2 Unix SMB/CIFS implementation.
3 async lookupgroupmembers
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/cli_wbint.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
24 #include "../libcli/security/security.h"
27 * We have 3 sets of routines here:
29 * wb_lookupgroupmem is the low-level one-group routine
31 * wb_groups_members walks a list of groups
33 * wb_group_members finally is the high-level routine expanding groups
38 * TODO: fill_grent_mem_domusers must be re-added
42 * Look up members of a single group. Essentially a wrapper around the
43 * lookup_groupmem winbindd_methods routine.
46 struct wb_lookupgroupmem_state
{
48 struct wbint_Principals members
;
51 static void wb_lookupgroupmem_done(struct tevent_req
*subreq
);
53 static struct tevent_req
*wb_lookupgroupmem_send(TALLOC_CTX
*mem_ctx
,
54 struct tevent_context
*ev
,
55 const struct dom_sid
*group_sid
,
56 enum lsa_SidType type
)
58 struct tevent_req
*req
, *subreq
;
59 struct wb_lookupgroupmem_state
*state
;
60 struct winbindd_domain
*domain
;
62 req
= tevent_req_create(mem_ctx
, &state
,
63 struct wb_lookupgroupmem_state
);
67 sid_copy(&state
->sid
, group_sid
);
69 domain
= find_domain_from_sid_noinit(group_sid
);
71 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_GROUP
);
72 return tevent_req_post(req
, ev
);
75 subreq
= dcerpc_wbint_LookupGroupMembers_send(
76 state
, ev
, domain
->child
.binding_handle
, &state
->sid
, type
,
78 if (tevent_req_nomem(subreq
, req
)) {
79 return tevent_req_post(req
, ev
);
81 tevent_req_set_callback(subreq
, wb_lookupgroupmem_done
, req
);
85 static void wb_lookupgroupmem_done(struct tevent_req
*subreq
)
87 struct tevent_req
*req
= tevent_req_callback_data(
88 subreq
, struct tevent_req
);
89 struct wb_lookupgroupmem_state
*state
= tevent_req_data(
90 req
, struct wb_lookupgroupmem_state
);
91 NTSTATUS status
, result
;
93 status
= dcerpc_wbint_LookupGroupMembers_recv(subreq
, state
, &result
);
95 if (!NT_STATUS_IS_OK(status
)) {
96 tevent_req_nterror(req
, status
);
99 if (!NT_STATUS_IS_OK(result
)) {
100 tevent_req_nterror(req
, result
);
103 tevent_req_done(req
);
106 static NTSTATUS
wb_lookupgroupmem_recv(struct tevent_req
*req
,
109 struct wbint_Principal
**members
)
111 struct wb_lookupgroupmem_state
*state
= tevent_req_data(
112 req
, struct wb_lookupgroupmem_state
);
115 if (tevent_req_is_nterror(req
, &status
)) {
119 *num_members
= state
->members
.num_principals
;
120 *members
= talloc_move(mem_ctx
, &state
->members
.principals
);
125 * Same as wb_lookupgroupmem for a list of groups
128 struct wb_groups_members_state
{
129 struct tevent_context
*ev
;
130 struct wbint_Principal
*groups
;
133 struct wbint_Principal
*all_members
;
136 static NTSTATUS
wb_groups_members_next_subreq(
137 struct wb_groups_members_state
*state
,
138 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
);
139 static void wb_groups_members_done(struct tevent_req
*subreq
);
141 static struct tevent_req
*wb_groups_members_send(TALLOC_CTX
*mem_ctx
,
142 struct tevent_context
*ev
,
144 struct wbint_Principal
*groups
)
146 struct tevent_req
*req
, *subreq
;
147 struct wb_groups_members_state
*state
;
150 req
= tevent_req_create(mem_ctx
, &state
,
151 struct wb_groups_members_state
);
156 state
->groups
= groups
;
157 state
->num_groups
= num_groups
;
158 state
->next_group
= 0;
159 state
->all_members
= NULL
;
161 status
= wb_groups_members_next_subreq(state
, state
, &subreq
);
162 if (!NT_STATUS_IS_OK(status
)) {
163 tevent_req_nterror(req
, status
);
164 return tevent_req_post(req
, ev
);
166 if (subreq
== NULL
) {
167 tevent_req_done(req
);
168 return tevent_req_post(req
, ev
);
170 tevent_req_set_callback(subreq
, wb_groups_members_done
, req
);
174 static NTSTATUS
wb_groups_members_next_subreq(
175 struct wb_groups_members_state
*state
,
176 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
)
178 struct tevent_req
*subreq
;
179 struct wbint_Principal
*g
;
181 if (state
->next_group
>= state
->num_groups
) {
186 g
= &state
->groups
[state
->next_group
];
187 state
->next_group
+= 1;
189 subreq
= wb_lookupgroupmem_send(mem_ctx
, state
->ev
, &g
->sid
, g
->type
);
190 if (subreq
== NULL
) {
191 return NT_STATUS_NO_MEMORY
;
197 static void wb_groups_members_done(struct tevent_req
*subreq
)
199 struct tevent_req
*req
= tevent_req_callback_data(
200 subreq
, struct tevent_req
);
201 struct wb_groups_members_state
*state
= tevent_req_data(
202 req
, struct wb_groups_members_state
);
203 int i
, num_all_members
;
205 struct wbint_Principal
*members
= NULL
;
208 status
= wb_lookupgroupmem_recv(subreq
, state
, &num_members
,
213 * In this error handling here we might have to be a bit more generous
214 * and just continue if an error occured.
217 if (!NT_STATUS_IS_OK(status
)) {
218 tevent_req_nterror(req
, status
);
222 num_all_members
= talloc_array_length(state
->all_members
);
224 state
->all_members
= talloc_realloc(
225 state
, state
->all_members
, struct wbint_Principal
,
226 num_all_members
+ num_members
);
227 if ((num_all_members
+ num_members
!= 0)
228 && tevent_req_nomem(state
->all_members
, req
)) {
231 for (i
=0; i
<num_members
; i
++) {
232 struct wbint_Principal
*src
, *dst
;
234 dst
= &state
->all_members
[num_all_members
+ i
];
235 sid_copy(&dst
->sid
, &src
->sid
);
236 dst
->name
= talloc_move(state
->all_members
, &src
->name
);
237 dst
->type
= src
->type
;
239 TALLOC_FREE(members
);
241 status
= wb_groups_members_next_subreq(state
, state
, &subreq
);
242 if (!NT_STATUS_IS_OK(status
)) {
243 tevent_req_nterror(req
, status
);
246 if (subreq
== NULL
) {
247 tevent_req_done(req
);
250 tevent_req_set_callback(subreq
, wb_groups_members_done
, req
);
253 static NTSTATUS
wb_groups_members_recv(struct tevent_req
*req
,
256 struct wbint_Principal
**members
)
258 struct wb_groups_members_state
*state
= tevent_req_data(
259 req
, struct wb_groups_members_state
);
262 if (tevent_req_is_nterror(req
, &status
)) {
265 *num_members
= talloc_array_length(state
->all_members
);
266 *members
= talloc_move(mem_ctx
, &state
->all_members
);
272 * This is the routine expanding a list of groups up to a certain level. We
273 * collect the users in a talloc_dict: We have to add them without duplicates,
274 * and talloc_dict is an indexed (here indexed by SID) data structure.
277 struct wb_group_members_state
{
278 struct tevent_context
*ev
;
280 struct talloc_dict
*users
;
281 struct wbint_Principal
*groups
;
284 static NTSTATUS
wb_group_members_next_subreq(
285 struct wb_group_members_state
*state
,
286 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
);
287 static void wb_group_members_done(struct tevent_req
*subreq
);
289 struct tevent_req
*wb_group_members_send(TALLOC_CTX
*mem_ctx
,
290 struct tevent_context
*ev
,
291 const struct dom_sid
*sid
,
292 enum lsa_SidType type
,
295 struct tevent_req
*req
, *subreq
;
296 struct wb_group_members_state
*state
;
299 req
= tevent_req_create(mem_ctx
, &state
,
300 struct wb_group_members_state
);
305 state
->depth
= max_depth
;
306 state
->users
= talloc_dict_init(state
);
307 if (tevent_req_nomem(state
->users
, req
)) {
308 return tevent_req_post(req
, ev
);
311 state
->groups
= talloc(state
, struct wbint_Principal
);
312 if (tevent_req_nomem(state
->groups
, req
)) {
313 return tevent_req_post(req
, ev
);
315 state
->groups
->name
= NULL
;
316 sid_copy(&state
->groups
->sid
, sid
);
317 state
->groups
->type
= type
;
319 status
= wb_group_members_next_subreq(state
, state
, &subreq
);
320 if (!NT_STATUS_IS_OK(status
)) {
321 tevent_req_nterror(req
, status
);
322 return tevent_req_post(req
, ev
);
324 if (subreq
== NULL
) {
325 tevent_req_done(req
);
326 return tevent_req_post(req
, ev
);
328 tevent_req_set_callback(subreq
, wb_group_members_done
, req
);
332 static NTSTATUS
wb_group_members_next_subreq(
333 struct wb_group_members_state
*state
,
334 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
)
336 struct tevent_req
*subreq
;
338 if ((talloc_array_length(state
->groups
) == 0)
339 || (state
->depth
<= 0)) {
345 subreq
= wb_groups_members_send(
346 mem_ctx
, state
->ev
, talloc_array_length(state
->groups
),
348 if (subreq
== NULL
) {
349 return NT_STATUS_NO_MEMORY
;
355 static void wb_group_members_done(struct tevent_req
*subreq
)
357 struct tevent_req
*req
= tevent_req_callback_data(
358 subreq
, struct tevent_req
);
359 struct wb_group_members_state
*state
= tevent_req_data(
360 req
, struct wb_group_members_state
);
361 int i
, num_groups
, new_users
, new_groups
;
363 struct wbint_Principal
*members
= NULL
;
366 status
= wb_groups_members_recv(subreq
, state
, &num_members
, &members
);
368 if (!NT_STATUS_IS_OK(status
)) {
369 tevent_req_nterror(req
, status
);
373 new_users
= new_groups
= 0;
374 for (i
=0; i
<num_members
; i
++) {
375 switch (members
[i
].type
) {
376 case SID_NAME_DOM_GRP
:
378 case SID_NAME_WKN_GRP
:
382 /* Ignore everything else */
388 TALLOC_FREE(state
->groups
);
389 state
->groups
= talloc_array(state
, struct wbint_Principal
,
393 * Collect the users into state->users and the groups into
394 * state->groups for the next iteration.
397 for (i
=0; i
<num_members
; i
++) {
398 switch (members
[i
].type
) {
400 case SID_NAME_COMPUTER
: {
402 * Add a copy of members[i] to state->users
404 struct wbint_Principal
*m
;
408 m
= talloc(talloc_tos(), struct wbint_Principal
);
409 if (tevent_req_nomem(m
, req
)) {
412 sid_copy(&m
->sid
, &members
[i
].sid
);
413 m
->name
= talloc_move(m
, &members
[i
].name
);
414 m
->type
= members
[i
].type
;
416 sid
= &members
[i
].sid
;
417 key
= data_blob_const(
418 sid
, ndr_size_dom_sid(sid
, 0));
420 if (!talloc_dict_set(state
->users
, key
, &m
)) {
421 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
426 case SID_NAME_DOM_GRP
:
428 case SID_NAME_WKN_GRP
: {
429 struct wbint_Principal
*g
;
431 * Save members[i] for the next round
433 g
= &state
->groups
[num_groups
];
434 sid_copy(&g
->sid
, &members
[i
].sid
);
435 g
->name
= talloc_move(state
->groups
, &members
[i
].name
);
436 g
->type
= members
[i
].type
;
441 /* Ignore everything else */
446 status
= wb_group_members_next_subreq(state
, state
, &subreq
);
447 if (!NT_STATUS_IS_OK(status
)) {
448 tevent_req_nterror(req
, status
);
451 if (subreq
== NULL
) {
452 tevent_req_done(req
);
455 tevent_req_set_callback(subreq
, wb_group_members_done
, req
);
458 NTSTATUS
wb_group_members_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
459 struct talloc_dict
**members
)
461 struct wb_group_members_state
*state
= tevent_req_data(
462 req
, struct wb_group_members_state
);
465 if (tevent_req_is_nterror(req
, &status
)) {
468 *members
= talloc_move(mem_ctx
, &state
->users
);