Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
[Samba.git] / source3 / winbindd / wb_next_grent.c
blobd3b03333585b53b8754b13940fb50b3e651ab719
1 /*
2 Unix SMB/CIFS implementation.
3 async next_grent
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/ndr_wbint_c.h"
23 #include "passdb/machine_sid.h"
25 struct wb_next_grent_state {
26 struct tevent_context *ev;
27 int max_nesting;
28 struct getgrent_state *gstate;
29 struct wbint_Principals next_groups;
30 struct winbindd_gr *gr;
31 struct talloc_dict *members;
34 static void wb_next_grent_fetch_done(struct tevent_req *subreq);
35 static void wb_next_grent_getgrsid_done(struct tevent_req *subreq);
37 struct tevent_req *wb_next_grent_send(TALLOC_CTX *mem_ctx,
38 struct tevent_context *ev,
39 int max_nesting,
40 struct getgrent_state *gstate,
41 struct winbindd_gr *gr)
43 struct tevent_req *req, *subreq;
44 struct wb_next_grent_state *state;
46 req = tevent_req_create(mem_ctx, &state, struct wb_next_grent_state);
47 if (req == NULL) {
48 return NULL;
50 state->ev = ev;
51 state->gstate = gstate;
52 state->gr = gr;
53 state->max_nesting = max_nesting;
55 if (state->gstate->next_group >= state->gstate->num_groups) {
56 TALLOC_FREE(state->gstate->groups);
58 if (state->gstate->domain == NULL) {
59 state->gstate->domain = domain_list();
60 } else {
61 state->gstate->domain = state->gstate->domain->next;
64 if ((state->gstate->domain != NULL)
65 && sid_check_is_our_sam(&state->gstate->domain->sid)) {
66 state->gstate->domain = state->gstate->domain->next;
69 if (state->gstate->domain == NULL) {
70 tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
71 return tevent_req_post(req, ev);
73 subreq = dcerpc_wbint_QueryGroupList_send(
74 state, state->ev, dom_child_handle(state->gstate->domain),
75 &state->next_groups);
76 if (tevent_req_nomem(subreq, req)) {
77 return tevent_req_post(req, ev);
79 tevent_req_set_callback(subreq, wb_next_grent_fetch_done, req);
80 return req;
83 subreq = wb_getgrsid_send(
84 state, state->ev,
85 &state->gstate->groups[state->gstate->next_group].sid,
86 state->max_nesting);
87 if (tevent_req_nomem(subreq, req)) {
88 return tevent_req_post(req, ev);
90 tevent_req_set_callback(subreq, wb_next_grent_getgrsid_done, req);
91 return req;
94 static void wb_next_grent_fetch_done(struct tevent_req *subreq)
96 struct tevent_req *req = tevent_req_callback_data(
97 subreq, struct tevent_req);
98 struct wb_next_grent_state *state = tevent_req_data(
99 req, struct wb_next_grent_state);
100 NTSTATUS status, result;
102 status = dcerpc_wbint_QueryGroupList_recv(subreq, state, &result);
103 TALLOC_FREE(subreq);
104 if (tevent_req_nterror(req, status)) {
105 /* Ignore errors here, just log it */
106 DEBUG(10, ("query_user_list for domain %s returned %s\n",
107 state->gstate->domain->name,
108 nt_errstr(status)));
109 return;
111 if (!NT_STATUS_IS_OK(result)) {
112 /* Ignore errors here, just log it */
113 DEBUG(10, ("query_user_list for domain %s returned %s/%s\n",
114 state->gstate->domain->name,
115 nt_errstr(status), nt_errstr(result)));
116 tevent_req_nterror(req, result);
117 return;
120 state->gstate->num_groups = state->next_groups.num_principals;
121 state->gstate->groups = talloc_move(
122 state->gstate, &state->next_groups.principals);
124 if (state->gstate->num_groups == 0) {
125 state->gstate->domain = state->gstate->domain->next;
127 if ((state->gstate->domain != NULL)
128 && sid_check_is_our_sam(&state->gstate->domain->sid)) {
129 state->gstate->domain = state->gstate->domain->next;
132 if (state->gstate->domain == NULL) {
133 tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
134 return;
136 subreq = dcerpc_wbint_QueryGroupList_send(
137 state, state->ev, dom_child_handle(state->gstate->domain),
138 &state->next_groups);
139 if (tevent_req_nomem(subreq, req)) {
140 return;
142 tevent_req_set_callback(subreq, wb_next_grent_fetch_done, req);
143 return;
146 state->gstate->next_group = 0;
148 subreq = wb_getgrsid_send(
149 state, state->ev,
150 &state->gstate->groups[state->gstate->next_group].sid,
151 state->max_nesting);
152 if (tevent_req_nomem(subreq, req)) {
153 return;
155 tevent_req_set_callback(subreq, wb_next_grent_getgrsid_done, req);
156 return;
159 static void wb_next_grent_getgrsid_done(struct tevent_req *subreq)
161 struct tevent_req *req = tevent_req_callback_data(
162 subreq, struct tevent_req);
163 struct wb_next_grent_state *state = tevent_req_data(
164 req, struct wb_next_grent_state);
165 const char *domname, *name;
166 NTSTATUS status;
168 status = wb_getgrsid_recv(subreq, talloc_tos(), &domname, &name,
169 &state->gr->gr_gid, &state->members);
170 TALLOC_FREE(subreq);
171 if (tevent_req_nterror(req, status)) {
172 return;
174 if (!fill_grent(talloc_tos(), state->gr, domname, name,
175 state->gr->gr_gid)) {
176 DEBUG(5, ("fill_grent failed\n"));
177 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
178 return;
180 state->gstate->next_group += 1;
181 tevent_req_done(req);
184 NTSTATUS wb_next_grent_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
185 struct talloc_dict **members)
187 struct wb_next_grent_state *state = tevent_req_data(
188 req, struct wb_next_grent_state);
189 NTSTATUS status;
191 if (tevent_req_is_nterror(req, &status)) {
192 return status;
194 *members = talloc_move(mem_ctx, &state->members);
195 return NT_STATUS_OK;