2 * Copyright (c) 2004 Apple Computer, Inc. All rights reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
20 * @APPLE_LICENSE_HEADER_END@
23 #include "membership.h"
24 #include "membershipPriv.h"
27 #include <sys/errno.h>
28 #include <servers/bootstrap.h>
29 #include <mach/mach.h>
32 static mach_port_t
GetServerPort()
35 static mach_port_t bsPort
= 0;
36 static mach_port_t fServerPort
= 0;
40 result
= task_get_bootstrap_port( mach_task_self(), &bsPort
);
41 result
= bootstrap_look_up( bsPort
, "com.apple.memberd", &fServerPort
);
43 // if the port lookup failed, the rpc will fail and we will return EIO
44 // if (result != MACH_MSG_SUCCESS)
46 // printf("Got error %d on lookup (is memberd running?)\n", result);
53 int mbr_uid_to_uuid(uid_t id
, uuid_t uu
)
55 struct kauth_identity_extlookup request
;
58 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_UID
| KAUTH_EXTLOOKUP_WANT_UGUID
;
60 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
61 if (result
!= KERN_SUCCESS
)
64 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_UGUID
) != 0)
65 memcpy(uu
, &request
.el_uguid
, sizeof(guid_t
));
72 int mbr_gid_to_uuid(gid_t id
, uuid_t uu
)
74 struct kauth_identity_extlookup request
;
78 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_GID
| KAUTH_EXTLOOKUP_WANT_GGUID
;
80 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
81 if (result
!= KERN_SUCCESS
)
84 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_GGUID
) != 0)
85 memcpy(uu
, &request
.el_gguid
, sizeof(guid_t
));
92 int mbr_uuid_to_id( const uuid_t uu
, uid_t
* id
, int* id_type
)
94 struct kauth_identity_extlookup request
;
98 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_UGUID
| KAUTH_EXTLOOKUP_VALID_GGUID
|
99 KAUTH_EXTLOOKUP_WANT_UID
| KAUTH_EXTLOOKUP_WANT_GID
;
100 memcpy(&request
.el_uguid
, uu
, sizeof(guid_t
));
101 memcpy(&request
.el_gguid
, uu
, sizeof(guid_t
));
102 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
103 if (result
!= KERN_SUCCESS
)
106 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_UID
) != 0)
108 *id
= request
.el_uid
;
109 *id_type
= ID_TYPE_UID
;
111 else if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_GID
) != 0)
113 *id
= request
.el_gid
;
114 *id_type
= ID_TYPE_GID
;
122 int mbr_sid_to_uuid(const nt_sid_t
* sid
, uuid_t uu
)
124 struct kauth_identity_extlookup request
;
125 kern_return_t result
;
128 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_GSID
| KAUTH_EXTLOOKUP_WANT_GGUID
;
129 memset(&request
.el_gsid
, 0, sizeof(ntsid_t
));
130 memcpy(&request
.el_gsid
, sid
, KAUTH_NTSID_SIZE(sid
));
131 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
132 if (result
!= KERN_SUCCESS
)
135 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_GGUID
) != 0)
136 memcpy(uu
, &request
.el_gguid
, sizeof(guid_t
));
143 int mbr_uuid_to_sid(const uuid_t uu
, nt_sid_t
* sid
)
145 struct kauth_identity_extlookup request
;
146 kern_return_t result
;
149 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_GGUID
| KAUTH_EXTLOOKUP_WANT_GSID
;
150 memcpy(&request
.el_gguid
, uu
, sizeof(guid_t
));
151 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
152 if (result
!= KERN_SUCCESS
)
155 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_GSID
) != 0)
156 memcpy(sid
, &request
.el_gsid
, sizeof(nt_sid_t
));
163 int mbr_check_membership(uuid_t user
, uuid_t group
, int* ismember
)
165 struct kauth_identity_extlookup request
;
166 kern_return_t result
;
169 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_UGUID
| KAUTH_EXTLOOKUP_VALID_GGUID
|
170 KAUTH_EXTLOOKUP_WANT_MEMBERSHIP
;
171 memcpy(&request
.el_uguid
, user
, sizeof(guid_t
));
172 memcpy(&request
.el_gguid
, group
, sizeof(guid_t
));
173 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
174 if (result
!= KERN_SUCCESS
)
177 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_MEMBERSHIP
) != 0)
179 *ismember
= ((request
.el_flags
& KAUTH_EXTLOOKUP_ISMEMBER
) != 0);
187 int mbr_check_membership_by_id(uuid_t user
, gid_t group
, int* ismember
)
189 struct kauth_identity_extlookup request
;
190 kern_return_t result
;
193 request
.el_flags
= KAUTH_EXTLOOKUP_VALID_UGUID
| KAUTH_EXTLOOKUP_VALID_GID
|
194 KAUTH_EXTLOOKUP_WANT_MEMBERSHIP
;
195 memcpy(&request
.el_uguid
, user
, sizeof(guid_t
));
196 request
.el_gid
= group
;
197 result
= _mbr_DoMembershipCall(GetServerPort(), &request
);
198 if (result
!= KERN_SUCCESS
)
201 if ((request
.el_flags
& KAUTH_EXTLOOKUP_VALID_MEMBERSHIP
) != 0)
203 *ismember
= ((request
.el_flags
& KAUTH_EXTLOOKUP_ISMEMBER
) != 0);
211 int mbr_reset_cache()
213 kern_return_t result
;
214 result
= _mbr_ClearCache(GetServerPort());
215 if (result
!= KERN_SUCCESS
)
220 int mbr_user_name_to_uuid(const char* name
, uuid_t uu
)
222 kern_return_t result
;
224 if (strlen(name
) > 255)
227 result
= _mbr_MapName(GetServerPort(), 1, (char*)name
, (guid_t
*)uu
);
229 if (result
== KERN_FAILURE
)
231 else if (result
!= KERN_SUCCESS
)
237 int mbr_group_name_to_uuid(const char* name
, uuid_t uu
)
239 kern_return_t result
;
241 if (strlen(name
) > 255)
244 result
= _mbr_MapName(GetServerPort(), 0, (char*)name
, (guid_t
*)uu
);
246 if (result
== KERN_FAILURE
)
248 else if (result
!= KERN_SUCCESS
)
254 int mbr_check_service_membership(const uuid_t user
, const char* servicename
, int* ismember
)
256 char* prefix
= "com.apple.access_";
257 char* all_services
= "com.apple.access_all_services";
262 if (strlen(servicename
) > 255 - strlen(prefix
))
265 // start by checking "all services"
266 result
= mbr_group_name_to_uuid(all_services
, group_uu
);
268 if (result
== ENOENT
)
270 // all_services group didn't exist, check individual group
271 memcpy(groupName
, prefix
, strlen(prefix
));
272 strcpy(groupName
+ strlen(prefix
), servicename
);
273 result
= mbr_group_name_to_uuid(groupName
, group_uu
);
277 result
= mbr_check_membership(user
, group_uu
, ismember
);
282 static char* ConvertBytesToDecimal(char* buffer
, unsigned long long value
)
295 *temp
= '0' + (value
% 10);
302 int mbr_sid_to_string(const nt_sid_t
* sid
, char* string
)
304 char* current
= string
;
309 if (sid
->sid_authcount
> NTSID_MAX_AUTHORITIES
)
312 memcpy(((char*)&temp
)+2, sid
->sid_authority
, 6);
317 strcpy(current
, ConvertBytesToDecimal(tempBuffer
, sid
->sid_kind
));
318 current
= current
+ strlen(current
);
321 strcpy(current
, ConvertBytesToDecimal(tempBuffer
, temp
));
323 for(i
=0; i
< sid
->sid_authcount
; i
++)
325 current
= current
+ strlen(current
);
328 strcpy(current
, ConvertBytesToDecimal(tempBuffer
, sid
->sid_authorities
[i
]));
334 int mbr_string_to_sid(const char* string
, nt_sid_t
* sid
)
336 char* current
= string
+2;
340 memset(sid
, 0, sizeof(nt_sid_t
));
341 if (string
[0] != 'S' || string
[1] != '-') return EINVAL
;
343 sid
->sid_kind
= strtol(current
, ¤t
, 10);
344 if (*current
== '\0') return EINVAL
;
346 temp
= strtoll(current
, ¤t
, 10);
347 memcpy(sid
->sid_authority
, ((char*)&temp
)+2, 6);
348 while (*current
!= '\0' && count
< NTSID_MAX_AUTHORITIES
)
351 sid
->sid_authorities
[count
] = strtol(current
, ¤t
, 10);
355 if (*current
!= '\0')
358 sid
->sid_authcount
= count
;
363 static void ConvertBytesToHex(char** string
, char** data
, int numBytes
)
367 for (i
=0; i
< numBytes
; i
++)
369 unsigned char hi
= ((**data
) >> 4) & 0xf;
370 unsigned char low
= (**data
) & 0xf;
374 **string
= 'A' + hi
- 10;
379 **string
= '0' + low
;
381 **string
= 'A' + low
- 10;
388 int mbr_uuid_to_string(const uuid_t uu
, char* string
)
390 char* guid
= (char*)uu
;
391 char* strPtr
= string
;
392 ConvertBytesToHex(&strPtr
, &guid
, 4);
393 *strPtr
= '-'; strPtr
++;
394 ConvertBytesToHex(&strPtr
, &guid
, 2);
395 *strPtr
= '-'; strPtr
++;
396 ConvertBytesToHex(&strPtr
, &guid
, 2);
397 *strPtr
= '-'; strPtr
++;
398 ConvertBytesToHex(&strPtr
, &guid
, 2);
399 *strPtr
= '-'; strPtr
++;
400 ConvertBytesToHex(&strPtr
, &guid
, 6);
406 int mbr_string_to_uuid(const char* string
, uuid_t uu
)
409 int isFirstNibble
= 1;
411 if (strlen(string
) > MBR_UU_STRING_SIZE
)
414 while (*string
!= '\0' && dataIndex
< 16)
418 if (*string
>= '0' && *string
<= '9')
419 nibble
= *string
- '0';
420 else if (*string
>= 'A' && *string
<= 'F')
421 nibble
= *string
- 'A' + 10;
422 else if (*string
>= 'a' && *string
<= 'f')
423 nibble
= *string
- 'a' + 10;
434 uu
[dataIndex
] = nibble
<< 4;
439 uu
[dataIndex
] |= nibble
;