source3/winbindd/wb_fill_pwent.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    async fill_pwent
   4    Copyright (C) Volker Lendecke 2009
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "winbindd.h"
  22 #include "librpc/gen_ndr/ndr_wbint_c.h"
  23
  24 struct wb_fill_pwent_state {
  25         struct tevent_context *ev;
  26         struct wbint_userinfo *info;
  27         struct winbindd_pw *pw;
  28 };
  29
  30 static bool fillup_pw_field(const char *lp_template,
  31                             const char *username,
  32                             const char *grpname,
  33                             const char *domname,
  34                             uid_t uid,
  35                             gid_t gid,
  36                             const char *in,
  37                             fstring out);
  38
  39 static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq);
  40 static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq);
  41
  42 struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx,
  43                                       struct tevent_context *ev,
  44                                       struct wbint_userinfo *info,
  45                                       struct winbindd_pw *pw)
  46 {
  47         struct tevent_req *req, *subreq;
  48         struct wb_fill_pwent_state *state;
  49
  50         req = tevent_req_create(mem_ctx, &state, struct wb_fill_pwent_state);
  51         if (req == NULL) {
  52                 return NULL;
  53         }
  54         state->ev = ev;
  55         state->info = info;
  56         state->pw = pw;
  57
  58         subreq = wb_sids2xids_send(state, state->ev, &state->info->user_sid, 1);
  59         if (tevent_req_nomem(subreq, req)) {
  60                 return tevent_req_post(req, ev);
  61         }
  62         tevent_req_set_callback(subreq, wb_fill_pwent_sid2uid_done, req);
  63         return req;
  64 }
  65
  66 static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)
  67 {
  68         struct tevent_req *req = tevent_req_callback_data(
  69                 subreq, struct tevent_req);
  70         struct wb_fill_pwent_state *state = tevent_req_data(
  71                 req, struct wb_fill_pwent_state);
  72         NTSTATUS status;
  73         struct unixid xid;
  74
  75         status = wb_sids2xids_recv(subreq, &xid);
  76         TALLOC_FREE(subreq);
  77         if (tevent_req_nterror(req, status)) {
  78                 return;
  79         }
  80
  81         /*
  82          * We are filtering further down in sids2xids, but that filtering
  83          * depends on the actual type of the sid handed in (as determined
  84          * by lookupsids). Here we need to filter for the type of object
  85          * actually requested, in this case uid.
  86          */
  87         if (!(xid.type == ID_TYPE_UID || xid.type == ID_TYPE_BOTH)) {
  88                 tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
  89                 return;
  90         }
  91
  92         state->pw->pw_uid = (uid_t)xid.id;
  93
  94         subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1);
  95         if (tevent_req_nomem(subreq, req)) {
  96                 return;
  97         }
  98         tevent_req_set_callback(subreq, wb_fill_pwent_getgrsid_done, req);
  99 }
 100
 101 static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)
 102 {
 103         struct tevent_req *req = tevent_req_callback_data(
 104                 subreq, struct tevent_req);
 105         struct wb_fill_pwent_state *state = tevent_req_data(
 106                 req, struct wb_fill_pwent_state);
 107         struct winbindd_domain *domain;
 108         const char *dom_name;
 109         const char *grp_name;
 110         fstring user_name, output_username;
 111         char *mapped_name = NULL;
 112         struct talloc_dict *members;
 113         TALLOC_CTX *tmp_ctx = talloc_stackframe();
 114         NTSTATUS status;
 115         bool ok;
 116
 117         /* xid handling is done in getgrsid() */
 118         status = wb_getgrsid_recv(subreq,
 119                                   tmp_ctx,
 120                                   &dom_name,
 121                                   &grp_name,
 122                                   &state->pw->pw_gid,
 123                                   &members);
 124         TALLOC_FREE(subreq);
 125         if (tevent_req_nterror(req, status)) {
 126                 talloc_free(tmp_ctx);
 127                 return;
 128         }
 129
 130         domain = find_domain_from_sid_noinit(&state->info->user_sid);
 131         if (domain == NULL) {
 132                 talloc_free(tmp_ctx);
 133                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
 134                 return;
 135         }
 136         dom_name = domain->name;
 137
 138         /* Username */
 139
 140         fstrcpy(user_name, state->info->acct_name);
 141         if (!strlower_m(user_name)) {
 142                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
 143                 return;
 144         }
 145         status = normalize_name_map(state, domain, user_name, &mapped_name);
 146
 147         /* Basic removal of whitespace */
 148         if (NT_STATUS_IS_OK(status)) {
 149                 fill_domain_username(output_username, dom_name, mapped_name,
 150                                      true);
 151         }
 152         /* Complete name replacement */
 153         else if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
 154                 fstrcpy(output_username, mapped_name);
 155         }
 156         /* No change at all */
 157         else {
 158                 fill_domain_username(output_username, dom_name, user_name,
 159                                      true);
 160         }
 161
 162         strlcpy(state->pw->pw_name,
 163                 output_username,
 164                 sizeof(state->pw->pw_name));
 165         fstrcpy(state->pw->pw_gecos, state->info->full_name);
 166
 167         /* Home directory and shell */
 168         ok = fillup_pw_field(lp_template_homedir(),
 169                              user_name,
 170                              grp_name,
 171                              dom_name,
 172                              state->pw->pw_uid,
 173                              state->pw->pw_gid,
 174                              state->info->homedir,
 175                              state->pw->pw_dir);
 176         if (!ok) {
 177                 talloc_free(tmp_ctx);
 178                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
 179                 return;
 180         }
 181
 182         ok = fillup_pw_field(lp_template_shell(),
 183                              user_name,
 184                              grp_name,
 185                              dom_name,
 186                              state->pw->pw_uid,
 187                              state->pw->pw_gid,
 188                              state->info->shell,
 189                              state->pw->pw_shell);
 190         talloc_free(tmp_ctx);
 191         if (!ok) {
 192                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
 193                 return;
 194         }
 195
 196         /* Password - set to "*" as we can't generate anything useful here.
 197            Authentication can be done using the pam_winbind module. */
 198
 199         fstrcpy(state->pw->pw_passwd, "*");
 200         tevent_req_done(req);
 201 }
 202
 203 NTSTATUS wb_fill_pwent_recv(struct tevent_req *req)
 204 {
 205         return tevent_req_simple_recv_ntstatus(req);
 206 }
 207
 208 static bool fillup_pw_field(const char *lp_template,
 209                             const char *username,
 210                             const char *grpname,
 211                             const char *domname,
 212                             uid_t uid,
 213                             gid_t gid,
 214                             const char *in,
 215                             fstring out)
 216 {
 217         char *templ;
 218
 219         if (out == NULL)
 220                 return False;
 221
 222         /* The substitution of %U and %D in the 'template
 223            homedir' is done by talloc_sub_specified() below.
 224            If we have an in string (which means the value has already
 225            been set in the nss_info backend), then use that.
 226            Otherwise use the template value passed in. */
 227
 228         if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
 229                 templ = talloc_sub_specified(talloc_tos(), in,
 230                                              username, grpname, domname,
 231                                              uid, gid);
 232         } else {
 233                 templ = talloc_sub_specified(talloc_tos(), lp_template,
 234                                              username, grpname, domname,
 235                                              uid, gid);
 236         }
 237
 238         if (!templ)
 239                 return False;
 240
 241         strlcpy(out, templ, sizeof(fstring));
 242         TALLOC_FREE(templ);
 243
 244         return True;
 245
 246 }