search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:winbindd: call process_set_title() for locator child
[Samba.git] / source3 / winbindd / wb_group_members.c
blob3fe7357e8b7b82ea9ef39536f39e7911784b636e
1 /*
2 Unix SMB/CIFS implementation.
3 async lookupgroupmembers
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/ndr_winbind_c.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
24 #include "../libcli/security/security.h"
25 #include "lib/util/util_tdb.h"
26 #include "lib/dbwrap/dbwrap.h"
27 #include "lib/dbwrap/dbwrap_rbt.h"
28
29 /*
30 * We have 3 sets of routines here:
31 *
32 * wb_lookupgroupmem is the low-level one-group routine
33 *
34 * wb_groups_members walks a list of groups
35 *
36 * wb_group_members finally is the high-level routine expanding groups
37 * recursively
38 */
39
40 /*
41 * TODO: fill_grent_mem_domusers must be re-added
42 */
43
44 /*
45 * Look up members of a single group. Essentially a wrapper around the
46 * lookup_groupmem winbindd_methods routine.
47 */
48
49 struct wb_lookupgroupmem_state {
50 struct dom_sid sid;
51 struct wbint_Principals members;
52 };
53
54 static void wb_lookupgroupmem_done(struct tevent_req *subreq);
55
56 static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx,
57 struct tevent_context *ev,
58 const struct dom_sid *group_sid,
59 enum lsa_SidType type)
60 {
61 struct tevent_req *req, *subreq;
62 struct wb_lookupgroupmem_state *state;
63 struct winbindd_domain *domain;
64
65 req = tevent_req_create(mem_ctx, &state,
66 struct wb_lookupgroupmem_state);
67 if (req == NULL) {
68 return NULL;
69 }
70 sid_copy(&state->sid, group_sid);
71
72 domain = find_domain_from_sid_noinit(group_sid);
73 if (domain == NULL) {
74 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
75 return tevent_req_post(req, ev);
76 }
77
78 subreq = dcerpc_wbint_LookupGroupMembers_send(
79 state, ev, dom_child_handle(domain), &state->sid, type,
80 &state->members);
81 if (tevent_req_nomem(subreq, req)) {
82 return tevent_req_post(req, ev);
83 }
84 tevent_req_set_callback(subreq, wb_lookupgroupmem_done, req);
85 return req;
86 }
87
88 static void wb_lookupgroupmem_done(struct tevent_req *subreq)
89 {
90 struct tevent_req *req = tevent_req_callback_data(
91 subreq, struct tevent_req);
92 struct wb_lookupgroupmem_state *state = tevent_req_data(
93 req, struct wb_lookupgroupmem_state);
94 NTSTATUS status, result;
95
96 status = dcerpc_wbint_LookupGroupMembers_recv(subreq, state, &result);
97 TALLOC_FREE(subreq);
98 if (any_nt_status_not_ok(status, result, &status)) {
99 tevent_req_nterror(req, status);
100 return;
101 }
102 tevent_req_done(req);
103 }
104
105 static NTSTATUS wb_lookupgroupmem_recv(struct tevent_req *req,
106 TALLOC_CTX *mem_ctx,
107 uint32_t *num_members,
108 struct wbint_Principal **members)
109 {
110 struct wb_lookupgroupmem_state *state = tevent_req_data(
111 req, struct wb_lookupgroupmem_state);
112 NTSTATUS status;
113
114 if (tevent_req_is_nterror(req, &status)) {
115 return status;
116 }
117
118 *num_members = state->members.num_principals;
119 *members = talloc_move(mem_ctx, &state->members.principals);
120 return NT_STATUS_OK;
121 }
122
123 /*
124 * Same as wb_lookupgroupmem for a list of groups
125 */
126
127 struct wb_groups_members_state {
128 struct tevent_context *ev;
129 struct wbint_Principal *groups;
130 uint32_t num_groups;
131 uint32_t next_group;
132 struct wbint_Principal *all_members;
133 };
134
135 static NTSTATUS wb_groups_members_next_subreq(
136 struct wb_groups_members_state *state,
137 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
138 static void wb_groups_members_done(struct tevent_req *subreq);
139
140 static struct tevent_req *wb_groups_members_send(TALLOC_CTX *mem_ctx,
141 struct tevent_context *ev,
142 uint32_t num_groups,
143 struct wbint_Principal *groups)
144 {
145 struct tevent_req *req, *subreq = NULL;
146 struct wb_groups_members_state *state;
147 NTSTATUS status;
148
149 req = tevent_req_create(mem_ctx, &state,
150 struct wb_groups_members_state);
151 if (req == NULL) {
152 return NULL;
153 }
154 state->ev = ev;
155 state->groups = groups;
156 state->num_groups = num_groups;
157 state->next_group = 0;
158 state->all_members = NULL;
159
160 D_DEBUG("Looking up %"PRIu32" group(s).\n", num_groups);
161 status = wb_groups_members_next_subreq(state, state, &subreq);
162 if (tevent_req_nterror(req, status)) {
163 return tevent_req_post(req, ev);
164 }
165 if (subreq == NULL) {
166 tevent_req_done(req);
167 return tevent_req_post(req, ev);
168 }
169 tevent_req_set_callback(subreq, wb_groups_members_done, req);
170 return req;
171 }
172
173 static NTSTATUS wb_groups_members_next_subreq(
174 struct wb_groups_members_state *state,
175 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
176 {
177 struct tevent_req *subreq;
178 struct wbint_Principal *g;
179
180 if (state->next_group >= state->num_groups) {
181 *psubreq = NULL;
182 return NT_STATUS_OK;
183 }
184
185 g = &state->groups[state->next_group];
186 state->next_group += 1;
187
188 subreq = wb_lookupgroupmem_send(mem_ctx, state->ev, &g->sid, g->type);
189 if (subreq == NULL) {
190 return NT_STATUS_NO_MEMORY;
191 }
192 *psubreq = subreq;
193 return NT_STATUS_OK;
194 }
195
196 static void wb_groups_members_done(struct tevent_req *subreq)
197 {
198 struct tevent_req *req = tevent_req_callback_data(
199 subreq, struct tevent_req);
200 struct wb_groups_members_state *state = tevent_req_data(
201 req, struct wb_groups_members_state);
202 uint32_t i, num_all_members;
203 uint32_t num_members = 0;
204 struct wbint_Principal *members = NULL;
205 NTSTATUS status;
206
207 status = wb_lookupgroupmem_recv(subreq, state, &num_members, &members);
208 TALLOC_FREE(subreq);
209
210 /*
211 * In this error handling here we might have to be a bit more generous
212 * and just continue if an error occurred.
213 */
214
215 if (!NT_STATUS_IS_OK(status)) {
216 if (!NT_STATUS_EQUAL(
217 status, NT_STATUS_TRUSTED_DOMAIN_FAILURE)) {
218 tevent_req_nterror(req, status);
219 return;
220 }
221 num_members = 0;
222 }
223
224 num_all_members = talloc_array_length(state->all_members);
225
226 D_DEBUG("Adding %"PRIu32" new member(s) to existing %"PRIu32" member(s)\n",
227 num_members,
228 num_all_members);
229
230 state->all_members = talloc_realloc(
231 state, state->all_members, struct wbint_Principal,
232 num_all_members + num_members);
233 if ((num_all_members + num_members != 0)
234 && tevent_req_nomem(state->all_members, req)) {
235 return;
236 }
237 for (i=0; i<num_members; i++) {
238 struct wbint_Principal *src, *dst;
239 src = &members[i];
240 dst = &state->all_members[num_all_members + i];
241 sid_copy(&dst->sid, &src->sid);
242 dst->name = talloc_move(state->all_members, &src->name);
243 dst->type = src->type;
244 }
245 TALLOC_FREE(members);
246
247 status = wb_groups_members_next_subreq(state, state, &subreq);
248 if (tevent_req_nterror(req, status)) {
249 return;
250 }
251 if (subreq == NULL) {
252 tevent_req_done(req);
253 return;
254 }
255 tevent_req_set_callback(subreq, wb_groups_members_done, req);
256 }
257
258 static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
259 TALLOC_CTX *mem_ctx,
260 uint32_t *num_members,
261 struct wbint_Principal **members)
262 {
263 struct wb_groups_members_state *state = tevent_req_data(
264 req, struct wb_groups_members_state);
265 NTSTATUS status;
266
267 if (tevent_req_is_nterror(req, &status)) {
268 return status;
269 }
270 *num_members = talloc_array_length(state->all_members);
271 *members = talloc_move(mem_ctx, &state->all_members);
272 return NT_STATUS_OK;
273 }
274
275
276 /*
277 * This is the routine expanding a list of groups up to a certain level. We
278 * collect the users in a rbt database: We have to add them without duplicates,
279 * and the db is indexed by SID.
280 */
281
282 struct wb_group_members_state {
283 struct tevent_context *ev;
284 int depth;
285 struct db_context *users;
286 struct wbint_Principal *groups;
287 };
288
289 static NTSTATUS wb_group_members_next_subreq(
290 struct wb_group_members_state *state,
291 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
292 static void wb_group_members_done(struct tevent_req *subreq);
293
294 struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
295 struct tevent_context *ev,
296 const struct dom_sid *sid,
297 uint32_t num_sids,
298 enum lsa_SidType *type,
299 int max_depth)
300 {
301 struct tevent_req *req, *subreq = NULL;
302 struct wb_group_members_state *state;
303 NTSTATUS status;
304 struct dom_sid_buf buf;
305 uint32_t i;
306
307 req = tevent_req_create(mem_ctx, &state,
308 struct wb_group_members_state);
309 if (req == NULL) {
310 return NULL;
311 }
312 D_INFO("WB command group_members start (max_depth=%d).\n", max_depth);
313 for (i = 0; i < num_sids; i++) {
314 D_INFO("Looking up members of group SID %s with SID type %d\n",
315 dom_sid_str_buf(&sid[i], &buf),
316 type[i]);
317 }
318
319 state->ev = ev;
320 state->depth = max_depth;
321 state->users = db_open_rbt(state);
322 if (tevent_req_nomem(state->users, req)) {
323 return tevent_req_post(req, ev);
324 }
325
326 state->groups = talloc_array(state, struct wbint_Principal, num_sids);
327 if (tevent_req_nomem(state->groups, req)) {
328 return tevent_req_post(req, ev);
329 }
330
331 for (i = 0; i < num_sids; i++) {
332 state->groups[i].name = NULL;
333 sid_copy(&state->groups[i].sid, &sid[i]);
334 state->groups[i].type = type[i];
335 }
336
337 status = wb_group_members_next_subreq(state, state, &subreq);
338 if (tevent_req_nterror(req, status)) {
339 return tevent_req_post(req, ev);
340 }
341 if (subreq == NULL) {
342 tevent_req_done(req);
343 return tevent_req_post(req, ev);
344 }
345 tevent_req_set_callback(subreq, wb_group_members_done, req);
346 return req;
347 }
348
349 static NTSTATUS wb_group_members_next_subreq(
350 struct wb_group_members_state *state,
351 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
352 {
353 struct tevent_req *subreq;
354
355 if ((talloc_array_length(state->groups) == 0)
356 || (state->depth <= 0)) {
357 *psubreq = NULL;
358 D_DEBUG("Finished. The depth is %d.\n", state->depth);
359 return NT_STATUS_OK;
360 }
361 state->depth -= 1;
362
363 D_DEBUG("The depth is decremented to %d.\n", state->depth);
364 subreq = wb_groups_members_send(
365 mem_ctx, state->ev, talloc_array_length(state->groups),
366 state->groups);
367 if (subreq == NULL) {
368 return NT_STATUS_NO_MEMORY;
369 }
370 *psubreq = subreq;
371 return NT_STATUS_OK;
372 }
373
374 NTSTATUS add_member_to_db(struct db_context *db, struct dom_sid *sid,
375 const char *name)
376 {
377 size_t len = ndr_size_dom_sid(sid, 0);
378 uint8_t sidbuf[len];
379 TDB_DATA key = { .dptr = sidbuf, .dsize = sizeof(sidbuf) };
380 NTSTATUS status;
381
382 sid_linearize(sidbuf, sizeof(sidbuf), sid);
383
384 status = dbwrap_store(db, key, string_term_tdb_data(name), 0);
385 return status;
386 }
387
388 static void wb_group_members_done(struct tevent_req *subreq)
389 {
390 struct tevent_req *req = tevent_req_callback_data(
391 subreq, struct tevent_req);
392 struct wb_group_members_state *state = tevent_req_data(
393 req, struct wb_group_members_state);
394 uint32_t i, num_groups, new_groups;
395 uint32_t num_members = 0;
396 struct wbint_Principal *members = NULL;
397 NTSTATUS status;
398
399 status = wb_groups_members_recv(subreq, state, &num_members, &members);
400 TALLOC_FREE(subreq);
401 if (tevent_req_nterror(req, status)) {
402 return;
403 }
404
405 new_groups = 0;
406 for (i=0; i<num_members; i++) {
407 switch (members[i].type) {
408 case SID_NAME_DOM_GRP:
409 case SID_NAME_ALIAS:
410 case SID_NAME_WKN_GRP:
411 new_groups += 1;
412 break;
413 default:
414 /* Ignore everything else */
415 break;
416 }
417 }
418
419 num_groups = 0;
420 TALLOC_FREE(state->groups);
421 state->groups = talloc_array(state, struct wbint_Principal,
422 new_groups);
423
424 /*
425 * Collect the users into state->users and the groups into
426 * state->groups for the next iteration.
427 */
428
429 for (i=0; i<num_members; i++) {
430 switch (members[i].type) {
431 case SID_NAME_USER:
432 case SID_NAME_COMPUTER: {
433 /*
434 * Add a copy of members[i] to state->users
435 */
436 status = add_member_to_db(state->users, &members[i].sid,
437 members[i].name);
438 if (tevent_req_nterror(req, status)) {
439 return;
440 }
441
442 break;
443 }
444 case SID_NAME_DOM_GRP:
445 case SID_NAME_ALIAS:
446 case SID_NAME_WKN_GRP: {
447 struct wbint_Principal *g;
448 /*
449 * Save members[i] for the next round
450 */
451 g = &state->groups[num_groups];
452 sid_copy(&g->sid, &members[i].sid);
453 g->name = talloc_move(state->groups, &members[i].name);
454 g->type = members[i].type;
455 num_groups += 1;
456 break;
457 }
458 default:
459 /* Ignore everything else */
460 break;
461 }
462 }
463
464 status = wb_group_members_next_subreq(state, state, &subreq);
465 if (tevent_req_nterror(req, status)) {
466 return;
467 }
468 if (subreq == NULL) {
469 tevent_req_done(req);
470 return;
471 }
472 tevent_req_set_callback(subreq, wb_group_members_done, req);
473 }
474
475 NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
476 struct db_context **members)
477 {
478 struct wb_group_members_state *state = tevent_req_data(
479 req, struct wb_group_members_state);
480 NTSTATUS status;
481
482 D_INFO("WB command group_members end.\n");
483 if (tevent_req_is_nterror(req, &status)) {
484 D_WARNING("Failed with %s.\n", nt_errstr(status));
485 return status;
486 }
487 *members = talloc_move(mem_ctx, &state->users);
488 return NT_STATUS_OK;
489 }
Samba GIT mirror