS; + +wbc_err_invalid: + wbc_status = WBC_ERR_INVALID_RESPONSE; +fail: + winbindd_free_response(&response); + wbcFreeMemory(domains); + wbcFreeMemory(names); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids, + struct wbcDomainInfo **pdomains, int *pnum_domains, + struct wbcTranslatedName **pnames) +{ + return wbcCtxLookupSids(NULL, sids, num_sids, pdomains, + pnum_domains, pnames); +} + +/* Translate a collection of RIDs within a domain to names */ + +_PUBLIC_ +wbcErr wbcCtxLookupRids(struct wbcContext *ctx, struct wbcDomainSid *dom_sid, + int num_rids, + uint32_t *rids, + const char **pp_domain_name, + const char ***pnames, + enum wbcSidType **ptypes) +{ + size_t i, len, ridbuf_size; + char *ridlist; + char *p; + int error = 0; + struct winbindd_request request; + struct winbindd_response response; + char *domain_name = NULL; + const char **names = NULL; + enum wbcSidType *types = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!dom_sid || (num_rids == 0)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid)); + + /* Even if all the Rids were of maximum 32bit values, + we would only have 11 bytes per rid in the final array + ("4294967296" + \n). Add one more byte for the + terminating '\0' */ + + ridbuf_size = (sizeof(char)*11) * num_rids + 1; + + ridlist = (char *)malloc(ridbuf_size); + BAIL_ON_PTR_ERROR(ridlist, wbc_status); + + len = 0; + for (i=0; i<num_rids; i++) { + len += snprintf(ridlist + len, ridbuf_size - len, "%u\n", + rids[i]); + } + ridlist[len] = '\0'; + len += 1; + + request.extra_data.data = ridlist; + request.extra_len = len; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPRIDS, + &request, + &response); + free(ridlist); + BAIL_ON_WBC_ERROR(wbc_status); + + domain_name = wbcStrDup(response.data.domain_name); + BAIL_ON_PTR_ERROR(domain_name, wbc_status); + + names = wbcAllocateStringArray(num_rids); + BAIL_ON_PTR_ERROR(names, wbc_status); + + types = (enum wbcSidType *)wbcAllocateMemory( + num_rids, sizeof(enum wbcSidType), NULL); + BAIL_ON_PTR_ERROR(types, wbc_status); + + p = (char *)response.extra_data.data; + + for (i=0; i<num_rids; i++) { + char *q; + + if (*p == '\0') { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + types[i] = (enum wbcSidType)smb_strtoul(p, + &q, + 10, + &error, + SMB_STR_STANDARD); + + if (*q != ' ' || error != 0) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + p = q+1; + + if ((q = strchr(p, '\n')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + *q = '\0'; + + names[i] = strdup(p); + BAIL_ON_PTR_ERROR(names[i], wbc_status); + + p = q+1; + } + + if (*p != '\0') { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + wbc_status = WBC_ERR_SUCCESS; + + done: + winbindd_free_response(&response); + + if (WBC_ERROR_IS_OK(wbc_status)) { + *pp_domain_name = domain_name; + *pnames = names; + *ptypes = types; + } + else { + wbcFreeMemory(domain_name); + wbcFreeMemory(names); + wbcFreeMemory(types); + } + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, + int num_rids, + uint32_t *rids, + const char **pp_domain_name, + const char ***pnames, + enum wbcSidType **ptypes) +{ + return wbcCtxLookupRids(NULL, dom_sid, num_rids, rids, + pp_domain_name, pnames, ptypes); +} + +/* Get the groups a user belongs to */ +_PUBLIC_ +wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx, + const struct wbcDomainSid *user_sid, + bool domain_groups_only, + uint32_t *num_sids, + struct wbcDomainSid **_sids) +{ + uint32_t i; + const char *s; + struct winbindd_request request; + struct winbindd_response response; + struct wbcDomainSid *sids = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!user_sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid)); + + if (domain_groups_only) { + cmd = WINBINDD_GETUSERDOMGROUPS; + } else { + cmd = WINBINDD_GETUSERSIDS; + } + + wbc_status = wbcRequestResponse(ctx, cmd, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + if (response.data.num_entries && + !response.extra_data.data) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + sids = (struct wbcDomainSid *)wbcAllocateMemory( + response.data.num_entries, sizeof(struct wbcDomainSid), + NULL); + BAIL_ON_PTR_ERROR(sids, wbc_status); + + s = (const char *)response.extra_data.data; + for (i = 0; i < response.data.num_entries; i++) { + char *n = strchr(s, '\n'); + if (n) { + *n = '\0'; + } + wbc_status = wbcStringToSid(s, &sids[i]); + BAIL_ON_WBC_ERROR(wbc_status); + s += strlen(s) + 1; + } + + *num_sids = response.data.num_entries; + *_sids = sids; + sids = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + winbindd_free_response(&response); + if (sids) { + wbcFreeMemory(sids); + } + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, + bool domain_groups_only, + uint32_t *num_sids, + struct wbcDomainSid **_sids) +{ + return wbcCtxLookupUserSids(NULL, user_sid, domain_groups_only, + num_sids, _sids); +} + +static inline +wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid) +{ + if (sid->num_auths < 1) { + return WBC_ERR_INVALID_RESPONSE; + } + *rid = sid->sub_auths[sid->num_auths - 1]; + + return WBC_ERR_SUCCESS; +} + +/* Get alias membership for sids */ +_PUBLIC_ +wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx, + const struct wbcDomainSid *dom_sid, + struct wbcDomainSid *sids, + uint32_t num_sids, + uint32_t **alias_rids, + uint32_t *num_alias_rids) +{ + uint32_t i; + const char *s; + struct winbindd_request request; + struct winbindd_response response; + ssize_t extra_data_len = 0; + char * extra_data = NULL; + ssize_t buflen = 0; + struct wbcDomainSid sid; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + uint32_t * rids = NULL; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (!dom_sid) { + wbc_status = WBC_ERR_INVALID_PARAM; + goto done; + } + + wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid)); + + /* Lets assume each sid is around 57 characters + * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */ + buflen = 57 * num_sids; + extra_data = (char *)malloc(buflen); + if (!extra_data) { + wbc_status = WBC_ERR_NO_MEMORY; + goto done; + } + + /* Build the sid list */ + for (i=0; i<num_sids; i++) { + char sid_str[WBC_SID_STRING_BUFLEN]; + size_t sid_len; + + sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str)); + + if (buflen < extra_data_len + sid_len + 2) { + char * tmp_data = NULL; + buflen *= 2; + tmp_data = (char *)realloc(extra_data, buflen); + if (!tmp_data) { + wbc_status = WBC_ERR_NO_MEMORY; + BAIL_ON_WBC_ERROR(wbc_status); + } + extra_data = tmp_data; + } + + strncpy(&extra_data[extra_data_len], sid_str, + buflen - extra_data_len); + extra_data_len += sid_len; + extra_data[extra_data_len++] = '\n'; + extra_data[extra_data_len] = '\0'; + } + extra_data_len += 1; + + request.extra_data.data = extra_data; + request.extra_len = extra_data_len; + + wbc_status = wbcRequestResponse(ctx, WINBINDD_GETSIDALIASES, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + if (response.data.num_entries && + !response.extra_data.data) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries, + sizeof(uint32_t), NULL); + BAIL_ON_PTR_ERROR(rids, wbc_status); + + s = (const char *)response.extra_data.data; + for (i = 0; i < response.data.num_entries; i++) { + char *n = strchr(s, '\n'); + if (n) { + *n = '\0'; + } + wbc_status = wbcStringToSid(s, &sid); + BAIL_ON_WBC_ERROR(wbc_status); + wbc_status = _sid_to_rid(&sid, &rids[i]); + BAIL_ON_WBC_ERROR(wbc_status); + s += strlen(s) + 1; + } + + *num_alias_rids = response.data.num_entries; + *alias_rids = rids; + rids = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + free(extra_data); + winbindd_free_response(&response); + wbcFreeMemory(rids); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid, + struct wbcDomainSid *sids, + uint32_t num_sids, + uint32_t **alias_rids, + uint32_t *num_alias_rids) +{ + return wbcCtxGetSidAliases(NULL, dom_sid, sids, num_sids, + alias_rids, num_alias_rids); +} + + +/* Lists Users */ +_PUBLIC_ +wbcErr wbcCtxListUsers(struct wbcContext *ctx, + const char *domain_name, + uint32_t *_num_users, + const char ***_users) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t num_users = 0; + const char **users = NULL; + const char *next; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain_name) { + strncpy(request.domain_name, domain_name, + sizeof(request.domain_name)-1); + } + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_USERS, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + users = wbcAllocateStringArray(response.data.num_entries); + if (users == NULL) { + return WBC_ERR_NO_MEMORY; + } + + /* Look through extra data */ + + next = (const char *)response.extra_data.data; + while (next) { + const char *current; + char *k; + + if (num_users >= response.data.num_entries) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + current = next; + k = strchr(next, ','); + + if (k) { + k[0] = '\0'; + next = k+1; + } else { + next = NULL; + } + + users[num_users] = strdup(current); + BAIL_ON_PTR_ERROR(users[num_users], wbc_status); + num_users += 1; + } + if (num_users != response.data.num_entries) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + *_num_users = response.data.num_entries; + *_users = users; + users = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + winbindd_free_response(&response); + wbcFreeMemory(users); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcListUsers(const char *domain_name, + uint32_t *_num_users, + const char ***_users) +{ + return wbcCtxListUsers(NULL, domain_name, _num_users, _users); +} + +/* Lists Groups */ +_PUBLIC_ +wbcErr wbcCtxListGroups(struct wbcContext *ctx, + const char *domain_name, + uint32_t *_num_groups, + const char ***_groups) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + uint32_t num_groups = 0; + const char **groups = NULL; + const char *next; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain_name) { + strncpy(request.domain_name, domain_name, + sizeof(request.domain_name)-1); + } + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_GROUPS, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + groups = wbcAllocateStringArray(response.data.num_entries); + if (groups == NULL) { + return WBC_ERR_NO_MEMORY; + } + + /* Look through extra data */ + + next = (const char *)response.extra_data.data; + while (next) { + const char *current; + char *k; + + if (num_groups >= response.data.num_entries) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + current = next; + k = strchr(next, ','); + + if (k) { + k[0] = '\0'; + next = k+1; + } else { + next = NULL; + } + + groups[num_groups] = strdup(current); + BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status); + num_groups += 1; + } + if (num_groups != response.data.num_entries) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + *_num_groups = response.data.num_entries; + *_groups = groups; + groups = NULL; + wbc_status = WBC_ERR_SUCCESS; + + done: + winbindd_free_response(&response); + wbcFreeMemory(groups); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcListGroups(const char *domain_name, + uint32_t *_num_groups, + const char ***_groups) +{ + return wbcCtxListGroups(NULL, domain_name, _num_groups, _groups); +} + +_PUBLIC_ +wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx, + const struct wbcDomainSid *sid, + char **pdomain, + char **pfullname, + enum wbcSidType *pname_type) +{ + wbcErr wbc_status; + char *domain = NULL; + char *name = NULL; + enum wbcSidType name_type; + + wbc_status = wbcCtxLookupSid(ctx, sid, &domain, &name, &name_type); + BAIL_ON_WBC_ERROR(wbc_status); + + if (name_type == WBC_SID_NAME_USER) { + uid_t uid; + struct passwd *pwd; + + wbc_status = wbcCtxSidToUid(ctx, sid, &uid); + BAIL_ON_WBC_ERROR(wbc_status); + + wbc_status = wbcCtxGetpwuid(ctx, uid, &pwd); + BAIL_ON_WBC_ERROR(wbc_status); + + wbcFreeMemory(name); + + name = wbcStrDup(pwd->pw_gecos); + wbcFreeMemory(pwd); + BAIL_ON_PTR_ERROR(name, wbc_status); + } + + wbc_status = WBC_ERR_SUCCESS; + + done: + if (WBC_ERROR_IS_OK(wbc_status)) { + *pdomain = domain; + *pfullname = name; + *pname_type = name_type; + } else { + wbcFreeMemory(domain); + wbcFreeMemory(name); + } + + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, + char **pdomain, + char **pfullname, + enum wbcSidType *pname_type) +{ + return wbcCtxGetDisplayName(NULL, sid, pdomain, pfullname, pname_type); +} + +_PUBLIC_ +const char* wbcSidTypeString(enum wbcSidType type) +{ + switch (type) { + case WBC_SID_NAME_USE_NONE: return "SID_NONE"; + case WBC_SID_NAME_USER: return "SID_USER"; + case WBC_SID_NAME_DOM_GRP: return "SID_DOM_GROUP"; + case WBC_SID_NAME_DOMAIN: return "SID_DOMAIN"; + case WBC_SID_NAME_ALIAS: return "SID_ALIAS"; + case WBC_SID_NAME_WKN_GRP: return "SID_WKN_GROUP"; + case WBC_SID_NAME_DELETED: return "SID_DELETED"; + case WBC_SID_NAME_INVALID: return "SID_INVALID"; + case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN"; + case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER"; + case WBC_SID_NAME_LABEL: return "SID_LABEL"; + default: return "Unknown type"; + } +} diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c new file mode 100644 index 0000000..9e54baf --- /dev/null +++ b/nsswitch/libwbclient/wbc_util.c @@ -0,0 +1,920 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client asynchronous API, utility functions + + Copyright (C) Gerald (Jerry) Carter 2007-2008 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" +#include "../winbind_client.h" + +/** @brief Ping winbindd to see if the daemon is running + * + * @param *ctx wbclient Context + * + * @return #wbcErr + **/ +_PUBLIC_ +wbcErr wbcCtxPing(struct wbcContext *ctx) +{ + struct winbindd_request request; + struct winbindd_response response; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + return wbcRequestResponse(ctx, WINBINDD_PING, &request, &response); +} + +_PUBLIC_ +wbcErr wbcPing(void) +{ + return wbcCtxPing(NULL); +} + +static void wbcInterfaceDetailsDestructor(void *ptr) +{ + struct wbcInterfaceDetails *i = (struct wbcInterfaceDetails *)ptr; + free(i->winbind_version); + free(i->netbios_name); + free(i->netbios_domain); + free(i->dns_domain); +} + +/** + * @brief Query useful information about the winbind service + * + * @param *_details pointer to hold the struct wbcInterfaceDetails + * + * @return #wbcErr + */ + +_PUBLIC_ +wbcErr wbcCtxInterfaceDetails(struct wbcContext *ctx, + struct wbcInterfaceDetails **_details) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcInterfaceDetails *info; + struct wbcDomainInfo *domain = NULL; + struct winbindd_request request; + struct winbindd_response response; + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + info = (struct wbcInterfaceDetails *)wbcAllocateMemory( + 1, sizeof(struct wbcInterfaceDetails), + wbcInterfaceDetailsDestructor); + BAIL_ON_PTR_ERROR(info, wbc_status); + + /* first the interface version */ + wbc_status = wbcRequestResponse(ctx, WINBINDD_INTERFACE_VERSION, + NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + info->interface_version = response.data.interface_version; + + /* then the samba version and the winbind separator */ + wbc_status = wbcRequestResponse(ctx, WINBINDD_INFO, NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info->winbind_version = strdup(response.data.info.samba_version); + BAIL_ON_PTR_ERROR(info->winbind_version, wbc_status); + info->winbind_separator = response.data.info.winbind_separator; + + /* then the local netbios name */ + wbc_status = wbcRequestResponse(ctx, WINBINDD_NETBIOS_NAME, + NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info->netbios_name = strdup(response.data.netbios_name); + BAIL_ON_PTR_ERROR(info->netbios_name, wbc_status); + + /* then the local workgroup name */ + wbc_status = wbcRequestResponse(ctx, WINBINDD_DOMAIN_NAME, + NULL, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info->netbios_domain = strdup(response.data.domain_name); + BAIL_ON_PTR_ERROR(info->netbios_domain, wbc_status); + + wbc_status = wbcCtxDomainInfo(ctx, info->netbios_domain, &domain); + if (wbc_status == WBC_ERR_DOMAIN_NOT_FOUND) { + /* maybe it's a standalone server */ + domain = NULL; + } else { + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (domain) { + info->dns_domain = strdup(domain->dns_name); + wbcFreeMemory(domain); + BAIL_ON_PTR_ERROR(info->dns_domain, wbc_status); + } else { + info->dns_domain = NULL; + } + + *_details = info; + info = NULL; + + wbc_status = WBC_ERR_SUCCESS; + +done: + wbcFreeMemory(info); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **_details) +{ + return wbcCtxInterfaceDetails(NULL, _details); +} + +static void wbcDomainInfoDestructor(void *ptr) +{ + struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr; + free(i->short_name); + free(i->dns_name); +} + +/** @brief Lookup the current status of a trusted domain, sync wrapper + * + * @param domain Domain to query + * @param *dinfo Pointer to returned struct wbcDomainInfo + * + * @return #wbcErr + */ + +_PUBLIC_ +wbcErr wbcCtxDomainInfo(struct wbcContext *ctx, + const char *domain, + struct wbcDomainInfo **dinfo) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainInfo *info = NULL; + + if (!domain || !dinfo) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.domain_name, domain, + sizeof(request.domain_name)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_DOMAIN_INFO, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + info = (struct wbcDomainInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcDomainInfo), wbcDomainInfoDestructor); + BAIL_ON_PTR_ERROR(info, wbc_status); + + info->short_name = strdup(response.data.domain_info.name); + BAIL_ON_PTR_ERROR(info->short_name, wbc_status); + + info->dns_name = strdup(response.data.domain_info.alt_name); + BAIL_ON_PTR_ERROR(info->dns_name, wbc_status); + + wbc_status = wbcStringToSid(response.data.domain_info.sid, + &info->sid); + BAIL_ON_WBC_ERROR(wbc_status); + + if (response.data.domain_info.native_mode) + info->domain_flags |= WBC_DOMINFO_DOMAIN_NATIVE; + if (response.data.domain_info.active_directory) + info->domain_flags |= WBC_DOMINFO_DOMAIN_AD; + if (response.data.domain_info.primary) + info->domain_flags |= WBC_DOMINFO_DOMAIN_PRIMARY; + + *dinfo = info; + info = NULL; + + wbc_status = WBC_ERR_SUCCESS; + + done: + wbcFreeMemory(info); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo) +{ + return wbcCtxDomainInfo(NULL, domain, dinfo); +} + +/* Get the list of current DCs */ +_PUBLIC_ +wbcErr wbcCtxDcInfo(struct wbcContext *ctx, + const char *domain, size_t *num_dcs, + const char ***dc_names, const char ***dc_ips) +{ + struct winbindd_request request; + struct winbindd_response response; + const char **names = NULL; + const char **ips = NULL; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + size_t extra_len; + int i; + char *p; + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (domain != NULL) { + strncpy(request.domain_name, domain, + sizeof(request.domain_name) - 1); + } + + wbc_status = wbcRequestResponse(ctx, WINBINDD_DC_INFO, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + names = wbcAllocateStringArray(response.data.num_entries); + BAIL_ON_PTR_ERROR(names, wbc_status); + + ips = wbcAllocateStringArray(response.data.num_entries); + BAIL_ON_PTR_ERROR(ips, wbc_status); + + wbc_status = WBC_ERR_INVALID_RESPONSE; + + p = (char *)response.extra_data.data; + + if (response.length < (sizeof(struct winbindd_response)+1)) { + goto done; + } + + extra_len = response.length - sizeof(struct winbindd_response); + + if (p[extra_len-1] != '\0') { + goto done; + } + + for (i=0; i<response.data.num_entries; i++) { + char *q; + + q = strchr(p, '\n'); + if (q == NULL) { + goto done; + } + names[i] = strndup(p, q-p); + BAIL_ON_PTR_ERROR(names[i], wbc_status); + p = q+1; + + q = strchr(p, '\n'); + if (q == NULL) { + goto done; + } + ips[i] = strndup(p, q-p); + BAIL_ON_PTR_ERROR(ips[i], wbc_status); + p = q+1; + } + if (p[0] != '\0') { + goto done; + } + + wbc_status = WBC_ERR_SUCCESS; +done: + if (response.extra_data.data) + free(response.extra_data.data); + + if (WBC_ERROR_IS_OK(wbc_status)) { + *num_dcs = response.data.num_entries; + *dc_names = names; + names = NULL; + *dc_ips = ips; + ips = NULL; + } + wbcFreeMemory(names); + wbcFreeMemory(ips); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcDcInfo(const char *domain, size_t *num_dcs, + const char ***dc_names, const char ***dc_ips) +{ + return wbcCtxDcInfo(NULL, domain, num_dcs, dc_names, dc_ips); +} + +/* Resolve a NetbiosName via WINS */ +_PUBLIC_ +wbcErr wbcCtxResolveWinsByName(struct wbcContext *ctx, + const char *name, char **ip) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *ipaddr; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + strncpy(request.data.winsreq, name, + sizeof(request.data.winsreq)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_WINS_BYNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Display response */ + + ipaddr = wbcStrDup(response.data.winsresp); + BAIL_ON_PTR_ERROR(ipaddr, wbc_status); + + *ip = ipaddr; + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcResolveWinsByName(const char *name, char **ip) +{ + return wbcCtxResolveWinsByName(NULL, name, ip); +} + +/* Resolve an IP address via WINS into a NetbiosName */ +_PUBLIC_ +wbcErr wbcCtxResolveWinsByIP(struct wbcContext *ctx, + const char *ip, char **name) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *name_str; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + strncpy(request.data.winsreq, ip, + sizeof(request.data.winsreq)-1); + + wbc_status = wbcRequestResponse(ctx, WINBINDD_WINS_BYIP, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Display response */ + + name_str = wbcStrDup(response.data.winsresp); + BAIL_ON_PTR_ERROR(name_str, wbc_status); + + *name = name_str; + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcResolveWinsByIP(const char *ip, char **name) +{ + return wbcCtxResolveWinsByIP(NULL, ip, name); +} + +/** + */ + +static wbcErr process_domain_info_string(struct wbcDomainInfo *info, + char *info_string) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *r = NULL; + char *s = NULL; + + r = info_string; + + /* Short Name */ + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + info->short_name = strdup(r); + BAIL_ON_PTR_ERROR(info->short_name, wbc_status); + + + /* DNS Name */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + info->dns_name = strdup(r); + BAIL_ON_PTR_ERROR(info->dns_name, wbc_status); + + /* SID */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + wbc_status = wbcStringToSid(r, &info->sid); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Trust type */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strncmp(r, "Routed", strlen("Routed")) == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE; + info->trust_routing = strdup(r); + BAIL_ON_PTR_ERROR(info->trust_routing, wbc_status); + } else if (strcmp(r, "Local") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_LOCAL; + } else if (strcmp(r, "Workstation") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_WKSTA; + } else if (strcmp(r, "RWDC") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_RWDC; + } else if (strcmp(r, "RODC") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_RODC; + } else if (strcmp(r, "PDC") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_PDC; + } else if (strcmp(r, "External") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_EXTERNAL; + } else if (strcmp(r, "Forest") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_FOREST; + } else if (strcmp(r, "In Forest") == 0) { + info->trust_type = WBC_DOMINFO_TRUSTTYPE_IN_FOREST; + } else { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Transitive */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strcmp(r, "Yes") == 0) { + info->trust_flags |= WBC_DOMINFO_TRUST_TRANSITIVE; + } + + /* Incoming */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strcmp(r, "Yes") == 0) { + info->trust_flags |= WBC_DOMINFO_TRUST_INCOMING; + } + + /* Outgoing */ + r = s; + if ((s = strchr(r, '\\')) == NULL) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + BAIL_ON_WBC_ERROR(wbc_status); + } + *s = '\0'; + s++; + + if (strcmp(r, "Yes") == 0) { + info->trust_flags |= WBC_DOMINFO_TRUST_OUTGOING; + } + + /* Online/Offline status */ + r = s; + if ( strcmp(r, "Offline") == 0) { + info->domain_flags |= WBC_DOMINFO_DOMAIN_OFFLINE; + } + + wbc_status = WBC_ERR_SUCCESS; + + done: + return wbc_status; +} + +static void wbcDomainInfoListDestructor(void *ptr) +{ + struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr; + + while (i->short_name != NULL) { + free(i->short_name); + free(i->dns_name); + i += 1; + } +} + +/* Enumerate the domain trusts known by Winbind */ +_PUBLIC_ +wbcErr wbcCtxListTrusts(struct wbcContext *ctx, + struct wbcDomainInfo **domains, size_t *num_domains) +{ + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *p = NULL; + char *extra_data = NULL; + struct wbcDomainInfo *d_list = NULL; + int i = 0; + + *domains = NULL; + *num_domains = 0; + + ZERO_STRUCT(response); + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_TRUSTDOM, + NULL, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + /* Decode the response */ + + p = (char *)response.extra_data.data; + + if ((p == NULL) || (strlen(p) == 0)) { + /* We should always at least get back our + own SAM domain */ + + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + BAIL_ON_WBC_ERROR(wbc_status); + } + + d_list = (struct wbcDomainInfo *)wbcAllocateMemory( + response.data.num_entries + 1,sizeof(struct wbcDomainInfo), + wbcDomainInfoListDestructor); + BAIL_ON_PTR_ERROR(d_list, wbc_status); + + extra_data = strdup((char*)response.extra_data.data); + BAIL_ON_PTR_ERROR(extra_data, wbc_status); + + p = extra_data; + + /* Outer loop processes the list of domain information */ + + for (i=0; i<response.data.num_entries && p; i++) { + char *next = strchr(p, '\n'); + + if (next) { + *next = '\0'; + next++; + } + + wbc_status = process_domain_info_string(&d_list[i], p); + BAIL_ON_WBC_ERROR(wbc_status); + + p = next; + } + + *domains = d_list; + d_list = NULL; + *num_domains = i; + + done: + winbindd_free_response(&response); + wbcFreeMemory(d_list); + free(extra_data); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) +{ + return wbcCtxListTrusts(NULL, domains, num_domains); +} + +static void wbcDomainControllerInfoDestructor(void *ptr) +{ + struct wbcDomainControllerInfo *i = + (struct wbcDomainControllerInfo *)ptr; + free(i->dc_name); +} + +/* Enumerate the domain trusts known by Winbind */ +_PUBLIC_ +wbcErr wbcCtxLookupDomainController(struct wbcContext *ctx, + const char *domain, uint32_t flags, + struct wbcDomainControllerInfo **dc_info) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + struct wbcDomainControllerInfo *dc = NULL; + + /* validate input params */ + + if (!domain || !dc_info) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.dsgetdcname.domain_name, domain, + sizeof(request.data.dsgetdcname.domain_name)-1); + + request.flags = flags; + + dc = (struct wbcDomainControllerInfo *)wbcAllocateMemory( + 1, sizeof(struct wbcDomainControllerInfo), + wbcDomainControllerInfoDestructor); + BAIL_ON_PTR_ERROR(dc, wbc_status); + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_DSGETDCNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + dc->dc_name = strdup(response.data.dsgetdcname.dc_unc); + BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status); + + *dc_info = dc; + dc = NULL; + +done: + wbcFreeMemory(dc); + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, + struct wbcDomainControllerInfo **dc_info) +{ + return wbcCtxLookupDomainController(NULL, domain, flags, dc_info); +} + +static void wbcDomainControllerInfoExDestructor(void *ptr) +{ + struct wbcDomainControllerInfoEx *i = + (struct wbcDomainControllerInfoEx *)ptr; + free(discard_const_p(char, i->dc_unc)); + free(discard_const_p(char, i->dc_address)); + free(discard_const_p(char, i->domain_guid)); + free(discard_const_p(char, i->domain_name)); + free(discard_const_p(char, i->forest_name)); + free(discard_const_p(char, i->dc_site_name)); + free(discard_const_p(char, i->client_site_name)); +} + +static wbcErr wbc_create_domain_controller_info_ex(const struct winbindd_response *resp, + struct wbcDomainControllerInfoEx **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcDomainControllerInfoEx *i; + struct wbcGuid guid; + + i = (struct wbcDomainControllerInfoEx *)wbcAllocateMemory( + 1, sizeof(struct wbcDomainControllerInfoEx), + wbcDomainControllerInfoExDestructor); + BAIL_ON_PTR_ERROR(i, wbc_status); + + i->dc_unc = strdup(resp->data.dsgetdcname.dc_unc); + BAIL_ON_PTR_ERROR(i->dc_unc, wbc_status); + + i->dc_address = strdup(resp->data.dsgetdcname.dc_address); + BAIL_ON_PTR_ERROR(i->dc_address, wbc_status); + + i->dc_address_type = resp->data.dsgetdcname.dc_address_type; + + wbc_status = wbcStringToGuid(resp->data.dsgetdcname.domain_guid, &guid); + if (WBC_ERROR_IS_OK(wbc_status)) { + i->domain_guid = (struct wbcGuid *)malloc( + sizeof(struct wbcGuid)); + BAIL_ON_PTR_ERROR(i->domain_guid, wbc_status); + + *i->domain_guid = guid; + } + + i->domain_name = strdup(resp->data.dsgetdcname.domain_name); + BAIL_ON_PTR_ERROR(i->domain_name, wbc_status); + + if (resp->data.dsgetdcname.forest_name[0] != '\0') { + i->forest_name = strdup(resp->data.dsgetdcname.forest_name); + BAIL_ON_PTR_ERROR(i->forest_name, wbc_status); + } + + i->dc_flags = resp->data.dsgetdcname.dc_flags; + + if (resp->data.dsgetdcname.dc_site_name[0] != '\0') { + i->dc_site_name = strdup(resp->data.dsgetdcname.dc_site_name); + BAIL_ON_PTR_ERROR(i->dc_site_name, wbc_status); + } + + if (resp->data.dsgetdcname.client_site_name[0] != '\0') { + i->client_site_name = strdup( + resp->data.dsgetdcname.client_site_name); + BAIL_ON_PTR_ERROR(i->client_site_name, wbc_status); + } + + *_i = i; + i = NULL; + +done: + if (i != NULL) { + wbcFreeMemory(i); + } + return wbc_status; +} + +/* Get extended domain controller information */ +_PUBLIC_ +wbcErr wbcCtxLookupDomainControllerEx(struct wbcContext *ctx, + const char *domain, + struct wbcGuid *guid, + const char *site, + uint32_t flags, + struct wbcDomainControllerInfoEx **dc_info) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + /* validate input params */ + + if (!domain || !dc_info) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.dsgetdcname.flags = flags; + + strncpy(request.data.dsgetdcname.domain_name, domain, + sizeof(request.data.dsgetdcname.domain_name)-1); + + if (site) { + strncpy(request.data.dsgetdcname.site_name, site, + sizeof(request.data.dsgetdcname.site_name)-1); + } + + if (guid) { + char *str = NULL; + + wbc_status = wbcGuidToString(guid, &str); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dsgetdcname.domain_guid, str, + sizeof(request.data.dsgetdcname.domain_guid)-1); + + wbcFreeMemory(str); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(ctx, WINBINDD_DSGETDCNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + if (dc_info) { + wbc_status = wbc_create_domain_controller_info_ex(&response, + dc_info); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_SUCCESS; +done: + return wbc_status; +} + +_PUBLIC_ +wbcErr wbcLookupDomainControllerEx(const char *domain, + struct wbcGuid *guid, + const char *site, + uint32_t flags, + struct wbcDomainControllerInfoEx **dc_info) +{ + return wbcCtxLookupDomainControllerEx(NULL, domain, guid, site, + flags, dc_info); +} + +static void wbcNamedBlobDestructor(void *ptr) +{ + struct wbcNamedBlob *b = (struct wbcNamedBlob *)ptr; + + while (b->name != NULL) { + free(discard_const_p(char, b->name)); + free(b->blob.data); + b += 1; + } +} + +/* Initialize a named blob and add to list of blobs */ +_PUBLIC_ +wbcErr wbcAddNamedBlob(size_t *num_blobs, + struct wbcNamedBlob **pblobs, + const char *name, + uint32_t flags, + uint8_t *data, + size_t length) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcNamedBlob *blobs, *blob; + + if (name == NULL) { + return WBC_ERR_INVALID_PARAM; + } + + /* + * Overallocate the b->name==NULL terminator for + * wbcNamedBlobDestructor + */ + blobs = (struct wbcNamedBlob *)wbcAllocateMemory( + *num_blobs + 2, sizeof(struct wbcNamedBlob), + wbcNamedBlobDestructor); + + if (blobs == NULL) { + return WBC_ERR_NO_MEMORY; + } + + if (*pblobs != NULL) { + struct wbcNamedBlob *old = *pblobs; + memcpy(blobs, old, sizeof(struct wbcNamedBlob) * (*num_blobs)); + if (*num_blobs != 0) { + /* end indicator for wbcNamedBlobDestructor */ + old[0].name = NULL; + } + wbcFreeMemory(old); + } + *pblobs = blobs; + + blob = &blobs[*num_blobs]; + + blob->name = strdup(name); + BAIL_ON_PTR_ERROR(blob->name, wbc_status); + blob->flags = flags; + + blob->blob.length = length; + blob->blob.data = (uint8_t *)malloc(length); + BAIL_ON_PTR_ERROR(blob->blob.data, wbc_status); + memcpy(blob->blob.data, data, length); + + *num_blobs += 1; + *pblobs = blobs; + blobs = NULL; + + wbc_status = WBC_ERR_SUCCESS; +done: + wbcFreeMemory(blobs); + return wbc_status; +} + +_PUBLIC_ +void wbcSetClientProcessName(const char *name) +{ + winbind_set_client_name(name); +} diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c new file mode 100644 index 0000000..4562046 --- /dev/null +++ b/nsswitch/libwbclient/wbclient.c @@ -0,0 +1,344 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Matthew Newton 2015 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* Required Headers */ + +#include "replace.h" +#include "libwbclient.h" + +/* From wb_common.c */ + +struct winbindd_context; + +NSS_STATUS winbindd_request_response(struct winbindd_context *wbctx, + int req_type, + struct winbindd_request *request, + struct winbindd_response *response); +NSS_STATUS winbindd_priv_request_response(struct winbindd_context *wbctx, + int req_type, + struct winbindd_request *request, + struct winbindd_response *response); +struct winbindd_context *winbindd_ctx_create(void); +void winbindd_ctx_free(struct winbindd_context *ctx); + +/* Global context used for non-Ctx functions */ + +static struct wbcContext wbcGlobalCtx = { + .winbindd_ctx = NULL, + .pw_cache_size = 0, + .pw_cache_idx = 0, + .gr_cache_size = 0, + .gr_cache_idx = 0 +}; + +/* + result == NSS_STATUS_UNAVAIL: winbind not around + result == NSS_STATUS_NOTFOUND: winbind around, but domain missing + + Due to a bad API NSS_STATUS_NOTFOUND is returned both when winbind_off + and when winbind return WINBINDD_ERROR. So the semantics of this + routine depends on winbind_on. Grepping for winbind_off I just + found 3 places where winbind is turned off, and this does not conflict + (as far as I have seen) with the callers of is_trusted_domains. + + --Volker +*/ + +static wbcErr wbcRequestResponseInt( + struct winbindd_context *wbctx, + int cmd, + struct winbindd_request *request, + struct winbindd_response *response, + NSS_STATUS (*fn)(struct winbindd_context *wbctx, int req_type, + struct winbindd_request *request, + struct winbindd_response *response)) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + NSS_STATUS nss_status; + + /* for some calls the request and/or response can be NULL */ + + nss_status = fn(wbctx, cmd, request, response); + + switch (nss_status) { + case NSS_STATUS_SUCCESS: + wbc_status = WBC_ERR_SUCCESS; + break; + case NSS_STATUS_UNAVAIL: + wbc_status = WBC_ERR_WINBIND_NOT_AVAILABLE; + break; + case NSS_STATUS_NOTFOUND: + wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; + break; + default: + wbc_status = WBC_ERR_NSS_ERROR; + break; + } + + return wbc_status; +} + +/** + * @brief Wrapper around Winbind's send/receive API call + * + * @param ctx Context + * @param cmd Winbind command operation to perform + * @param request Send structure + * @param response Receive structure + * + * @return #wbcErr + */ +_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */ +wbcErr wbcRequestResponse(struct wbcContext *ctx, int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + struct winbindd_context *wbctx = NULL; + + if (ctx) { + wbctx = ctx->winbindd_ctx; + } + + return wbcRequestResponseInt(wbctx, cmd, request, response, + winbindd_request_response); +} + +_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */ +wbcErr wbcRequestResponsePriv(struct wbcContext *ctx, int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + struct winbindd_context *wbctx = NULL; + + if (ctx) { + wbctx = ctx->winbindd_ctx; + } + + return wbcRequestResponseInt(wbctx, cmd, request, response, + winbindd_priv_request_response); +} + +/** @brief Translate an error value into a string + * + * @param error + * + * @return a pointer to a static string + **/ +_PUBLIC_ +const char *wbcErrorString(wbcErr error) +{ + switch (error) { + case WBC_ERR_SUCCESS: + return "WBC_ERR_SUCCESS"; + case WBC_ERR_NOT_IMPLEMENTED: + return "WBC_ERR_NOT_IMPLEMENTED"; + case WBC_ERR_UNKNOWN_FAILURE: + return "WBC_ERR_UNKNOWN_FAILURE"; + case WBC_ERR_NO_MEMORY: + return "WBC_ERR_NO_MEMORY"; + case WBC_ERR_INVALID_SID: + return "WBC_ERR_INVALID_SID"; + case WBC_ERR_INVALID_PARAM: + return "WBC_ERR_INVALID_PARAM"; + case WBC_ERR_WINBIND_NOT_AVAILABLE: + return "WBC_ERR_WINBIND_NOT_AVAILABLE"; + case WBC_ERR_DOMAIN_NOT_FOUND: + return "WBC_ERR_DOMAIN_NOT_FOUND"; + case WBC_ERR_INVALID_RESPONSE: + return "WBC_ERR_INVALID_RESPONSE"; + case WBC_ERR_NSS_ERROR: + return "WBC_ERR_NSS_ERROR"; + case WBC_ERR_UNKNOWN_USER: + return "WBC_ERR_UNKNOWN_USER"; + case WBC_ERR_UNKNOWN_GROUP: + return "WBC_ERR_UNKNOWN_GROUP"; + case WBC_ERR_AUTH_ERROR: + return "WBC_ERR_AUTH_ERROR"; + case WBC_ERR_PWD_CHANGE_FAILED: + return "WBC_ERR_PWD_CHANGE_FAILED"; + } + + return "unknown wbcErr value"; +} + +#define WBC_MAGIC (0x7a2b0e1e) +#define WBC_MAGIC_FREE (0x875634fe) + +struct wbcMemPrefix { + uint32_t magic; + void (*destructor)(void *ptr); +}; + +static size_t wbcPrefixLen(void) +{ + size_t result = sizeof(struct wbcMemPrefix); + return (result + 15) & ~15; +} + +static struct wbcMemPrefix *wbcMemToPrefix(void *ptr) +{ + return (struct wbcMemPrefix *)(((char *)ptr) - wbcPrefixLen()); +} + +_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */ +void *wbcAllocateMemory(size_t nelem, size_t elsize, + void (*destructor)(void *ptr)) +{ + struct wbcMemPrefix *result; + + if (nelem >= (2<<24)/elsize) { + /* basic protection against integer wrap */ + return NULL; + } + + result = (struct wbcMemPrefix *)calloc( + 1, nelem*elsize + wbcPrefixLen()); + if (result == NULL) { + return NULL; + } + result->magic = WBC_MAGIC; + result->destructor = destructor; + return ((char *)result) + wbcPrefixLen(); +} + +/* Free library allocated memory */ +_PUBLIC_ +void wbcFreeMemory(void *p) +{ + struct wbcMemPrefix *wbcMem; + + if (p == NULL) { + return; + } + wbcMem = wbcMemToPrefix(p); + if (wbcMem->magic != WBC_MAGIC) { + return; + } + + /* paranoid check to ensure we don't double free */ + wbcMem->magic = WBC_MAGIC_FREE; + + if (wbcMem->destructor != NULL) { + wbcMem->destructor(p); + } + free(wbcMem); + return; +} + +_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */ +char *wbcStrDup(const char *str) +{ + char *result; + size_t len; + + len = strlen(str); + result = (char *)wbcAllocateMemory(len+1, sizeof(char), NULL); + if (result == NULL) { + return NULL; + } + memcpy(result, str, len+1); + return result; +} + +static void wbcStringArrayDestructor(void *ptr) +{ + char **p = (char **)ptr; + while (*p != NULL) { + free(*p); + p += 1; + } +} + +_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */ +const char **wbcAllocateStringArray(int num_strings) +{ + return (const char **)wbcAllocateMemory( + num_strings + 1, sizeof(const char *), + wbcStringArrayDestructor); +} + +_PUBLIC_ +wbcErr wbcLibraryDetails(struct wbcLibraryDetails **_details) +{ + struct wbcLibraryDetails *info; + + info = (struct wbcLibraryDetails *)wbcAllocateMemory( + 1, sizeof(struct wbcLibraryDetails), NULL); + + if (info == NULL) { + return WBC_ERR_NO_MEMORY; + } + + info->major_version = WBCLIENT_MAJOR_VERSION; + info->minor_version = WBCLIENT_MINOR_VERSION; + info->vendor_version = WBCLIENT_VENDOR_VERSION; + + *_details = info; + return WBC_ERR_SUCCESS; +} + +/* Context handling functions */ + +static void wbcContextDestructor(void *ptr) +{ + struct wbcContext *ctx = (struct wbcContext *)ptr; + + winbindd_ctx_free(ctx->winbindd_ctx); +} + +_PUBLIC_ +struct wbcContext *wbcCtxCreate(void) +{ + struct wbcContext *ctx; + struct winbindd_context *wbctx; + + ctx = (struct wbcContext *)wbcAllocateMemory( + 1, sizeof(struct wbcContext), wbcContextDestructor); + + if (!ctx) { + return NULL; + } + + wbctx = winbindd_ctx_create(); + + if (!wbctx) { + wbcFreeMemory(ctx); + return NULL; + } + + ctx->winbindd_ctx = wbctx; + + return ctx; +} + +_PUBLIC_ +void wbcCtxFree(struct wbcContext *ctx) +{ + wbcFreeMemory(ctx); +} + +_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */ +struct wbcContext *wbcGetGlobalCtx(void) +{ + return &wbcGlobalCtx; +} diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h new file mode 100644 index 0000000..05cf8a1 --- /dev/null +++ b/nsswitch/libwbclient/wbclient.h @@ -0,0 +1,2068 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Volker Lendecke 2009 + Copyright (C) Matthew Newton 2015 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _WBCLIENT_H +#define _WBCLIENT_H + +#include <pwd.h> +#include <grp.h> + +/* Define error types */ + +/** + * @brief Status codes returned from wbc functions + **/ + +enum _wbcErrType { + WBC_ERR_SUCCESS = 0, /**< Successful completion **/ + WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/ + WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/ + WBC_ERR_NO_MEMORY, /**< Memory allocation error **/ + WBC_ERR_INVALID_SID, /**< Invalid SID format **/ + WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/ + WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ + WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ + WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ + WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ + WBC_ERR_AUTH_ERROR, /**< Authentication failed **/ + WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */ + WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */ + WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */ +}; + +typedef enum _wbcErrType wbcErr; + +#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS) + +const char *wbcErrorString(wbcErr error); + +/** + * @brief Some useful details about the wbclient library + * + * 0.1: Initial version + * 0.2: Added wbcRemoveUidMapping() + * Added wbcRemoveGidMapping() + * 0.3: Added wbcGetpwsid() + * Added wbcGetSidAliases() + * 0.4: Added wbcSidTypeString() + * 0.5: Added wbcChangeTrustCredentials() + * 0.6: Made struct wbcInterfaceDetails char* members non-const + * 0.7: Added wbcSidToStringBuf() + * 0.8: Added wbcSidsToUnixIds() and wbcLookupSids() + * 0.9: Added support for WBC_ID_TYPE_BOTH + * 0.10: Added wbcPingDc2() + * 0.11: Extended wbcAuthenticateUserEx to provide PAC parsing + * 0.12: Added wbcCtxCreate and friends + * 0.13: Added wbcCtxUnixIdsToSids and wbcUnixIdsToSids + * 0.14: Added "authoritative" to wbcAuthErrorInfo + * Added WBC_SID_NAME_LABEL + * 0.15: Added wbcSetClientProcessName() + **/ +#define WBCLIENT_MAJOR_VERSION 0 +#define WBCLIENT_MINOR_VERSION 15 +#define WBCLIENT_VENDOR_VERSION "Samba libwbclient" +struct wbcLibraryDetails { + uint16_t major_version; + uint16_t minor_version; + const char *vendor_version; +}; + +/** + * @brief Some useful details about the running winbindd + * + **/ +struct wbcInterfaceDetails { + uint32_t interface_version; + char *winbind_version; + char winbind_separator; + char *netbios_name; + char *netbios_domain; + char *dns_domain; +}; + +/** + * @brief Library context data + * + **/ + +struct wbcContext; + +/* + * Data types used by the Winbind Client API + */ + +#ifndef WBC_MAXSUBAUTHS +#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */ +#endif + +/** + * @brief Windows Security Identifier + * + **/ + +struct wbcDomainSid { + uint8_t sid_rev_num; + uint8_t num_auths; + uint8_t id_auth[6]; + uint32_t sub_auths[WBC_MAXSUBAUTHS]; +}; + +/** + * @brief Security Identifier type + **/ + +enum wbcSidType { + WBC_SID_NAME_USE_NONE=0, + WBC_SID_NAME_USER=1, + WBC_SID_NAME_DOM_GRP=2, + WBC_SID_NAME_DOMAIN=3, + WBC_SID_NAME_ALIAS=4, + WBC_SID_NAME_WKN_GRP=5, + WBC_SID_NAME_DELETED=6, + WBC_SID_NAME_INVALID=7, + WBC_SID_NAME_UNKNOWN=8, + WBC_SID_NAME_COMPUTER=9, + WBC_SID_NAME_LABEL=10 +}; + +/** + * @brief Security Identifier with attributes + **/ + +struct wbcSidWithAttr { + struct wbcDomainSid sid; + uint32_t attributes; +}; + +/* wbcSidWithAttr->attributes */ + +#define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001 +#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002 +#define WBC_SID_ATTR_GROUP_ENABLED 0x00000004 +#define WBC_SID_ATTR_GROUP_OWNER 0x00000008 +#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010 +#define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000 +#define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000 + +/** + * @brief Windows GUID + * + **/ + +struct wbcGuid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_hi_and_version; + uint8_t clock_seq[2]; + uint8_t node[6]; +}; + +/** + * @brief Domain Information + **/ + +struct wbcDomainInfo { + char *short_name; + char *dns_name; + struct wbcDomainSid sid; + uint32_t domain_flags; + uint32_t trust_flags; + uint32_t trust_type; + char *trust_routing; +}; + +/* wbcDomainInfo->domain_flags */ + +#define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000 +#define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001 +#define WBC_DOMINFO_DOMAIN_AD 0x00000002 +#define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004 +#define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008 + +/* wbcDomainInfo->trust_flags */ + +#define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001 +#define WBC_DOMINFO_TRUST_INCOMING 0x00000002 +#define WBC_DOMINFO_TRUST_OUTGOING 0x00000004 + +/* wbcDomainInfo->trust_type */ + +#define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000 +#define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001 +#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002 +#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003 +#define WBC_DOMINFO_TRUSTTYPE_LOCAL 0x00000004 +#define WBC_DOMINFO_TRUSTTYPE_WKSTA 0x00000005 +#define WBC_DOMINFO_TRUSTTYPE_RWDC 0x00000006 +#define WBC_DOMINFO_TRUSTTYPE_RODC 0x00000007 +#define WBC_DOMINFO_TRUSTTYPE_PDC 0x00000008 + + +/** + * @brief Generic Blob + **/ + +struct wbcBlob { + uint8_t *data; + size_t length; +}; + +/** + * @brief Named Blob + **/ + +struct wbcNamedBlob { + const char *name; + uint32_t flags; + struct wbcBlob blob; +}; + +/** + * @brief Auth User Parameters + **/ + +struct wbcAuthUserParams { + const char *account_name; + const char *domain_name; + const char *workstation_name; + + uint32_t flags; + + uint32_t parameter_control; + + enum wbcAuthUserLevel { + WBC_AUTH_USER_LEVEL_PLAIN = 1, + WBC_AUTH_USER_LEVEL_HASH = 2, + WBC_AUTH_USER_LEVEL_RESPONSE = 3, + WBC_AUTH_USER_LEVEL_PAC = 4 + } level; + union { + const char *plaintext; + struct { + uint8_t nt_hash[16]; + uint8_t lm_hash[16]; + } hash; + struct { + uint8_t challenge[8]; + uint32_t nt_length; + uint8_t *nt_data; + uint32_t lm_length; + uint8_t *lm_data; + } response; + struct wbcBlob pac; + } password; +}; + +/** + * @brief Logon User Parameters + **/ + +struct wbcLogonUserParams { + const char *username; + const char *password; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + +/** + * @brief ChangePassword Parameters + **/ + +struct wbcChangePasswordParams { + const char *account_name; + const char *domain_name; + + uint32_t flags; + + enum wbcChangePasswordLevel { + WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1, + WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2 + } level; + + union { + const char *plaintext; + struct { + uint32_t old_nt_hash_enc_length; + uint8_t *old_nt_hash_enc_data; + uint32_t old_lm_hash_enc_length; + uint8_t *old_lm_hash_enc_data; + } response; + } old_password; + union { + const char *plaintext; + struct { + uint32_t nt_length; + uint8_t *nt_data; + uint32_t lm_length; + uint8_t *lm_data; + } response; + } new_password; +}; + +/* wbcAuthUserParams->parameter_control */ + +#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002 +#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004 +#define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008 +#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020 +#define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200 +#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800 +#define WBC_MSV1_0_ALLOW_MSVCHAPV2 0x00010000 + +/* wbcAuthUserParams->flags */ + +#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001 + +/** + * @brief Auth User Information + * + * Some of the strings are maybe NULL + **/ + +struct wbcAuthUserInfo { + uint32_t user_flags; + + char *account_name; + char *user_principal; + char *full_name; + char *domain_name; + char *dns_domain_name; + + uint32_t acct_flags; + uint8_t user_session_key[16]; + uint8_t lm_session_key[8]; + + uint16_t logon_count; + uint16_t bad_password_count; + + uint64_t logon_time; + uint64_t logoff_time; + uint64_t kickoff_time; + uint64_t pass_last_set_time; + uint64_t pass_can_change_time; + uint64_t pass_must_change_time; + + char *logon_server; + char *logon_script; + char *profile_path; + char *home_directory; + char *home_drive; + + /* + * the 1st one is the account sid + * the 2nd one is the primary_group sid + * followed by the rest of the groups + */ + uint32_t num_sids; + struct wbcSidWithAttr *sids; +}; + +/** + * @brief Logon User Information + * + * Some of the strings are maybe NULL + **/ + +struct wbcLogonUserInfo { + struct wbcAuthUserInfo *info; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + +/* wbcAuthUserInfo->user_flags */ + +#define WBC_AUTH_USER_INFO_GUEST 0x00000001 +#define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002 +#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004 +#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008 +#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 +#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040 +#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080 +#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100 +#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200 +#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400 +#define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000 + +/* wbcAuthUserInfo->acct_flags */ + +#define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */ +#define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */ +#define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */ +#define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */ +#define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */ +#define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */ +#define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */ +#define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */ +#define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */ +#define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */ +#define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */ +#define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */ +#define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */ +#define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */ +#define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */ +#define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */ +#define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */ +#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ +#define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ + +struct wbcAuthErrorInfo { + uint32_t nt_status; + char *nt_string; + int32_t pam_error; + char *display_string; + uint8_t authoritative; +}; + +/** + * @brief User Password Policy Information + **/ + +/* wbcUserPasswordPolicyInfo->password_properties */ + +#define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001 +#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002 +#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004 +#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008 +#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010 +#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020 + +struct wbcUserPasswordPolicyInfo { + uint32_t min_length_password; + uint32_t password_history; + uint32_t password_properties; + uint64_t expire; + uint64_t min_passwordage; +}; + +/** + * @brief Change Password Reject Reason + **/ + +enum wbcPasswordChangeRejectReason { + WBC_PWD_CHANGE_NO_ERROR=0, + WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1, + WBC_PWD_CHANGE_PWD_IN_HISTORY=2, + WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3, + WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4, + WBC_PWD_CHANGE_NOT_COMPLEX=5, + WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6, + WBC_PWD_CHANGE_FAILED_BY_FILTER=7, + WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8 +}; + +/* Note: this defines exist for compatibility reasons with existing code */ +#define WBC_PWD_CHANGE_REJECT_OTHER WBC_PWD_CHANGE_NO_ERROR +#define WBC_PWD_CHANGE_REJECT_TOO_SHORT WBC_PWD_CHANGE_PASSWORD_TOO_SHORT +#define WBC_PWD_CHANGE_REJECT_IN_HISTORY WBC_PWD_CHANGE_PWD_IN_HISTORY +#define WBC_PWD_CHANGE_REJECT_COMPLEXITY WBC_PWD_CHANGE_NOT_COMPLEX + +/** + * @brief Logoff User Parameters + **/ + +struct wbcLogoffUserParams { + const char *username; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + +/** @brief Credential cache log-on parameters + * + */ + +struct wbcCredentialCacheParams { + const char *account_name; + const char *domain_name; + enum wbcCredentialCacheLevel { + WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1 + } level; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + + +/** @brief Info returned by credential cache auth + * + */ + +struct wbcCredentialCacheInfo { + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + +/* + * DomainControllerInfo struct + */ +struct wbcDomainControllerInfo { + char *dc_name; +}; + +/* + * DomainControllerInfoEx struct + */ +struct wbcDomainControllerInfoEx { + const char *dc_unc; + const char *dc_address; + uint16_t dc_address_type; + struct wbcGuid *domain_guid; + const char *domain_name; + const char *forest_name; + uint32_t dc_flags; + const char *dc_site_name; + const char *client_site_name; +}; + +/********************************************************** + * Memory Management + **********************************************************/ + +/** + * @brief Free library allocated memory + * + * @param * Pointer to free + * + * @return void + **/ +void wbcFreeMemory(void*); + + +/********************************************************** + * Context Management + **********************************************************/ + +/** + * @brief Create a new wbcContext context + * + * @return wbcContext + **/ +struct wbcContext *wbcCtxCreate(void); + +/** + * @brief Free a library context + * + * @param ctx wbcContext to free + * + * @return void + **/ +void wbcCtxFree(struct wbcContext *ctx); + + + +/* + * Utility functions for dealing with SIDs + */ + +/** + * @brief Get a string representation of the SID type + * + * @param type type of the SID + * + * @return string representation of the SID type + */ +const char* wbcSidTypeString(enum wbcSidType type); + +#define WBC_SID_STRING_BUFLEN (15*11+25) + +/* + * @brief Print a sid into a buffer + * + * @param sid Binary Security Identifier + * @param buf Target buffer + * @param buflen Target buffer length + * + * @return Resulting string length. + */ +int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen); + +/** + * @brief Convert a binary SID to a character string + * + * @param sid Binary Security Identifier + * @param **sid_string Resulting character string + * + * @return #wbcErr + **/ +wbcErr wbcSidToString(const struct wbcDomainSid *sid, + char **sid_string); + +/** + * @brief Convert a character string to a binary SID + * + * @param *sid_string Character string in the form of S-... + * @param sid Resulting binary SID + * + * @return #wbcErr + **/ +wbcErr wbcStringToSid(const char *sid_string, + struct wbcDomainSid *sid); + +/* + * Utility functions for dealing with GUIDs + */ + +/** + * @brief Convert a binary GUID to a character string + * + * @param guid Binary Guid + * @param **guid_string Resulting character string + * + * @return #wbcErr + **/ +wbcErr wbcGuidToString(const struct wbcGuid *guid, + char **guid_string); + +/** + * @brief Convert a character string to a binary GUID + * + * @param *guid_string Character string + * @param guid Resulting binary GUID + * + * @return #wbcErr + **/ +wbcErr wbcStringToGuid(const char *guid_string, + struct wbcGuid *guid); + +/** + * @brief Ping winbindd to see if the daemon is running + * + * @param *ctx wbclient Context + * + * @return #wbcErr + **/ +wbcErr wbcCtxPing(struct wbcContext *ctx); + +/** + * @brief Ping winbindd to see if the daemon is running + * + * @return #wbcErr + **/ +wbcErr wbcPing(void); + +wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details); + +wbcErr wbcCtxInterfaceDetails(struct wbcContext *ctx, + struct wbcInterfaceDetails **details); +wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details); + +/********************************************************** + * Name/SID conversion + **********************************************************/ + +/** + * @brief Convert a domain and name to SID + * + * @param *ctx wbclient Context + * @param dom_name Domain name (possibly "") + * @param name User or group name + * @param *sid Pointer to the resolved domain SID + * @param *name_type Pointer to the SID type + * + * @return #wbcErr + **/ +wbcErr wbcCtxLookupName(struct wbcContext *ctx, + const char *dom_name, + const char *name, + struct wbcDomainSid *sid, + enum wbcSidType *name_type); + +/** + * @brief Convert a domain and name to SID + * + * @param dom_name Domain name (possibly "") + * @param name User or group name + * @param *sid Pointer to the resolved domain SID + * @param *name_type Pointer to the SID type + * + * @return #wbcErr + **/ +wbcErr wbcLookupName(const char *dom_name, + const char *name, + struct wbcDomainSid *sid, + enum wbcSidType *name_type); + +/** + * @brief Convert a SID to a domain and name + * + * @param *ctx wbclient Context + * @param *sid Pointer to the domain SID to be resolved + * @param domain Resolved Domain name (possibly "") + * @param name Resolved User or group name + * @param *name_type Pointer to the resolved SID type + * + * @return #wbcErr + **/ +wbcErr wbcCtxLookupSid(struct wbcContext *ctx, + const struct wbcDomainSid *sid, + char **domain, + char **name, + enum wbcSidType *name_type); + +/** + * @brief Convert a SID to a domain and name + * + * @param *sid Pointer to the domain SID to be resolved + * @param domain Resolved Domain name (possibly "") + * @param name Resolved User or group name + * @param *name_type Pointer to the resolved SID type + * + * @return #wbcErr + **/ +wbcErr wbcLookupSid(const struct wbcDomainSid *sid, + char **domain, + char **name, + enum wbcSidType *name_type); + +struct wbcTranslatedName { + enum wbcSidType type; + char *name; + int domain_index; +}; + +wbcErr wbcCtxLookupSids(struct wbcContext *ctx, + const struct wbcDomainSid *sids, int num_sids, + struct wbcDomainInfo **domains, int *num_domains, + struct wbcTranslatedName **names); + +wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids, + struct wbcDomainInfo **domains, int *num_domains, + struct wbcTranslatedName **names); + +/** + * @brief Translate a collection of RIDs within a domain to names + */ +wbcErr wbcCtxLookupRids(struct wbcContext *ctx, + struct wbcDomainSid *dom_sid, + int num_rids, + uint32_t *rids, + const char **domain_name, + const char ***names, + enum wbcSidType **types); + +/** + * @brief Translate a collection of RIDs within a domain to names + */ +wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, + int num_rids, + uint32_t *rids, + const char **domain_name, + const char ***names, + enum wbcSidType **types); + +/* + * @brief Get the groups a user belongs to + **/ +wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx, + const struct wbcDomainSid *user_sid, + bool domain_groups_only, + uint32_t *num_sids, + struct wbcDomainSid **sids); + +/* + * @brief Get the groups a user belongs to + **/ +wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, + bool domain_groups_only, + uint32_t *num_sids, + struct wbcDomainSid **sids); + +/* + * @brief Get alias membership for sids + **/ +wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx, + const struct wbcDomainSid *dom_sid, + struct wbcDomainSid *sids, + uint32_t num_sids, + uint32_t **alias_rids, + uint32_t *num_alias_rids); + +/* + * @brief Get alias membership for sids + **/ +wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid, + struct wbcDomainSid *sids, + uint32_t num_sids, + uint32_t **alias_rids, + uint32_t *num_alias_rids); + +/** + * @brief Lists Users + **/ +wbcErr wbcCtxListUsers(struct wbcContext *ctx, + const char *domain_name, + uint32_t *num_users, + const char ***users); + +/** + * @brief Lists Users + **/ +wbcErr wbcListUsers(const char *domain_name, + uint32_t *num_users, + const char ***users); + +/** + * @brief Lists Groups + **/ +wbcErr wbcCtxListGroups(struct wbcContext *ctx, + const char *domain_name, + uint32_t *num_groups, + const char ***groups); + +/** + * @brief Lists Groups + **/ +wbcErr wbcListGroups(const char *domain_name, + uint32_t *num_groups, + const char ***groups); + +wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx, + const struct wbcDomainSid *sid, + char **pdomain, + char **pfullname, + enum wbcSidType *pname_type); + +wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, + char **pdomain, + char **pfullname, + enum wbcSidType *pname_type); + +/********************************************************** + * SID/uid/gid Mappings + **********************************************************/ + +/** + * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed + * + * @param *ctx wbclient Context + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ +wbcErr wbcCtxSidToUid(struct wbcContext *ctx, + const struct wbcDomainSid *sid, + uid_t *puid); + +/** + * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ +wbcErr wbcSidToUid(const struct wbcDomainSid *sid, + uid_t *puid); + +/** + * @brief Convert a Windows SID to a Unix uid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ +wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, + uid_t *puid); + +/** + * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed + * + * @param *ctx wbclient Context + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ +wbcErr wbcCtxUidToSid(struct wbcContext *ctx, uid_t uid, + struct wbcDomainSid *sid); + +/** + * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ +wbcErr wbcUidToSid(uid_t uid, + struct wbcDomainSid *sid); + +/** + * @brief Convert a Unix uid to a Windows SID if there already is a mapping + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ +wbcErr wbcQueryUidToSid(uid_t uid, + struct wbcDomainSid *sid); + +/** + * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed + * + * @param *ctx wbclient Context + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ +wbcErr wbcCtxSidToGid(struct wbcContext *ctx, + const struct wbcDomainSid *sid, + gid_t *pgid); + +/** + * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ +wbcErr wbcSidToGid(const struct wbcDomainSid *sid, + gid_t *pgid); + +/** + * @brief Convert a Windows SID to a Unix gid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ +wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, + gid_t *pgid); + +/** + * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed + * + * @param *ctx wbclient Context + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ +wbcErr wbcCtxGidToSid(struct wbcContext *ctx, gid_t gid, + struct wbcDomainSid *sid); + +/** + * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ +wbcErr wbcGidToSid(gid_t gid, + struct wbcDomainSid *sid); + +/** + * @brief Convert a Unix gid to a Windows SID if there already is a mapping + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ +wbcErr wbcQueryGidToSid(gid_t gid, + struct wbcDomainSid *sid); + +enum wbcIdType { + WBC_ID_TYPE_NOT_SPECIFIED, + WBC_ID_TYPE_UID, + WBC_ID_TYPE_GID, + WBC_ID_TYPE_BOTH +}; + +union wbcUnixIdContainer { + uid_t uid; + gid_t gid; +}; + +struct wbcUnixId { + enum wbcIdType type; + union wbcUnixIdContainer id; +}; + +/** + * @brief Convert a list of sids to unix ids + * + * @param *ctx wbclient Context + * @param sids Pointer to an array of SIDs to convert + * @param num_sids Number of SIDs + * @param ids Preallocated output array for translated IDs + * + * @return #wbcErr + * + **/ +wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx, + const struct wbcDomainSid *sids, uint32_t num_sids, + struct wbcUnixId *ids); + +/** + * @brief Convert a list of sids to unix ids + * + * @param sids Pointer to an array of SIDs to convert + * @param num_sids Number of SIDs + * @param ids Preallocated output array for translated IDs + * + * @return #wbcErr + * + **/ +wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids, + struct wbcUnixId *ids); + +wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx, + const struct wbcUnixId *ids, uint32_t num_ids, + struct wbcDomainSid *sids); +wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids, + struct wbcDomainSid *sids); + +/** + * @brief Obtain a new uid from Winbind + * + * @param *ctx wbclient Context + * @param *puid Pointer to the allocated uid + * + * @return #wbcErr + **/ +wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid); + +/** + * @brief Obtain a new uid from Winbind + * + * @param *puid Pointer to the allocated uid + * + * @return #wbcErr + **/ +wbcErr wbcAllocateUid(uid_t *puid); + +/** + * @brief Obtain a new gid from Winbind + * + * @param *ctx wbclient Context + * @param *pgid Pointer to the allocated gid + * + * @return #wbcErr + **/ +wbcErr wbcCtxAllocateGid(struct wbcContext *ctx, gid_t *pgid); + +/** + * @brief Obtain a new gid from Winbind + * + * @param *pgid Pointer to the allocated gid + * + * @return #wbcErr + **/ +wbcErr wbcAllocateGid(gid_t *pgid); + +/** + * @brief Set an user id mapping + * + * @param uid Uid of the desired mapping. + * @param *sid Pointer to the sid of the desired mapping. + * + * @return #wbcErr + * + * @deprecated This method is not impemented any more and should + * be removed in the next major version change. + **/ +wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); + +/** + * @brief Set a group id mapping + * + * @param gid Gid of the desired mapping. + * @param *sid Pointer to the sid of the desired mapping. + * + * @return #wbcErr + * + * @deprecated This method is not impemented any more and should + * be removed in the next major version change. + **/ +wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); + +/** + * @brief Remove a user id mapping + * + * @param uid Uid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + * + * @deprecated This method is not impemented any more and should + * be removed in the next major version change. + **/ +wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid); + +/** + * @brief Remove a group id mapping + * + * @param gid Gid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + * + * @deprecated This method is not impemented any more and should + * be removed in the next major version change. + **/ +wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid); + +/** + * @brief Set the highwater mark for allocated uids. + * + * @param uid_hwm The new uid highwater mark value + * + * @return #wbcErr + * + * @deprecated This method is not impemented any more and should + * be removed in the next major version change. + **/ +wbcErr wbcSetUidHwm(uid_t uid_hwm); + +/** + * @brief Set the highwater mark for allocated gids. + * + * @param gid_hwm The new gid highwater mark value + * + * @return #wbcErr + * + * @deprecated This method is not impemented any more and should + * be removed in the next major version change. + **/ +wbcErr wbcSetGidHwm(gid_t gid_hwm); + +/********************************************************** + * NSS Lookup User/Group details + **********************************************************/ + +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *ctx wbclient Context + * @param *name Username to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetpwnam(struct wbcContext *ctx, + const char *name, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetpwnam(const char *name, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param *ctx wbclient Context + * @param uid Uid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetpwuid(struct wbcContext *ctx, + uid_t uid, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param uid Uid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on sid + * + * @param *ctx wbclient Context + * @param sid Sid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetpwsid(struct wbcContext *ctx, + struct wbcDomainSid * sid, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on sid + * + * @param sid Sid to lookup + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *ctx wbclient Context + * @param *name Username to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetgrnam(struct wbcContext *ctx, + const char *name, struct group **grp); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on username + * + * @param *name Username to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetgrnam(const char *name, struct group **grp); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param *ctx wbclient Context + * @param gid Uid to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetgrgid(struct wbcContext *ctx, + gid_t gid, struct group **grp); + +/** + * @brief Fill in a struct passwd* for a domain user based + * on uid + * + * @param gid Uid to lookup + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetgrgid(gid_t gid, struct group **grp); + +/** + * @brief Reset the passwd iterator + * + * @param *ctx wbclient Context + * + * @return #wbcErr + **/ +wbcErr wbcCtxSetpwent(struct wbcContext *ctx); + +/** + * @brief Reset the passwd iterator + * + * @return #wbcErr + **/ +wbcErr wbcSetpwent(void); + +/** + * @brief Close the passwd iterator + * + * @param *ctx wbclient Context + * + * @return #wbcErr + **/ +wbcErr wbcCtxEndpwent(struct wbcContext *ctx); + +/** + * @brief Close the passwd iterator + * + * @return #wbcErr + **/ +wbcErr wbcEndpwent(void); + +/** + * @brief Return the next struct passwd* entry from the pwent iterator + * + * @param *ctx wbclient Context + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetpwent(struct wbcContext *ctx, struct passwd **pwd); + +/** + * @brief Return the next struct passwd* entry from the pwent iterator + * + * @param **pwd Pointer to resulting struct passwd* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetpwent(struct passwd **pwd); + +/** + * @brief Reset the group iterator + * + * @param *ctx wbclient Context + * + * @return #wbcErr + **/ +wbcErr wbcCtxSetgrent(struct wbcContext *ctx); + +/** + * @brief Reset the group iterator + * + * @return #wbcErr + **/ +wbcErr wbcSetgrent(void); + +/** + * @brief Close the group iterator + * + * @param *ctx wbclient Context + * + * @return #wbcErr + **/ +wbcErr wbcCtxEndgrent(struct wbcContext *ctx); + +/** + * @brief Close the group iterator + * + * @return #wbcErr + **/ +wbcErr wbcEndgrent(void); + +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * @param *ctx wbclient Context + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetgrent(struct wbcContext *ctx, struct group **grp); + +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetgrent(struct group **grp); + +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * This is similar to #wbcGetgrent, just that the member list is empty + * + * @param *ctx wbclient Context + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetgrlist(struct wbcContext *ctx, struct group **grp); + +/** + * @brief Return the next struct group* entry from the pwent iterator + * + * This is similar to #wbcGetgrent, just that the member list is empty + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ +wbcErr wbcGetgrlist(struct group **grp); + +/** + * @brief Return the unix group array belonging to the given user + * + * @param *ctx wbclient Context + * @param *account The given user name + * @param *num_groups Number of elements returned in the groups array + * @param **_groups Pointer to resulting gid_t array. + * + * @return #wbcErr + **/ +wbcErr wbcCtxGetGroups(struct wbcContext *ctx, + const char *account, + uint32_t *num_groups, + gid_t **_groups); + +/** + * @brief Return the unix group array belonging to the given user + * + * @param *account The given user name + * @param *num_groups Number of elements returned in the groups array + * @param **_groups Pointer to resulting gid_t array. + * + * @return #wbcErr + **/ +wbcErr wbcGetGroups(const char *account, + uint32_t *num_groups, + gid_t **_groups); + + +/********************************************************** + * Lookup Domain information + **********************************************************/ + +/** + * @brief Lookup the current status of a trusted domain + * + * @param *ctx wbclient Context + * @param domain The domain to query + * + * @param dinfo A pointer to store the returned domain_info struct. + * + * @return #wbcErr + **/ +wbcErr wbcCtxDomainInfo(struct wbcContext *ctx, + const char *domain, + struct wbcDomainInfo **dinfo); + +/** + * @brief Lookup the current status of a trusted domain + * + * @param domain The domain to query + * + * @param dinfo A pointer to store the returned domain_info struct. + * + * @return #wbcErr + **/ +wbcErr wbcDomainInfo(const char *domain, + struct wbcDomainInfo **dinfo); + +/** + * @brief Lookup the currently contacted DCs + * + * @param *ctx wbclient Context + * @param domain The domain to query + * + * @param num_dcs Number of DCs currently known + * @param dc_names Names of the currently known DCs + * @param dc_ips IP addresses of the currently known DCs + * + * @return #wbcErr + **/ +wbcErr wbcCtxDcInfo(struct wbcContext *ctx, + const char *domain, size_t *num_dcs, + const char ***dc_names, const char ***dc_ips); + +/** + * @brief Lookup the currently contacted DCs + * + * @param domain The domain to query + * + * @param num_dcs Number of DCs currently known + * @param dc_names Names of the currently known DCs + * @param dc_ips IP addresses of the currently known DCs + * + * @return #wbcErr + **/ +wbcErr wbcDcInfo(const char *domain, size_t *num_dcs, + const char ***dc_names, const char ***dc_ips); + +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param *ctx wbclient Context + * @param **domains Pointer to the allocated domain list array + * @param *num_domains Pointer to number of domains returned + * + * @return #wbcErr + **/ +wbcErr wbcCtxListTrusts(struct wbcContext *ctx, + struct wbcDomainInfo **domains, + size_t *num_domains); + +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param **domains Pointer to the allocated domain list array + * @param *num_domains Pointer to number of domains returned + * + * @return #wbcErr + **/ +wbcErr wbcListTrusts(struct wbcDomainInfo **domains, + size_t *num_domains); + +/* Flags for wbcLookupDomainController */ + +#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001 +#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010 +#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020 +#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040 +#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080 +#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100 +#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200 +#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400 +#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800 +#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000 +#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000 +#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000 +#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000 +#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000 +#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000 +#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000 +#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000 +#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 +#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 + +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param *ctx wbclient Context + * @param domain Name of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + **/ +wbcErr wbcCtxLookupDomainController(struct wbcContext *ctx, + const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info); + +/** + * @brief Enumerate the domain trusts known by Winbind + * + * @param domain Name of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + **/ +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info); + +/** + * @brief Get extended domain controller information + * + * @param *ctx wbclient Context + * @param domain Name of the domain to query for a DC + * @param guid Guid of the domain to query for a DC + * @param site Site of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned extended domain controller information + * + * @return #wbcErr + **/ +wbcErr wbcCtxLookupDomainControllerEx(struct wbcContext *ctx, + const char *domain, + struct wbcGuid *guid, + const char *site, + uint32_t flags, + struct wbcDomainControllerInfoEx **dc_info); + +/** + * @brief Get extended domain controller information + * + * @param domain Name of the domain to query for a DC + * @param guid Guid of the domain to query for a DC + * @param site Site of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned extended domain controller information + * + * @return #wbcErr + **/ +wbcErr wbcLookupDomainControllerEx(const char *domain, + struct wbcGuid *guid, + const char *site, + uint32_t flags, + struct wbcDomainControllerInfoEx **dc_info); + +/********************************************************** + * Athenticate functions + **********************************************************/ + +/** + * @brief Authenticate a username/password pair + * + * @param *ctx wbclient Context + * @param username Name of user to authenticate + * @param password Clear text password os user + * + * @return #wbcErr + **/ +wbcErr wbcCtxAuthenticateUser(struct wbcContext *ctx, + const char *username, + const char *password); + +/** + * @brief Authenticate a username/password pair + * + * @param username Name of user to authenticate + * @param password Clear text password os user + * + * @return #wbcErr + **/ +wbcErr wbcAuthenticateUser(const char *username, + const char *password); + +/** + * @brief Authenticate with more detailed information + * + * @param *ctx wbclient Context + * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH + * is not supported yet + * @param info Output details on WBC_ERR_SUCCESS + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcCtxAuthenticateUserEx(struct wbcContext *ctx, + const struct wbcAuthUserParams *params, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error); + +/** + * @brief Authenticate with more detailed information + * + * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH + * is not supported yet + * @param info Output details on WBC_ERR_SUCCESS + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error); + +/** + * @brief Logon a User + * + * @param[in] *ctx wbclient Context + * @param[in] params Pointer to a wbcLogonUserParams structure + * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure + * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure + * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure + * + * @return #wbcErr + **/ +wbcErr wbcCtxLogonUser(struct wbcContext *ctx, + const struct wbcLogonUserParams *params, + struct wbcLogonUserInfo **info, + struct wbcAuthErrorInfo **error, + struct wbcUserPasswordPolicyInfo **policy); + +/** + * @brief Logon a User + * + * @param[in] params Pointer to a wbcLogonUserParams structure + * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure + * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure + * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure + * + * @return #wbcErr + **/ +wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, + struct wbcLogonUserInfo **info, + struct wbcAuthErrorInfo **error, + struct wbcUserPasswordPolicyInfo **policy); + +/** + * @brief Trigger a logoff notification to Winbind for a specific user + * + * @param *ctx wbclient Context + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + **/ +wbcErr wbcCtxLogoffUser(struct wbcContext *ctx, + const char *username, uid_t uid, + const char *ccfilename); + +/** + * @brief Trigger a logoff notification to Winbind for a specific user + * + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + **/ +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename); + +/** + * @brief Trigger an extended logoff notification to Winbind for a specific user + * + * @param *ctx wbclient Context + * @param params A wbcLogoffUserParams structure + * @param error User output details on error + * + * @return #wbcErr + **/ +wbcErr wbcCtxLogoffUserEx(struct wbcContext *ctx, + const struct wbcLogoffUserParams *params, + struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger an extended logoff notification to Winbind for a specific user + * + * @param params A wbcLogoffUserParams structure + * @param error User output details on error + * + * @return #wbcErr + **/ +wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, + struct wbcAuthErrorInfo **error); + +/** + * @brief Change a password for a user + * + * @param *ctx wbclient Context + * @param username Name of user to authenticate + * @param old_password Old clear text password of user + * @param new_password New clear text password of user + * + * @return #wbcErr + **/ +wbcErr wbcCtxChangeUserPassword(struct wbcContext *ctx, + const char *username, + const char *old_password, + const char *new_password); + +/** + * @brief Change a password for a user + * + * @param username Name of user to authenticate + * @param old_password Old clear text password of user + * @param new_password New clear text password of user + * + * @return #wbcErr + **/ +wbcErr wbcChangeUserPassword(const char *username, + const char *old_password, + const char *new_password); + +/** + * @brief Change a password for a user with more detailed information upon + * failure + * + * @param *ctx wbclient Context + * @param params Input parameters + * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED + * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED + * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED + * + * @return #wbcErr + **/ +wbcErr wbcCtxChangeUserPasswordEx(struct wbcContext *ctx, + const struct wbcChangePasswordParams *params, + struct wbcAuthErrorInfo **error, + enum wbcPasswordChangeRejectReason *reject_reason, + struct wbcUserPasswordPolicyInfo **policy); + +/** + * @brief Change a password for a user with more detailed information upon + * failure + * + * @param params Input parameters + * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED + * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED + * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED + * + * @return #wbcErr + **/ +wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, + struct wbcAuthErrorInfo **error, + enum wbcPasswordChangeRejectReason *reject_reason, + struct wbcUserPasswordPolicyInfo **policy); + +/** + * @brief Authenticate a user with cached credentials + * + * @param *ctx wbclient Context + * @param *params Pointer to a wbcCredentialCacheParams structure + * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure + * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure + * + * @return #wbcErr + **/ +wbcErr wbcCtxCredentialCache(struct wbcContext *ctx, + struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error); + +/** + * @brief Authenticate a user with cached credentials + * + * @param *params Pointer to a wbcCredentialCacheParams structure + * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure + * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure + * + * @return #wbcErr + **/ +wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error); + +/** + * @brief Save a password with winbind for doing wbcCredentialCache() later + * + * @param *ctx wbclient Context + * @param *user Username + * @param *password Password + * + * @return #wbcErr + **/ +wbcErr wbcCtxCredentialSave(struct wbcContext *ctx, + const char *user, const char *password); + +/** + * @brief Save a password with winbind for doing wbcCredentialCache() later + * + * @param *user Username + * @param *password Password + * + * @return #wbcErr + **/ +wbcErr wbcCredentialSave(const char *user, const char *password); + +/********************************************************** + * Resolve functions + **********************************************************/ + +/** + * @brief Resolve a NetbiosName via WINS + * + * @param *ctx wbclient Context + * @param name Name to resolve + * @param *ip Pointer to the ip address string + * + * @return #wbcErr + **/ +wbcErr wbcCtxResolveWinsByName(struct wbcContext *ctx, + const char *name, char **ip); + +/** + * @brief Resolve a NetbiosName via WINS + * + * @param name Name to resolve + * @param *ip Pointer to the ip address string + * + * @return #wbcErr + **/ +wbcErr wbcResolveWinsByName(const char *name, char **ip); + +/** + * @brief Resolve an IP address via WINS into a NetbiosName + * + * @param *ctx wbclient Context + * @param ip The ip address string + * @param *name Pointer to the name + * + * @return #wbcErr + * + **/ +wbcErr wbcCtxResolveWinsByIP(struct wbcContext *ctx, + const char *ip, char **name); + +/** + * @brief Resolve an IP address via WINS into a NetbiosName + * + * @param ip The ip address string + * @param *name Pointer to the name + * + * @return #wbcErr + * + **/ +wbcErr wbcResolveWinsByIP(const char *ip, char **name); + +/********************************************************** + * Trusted domain functions + **********************************************************/ + +/** + * @brief Trigger a verification of the trust credentials of a specific domain + * + * @param *ctx wbclient Context + * @param *domain The name of the domain. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcCtxCheckTrustCredentials(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger a verification of the trust credentials of a specific domain + * + * @param *domain The name of the domain. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcCheckTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger a change of the trust credentials for a specific domain + * + * @param *ctx wbclient Context + * @param *domain The name of the domain. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcCtxChangeTrustCredentials(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger a change of the trust credentials for a specific domain + * + * @param *domain The name of the domain. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcChangeTrustCredentials(const char *domain, + struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *ctx wbclient Context + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcCtxPingDc(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error); + +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *ctx wbclient Context + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * @param dcname DC that was attempted to ping + * + * @return #wbcErr + **/ +wbcErr wbcCtxPingDc2(struct wbcContext *ctx, const char *domain, + struct wbcAuthErrorInfo **error, + char **dcname); + +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * @param dcname DC that was attempted to ping + * + * @return #wbcErr + **/ +wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error, + char **dcname); + +/********************************************************** + * Helper functions + **********************************************************/ + +/** + * @brief Initialize a named blob and add to list of blobs + * + * @param[in,out] num_blobs Pointer to the number of blobs + * @param[in,out] blobs Pointer to an array of blobs + * @param[in] name Name of the new named blob + * @param[in] flags Flags of the new named blob + * @param[in] data Blob data of new blob + * @param[in] length Blob data length of new blob + * + * @return #wbcErr + **/ +wbcErr wbcAddNamedBlob(size_t *num_blobs, + struct wbcNamedBlob **blobs, + const char *name, + uint32_t flags, + uint8_t *data, + size_t length); + +/** + * @brief Set the name of the process which call wbclient. + * + * By default wbclient will figure out the process name. This should just be + * used in special cases like pam modules or similar. Only alpha numeric + * chars in ASCII are allowed. + * + * This function should only be called once! + * + * @param[in] name The process name to set. + */ +void wbcSetClientProcessName(const char *name); + +#endif /* _WBCLIENT_H */ diff --git a/nsswitch/libwbclient/wbclient.pc.in b/nsswitch/libwbclient/wbclient.pc.in new file mode 100644 index 0000000..c7b199b --- /dev/null +++ b/nsswitch/libwbclient/wbclient.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +modulesdir=${prefix}/modules/gensec + +Name: wbclient +Description: Winbind client +Version: @PACKAGE_VERSION@ +Libs: @LIB_RPATH@ -L${libdir} -lwbclient +Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h new file mode 100644 index 0000000..6d815c0 --- /dev/null +++ b/nsswitch/libwbclient/wbclient_internal.h @@ -0,0 +1,50 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _WBCLIENT_INTERNAL_H +#define _WBCLIENT_INTERNAL_H + +struct wbcContext { + struct winbindd_context *winbindd_ctx; + uint32_t pw_cache_size; /* Number of cached passwd structs */ + uint32_t pw_cache_idx; /* Position of the pwent context */ + uint32_t gr_cache_size; /* Number of cached group structs */ + uint32_t gr_cache_idx; /* Position of the grent context */ +}; + +/* Private functions */ + +wbcErr wbcRequestResponse(struct wbcContext *ctx, int cmd, + struct winbindd_request *request, + struct winbindd_response *response); + +wbcErr wbcRequestResponsePriv(struct wbcContext *ctx, int cmd, + struct winbindd_request *request, + struct winbindd_response *response); + +void *wbcAllocateMemory(size_t nelem, size_t elsize, + void (*destructor)(void *ptr)); + +char *wbcStrDup(const char *str); +const char **wbcAllocateStringArray(int num_strings); +struct wbcContext *wbcGetGlobalCtx(void); + +#endif /* _WBCLIENT_INTERNAL_H */ diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript new file mode 100644 index 0000000..ad1d321 --- /dev/null +++ b/nsswitch/libwbclient/wscript @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +from waflib import Options, Logs + +# Remember to also update wbclient.h +VERSION="0.15" + +# It may be useful at some point to allow Samba to build against a +# system libwbclient, such as the one provided by Likewise. To to +# this, not only must the check below be activated but this must only +# be activated with an off-by-default option to disable the internal +# build of both winbindd implementations, and all the internal +# references to libwbclient.h will need to be fixed to point at the +# system libwbclient. Finally, as a system libwbclient would probably +# not use the same version scheme as Samba, so this would need to +# reference Likewise version numbers instead. +# +#def configure(conf): +# if conf.CHECK_BUNDLED_SYSTEM_PKG('wbclient', minversion=VERSION): +# conf.define('USING_SYSTEM_LIBWBCLIENT', 1) +# + +def build(bld): +# if bld.CONFIG_SET('USING_SYSTEM_LIBWBCLIENT'): +# Logs.info("\tSelected system libwbclient build") +# return +# +# Logs.info("\tSelected embedded libwbclient build") + + bld.SAMBA_SUBSYSTEM('wbclient-internal', + source='../wb_common.c', + deps='replace', + cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR, + hide_symbols=True, + provide_builtin_linking=True, + builtin_cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR, + ) + + abi_match = 'wbc*' + bld.SAMBA_LIBRARY('wbclient', + source=''' + wbc_guid.c + wbc_idmap.c + wbclient.c + wbc_pam.c + wbc_pwd.c + wbc_sid.c + wbc_util.c''', + hide_symbols=True, + deps='wbclient-internal smb_strtox', + require_builtin_deps=True, + provide_builtin_linking=True, + pc_files='wbclient.pc', + public_headers='wbclient.h', + abi_directory='ABI', + abi_match=abi_match, + vnum=VERSION) |