2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/ndr_winbind_c.h"
23 #include "../libcli/security/security.h"
24 #include "lib/dbwrap/dbwrap_rbt.h"
26 struct wb_getgrsid_state
{
27 struct tevent_context
*ev
;
32 enum lsa_SidType type
;
34 struct db_context
*members
;
37 static void wb_getgrsid_lookupsid_done(struct tevent_req
*subreq
);
38 static void wb_getgrsid_sid2gid_done(struct tevent_req
*subreq
);
39 static void wb_getgrsid_got_members(struct tevent_req
*subreq
);
41 struct tevent_req
*wb_getgrsid_send(TALLOC_CTX
*mem_ctx
,
42 struct tevent_context
*ev
,
43 const struct dom_sid
*group_sid
,
46 struct tevent_req
*req
, *subreq
;
47 struct wb_getgrsid_state
*state
;
48 struct dom_sid_buf buf
;
50 req
= tevent_req_create(mem_ctx
, &state
, struct wb_getgrsid_state
);
55 D_INFO("WB command getgrsid start.\nLooking up group SID %s.\n", dom_sid_str_buf(group_sid
, &buf
));
57 sid_copy(&state
->sid
, group_sid
);
59 state
->max_nesting
= max_nesting
;
61 if (dom_sid_in_domain(&global_sid_Unix_Groups
, group_sid
)) {
62 /* unmapped Unix groups must be resolved locally */
63 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
64 return tevent_req_post(req
, ev
);
67 subreq
= wb_lookupsid_send(state
, ev
, &state
->sid
);
68 if (tevent_req_nomem(subreq
, req
)) {
69 return tevent_req_post(req
, ev
);
71 tevent_req_set_callback(subreq
, wb_getgrsid_lookupsid_done
, req
);
75 static void wb_getgrsid_lookupsid_done(struct tevent_req
*subreq
)
77 struct tevent_req
*req
= tevent_req_callback_data(
78 subreq
, struct tevent_req
);
79 struct wb_getgrsid_state
*state
= tevent_req_data(
80 req
, struct wb_getgrsid_state
);
83 status
= wb_lookupsid_recv(subreq
, state
, &state
->type
,
84 &state
->domname
, &state
->name
);
86 if (tevent_req_nterror(req
, status
)) {
90 switch (state
->type
) {
91 case SID_NAME_DOM_GRP
:
93 case SID_NAME_WKN_GRP
:
95 * also treat user-type SIDS (they might map to ID_TYPE_BOTH)
98 case SID_NAME_COMPUTER
:
101 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_GROUP
);
105 subreq
= wb_sids2xids_send(state
, state
->ev
, &state
->sid
, 1);
106 if (tevent_req_nomem(subreq
, req
)) {
109 tevent_req_set_callback(subreq
, wb_getgrsid_sid2gid_done
, req
);
112 static void wb_getgrsid_sid2gid_done(struct tevent_req
*subreq
)
114 struct tevent_req
*req
= tevent_req_callback_data(
115 subreq
, struct tevent_req
);
116 struct wb_getgrsid_state
*state
= tevent_req_data(
117 req
, struct wb_getgrsid_state
);
119 struct unixid xids
[1];
121 status
= wb_sids2xids_recv(subreq
, xids
, ARRAY_SIZE(xids
));
123 if (tevent_req_nterror(req
, status
)) {
128 * We are filtering further down in sids2xids, but that filtering
129 * depends on the actual type of the sid handed in (as determined
130 * by lookupsids). Here we need to filter for the type of object
131 * actually requested, in this case uid.
133 if (!(xids
[0].type
== ID_TYPE_GID
|| xids
[0].type
== ID_TYPE_BOTH
)) {
134 tevent_req_nterror(req
, NT_STATUS_NONE_MAPPED
);
138 state
->gid
= (gid_t
)xids
[0].id
;
140 if (state
->type
== SID_NAME_USER
|| state
->type
== SID_NAME_COMPUTER
) {
142 * special treatment for a user sid that is
143 * mapped to ID_TYPE_BOTH:
144 * create a group with the sid/xid as only member
148 if (xids
[0].type
!= ID_TYPE_BOTH
) {
149 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_GROUP
);
153 state
->members
= db_open_rbt(state
);
154 if (tevent_req_nomem(state
->members
, req
)) {
158 name
= fill_domain_username_talloc(talloc_tos(),
161 true /* can_assume */);
162 if (tevent_req_nomem(name
, req
)) {
166 status
= add_member_to_db(state
->members
, &state
->sid
, name
);
167 if (!NT_STATUS_IS_OK(status
)) {
168 tevent_req_nterror(req
, status
);
172 tevent_req_done(req
);
177 * the "regular" case of a group type sid.
180 subreq
= wb_group_members_send(state
, state
->ev
, &state
->sid
,
181 state
->type
, state
->max_nesting
);
182 if (tevent_req_nomem(subreq
, req
)) {
185 tevent_req_set_callback(subreq
, wb_getgrsid_got_members
, req
);
188 static void wb_getgrsid_got_members(struct tevent_req
*subreq
)
190 struct tevent_req
*req
= tevent_req_callback_data(
191 subreq
, struct tevent_req
);
192 struct wb_getgrsid_state
*state
= tevent_req_data(
193 req
, struct wb_getgrsid_state
);
196 status
= wb_group_members_recv(subreq
, state
, &state
->members
);
198 if (tevent_req_nterror(req
, status
)) {
201 tevent_req_done(req
);
204 NTSTATUS
wb_getgrsid_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
205 const char **domname
, const char **name
, gid_t
*gid
,
206 struct db_context
**members
)
208 struct wb_getgrsid_state
*state
= tevent_req_data(
209 req
, struct wb_getgrsid_state
);
212 D_INFO("WB command getgrsid end.\n");
213 if (tevent_req_is_nterror(req
, &status
)) {
214 D_WARNING("Failed with %s.\n", nt_errstr(status
));
217 *domname
= talloc_move(mem_ctx
, &state
->domname
);
218 *name
= talloc_move(mem_ctx
, &state
->name
);
220 *members
= talloc_move(mem_ctx
, &state
->members
);