search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:vfs:gpfs convert sharemodes/leases parameter
[Samba.git] / source3 / winbindd / wb_group_members.c
blob1fb7af3694da8a6f7791512a8449ca8c7ce83061
1 /*
2 Unix SMB/CIFS implementation.
3 async lookupgroupmembers
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/cli_wbint.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
24 #include "../libcli/security/security.h"
25
26 /*
27 * We have 3 sets of routines here:
28 *
29 * wb_lookupgroupmem is the low-level one-group routine
30 *
31 * wb_groups_members walks a list of groups
32 *
33 * wb_group_members finally is the high-level routine expanding groups
34 * recursively
35 */
36
37 /*
38 * TODO: fill_grent_mem_domusers must be re-added
39 */
40
41 /*
42 * Look up members of a single group. Essentially a wrapper around the
43 * lookup_groupmem winbindd_methods routine.
44 */
45
46 struct wb_lookupgroupmem_state {
47 struct dom_sid sid;
48 struct wbint_Principals members;
49 };
50
51 static void wb_lookupgroupmem_done(struct tevent_req *subreq);
52
53 static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx,
54 struct tevent_context *ev,
55 const struct dom_sid *group_sid,
56 enum lsa_SidType type)
57 {
58 struct tevent_req *req, *subreq;
59 struct wb_lookupgroupmem_state *state;
60 struct winbindd_domain *domain;
61
62 req = tevent_req_create(mem_ctx, &state,
63 struct wb_lookupgroupmem_state);
64 if (req == NULL) {
65 return NULL;
66 }
67 sid_copy(&state->sid, group_sid);
68
69 domain = find_domain_from_sid_noinit(group_sid);
70 if (domain == NULL) {
71 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
72 return tevent_req_post(req, ev);
73 }
74
75 subreq = dcerpc_wbint_LookupGroupMembers_send(
76 state, ev, domain->child.binding_handle, &state->sid, type,
77 &state->members);
78 if (tevent_req_nomem(subreq, req)) {
79 return tevent_req_post(req, ev);
80 }
81 tevent_req_set_callback(subreq, wb_lookupgroupmem_done, req);
82 return req;
83 }
84
85 static void wb_lookupgroupmem_done(struct tevent_req *subreq)
86 {
87 struct tevent_req *req = tevent_req_callback_data(
88 subreq, struct tevent_req);
89 struct wb_lookupgroupmem_state *state = tevent_req_data(
90 req, struct wb_lookupgroupmem_state);
91 NTSTATUS status, result;
92
93 status = dcerpc_wbint_LookupGroupMembers_recv(subreq, state, &result);
94 TALLOC_FREE(subreq);
95 if (!NT_STATUS_IS_OK(status)) {
96 tevent_req_nterror(req, status);
97 return;
98 }
99 if (!NT_STATUS_IS_OK(result)) {
100 tevent_req_nterror(req, result);
101 return;
102 }
103 tevent_req_done(req);
104 }
105
106 static NTSTATUS wb_lookupgroupmem_recv(struct tevent_req *req,
107 TALLOC_CTX *mem_ctx,
108 int *num_members,
109 struct wbint_Principal **members)
110 {
111 struct wb_lookupgroupmem_state *state = tevent_req_data(
112 req, struct wb_lookupgroupmem_state);
113 NTSTATUS status;
114
115 if (tevent_req_is_nterror(req, &status)) {
116 return status;
117 }
118
119 *num_members = state->members.num_principals;
120 *members = talloc_move(mem_ctx, &state->members.principals);
121 return NT_STATUS_OK;
122 }
123
124 /*
125 * Same as wb_lookupgroupmem for a list of groups
126 */
127
128 struct wb_groups_members_state {
129 struct tevent_context *ev;
130 struct wbint_Principal *groups;
131 int num_groups;
132 int next_group;
133 struct wbint_Principal *all_members;
134 };
135
136 static NTSTATUS wb_groups_members_next_subreq(
137 struct wb_groups_members_state *state,
138 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
139 static void wb_groups_members_done(struct tevent_req *subreq);
140
141 static struct tevent_req *wb_groups_members_send(TALLOC_CTX *mem_ctx,
142 struct tevent_context *ev,
143 int num_groups,
144 struct wbint_Principal *groups)
145 {
146 struct tevent_req *req, *subreq;
147 struct wb_groups_members_state *state;
148 NTSTATUS status;
149
150 req = tevent_req_create(mem_ctx, &state,
151 struct wb_groups_members_state);
152 if (req == NULL) {
153 return NULL;
154 }
155 state->ev = ev;
156 state->groups = groups;
157 state->num_groups = num_groups;
158 state->next_group = 0;
159 state->all_members = NULL;
160
161 status = wb_groups_members_next_subreq(state, state, &subreq);
162 if (!NT_STATUS_IS_OK(status)) {
163 tevent_req_nterror(req, status);
164 return tevent_req_post(req, ev);
165 }
166 if (subreq == NULL) {
167 tevent_req_done(req);
168 return tevent_req_post(req, ev);
169 }
170 tevent_req_set_callback(subreq, wb_groups_members_done, req);
171 return req;
172 }
173
174 static NTSTATUS wb_groups_members_next_subreq(
175 struct wb_groups_members_state *state,
176 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
177 {
178 struct tevent_req *subreq;
179 struct wbint_Principal *g;
180
181 if (state->next_group >= state->num_groups) {
182 *psubreq = NULL;
183 return NT_STATUS_OK;
184 }
185
186 g = &state->groups[state->next_group];
187 state->next_group += 1;
188
189 subreq = wb_lookupgroupmem_send(mem_ctx, state->ev, &g->sid, g->type);
190 if (subreq == NULL) {
191 return NT_STATUS_NO_MEMORY;
192 }
193 *psubreq = subreq;
194 return NT_STATUS_OK;
195 }
196
197 static void wb_groups_members_done(struct tevent_req *subreq)
198 {
199 struct tevent_req *req = tevent_req_callback_data(
200 subreq, struct tevent_req);
201 struct wb_groups_members_state *state = tevent_req_data(
202 req, struct wb_groups_members_state);
203 int i, num_all_members;
204 int num_members = 0;
205 struct wbint_Principal *members = NULL;
206 NTSTATUS status;
207
208 status = wb_lookupgroupmem_recv(subreq, state, &num_members,
209 &members);
210 TALLOC_FREE(subreq);
211
212 /*
213 * In this error handling here we might have to be a bit more generous
214 * and just continue if an error occured.
215 */
216
217 if (!NT_STATUS_IS_OK(status)) {
218 tevent_req_nterror(req, status);
219 return;
220 }
221
222 num_all_members = talloc_array_length(state->all_members);
223
224 state->all_members = talloc_realloc(
225 state, state->all_members, struct wbint_Principal,
226 num_all_members + num_members);
227 if ((num_all_members + num_members != 0)
228 && tevent_req_nomem(state->all_members, req)) {
229 return;
230 }
231 for (i=0; i<num_members; i++) {
232 struct wbint_Principal *src, *dst;
233 src = &members[i];
234 dst = &state->all_members[num_all_members + i];
235 sid_copy(&dst->sid, &src->sid);
236 dst->name = talloc_move(state->all_members, &src->name);
237 dst->type = src->type;
238 }
239 TALLOC_FREE(members);
240
241 status = wb_groups_members_next_subreq(state, state, &subreq);
242 if (!NT_STATUS_IS_OK(status)) {
243 tevent_req_nterror(req, status);
244 return;
245 }
246 if (subreq == NULL) {
247 tevent_req_done(req);
248 return;
249 }
250 tevent_req_set_callback(subreq, wb_groups_members_done, req);
251 }
252
253 static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
254 TALLOC_CTX *mem_ctx,
255 int *num_members,
256 struct wbint_Principal **members)
257 {
258 struct wb_groups_members_state *state = tevent_req_data(
259 req, struct wb_groups_members_state);
260 NTSTATUS status;
261
262 if (tevent_req_is_nterror(req, &status)) {
263 return status;
264 }
265 *num_members = talloc_array_length(state->all_members);
266 *members = talloc_move(mem_ctx, &state->all_members);
267 return NT_STATUS_OK;
268 }
269
270
271 /*
272 * This is the routine expanding a list of groups up to a certain level. We
273 * collect the users in a talloc_dict: We have to add them without duplicates,
274 * and talloc_dict is an indexed (here indexed by SID) data structure.
275 */
276
277 struct wb_group_members_state {
278 struct tevent_context *ev;
279 int depth;
280 struct talloc_dict *users;
281 struct wbint_Principal *groups;
282 };
283
284 static NTSTATUS wb_group_members_next_subreq(
285 struct wb_group_members_state *state,
286 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
287 static void wb_group_members_done(struct tevent_req *subreq);
288
289 struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
290 struct tevent_context *ev,
291 const struct dom_sid *sid,
292 enum lsa_SidType type,
293 int max_depth)
294 {
295 struct tevent_req *req, *subreq;
296 struct wb_group_members_state *state;
297 NTSTATUS status;
298
299 req = tevent_req_create(mem_ctx, &state,
300 struct wb_group_members_state);
301 if (req == NULL) {
302 return NULL;
303 }
304 state->ev = ev;
305 state->depth = max_depth;
306 state->users = talloc_dict_init(state);
307 if (tevent_req_nomem(state->users, req)) {
308 return tevent_req_post(req, ev);
309 }
310
311 state->groups = talloc(state, struct wbint_Principal);
312 if (tevent_req_nomem(state->groups, req)) {
313 return tevent_req_post(req, ev);
314 }
315 state->groups->name = NULL;
316 sid_copy(&state->groups->sid, sid);
317 state->groups->type = type;
318
319 status = wb_group_members_next_subreq(state, state, &subreq);
320 if (!NT_STATUS_IS_OK(status)) {
321 tevent_req_nterror(req, status);
322 return tevent_req_post(req, ev);
323 }
324 if (subreq == NULL) {
325 tevent_req_done(req);
326 return tevent_req_post(req, ev);
327 }
328 tevent_req_set_callback(subreq, wb_group_members_done, req);
329 return req;
330 }
331
332 static NTSTATUS wb_group_members_next_subreq(
333 struct wb_group_members_state *state,
334 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
335 {
336 struct tevent_req *subreq;
337
338 if ((talloc_array_length(state->groups) == 0)
339 || (state->depth <= 0)) {
340 *psubreq = NULL;
341 return NT_STATUS_OK;
342 }
343 state->depth -= 1;
344
345 subreq = wb_groups_members_send(
346 mem_ctx, state->ev, talloc_array_length(state->groups),
347 state->groups);
348 if (subreq == NULL) {
349 return NT_STATUS_NO_MEMORY;
350 }
351 *psubreq = subreq;
352 return NT_STATUS_OK;
353 }
354
355 static void wb_group_members_done(struct tevent_req *subreq)
356 {
357 struct tevent_req *req = tevent_req_callback_data(
358 subreq, struct tevent_req);
359 struct wb_group_members_state *state = tevent_req_data(
360 req, struct wb_group_members_state);
361 int i, num_groups, new_users, new_groups;
362 int num_members = 0;
363 struct wbint_Principal *members = NULL;
364 NTSTATUS status;
365
366 status = wb_groups_members_recv(subreq, state, &num_members, &members);
367 TALLOC_FREE(subreq);
368 if (!NT_STATUS_IS_OK(status)) {
369 tevent_req_nterror(req, status);
370 return;
371 }
372
373 new_users = new_groups = 0;
374 for (i=0; i<num_members; i++) {
375 switch (members[i].type) {
376 case SID_NAME_DOM_GRP:
377 case SID_NAME_ALIAS:
378 case SID_NAME_WKN_GRP:
379 new_groups += 1;
380 break;
381 default:
382 /* Ignore everything else */
383 break;
384 }
385 }
386
387 num_groups = 0;
388 TALLOC_FREE(state->groups);
389 state->groups = talloc_array(state, struct wbint_Principal,
390 new_groups);
391
392 /*
393 * Collect the users into state->users and the groups into
394 * state->groups for the next iteration.
395 */
396
397 for (i=0; i<num_members; i++) {
398 switch (members[i].type) {
399 case SID_NAME_USER:
400 case SID_NAME_COMPUTER: {
401 /*
402 * Add a copy of members[i] to state->users
403 */
404 struct wbint_Principal *m;
405 struct dom_sid *sid;
406 DATA_BLOB key;
407
408 m = talloc(talloc_tos(), struct wbint_Principal);
409 if (tevent_req_nomem(m, req)) {
410 return;
411 }
412 sid_copy(&m->sid, &members[i].sid);
413 m->name = talloc_move(m, &members[i].name);
414 m->type = members[i].type;
415
416 sid = &members[i].sid;
417 key = data_blob_const(
418 sid, ndr_size_dom_sid(sid, 0));
419
420 if (!talloc_dict_set(state->users, key, &m)) {
421 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
422 return;
423 }
424 break;
425 }
426 case SID_NAME_DOM_GRP:
427 case SID_NAME_ALIAS:
428 case SID_NAME_WKN_GRP: {
429 struct wbint_Principal *g;
430 /*
431 * Save members[i] for the next round
432 */
433 g = &state->groups[num_groups];
434 sid_copy(&g->sid, &members[i].sid);
435 g->name = talloc_move(state->groups, &members[i].name);
436 g->type = members[i].type;
437 num_groups += 1;
438 break;
439 }
440 default:
441 /* Ignore everything else */
442 break;
443 }
444 }
445
446 status = wb_group_members_next_subreq(state, state, &subreq);
447 if (!NT_STATUS_IS_OK(status)) {
448 tevent_req_nterror(req, status);
449 return;
450 }
451 if (subreq == NULL) {
452 tevent_req_done(req);
453 return;
454 }
455 tevent_req_set_callback(subreq, wb_group_members_done, req);
456 }
457
458 NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
459 struct talloc_dict **members)
460 {
461 struct wb_group_members_state *state = tevent_req_data(
462 req, struct wb_group_members_state);
463 NTSTATUS status;
464
465 if (tevent_req_is_nterror(req, &status)) {
466 return status;
467 }
468 *members = talloc_move(mem_ctx, &state->users);
469 return NT_STATUS_OK;
470 }
Samba GIT mirror