search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:locking: just use g_lock_dump() for fsp_update_share_mode_flags()
[Samba.git] / source3 / winbindd / wb_queryuser.c
blobc079cbcfd9041984bd2ed760428c4091d6ec5739
1 /*
2 Unix SMB/CIFS implementation.
3 async queryuser
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "util/debug.h"
22 #include "winbindd.h"
23 #include "librpc/gen_ndr/ndr_winbind_c.h"
24 #include "../libcli/security/security.h"
25 #include "libsmb/samlogon_cache.h"
26 #include "librpc/gen_ndr/ndr_winbind.h"
27
28 struct wb_queryuser_state {
29 struct tevent_context *ev;
30 struct wbint_userinfo *info;
31 const struct wb_parent_idmap_config *idmap_cfg;
32 bool tried_dclookup;
33 };
34
35 static void wb_queryuser_idmap_setup_done(struct tevent_req *subreq);
36 static void wb_queryuser_got_uid(struct tevent_req *subreq);
37 static void wb_queryuser_got_domain(struct tevent_req *subreq);
38 static void wb_queryuser_got_dc(struct tevent_req *subreq);
39 static void wb_queryuser_got_gid(struct tevent_req *subreq);
40 static void wb_queryuser_got_group_name(struct tevent_req *subreq);
41 static void wb_queryuser_done(struct tevent_req *subreq);
42
43 struct tevent_req *wb_queryuser_send(TALLOC_CTX *mem_ctx,
44 struct tevent_context *ev,
45 const struct dom_sid *user_sid)
46 {
47 struct tevent_req *req, *subreq;
48 struct wb_queryuser_state *state;
49 struct wbint_userinfo *info;
50 struct dom_sid_buf buf;
51
52 req = tevent_req_create(mem_ctx, &state, struct wb_queryuser_state);
53 if (req == NULL) {
54 return NULL;
55 }
56 D_INFO("WB command queryuser start.\nQuery user sid %s\n",
57 dom_sid_str_buf(user_sid, &buf));
58 state->ev = ev;
59
60 state->info = talloc_zero(state, struct wbint_userinfo);
61 if (tevent_req_nomem(state->info, req)) {
62 return tevent_req_post(req, ev);
63 }
64 info = state->info;
65
66 info->primary_gid = (gid_t)-1;
67
68 sid_copy(&info->user_sid, user_sid);
69
70 subreq = wb_parent_idmap_setup_send(state, state->ev);
71 if (tevent_req_nomem(subreq, req)) {
72 return tevent_req_post(req, ev);
73 }
74 tevent_req_set_callback(subreq, wb_queryuser_idmap_setup_done, req);
75 return req;
76 }
77
78 static void wb_queryuser_idmap_setup_done(struct tevent_req *subreq)
79 {
80 struct tevent_req *req = tevent_req_callback_data(
81 subreq, struct tevent_req);
82 struct wb_queryuser_state *state = tevent_req_data(
83 req, struct wb_queryuser_state);
84 NTSTATUS status;
85 struct dom_sid_buf buf;
86
87 status = wb_parent_idmap_setup_recv(subreq, &state->idmap_cfg);
88 TALLOC_FREE(subreq);
89 if (tevent_req_nterror(req, status)) {
90 D_WARNING("wb_parent_idmap_setup_recv() failed with %s.\n",
91 nt_errstr(status));
92 return;
93 }
94
95 D_DEBUG("Convert the user SID %s to XID.\n",
96 dom_sid_str_buf(&state->info->user_sid, &buf));
97 subreq = wb_sids2xids_send(
98 state, state->ev, &state->info->user_sid, 1);
99 if (tevent_req_nomem(subreq, req)) {
100 return;
101 }
102 tevent_req_set_callback(subreq, wb_queryuser_got_uid, req);
103 return;
104 }
105
106 static void wb_queryuser_got_uid(struct tevent_req *subreq)
107 {
108 struct tevent_req *req = tevent_req_callback_data(
109 subreq, struct tevent_req);
110 struct wb_queryuser_state *state = tevent_req_data(
111 req, struct wb_queryuser_state);
112 struct wbint_userinfo *info = state->info;
113 struct netr_SamInfo3 *info3;
114 struct dcerpc_binding_handle *child_binding_handle = NULL;
115 struct unixid xid;
116 NTSTATUS status;
117 struct dom_sid_buf buf, buf1;
118
119 status = wb_sids2xids_recv(subreq, &xid, 1);
120 TALLOC_FREE(subreq);
121 if (tevent_req_nterror(req, status)) {
122 D_WARNING("wb_sids2xids_recv() failed with %s.\n",
123 nt_errstr(status));
124 return;
125 }
126
127 if ((xid.type != ID_TYPE_UID) && (xid.type != ID_TYPE_BOTH)) {
128 D_WARNING("XID type is %d, should be ID_TYPE_UID or ID_TYPE_BOTH.\n",
129 xid.type);
130 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
131 return;
132 }
133
134 D_DEBUG("Received XID %"PRIu32" for SID %s.\n",
135 xid.id,
136 dom_sid_str_buf(&info->user_sid, &buf1));
137 info->uid = xid.id;
138
139 /*
140 * Default the group sid to "Domain Users" in the user's
141 * domain. The samlogon cache or the query_user call later on
142 * can override this.
143 */
144 sid_copy(&info->group_sid, &info->user_sid);
145 sid_split_rid(&info->group_sid, NULL);
146 sid_append_rid(&info->group_sid, DOMAIN_RID_USERS);
147
148 D_DEBUG("Preconfigured 'Domain Users' RID %u was used to create group SID %s from user SID %s.\n",
149 DOMAIN_RID_USERS,
150 dom_sid_str_buf(&info->group_sid, &buf),
151 dom_sid_str_buf(&info->user_sid, &buf1));
152
153 info->homedir = talloc_strdup(info, lp_template_homedir());
154 D_DEBUG("Setting 'homedir' to the template '%s'.\n", info->homedir);
155 if (tevent_req_nomem(info->homedir, req)) {
156 return;
157 }
158
159 info->shell = talloc_strdup(info, lp_template_shell());
160 D_DEBUG("Setting 'shell' to the template '%s'.\n", info->shell);
161 if (tevent_req_nomem(info->shell, req)) {
162 return;
163 }
164
165 info3 = netsamlogon_cache_get(state, &info->user_sid);
166 if (info3 != NULL) {
167 D_DEBUG("Filling data received from netsamlogon_cache\n");
168 sid_compose(&info->group_sid, info3->base.domain_sid,
169 info3->base.primary_gid);
170 info->acct_name = talloc_move(
171 info, &info3->base.account_name.string);
172 info->full_name = talloc_move(
173 info, &info3->base.full_name.string);
174
175 info->domain_name = talloc_move(
176 state, &info3->base.logon_domain.string);
177
178 TALLOC_FREE(info3);
179 }
180
181 NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, wbint_userinfo, state->info);
182 if (info->domain_name == NULL) {
183 D_DEBUG("Domain name is empty, calling wb_lookupsid_send() to get it.\n");
184 subreq = wb_lookupsid_send(state, state->ev, &info->user_sid);
185 if (tevent_req_nomem(subreq, req)) {
186 return;
187 }
188 tevent_req_set_callback(subreq, wb_queryuser_got_domain, req);
189 return;
190 }
191
192 /*
193 * Note wb_sids2xids_send/recv was called before,
194 * so we're sure that wb_parent_idmap_setup_send/recv
195 * was already called.
196 */
197 child_binding_handle = idmap_child_handle();
198 D_DEBUG("Domain name is set, calling dcerpc_wbint_GetNssInfo_send()\n");
199 subreq = dcerpc_wbint_GetNssInfo_send(
200 state, state->ev, child_binding_handle, info);
201 if (tevent_req_nomem(subreq, req)) {
202 return;
203 }
204 tevent_req_set_callback(subreq, wb_queryuser_done, req);
205 }
206
207 static void wb_queryuser_got_domain(struct tevent_req *subreq)
208 {
209 struct tevent_req *req = tevent_req_callback_data(
210 subreq, struct tevent_req);
211 struct wb_queryuser_state *state = tevent_req_data(
212 req, struct wb_queryuser_state);
213 struct wbint_userinfo *info = state->info;
214 enum lsa_SidType type;
215 struct dcerpc_binding_handle *child_binding_handle = NULL;
216 NTSTATUS status;
217
218 status = wb_lookupsid_recv(subreq, state, &type,
219 &info->domain_name, &info->acct_name);
220 TALLOC_FREE(subreq);
221 if (tevent_req_nterror(req, status)) {
222 D_WARNING("wb_lookupsid_recv failed with %s.\n",
223 nt_errstr(status));
224 return;
225 }
226
227 NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, wbint_userinfo, state->info);
228 switch (type) {
229 case SID_NAME_USER:
230 case SID_NAME_COMPUTER:
231 /*
232 * user case: we only need the account name from lookup_sids
233 */
234 break;
235 case SID_NAME_DOM_GRP:
236 case SID_NAME_ALIAS:
237 case SID_NAME_WKN_GRP:
238 /*
239 * also treat group-type SIDs (they might map to ID_TYPE_BOTH)
240 */
241 sid_copy(&info->group_sid, &info->user_sid);
242 break;
243 default:
244 D_WARNING("Unknown type:%d, return NT_STATUS_NO_SUCH_USER.\n",
245 type);
246 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
247 return;
248 }
249
250 /*
251 * Note wb_sids2xids_send/recv was called before,
252 * so we're sure that wb_parent_idmap_setup_send/recv
253 * was already called.
254 */
255 child_binding_handle = idmap_child_handle();
256 D_DEBUG("About to call dcerpc_wbint_GetNssInfo_send()\n");
257 subreq = dcerpc_wbint_GetNssInfo_send(
258 state, state->ev, child_binding_handle, info);
259 if (tevent_req_nomem(subreq, req)) {
260 return;
261 }
262 tevent_req_set_callback(subreq, wb_queryuser_done, req);
263 }
264
265 static void wb_queryuser_done(struct tevent_req *subreq)
266 {
267 struct tevent_req *req = tevent_req_callback_data(
268 subreq, struct tevent_req);
269 struct wb_queryuser_state *state = tevent_req_data(
270 req, struct wb_queryuser_state);
271 struct wbint_userinfo *info = state->info;
272 NTSTATUS status, result;
273 bool need_group_name = false;
274 const char *tmpl = NULL;
275
276 status = dcerpc_wbint_GetNssInfo_recv(subreq, info, &result);
277 TALLOC_FREE(subreq);
278 if (tevent_req_nterror(req, status)) {
279 D_WARNING("GetNssInfo failed with %s.\n", nt_errstr(status));
280 return;
281 }
282
283 if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) &&
284 !state->tried_dclookup) {
285 D_DEBUG("GetNssInfo got DOMAIN_CONTROLLER_NOT_FOUND, calling wb_dsgetdcname_send()\n");
286 subreq = wb_dsgetdcname_send(
287 state, state->ev, state->info->domain_name, NULL, NULL,
288 DS_RETURN_DNS_NAME);
289 if (tevent_req_nomem(subreq, req)) {
290 return;
291 }
292 tevent_req_set_callback(subreq, wb_queryuser_got_dc, req);
293 return;
294 }
295
296 /*
297 * Ignore failure in "result" here. We'll try to fill in stuff
298 * that misses further down.
299 */
300
301 if (state->info->primary_gid == (gid_t)-1) {
302 D_DEBUG("Calling wb_sids2xids_send() to resolve primary gid.\n");
303 subreq = wb_sids2xids_send(
304 state, state->ev, &info->group_sid, 1);
305 if (tevent_req_nomem(subreq, req)) {
306 return;
307 }
308 tevent_req_set_callback(subreq, wb_queryuser_got_gid, req);
309 return;
310 }
311
312 tmpl = lp_template_homedir();
313 if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
314 need_group_name = true;
315 }
316 tmpl = lp_template_shell();
317 if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
318 need_group_name = true;
319 }
320
321 if (need_group_name && state->info->primary_group_name == NULL) {
322 D_DEBUG("Calling wb_lookupsid_send() to resolve primary group name.\n");
323 subreq = wb_lookupsid_send(state, state->ev, &info->group_sid);
324 if (tevent_req_nomem(subreq, req)) {
325 return;
326 }
327 tevent_req_set_callback(subreq, wb_queryuser_got_group_name,
328 req);
329 return;
330 }
331
332 NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, wbint_userinfo, state->info);
333 tevent_req_done(req);
334 }
335
336 static void wb_queryuser_got_dc(struct tevent_req *subreq)
337 {
338 struct tevent_req *req = tevent_req_callback_data(
339 subreq, struct tevent_req);
340 struct wb_queryuser_state *state = tevent_req_data(
341 req, struct wb_queryuser_state);
342 struct wbint_userinfo *info = state->info;
343 struct netr_DsRGetDCNameInfo *dcinfo;
344 struct dcerpc_binding_handle *child_binding_handle = NULL;
345 NTSTATUS status;
346
347 status = wb_dsgetdcname_recv(subreq, state, &dcinfo);
348 TALLOC_FREE(subreq);
349 if (tevent_req_nterror(req, status)) {
350 D_WARNING("wb_dsgetdcname_recv() failed with %s.\n",
351 nt_errstr(status));
352 return;
353 }
354
355 state->tried_dclookup = true;
356
357 D_DEBUG("Got DC name, calling wb_dsgetdcname_gencache_set().\n");
358 status = wb_dsgetdcname_gencache_set(info->domain_name, dcinfo);
359 if (tevent_req_nterror(req, status)) {
360 D_WARNING("wb_dsgetdcname_gencache_set() failed with %s.\n",
361 nt_errstr(status));
362 return;
363 }
364 NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, wbint_userinfo, state->info);
365
366 /*
367 * Note wb_sids2xids_send/recv was called before,
368 * so we're sure that wb_parent_idmap_setup_send/recv
369 * was already called.
370 */
371 child_binding_handle = idmap_child_handle();
372 subreq = dcerpc_wbint_GetNssInfo_send(
373 state, state->ev, child_binding_handle, info);
374 if (tevent_req_nomem(subreq, req)) {
375 return;
376 }
377 tevent_req_set_callback(subreq, wb_queryuser_done, req);
378 }
379
380 static void wb_queryuser_got_gid(struct tevent_req *subreq)
381 {
382 struct tevent_req *req = tevent_req_callback_data(
383 subreq, struct tevent_req);
384 struct wb_queryuser_state *state = tevent_req_data(
385 req, struct wb_queryuser_state);
386 struct unixid xid;
387 NTSTATUS status;
388 bool need_group_name = false;
389 const char *tmpl = NULL;
390 struct dom_sid_buf buf;
391
392 status = wb_sids2xids_recv(subreq, &xid, 1);
393 TALLOC_FREE(subreq);
394 if (tevent_req_nterror(req, status)) {
395 D_WARNING("wb_sids2xids_recv() failed with %s.\n",
396 nt_errstr(status));
397 return;
398 }
399
400 D_DEBUG("Got XID %"PRIu32" with type %d.\n", xid.id, xid.type);
401 if ((xid.type != ID_TYPE_GID) && (xid.type != ID_TYPE_BOTH)) {
402 D_WARNING("Returning NT_STATUS_NO_SUCH_USER\n"
403 "xid.type must be ID_TYPE_UID or ID_TYPE_BOTH.\n");
404 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
405 return;
406 }
407
408 state->info->primary_gid = xid.id;
409
410 tmpl = lp_template_homedir();
411 if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
412 need_group_name = true;
413 }
414 tmpl = lp_template_shell();
415 if(strstr_m(tmpl, "%g") || strstr_m(tmpl, "%G")) {
416 need_group_name = true;
417 }
418
419 NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, wbint_userinfo, state->info);
420
421 if (need_group_name && state->info->primary_group_name == NULL) {
422 D_DEBUG("Calling wb_lookupsid_send for group SID %s.\n",
423 dom_sid_str_buf(&state->info->group_sid, &buf));
424 subreq = wb_lookupsid_send(state, state->ev,
425 &state->info->group_sid);
426 if (tevent_req_nomem(subreq, req)) {
427 return;
428 }
429 tevent_req_set_callback(subreq, wb_queryuser_got_group_name,
430 req);
431 return;
432 }
433
434 D_DEBUG("No need to lookup primary group name. Request is done!\n");
435 tevent_req_done(req);
436 }
437
438 static void wb_queryuser_got_group_name(struct tevent_req *subreq)
439 {
440 struct tevent_req *req = tevent_req_callback_data(
441 subreq, struct tevent_req);
442 struct wb_queryuser_state *state = tevent_req_data(
443 req, struct wb_queryuser_state);
444 enum lsa_SidType type;
445 NTSTATUS status;
446 const char *domain_name;
447
448 status = wb_lookupsid_recv(subreq, state->info, &type, &domain_name,
449 &state->info->primary_group_name);
450 TALLOC_FREE(subreq);
451 if (tevent_req_nterror(req, status)) {
452 D_WARNING("wb_lookupsid_recv() failed with %s.\n",
453 nt_errstr(status));
454 return;
455 }
456 tevent_req_done(req);
457 }
458
459 NTSTATUS wb_queryuser_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
460 struct wbint_userinfo **pinfo)
461 {
462 struct wb_queryuser_state *state = tevent_req_data(
463 req, struct wb_queryuser_state);
464 NTSTATUS status;
465
466 D_INFO("WB command queryuser end.\n");
467 NDR_PRINT_DEBUG_LEVEL(DBGLVL_INFO, wbint_userinfo, state->info);
468 if (tevent_req_is_nterror(req, &status)) {
469 return status;
470 }
471 *pinfo = talloc_move(mem_ctx, &state->info);
472 return NT_STATUS_OK;
473 }
Samba GIT mirror