search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Export WINBINDD_SIDS_TO_XIDS via the winbind pipe
[Samba.git] / source3 / winbindd / winbindd_sids_to_xids.c
blob7dc95af59222625cc6fd04e7c98d4fc7b307ebc3
1 /*
2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_SIDS_TO_XIDS
4 Copyright (C) Volker Lendecke 2011
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "../libcli/security/security.h"
23 #include "librpc/gen_ndr/ndr_wbint_c.h"
24 #include "idmap_cache.h"
25
26 struct winbindd_sids_to_xids_state {
27 struct tevent_context *ev;
28 struct dom_sid *sids;
29 uint32_t num_sids;
30
31 struct id_map *cached;
32
33 struct dom_sid *non_cached;
34 uint32_t num_non_cached;
35
36 struct lsa_RefDomainList *domains;
37 struct lsa_TransNameArray *names;
38
39 struct wbint_TransIDArray ids;
40 };
41
42 static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid,
43 struct id_map *map);
44 static void winbindd_sids_to_xids_lookupsids_done(struct tevent_req *subreq);
45 static void winbindd_sids_to_xids_done(struct tevent_req *subreq);
46
47 struct tevent_req *winbindd_sids_to_xids_send(TALLOC_CTX *mem_ctx,
48 struct tevent_context *ev,
49 struct winbindd_cli_state *cli,
50 struct winbindd_request *request)
51 {
52 struct tevent_req *req, *subreq;
53 struct winbindd_sids_to_xids_state *state;
54 uint32_t i;
55
56 req = tevent_req_create(mem_ctx, &state,
57 struct winbindd_sids_to_xids_state);
58 if (req == NULL) {
59 return NULL;
60 }
61 state->ev = ev;
62
63 DEBUG(3, ("sids_to_xids\n"));
64
65 if (request->extra_len == 0) {
66 tevent_req_done(req);
67 return tevent_req_post(req, ev);
68 }
69 if (request->extra_data.data[request->extra_len-1] != '\0') {
70 DEBUG(10, ("Got invalid sids list\n"));
71 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
72 return tevent_req_post(req, ev);
73 }
74 if (!parse_sidlist(state, request->extra_data.data,
75 &state->sids, &state->num_sids)) {
76 DEBUG(10, ("parse_sidlist failed\n"));
77 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
78 return tevent_req_post(req, ev);
79 }
80
81 state->cached = TALLOC_ZERO_ARRAY(state, struct id_map,
82 state->num_sids);
83 if (tevent_req_nomem(state->cached, req)) {
84 return tevent_req_post(req, ev);
85 }
86 state->non_cached = TALLOC_ARRAY(state, struct dom_sid,
87 state->num_sids);
88 if (tevent_req_nomem(state->non_cached, req)) {
89 return tevent_req_post(req, ev);
90 }
91
92 for (i=0; i<state->num_sids; i++) {
93 if (winbindd_sids_to_xids_in_cache(&state->sids[i],
94 &state->cached[i])) {
95 continue;
96 }
97 sid_copy(&state->non_cached[state->num_non_cached],
98 &state->sids[i]);
99 state->num_non_cached += 1;
100 }
101
102 if (state->num_non_cached == 0) {
103 tevent_req_done(req);
104 return tevent_req_post(req, ev);
105 }
106
107 subreq = wb_lookupsids_send(state, ev, state->non_cached,
108 state->num_non_cached);
109 if (tevent_req_nomem(subreq, req)) {
110 return tevent_req_post(req, ev);
111 }
112 tevent_req_set_callback(subreq, winbindd_sids_to_xids_lookupsids_done,
113 req);
114 return req;
115 }
116
117 static bool winbindd_sids_to_xids_in_cache(struct dom_sid *sid,
118 struct id_map *map)
119 {
120 uid_t uid;
121 gid_t gid;
122 bool expired;
123
124 if (!winbindd_use_idmap_cache()) {
125 return false;
126 }
127 /*
128 * SIDS_TO_XIDS is primarily used to resolve the user's group
129 * sids. So we check groups before users.
130 */
131 if (idmap_cache_find_sid2gid(sid, &gid, &expired)) {
132 if (expired && is_domain_offline(find_our_domain())) {
133 return false;
134 }
135 map->sid = sid;
136 map->xid.id = gid;
137 map->xid.type = ID_TYPE_GID;
138 map->status = ID_MAPPED;
139 return true;
140 }
141 if (idmap_cache_find_sid2uid(sid, &uid, &expired)) {
142 if (expired && is_domain_online(find_our_domain())) {
143 return false;
144 }
145 map->sid = sid;
146 map->xid.id = uid;
147 map->xid.type = ID_TYPE_UID;
148 map->status = ID_MAPPED;
149 return true;
150 }
151 return false;
152 }
153
154
155 static void winbindd_sids_to_xids_lookupsids_done(struct tevent_req *subreq)
156 {
157 struct tevent_req *req = tevent_req_callback_data(
158 subreq, struct tevent_req);
159 struct winbindd_sids_to_xids_state *state = tevent_req_data(
160 req, struct winbindd_sids_to_xids_state);
161 struct winbindd_child *child;
162 NTSTATUS status;
163 int i;
164
165 status = wb_lookupsids_recv(subreq, state, &state->domains,
166 &state->names);
167 TALLOC_FREE(subreq);
168 if (!NT_STATUS_IS_OK(status)) {
169 tevent_req_nterror(req, status);
170 return;
171 }
172
173 state->ids.num_ids = state->num_non_cached;
174 state->ids.ids = TALLOC_ARRAY(state, struct wbint_TransID,
175 state->num_non_cached);
176 if (tevent_req_nomem(state->ids.ids, req)) {
177 return;
178 }
179
180 for (i=0; i<state->num_non_cached; i++) {
181 struct lsa_TranslatedName *n = &state->names->names[i];
182 struct wbint_TransID *t = &state->ids.ids[i];
183
184 switch (n->sid_type) {
185 case SID_NAME_USER:
186 case SID_NAME_COMPUTER:
187 t->type = WBC_ID_TYPE_UID;
188 break;
189 case SID_NAME_DOM_GRP:
190 case SID_NAME_ALIAS:
191 case SID_NAME_WKN_GRP:
192 t->type = WBC_ID_TYPE_GID;
193 break;
194 default:
195 t->type = WBC_ID_TYPE_NOT_SPECIFIED;
196 break;
197 };
198 t->domain_index = n->sid_index;
199 sid_peek_rid(&state->sids[i], &t->rid);
200 t->unix_id = (uint64_t)-1;
201 }
202
203 child = idmap_child();
204
205 subreq = dcerpc_wbint_Sids2UnixIDs_send(
206 state, state->ev, child->binding_handle, state->domains,
207 &state->ids);
208 if (tevent_req_nomem(subreq, req)) {
209 return;
210 }
211 tevent_req_set_callback(subreq, winbindd_sids_to_xids_done, req);
212 }
213
214 static void winbindd_sids_to_xids_done(struct tevent_req *subreq)
215 {
216 struct tevent_req *req = tevent_req_callback_data(
217 subreq, struct tevent_req);
218 struct winbindd_sids_to_xids_state *state = tevent_req_data(
219 req, struct winbindd_sids_to_xids_state);
220 NTSTATUS status, result;
221
222 status = dcerpc_wbint_Sids2UnixIDs_recv(subreq, state, &result);
223 TALLOC_FREE(subreq);
224 if (any_nt_status_not_ok(status, result, &status)) {
225 tevent_req_nterror(req, status);
226 return;
227 }
228 tevent_req_done(req);
229 }
230
231 NTSTATUS winbindd_sids_to_xids_recv(struct tevent_req *req,
232 struct winbindd_response *response)
233 {
234 struct winbindd_sids_to_xids_state *state = tevent_req_data(
235 req, struct winbindd_sids_to_xids_state);
236 NTSTATUS status;
237 char *result;
238 uint32_t i, num_non_cached;
239
240 if (tevent_req_is_nterror(req, &status)) {
241 DEBUG(5, ("wb_sids_to_xids failed: %s\n", nt_errstr(status)));
242 return status;
243 }
244
245 result = talloc_strdup(response, "");
246 if (result == NULL) {
247 return NT_STATUS_NO_MEMORY;
248 }
249
250 num_non_cached = 0;
251
252 for (i=0; i<state->num_sids; i++) {
253 char type;
254 uint64_t unix_id = (uint64_t)-1;
255 bool found = true;
256
257 if (state->cached[i].sid != NULL) {
258 unix_id = state->cached[i].xid.id;
259 if (state->cached[i].xid.type == ID_TYPE_UID) {
260 type = 'U';
261 } else {
262 type = 'G';
263 }
264 } else {
265 unix_id = state->ids.ids[num_non_cached].unix_id;
266 switch(state->ids.ids[num_non_cached].type) {
267 case WBC_ID_TYPE_UID:
268 type = 'U';
269 idmap_cache_set_sid2uid(
270 &state->non_cached[num_non_cached],
271 unix_id);
272 break;
273 case WBC_ID_TYPE_GID:
274 type = 'G';
275 idmap_cache_set_sid2gid(
276 &state->non_cached[num_non_cached],
277 unix_id);
278 break;
279 default:
280 found = false;
281 }
282 num_non_cached += 1;
283 }
284
285 if (found) {
286 result = talloc_asprintf_append_buffer(
287 result, "%c%lu\n", type,
288 (unsigned long)unix_id);
289 } else {
290 result = talloc_asprintf_append_buffer(result, "\n");
291 }
292 if (result == NULL) {
293 return NT_STATUS_NO_MEMORY;
294 }
295 }
296
297 response->extra_data.data = result;
298 response->length += talloc_get_size(result);
299 return NT_STATUS_OK;
300 }
Samba GIT mirror