search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-tests: Stop cross-talk between reclock tests
[Samba.git] / source3 / winbindd / wb_xids2sids.c
blob7fc8a721f063003bccb6bf2203a8d5b96d3c1078
1 /*
2 * Unix SMB/CIFS implementation.
3 * async xids2sids
4 * Copyright (C) Volker Lendecke 2015
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "../libcli/security/security.h"
23 #include "idmap_cache.h"
24 #include "librpc/gen_ndr/ndr_winbind_c.h"
25 #include "librpc/gen_ndr/ndr_netlogon.h"
26
27 struct wb_xids2sids_dom_map {
28 unsigned low_id;
29 unsigned high_id;
30 const char *name;
31 };
32
33 /*
34 * Map idmap ranges to domain names, taken from smb.conf. This is
35 * stored in the parent winbind and used to assemble xid2sid calls
36 * into per-idmap-domain chunks.
37 */
38 static struct wb_xids2sids_dom_map *dom_maps;
39
40 static bool wb_xids2sids_add_dom(const char *domname,
41 void *private_data)
42 {
43 struct wb_xids2sids_dom_map *map = NULL;
44 size_t num_maps = talloc_array_length(dom_maps);
45 size_t i;
46 char *config_option;
47 const char *range;
48 unsigned low_id, high_id;
49 int ret;
50
51 config_option = talloc_asprintf(
52 talloc_tos(), "idmap config %s", domname);
53 if (config_option == NULL) {
54 return false;
55 }
56 range = lp_parm_const_string(-1, config_option, "range", NULL);
57 TALLOC_FREE(config_option);
58
59 if (range == NULL) {
60 DBG_DEBUG("No range for domain %s found\n", domname);
61 return false;
62 }
63
64 ret = sscanf(range, "%u - %u", &low_id, &high_id);
65 if (ret != 2) {
66 DBG_DEBUG("Invalid range spec \"%s\" for domain %s\n",
67 range, domname);
68 return false;
69 }
70
71 if (low_id > high_id) {
72 DBG_DEBUG("Invalid range %u - %u for domain %s\n",
73 low_id, high_id, domname);
74 return false;
75 }
76
77 for (i=0; i<num_maps; i++) {
78 if (strequal(domname, dom_maps[i].name)) {
79 map = &dom_maps[i];
80 break;
81 }
82 }
83
84 if (map == NULL) {
85 struct wb_xids2sids_dom_map *tmp;
86 char *name;
87
88 name = talloc_strdup(talloc_tos(), domname);
89 if (name == NULL) {
90 DBG_DEBUG("talloc failed\n");
91 return false;
92 }
93
94 tmp = talloc_realloc(
95 NULL, dom_maps, struct wb_xids2sids_dom_map,
96 num_maps+1);
97 if (tmp == NULL) {
98 TALLOC_FREE(name);
99 return false;
100 }
101 dom_maps = tmp;
102
103 map = &dom_maps[num_maps];
104 map->name = talloc_move(dom_maps, &name);
105 }
106
107 map->low_id = low_id;
108 map->high_id = high_id;
109
110 return false;
111 }
112
113 static void wb_xids2sids_init_dom_maps(void)
114 {
115 if (dom_maps != NULL) {
116 return;
117 }
118
119 /*
120 * Put the passdb idmap domain first. We always need to try
121 * there first.
122 */
123
124 dom_maps = talloc_array(NULL, struct wb_xids2sids_dom_map, 1);
125 if (dom_maps == NULL) {
126 return;
127 }
128 dom_maps[0].low_id = 0;
129 dom_maps[0].high_id = UINT_MAX;
130 dom_maps[0].name = talloc_strdup(dom_maps, get_global_sam_name());
131 if (dom_maps[0].name == NULL) {
132 TALLOC_FREE(dom_maps);
133 return;
134 }
135
136 lp_scan_idmap_domains(wb_xids2sids_add_dom, NULL);
137 }
138
139 struct wb_xids2sids_dom_state {
140 struct tevent_context *ev;
141 struct unixid *all_xids;
142 size_t num_all_xids;
143 struct dom_sid *all_sids;
144 struct wb_xids2sids_dom_map *dom_map;
145 bool tried_dclookup;
146
147 size_t num_dom_xids;
148 struct unixid *dom_xids;
149 struct dom_sid *dom_sids;
150 };
151
152 static void wb_xids2sids_dom_done(struct tevent_req *subreq);
153 static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq);
154
155 static struct tevent_req *wb_xids2sids_dom_send(
156 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
157 struct wb_xids2sids_dom_map *dom_map,
158 struct unixid *xids, size_t num_xids, struct dom_sid *sids)
159 {
160 struct tevent_req *req, *subreq;
161 struct wb_xids2sids_dom_state *state;
162 struct winbindd_child *child;
163 size_t i;
164
165 req = tevent_req_create(mem_ctx, &state,
166 struct wb_xids2sids_dom_state);
167 if (req == NULL) {
168 return NULL;
169 }
170 state->ev = ev;
171 state->all_xids = xids;
172 state->num_all_xids = num_xids;
173 state->all_sids = sids;
174 state->dom_map = dom_map;
175
176 state->dom_xids = talloc_array(state, struct unixid, num_xids);
177 if (tevent_req_nomem(state->dom_xids, req)) {
178 return tevent_req_post(req, ev);
179 }
180 state->dom_sids = talloc_array(state, struct dom_sid, num_xids);
181 if (tevent_req_nomem(state->dom_sids, req)) {
182 return tevent_req_post(req, ev);
183 }
184
185 for (i=0; i<num_xids; i++) {
186 struct unixid id = state->all_xids[i];
187
188 if ((id.id < dom_map->low_id) || (id.id > dom_map->high_id)) {
189 /* out of range */
190 continue;
191 }
192 if (!is_null_sid(&state->all_sids[i])) {
193 /* already mapped */
194 continue;
195 }
196
197 state->dom_xids[state->num_dom_xids++] = id;
198 }
199
200 if (state->num_dom_xids == 0) {
201 tevent_req_done(req);
202 return tevent_req_post(req, ev);
203 }
204
205 child = idmap_child();
206 subreq = dcerpc_wbint_UnixIDs2Sids_send(
207 state, ev, child->binding_handle, dom_map->name,
208 state->num_dom_xids, state->dom_xids, state->dom_sids);
209 if (tevent_req_nomem(subreq, req)) {
210 return tevent_req_post(req, ev);
211 }
212 tevent_req_set_callback(subreq, wb_xids2sids_dom_done, req);
213 return req;
214 }
215
216 static void wb_xids2sids_dom_done(struct tevent_req *subreq)
217 {
218 struct tevent_req *req = tevent_req_callback_data(
219 subreq, struct tevent_req);
220 struct wb_xids2sids_dom_state *state = tevent_req_data(
221 req, struct wb_xids2sids_dom_state);
222 struct wb_xids2sids_dom_map *dom_map = state->dom_map;
223 NTSTATUS status, result;
224 size_t i;
225 size_t dom_sid_idx;
226
227 status = dcerpc_wbint_UnixIDs2Sids_recv(subreq, state, &result);
228 TALLOC_FREE(subreq);
229 if (tevent_req_nterror(req, status)) {
230 return;
231 }
232
233 if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) &&
234 !state->tried_dclookup) {
235
236 subreq = wb_dsgetdcname_send(
237 state, state->ev, state->dom_map->name, NULL, NULL,
238 DS_RETURN_DNS_NAME);
239 if (tevent_req_nomem(subreq, req)) {
240 return;
241 }
242 tevent_req_set_callback(subreq, wb_xids2sids_dom_gotdc, req);
243 return;
244 }
245
246 if (!NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
247 tevent_req_nterror(req, result)) {
248 return;
249 }
250
251 dom_sid_idx = 0;
252
253 for (i=0; i<state->num_all_xids; i++) {
254 struct unixid id = state->all_xids[i];
255
256 if ((id.id < dom_map->low_id) || (id.id > dom_map->high_id)) {
257 /* out of range */
258 continue;
259 }
260 if (!is_null_sid(&state->all_sids[i])) {
261 /* already mapped */
262 continue;
263 }
264
265 sid_copy(&state->all_sids[i], &state->dom_sids[dom_sid_idx++]);
266 }
267
268 tevent_req_done(req);
269 }
270
271 static void wb_xids2sids_dom_gotdc(struct tevent_req *subreq)
272 {
273 struct tevent_req *req = tevent_req_callback_data(
274 subreq, struct tevent_req);
275 struct wb_xids2sids_dom_state *state = tevent_req_data(
276 req, struct wb_xids2sids_dom_state);
277 struct winbindd_child *child = idmap_child();
278 struct netr_DsRGetDCNameInfo *dcinfo;
279 NTSTATUS status;
280
281 status = wb_dsgetdcname_recv(subreq, state, &dcinfo);
282 TALLOC_FREE(subreq);
283 if (tevent_req_nterror(req, status)) {
284 return;
285 }
286
287 state->tried_dclookup = true;
288
289 status = wb_dsgetdcname_gencache_set(state->dom_map->name, dcinfo);
290 if (tevent_req_nterror(req, status)) {
291 return;
292 }
293
294 child = idmap_child();
295 subreq = dcerpc_wbint_UnixIDs2Sids_send(
296 state, state->ev, child->binding_handle, state->dom_map->name,
297 state->num_dom_xids, state->dom_xids, state->dom_sids);
298 if (tevent_req_nomem(subreq, req)) {
299 return;
300 }
301 tevent_req_set_callback(subreq, wb_xids2sids_dom_done, req);
302 }
303
304 static NTSTATUS wb_xids2sids_dom_recv(struct tevent_req *req)
305 {
306 return tevent_req_simple_recv_ntstatus(req);
307 }
308
309 struct wb_xids2sids_state {
310 struct tevent_context *ev;
311 struct unixid *xids;
312 size_t num_xids;
313 struct dom_sid *sids;
314
315 size_t dom_idx;
316 };
317
318 static void wb_xids2sids_done(struct tevent_req *subreq);
319
320 struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
321 struct tevent_context *ev,
322 struct unixid *xids,
323 uint32_t num_xids)
324 {
325 struct tevent_req *req, *subreq;
326 struct wb_xids2sids_state *state;
327 size_t num_domains;
328
329 req = tevent_req_create(mem_ctx, &state,
330 struct wb_xids2sids_state);
331 if (req == NULL) {
332 return NULL;
333 }
334 state->ev = ev;
335 state->xids = xids;
336 state->num_xids = num_xids;
337
338 state->sids = talloc_zero_array(state, struct dom_sid, num_xids);
339 if (tevent_req_nomem(state->sids, req)) {
340 return tevent_req_post(req, ev);
341 }
342
343 wb_xids2sids_init_dom_maps();
344 num_domains = talloc_array_length(dom_maps);
345
346 if (num_domains == 0) {
347 tevent_req_done(req);
348 return tevent_req_post(req, ev);
349 }
350
351 subreq = wb_xids2sids_dom_send(
352 state, state->ev, &dom_maps[state->dom_idx],
353 state->xids, state->num_xids, state->sids);
354 if (tevent_req_nomem(subreq, req)) {
355 return tevent_req_post(req, ev);
356 }
357 tevent_req_set_callback(subreq, wb_xids2sids_done, req);
358 return req;
359 }
360
361 static void wb_xids2sids_done(struct tevent_req *subreq)
362 {
363 struct tevent_req *req = tevent_req_callback_data(
364 subreq, struct tevent_req);
365 struct wb_xids2sids_state *state = tevent_req_data(
366 req, struct wb_xids2sids_state);
367 size_t num_domains = talloc_array_length(dom_maps);
368 NTSTATUS status;
369
370 status = wb_xids2sids_dom_recv(subreq);
371 TALLOC_FREE(subreq);
372 if (tevent_req_nterror(req, status)) {
373 return;
374 }
375
376 state->dom_idx += 1;
377
378 if (state->dom_idx >= num_domains) {
379 tevent_req_done(req);
380 return;
381 }
382
383 subreq = wb_xids2sids_dom_send(
384 state, state->ev, &dom_maps[state->dom_idx],
385 state->xids, state->num_xids, state->sids);
386 if (tevent_req_nomem(subreq, req)) {
387 return;
388 }
389 tevent_req_set_callback(subreq, wb_xids2sids_done, req);
390 }
391
392 NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
393 struct dom_sid **sids)
394 {
395 struct wb_xids2sids_state *state = tevent_req_data(
396 req, struct wb_xids2sids_state);
397 NTSTATUS status;
398
399 if (tevent_req_is_nterror(req, &status)) {
400 DEBUG(5, ("wb_sids_to_xids failed: %s\n", nt_errstr(status)));
401 return status;
402 }
403
404 *sids = talloc_move(mem_ctx, &state->sids);
405 return NT_STATUS_OK;
406 }
Samba GIT mirror