2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_GETGROUPS
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
24 struct winbindd_getgroups_state
{
25 struct tevent_context
*ev
;
29 enum lsa_SidType type
;
36 static void winbindd_getgroups_lookupname_done(struct tevent_req
*subreq
);
37 static void winbindd_getgroups_gettoken_done(struct tevent_req
*subreq
);
38 static void winbindd_getgroups_sid2gid_done(struct tevent_req
*subreq
);
40 struct tevent_req
*winbindd_getgroups_send(TALLOC_CTX
*mem_ctx
,
41 struct tevent_context
*ev
,
42 struct winbindd_cli_state
*cli
,
43 struct winbindd_request
*request
)
45 struct tevent_req
*req
, *subreq
;
46 struct winbindd_getgroups_state
*state
;
47 char *domuser
, *mapped_user
;
50 req
= tevent_req_create(mem_ctx
, &state
,
51 struct winbindd_getgroups_state
);
57 /* Ensure null termination */
58 request
->data
.username
[sizeof(request
->data
.username
)-1]='\0';
60 DEBUG(3, ("getgroups %s\n", request
->data
.username
));
62 domuser
= request
->data
.username
;
64 status
= normalize_name_unmap(state
, domuser
, &mapped_user
);
66 if (NT_STATUS_IS_OK(status
)
67 || NT_STATUS_EQUAL(status
, NT_STATUS_FILE_RENAMED
)) {
68 /* normalize_name_unmapped did something */
69 domuser
= mapped_user
;
72 if (!parse_domain_user(domuser
, state
->domname
, state
->username
)) {
73 DEBUG(5, ("Could not parse domain user: %s\n", domuser
));
74 tevent_req_nterror(req
, NT_STATUS_INVALID_PARAMETER
);
75 return tevent_req_post(req
, ev
);
78 subreq
= wb_lookupname_send(state
, ev
, state
->domname
, state
->username
,
80 if (tevent_req_nomem(subreq
, req
)) {
81 return tevent_req_post(req
, ev
);
83 tevent_req_set_callback(subreq
, winbindd_getgroups_lookupname_done
,
88 static void winbindd_getgroups_lookupname_done(struct tevent_req
*subreq
)
90 struct tevent_req
*req
= tevent_req_callback_data(
91 subreq
, struct tevent_req
);
92 struct winbindd_getgroups_state
*state
= tevent_req_data(
93 req
, struct winbindd_getgroups_state
);
96 status
= wb_lookupname_recv(subreq
, &state
->sid
, &state
->type
);
98 if (tevent_req_nterror(req
, status
)) {
102 subreq
= wb_gettoken_send(state
, state
->ev
, &state
->sid
, true);
103 if (tevent_req_nomem(subreq
, req
)) {
106 tevent_req_set_callback(subreq
, winbindd_getgroups_gettoken_done
, req
);
109 static void winbindd_getgroups_gettoken_done(struct tevent_req
*subreq
)
111 struct tevent_req
*req
= tevent_req_callback_data(
112 subreq
, struct tevent_req
);
113 struct winbindd_getgroups_state
*state
= tevent_req_data(
114 req
, struct winbindd_getgroups_state
);
117 status
= wb_gettoken_recv(subreq
, state
, &state
->num_sids
,
120 if (tevent_req_nterror(req
, status
)) {
125 * Convert the group SIDs to gids. state->sids[0] contains the user
126 * sid. If the idmap backend uses ID_TYPE_BOTH, we might need the
127 * the id of the user sid in the list of group sids, so map the
131 subreq
= wb_sids2xids_send(state
, state
->ev
,
132 state
->sids
, state
->num_sids
);
133 if (tevent_req_nomem(subreq
, req
)) {
136 tevent_req_set_callback(subreq
, winbindd_getgroups_sid2gid_done
, req
);
139 static void winbindd_getgroups_sid2gid_done(struct tevent_req
*subreq
)
141 struct tevent_req
*req
= tevent_req_callback_data(
142 subreq
, struct tevent_req
);
143 struct winbindd_getgroups_state
*state
= tevent_req_data(
144 req
, struct winbindd_getgroups_state
);
149 xids
= talloc_array(state
, struct unixid
, state
->num_sids
);
150 if (tevent_req_nomem(xids
, req
)) {
153 for (i
=0; i
< state
->num_sids
; i
++) {
154 xids
[i
].type
= ID_TYPE_NOT_SPECIFIED
;
155 xids
[i
].id
= UINT32_MAX
;
158 status
= wb_sids2xids_recv(subreq
, xids
, state
->num_sids
);
160 if (NT_STATUS_EQUAL(status
, NT_STATUS_NONE_MAPPED
) ||
161 NT_STATUS_EQUAL(status
, STATUS_SOME_UNMAPPED
))
163 status
= NT_STATUS_OK
;
165 if (tevent_req_nterror(req
, status
)) {
169 state
->gids
= talloc_array(state
, gid_t
, state
->num_sids
);
170 if (tevent_req_nomem(state
->gids
, req
)) {
175 for (i
=0; i
< state
->num_sids
; i
++) {
176 bool include_gid
= false;
177 const char *debug_missing
= NULL
;
179 switch (xids
[i
].type
) {
180 case ID_TYPE_NOT_SPECIFIED
:
181 debug_missing
= "not specified";
185 debug_missing
= "uid";
195 if (debug_missing
== NULL
) {
199 DEBUG(10, ("WARNING: skipping unix id (%u) for sid %s "
200 "from group list because the idmap type "
202 "This might be a security problem when ACLs "
203 "contain DENY ACEs!\n",
204 (unsigned)xids
[i
].id
,
205 sid_string_tos(&state
->sids
[i
]),
210 state
->gids
[state
->num_gids
] = (gid_t
)xids
[i
].id
;
211 state
->num_gids
+= 1;
215 * This should not fail, as it does not do any reallocation,
216 * just updating the talloc size.
218 state
->gids
= talloc_realloc(state
, state
->gids
, gid_t
, state
->num_gids
);
219 if (tevent_req_nomem(state
->gids
, req
)) {
223 tevent_req_done(req
);
226 NTSTATUS
winbindd_getgroups_recv(struct tevent_req
*req
,
227 struct winbindd_response
*response
)
229 struct winbindd_getgroups_state
*state
= tevent_req_data(
230 req
, struct winbindd_getgroups_state
);
233 if (tevent_req_is_nterror(req
, &status
)) {
234 DEBUG(5, ("Could not convert sid %s: %s\n",
235 sid_string_dbg(&state
->sid
), nt_errstr(status
)));
239 response
->data
.num_entries
= state
->num_gids
;
241 if (state
->num_gids
> 0) {
242 response
->extra_data
.data
= talloc_move(response
,
244 response
->length
+= state
->num_gids
* sizeof(gid_t
);