search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-daemon: Wait for eventd to be ready before connecting
[Samba.git] / source3 / winbindd / winbindd_getgroups.c
blobf7f2df5f7b1208e9287cb53618f456ff08fa05b9
1 /*
2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_GETGROUPS
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
23
24 struct winbindd_getgroups_state {
25 struct tevent_context *ev;
26 fstring namespace;
27 fstring domname;
28 fstring username;
29 struct dom_sid sid;
30 enum lsa_SidType type;
31 int num_sids;
32 struct dom_sid *sids;
33 int num_gids;
34 gid_t *gids;
35 };
36
37 static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq);
38 static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq);
39 static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq);
40
41 struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
42 struct tevent_context *ev,
43 struct winbindd_cli_state *cli,
44 struct winbindd_request *request)
45 {
46 struct tevent_req *req, *subreq;
47 struct winbindd_getgroups_state *state;
48 char *domuser, *mapped_user;
49 NTSTATUS status;
50 bool ok;
51
52 req = tevent_req_create(mem_ctx, &state,
53 struct winbindd_getgroups_state);
54 if (req == NULL) {
55 return NULL;
56 }
57 state->ev = ev;
58
59 /* Ensure null termination */
60 request->data.username[sizeof(request->data.username)-1]='\0';
61
62 DEBUG(3, ("getgroups %s\n", request->data.username));
63
64 domuser = request->data.username;
65
66 status = normalize_name_unmap(state, domuser, &mapped_user);
67
68 if (NT_STATUS_IS_OK(status)
69 || NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
70 /* normalize_name_unmapped did something */
71 domuser = mapped_user;
72 }
73
74 ok = parse_domain_user(domuser,
75 state->namespace,
76 state->domname,
77 state->username);
78 if (!ok) {
79 DEBUG(5, ("Could not parse domain user: %s\n", domuser));
80 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
81 return tevent_req_post(req, ev);
82 }
83
84 subreq = wb_lookupname_send(state, ev,
85 state->namespace,
86 state->domname,
87 state->username,
88 LOOKUP_NAME_NO_NSS);
89 if (tevent_req_nomem(subreq, req)) {
90 return tevent_req_post(req, ev);
91 }
92 tevent_req_set_callback(subreq, winbindd_getgroups_lookupname_done,
93 req);
94 return req;
95 }
96
97 static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq)
98 {
99 struct tevent_req *req = tevent_req_callback_data(
100 subreq, struct tevent_req);
101 struct winbindd_getgroups_state *state = tevent_req_data(
102 req, struct winbindd_getgroups_state);
103 NTSTATUS status;
104
105 status = wb_lookupname_recv(subreq, &state->sid, &state->type);
106 TALLOC_FREE(subreq);
107 if (tevent_req_nterror(req, status)) {
108 return;
109 }
110
111 subreq = wb_gettoken_send(state, state->ev, &state->sid, true);
112 if (tevent_req_nomem(subreq, req)) {
113 return;
114 }
115 tevent_req_set_callback(subreq, winbindd_getgroups_gettoken_done, req);
116 }
117
118 static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq)
119 {
120 struct tevent_req *req = tevent_req_callback_data(
121 subreq, struct tevent_req);
122 struct winbindd_getgroups_state *state = tevent_req_data(
123 req, struct winbindd_getgroups_state);
124 NTSTATUS status;
125
126 status = wb_gettoken_recv(subreq, state, &state->num_sids,
127 &state->sids);
128 TALLOC_FREE(subreq);
129 if (tevent_req_nterror(req, status)) {
130 return;
131 }
132
133 /*
134 * Convert the group SIDs to gids. state->sids[0] contains the user
135 * sid. If the idmap backend uses ID_TYPE_BOTH, we might need the
136 * the id of the user sid in the list of group sids, so map the
137 * complete token.
138 */
139
140 subreq = wb_sids2xids_send(state, state->ev,
141 state->sids, state->num_sids);
142 if (tevent_req_nomem(subreq, req)) {
143 return;
144 }
145 tevent_req_set_callback(subreq, winbindd_getgroups_sid2gid_done, req);
146 }
147
148 static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq)
149 {
150 struct tevent_req *req = tevent_req_callback_data(
151 subreq, struct tevent_req);
152 struct winbindd_getgroups_state *state = tevent_req_data(
153 req, struct winbindd_getgroups_state);
154 NTSTATUS status;
155 struct unixid *xids;
156 int i;
157
158 xids = talloc_array(state, struct unixid, state->num_sids);
159 if (tevent_req_nomem(xids, req)) {
160 return;
161 }
162 for (i=0; i < state->num_sids; i++) {
163 xids[i].type = ID_TYPE_NOT_SPECIFIED;
164 xids[i].id = UINT32_MAX;
165 }
166
167 status = wb_sids2xids_recv(subreq, xids, state->num_sids);
168 TALLOC_FREE(subreq);
169 if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) ||
170 NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED))
171 {
172 status = NT_STATUS_OK;
173 }
174 if (tevent_req_nterror(req, status)) {
175 return;
176 }
177
178 state->gids = talloc_array(state, gid_t, state->num_sids);
179 if (tevent_req_nomem(state->gids, req)) {
180 return;
181 }
182 state->num_gids = 0;
183
184 for (i=0; i < state->num_sids; i++) {
185 bool include_gid = false;
186 const char *debug_missing = NULL;
187
188 switch (xids[i].type) {
189 case ID_TYPE_NOT_SPECIFIED:
190 debug_missing = "not specified";
191 break;
192 case ID_TYPE_UID:
193 if (i != 0) {
194 debug_missing = "uid";
195 }
196 break;
197 case ID_TYPE_GID:
198 case ID_TYPE_BOTH:
199 include_gid = true;
200 break;
201 }
202
203 if (!include_gid) {
204 if (debug_missing == NULL) {
205 continue;
206 }
207
208 DEBUG(10, ("WARNING: skipping unix id (%u) for sid %s "
209 "from group list because the idmap type "
210 "is %s. "
211 "This might be a security problem when ACLs "
212 "contain DENY ACEs!\n",
213 (unsigned)xids[i].id,
214 sid_string_tos(&state->sids[i]),
215 debug_missing));
216 continue;
217 }
218
219 state->gids[state->num_gids] = (gid_t)xids[i].id;
220 state->num_gids += 1;
221 }
222
223 /*
224 * This should not fail, as it does not do any reallocation,
225 * just updating the talloc size.
226 */
227 state->gids = talloc_realloc(state, state->gids, gid_t, state->num_gids);
228 if (tevent_req_nomem(state->gids, req)) {
229 return;
230 }
231
232 tevent_req_done(req);
233 }
234
235 NTSTATUS winbindd_getgroups_recv(struct tevent_req *req,
236 struct winbindd_response *response)
237 {
238 struct winbindd_getgroups_state *state = tevent_req_data(
239 req, struct winbindd_getgroups_state);
240 NTSTATUS status;
241
242 if (tevent_req_is_nterror(req, &status)) {
243 DEBUG(5, ("Could not convert sid %s: %s\n",
244 sid_string_dbg(&state->sid), nt_errstr(status)));
245 return status;
246 }
247
248 response->data.num_entries = state->num_gids;
249
250 if (state->num_gids > 0) {
251 response->extra_data.data = talloc_move(response,
252 &state->gids);
253 response->length += state->num_gids * sizeof(gid_t);
254 }
255 return NT_STATUS_OK;
256 }
Samba GIT mirror