s3:winbindd: make sure we remove pending io requests before closing client sockets
[Samba.git] / source3 / winbindd / wb_group_members.c
blob55f28d2f5b3e6ca02b58e3484812be1d84a2aaa5
1 /*
2 Unix SMB/CIFS implementation.
3 async lookupgroupmembers
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/ndr_winbind_c.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
24 #include "../libcli/security/security.h"
27 * We have 3 sets of routines here:
29 * wb_lookupgroupmem is the low-level one-group routine
31 * wb_groups_members walks a list of groups
33 * wb_group_members finally is the high-level routine expanding groups
34 * recursively
38 * TODO: fill_grent_mem_domusers must be re-added
42 * Look up members of a single group. Essentially a wrapper around the
43 * lookup_groupmem winbindd_methods routine.
46 struct wb_lookupgroupmem_state {
47 struct dom_sid sid;
48 struct wbint_Principals members;
51 static void wb_lookupgroupmem_done(struct tevent_req *subreq);
53 static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx,
54 struct tevent_context *ev,
55 const struct dom_sid *group_sid,
56 enum lsa_SidType type)
58 struct tevent_req *req, *subreq;
59 struct wb_lookupgroupmem_state *state;
60 struct winbindd_domain *domain;
62 req = tevent_req_create(mem_ctx, &state,
63 struct wb_lookupgroupmem_state);
64 if (req == NULL) {
65 return NULL;
67 sid_copy(&state->sid, group_sid);
69 domain = find_domain_from_sid_noinit(group_sid);
70 if (domain == NULL) {
71 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
72 return tevent_req_post(req, ev);
75 subreq = dcerpc_wbint_LookupGroupMembers_send(
76 state, ev, dom_child_handle(domain), &state->sid, type,
77 &state->members);
78 if (tevent_req_nomem(subreq, req)) {
79 return tevent_req_post(req, ev);
81 tevent_req_set_callback(subreq, wb_lookupgroupmem_done, req);
82 return req;
85 static void wb_lookupgroupmem_done(struct tevent_req *subreq)
87 struct tevent_req *req = tevent_req_callback_data(
88 subreq, struct tevent_req);
89 struct wb_lookupgroupmem_state *state = tevent_req_data(
90 req, struct wb_lookupgroupmem_state);
91 NTSTATUS status, result;
93 status = dcerpc_wbint_LookupGroupMembers_recv(subreq, state, &result);
94 TALLOC_FREE(subreq);
95 if (any_nt_status_not_ok(status, result, &status)) {
96 tevent_req_nterror(req, status);
97 return;
99 tevent_req_done(req);
102 static NTSTATUS wb_lookupgroupmem_recv(struct tevent_req *req,
103 TALLOC_CTX *mem_ctx,
104 int *num_members,
105 struct wbint_Principal **members)
107 struct wb_lookupgroupmem_state *state = tevent_req_data(
108 req, struct wb_lookupgroupmem_state);
109 NTSTATUS status;
111 if (tevent_req_is_nterror(req, &status)) {
112 return status;
115 *num_members = state->members.num_principals;
116 *members = talloc_move(mem_ctx, &state->members.principals);
117 return NT_STATUS_OK;
121 * Same as wb_lookupgroupmem for a list of groups
124 struct wb_groups_members_state {
125 struct tevent_context *ev;
126 struct wbint_Principal *groups;
127 int num_groups;
128 int next_group;
129 struct wbint_Principal *all_members;
132 static NTSTATUS wb_groups_members_next_subreq(
133 struct wb_groups_members_state *state,
134 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
135 static void wb_groups_members_done(struct tevent_req *subreq);
137 static struct tevent_req *wb_groups_members_send(TALLOC_CTX *mem_ctx,
138 struct tevent_context *ev,
139 int num_groups,
140 struct wbint_Principal *groups)
142 struct tevent_req *req, *subreq = NULL;
143 struct wb_groups_members_state *state;
144 NTSTATUS status;
146 req = tevent_req_create(mem_ctx, &state,
147 struct wb_groups_members_state);
148 if (req == NULL) {
149 return NULL;
151 state->ev = ev;
152 state->groups = groups;
153 state->num_groups = num_groups;
154 state->next_group = 0;
155 state->all_members = NULL;
157 status = wb_groups_members_next_subreq(state, state, &subreq);
158 if (tevent_req_nterror(req, status)) {
159 return tevent_req_post(req, ev);
161 if (subreq == NULL) {
162 tevent_req_done(req);
163 return tevent_req_post(req, ev);
165 tevent_req_set_callback(subreq, wb_groups_members_done, req);
166 return req;
169 static NTSTATUS wb_groups_members_next_subreq(
170 struct wb_groups_members_state *state,
171 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
173 struct tevent_req *subreq;
174 struct wbint_Principal *g;
176 if (state->next_group >= state->num_groups) {
177 *psubreq = NULL;
178 return NT_STATUS_OK;
181 g = &state->groups[state->next_group];
182 state->next_group += 1;
184 subreq = wb_lookupgroupmem_send(mem_ctx, state->ev, &g->sid, g->type);
185 if (subreq == NULL) {
186 return NT_STATUS_NO_MEMORY;
188 *psubreq = subreq;
189 return NT_STATUS_OK;
192 static void wb_groups_members_done(struct tevent_req *subreq)
194 struct tevent_req *req = tevent_req_callback_data(
195 subreq, struct tevent_req);
196 struct wb_groups_members_state *state = tevent_req_data(
197 req, struct wb_groups_members_state);
198 int i, num_all_members;
199 int num_members = 0;
200 struct wbint_Principal *members = NULL;
201 NTSTATUS status;
203 status = wb_lookupgroupmem_recv(subreq, state, &num_members,
204 &members);
205 TALLOC_FREE(subreq);
208 * In this error handling here we might have to be a bit more generous
209 * and just continue if an error occured.
212 if (!NT_STATUS_IS_OK(status)) {
213 if (!NT_STATUS_EQUAL(
214 status, NT_STATUS_TRUSTED_DOMAIN_FAILURE)) {
215 tevent_req_nterror(req, status);
216 return;
218 num_members = 0;
221 num_all_members = talloc_array_length(state->all_members);
223 state->all_members = talloc_realloc(
224 state, state->all_members, struct wbint_Principal,
225 num_all_members + num_members);
226 if ((num_all_members + num_members != 0)
227 && tevent_req_nomem(state->all_members, req)) {
228 return;
230 for (i=0; i<num_members; i++) {
231 struct wbint_Principal *src, *dst;
232 src = &members[i];
233 dst = &state->all_members[num_all_members + i];
234 sid_copy(&dst->sid, &src->sid);
235 dst->name = talloc_move(state->all_members, &src->name);
236 dst->type = src->type;
238 TALLOC_FREE(members);
240 status = wb_groups_members_next_subreq(state, state, &subreq);
241 if (tevent_req_nterror(req, status)) {
242 return;
244 if (subreq == NULL) {
245 tevent_req_done(req);
246 return;
248 tevent_req_set_callback(subreq, wb_groups_members_done, req);
251 static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
252 TALLOC_CTX *mem_ctx,
253 int *num_members,
254 struct wbint_Principal **members)
256 struct wb_groups_members_state *state = tevent_req_data(
257 req, struct wb_groups_members_state);
258 NTSTATUS status;
260 if (tevent_req_is_nterror(req, &status)) {
261 return status;
263 *num_members = talloc_array_length(state->all_members);
264 *members = talloc_move(mem_ctx, &state->all_members);
265 return NT_STATUS_OK;
270 * This is the routine expanding a list of groups up to a certain level. We
271 * collect the users in a talloc_dict: We have to add them without duplicates,
272 * and talloc_dict is an indexed (here indexed by SID) data structure.
275 struct wb_group_members_state {
276 struct tevent_context *ev;
277 int depth;
278 struct talloc_dict *users;
279 struct wbint_Principal *groups;
282 static NTSTATUS wb_group_members_next_subreq(
283 struct wb_group_members_state *state,
284 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
285 static void wb_group_members_done(struct tevent_req *subreq);
287 struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
288 struct tevent_context *ev,
289 const struct dom_sid *sid,
290 enum lsa_SidType type,
291 int max_depth)
293 struct tevent_req *req, *subreq = NULL;
294 struct wb_group_members_state *state;
295 NTSTATUS status;
297 req = tevent_req_create(mem_ctx, &state,
298 struct wb_group_members_state);
299 if (req == NULL) {
300 return NULL;
302 state->ev = ev;
303 state->depth = max_depth;
304 state->users = talloc_dict_init(state);
305 if (tevent_req_nomem(state->users, req)) {
306 return tevent_req_post(req, ev);
309 state->groups = talloc(state, struct wbint_Principal);
310 if (tevent_req_nomem(state->groups, req)) {
311 return tevent_req_post(req, ev);
313 state->groups->name = NULL;
314 sid_copy(&state->groups->sid, sid);
315 state->groups->type = type;
317 status = wb_group_members_next_subreq(state, state, &subreq);
318 if (tevent_req_nterror(req, status)) {
319 return tevent_req_post(req, ev);
321 if (subreq == NULL) {
322 tevent_req_done(req);
323 return tevent_req_post(req, ev);
325 tevent_req_set_callback(subreq, wb_group_members_done, req);
326 return req;
329 static NTSTATUS wb_group_members_next_subreq(
330 struct wb_group_members_state *state,
331 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
333 struct tevent_req *subreq;
335 if ((talloc_array_length(state->groups) == 0)
336 || (state->depth <= 0)) {
337 *psubreq = NULL;
338 return NT_STATUS_OK;
340 state->depth -= 1;
342 subreq = wb_groups_members_send(
343 mem_ctx, state->ev, talloc_array_length(state->groups),
344 state->groups);
345 if (subreq == NULL) {
346 return NT_STATUS_NO_MEMORY;
348 *psubreq = subreq;
349 return NT_STATUS_OK;
354 * compose a wbint_Principal and add it to talloc_dict
356 * NOTE: this has a side effect: *name needs to be talloc'd
357 * and it is talloc_move'd to mem_ctx.
359 NTSTATUS add_wbint_Principal_to_dict(TALLOC_CTX *mem_ctx,
360 struct dom_sid *sid,
361 const char **name,
362 enum lsa_SidType type,
363 struct talloc_dict *dict)
365 struct wbint_Principal *m;
366 DATA_BLOB key;
367 bool ok;
369 m = talloc(mem_ctx, struct wbint_Principal);
370 if (m == NULL) {
371 return NT_STATUS_NO_MEMORY;
374 sid_copy(&m->sid, sid);
375 m->name = talloc_move(m, name);
376 m->type = type;
378 key = data_blob_const(&m->sid, sizeof(m->sid));
380 ok = talloc_dict_set(dict, key, &m);
381 if (!ok) {
382 return NT_STATUS_NO_MEMORY;
385 return NT_STATUS_OK;
388 static void wb_group_members_done(struct tevent_req *subreq)
390 struct tevent_req *req = tevent_req_callback_data(
391 subreq, struct tevent_req);
392 struct wb_group_members_state *state = tevent_req_data(
393 req, struct wb_group_members_state);
394 int i, num_groups, new_groups;
395 int num_members = 0;
396 struct wbint_Principal *members = NULL;
397 NTSTATUS status;
399 status = wb_groups_members_recv(subreq, state, &num_members, &members);
400 TALLOC_FREE(subreq);
401 if (tevent_req_nterror(req, status)) {
402 return;
405 new_groups = 0;
406 for (i=0; i<num_members; i++) {
407 switch (members[i].type) {
408 case SID_NAME_DOM_GRP:
409 case SID_NAME_ALIAS:
410 case SID_NAME_WKN_GRP:
411 new_groups += 1;
412 break;
413 default:
414 /* Ignore everything else */
415 break;
419 num_groups = 0;
420 TALLOC_FREE(state->groups);
421 state->groups = talloc_array(state, struct wbint_Principal,
422 new_groups);
425 * Collect the users into state->users and the groups into
426 * state->groups for the next iteration.
429 for (i=0; i<num_members; i++) {
430 switch (members[i].type) {
431 case SID_NAME_USER:
432 case SID_NAME_COMPUTER: {
434 * Add a copy of members[i] to state->users
436 status = add_wbint_Principal_to_dict(talloc_tos(),
437 &members[i].sid,
438 &members[i].name,
439 members[i].type,
440 state->users);
441 if (tevent_req_nterror(req, status)) {
442 return;
445 break;
447 case SID_NAME_DOM_GRP:
448 case SID_NAME_ALIAS:
449 case SID_NAME_WKN_GRP: {
450 struct wbint_Principal *g;
452 * Save members[i] for the next round
454 g = &state->groups[num_groups];
455 sid_copy(&g->sid, &members[i].sid);
456 g->name = talloc_move(state->groups, &members[i].name);
457 g->type = members[i].type;
458 num_groups += 1;
459 break;
461 default:
462 /* Ignore everything else */
463 break;
467 status = wb_group_members_next_subreq(state, state, &subreq);
468 if (tevent_req_nterror(req, status)) {
469 return;
471 if (subreq == NULL) {
472 tevent_req_done(req);
473 return;
475 tevent_req_set_callback(subreq, wb_group_members_done, req);
478 NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
479 struct talloc_dict **members)
481 struct wb_group_members_state *state = tevent_req_data(
482 req, struct wb_group_members_state);
483 NTSTATUS status;
485 if (tevent_req_is_nterror(req, &status)) {
486 return status;
488 *members = talloc_move(mem_ctx, &state->users);
489 return NT_STATUS_OK;