2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2011
5 Copyright (C) Michael Adam 2012
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "../libcli/security/security.h"
24 #include "idmap_cache.h"
25 #include "librpc/gen_ndr/ndr_winbind_c.h"
28 struct wb_sids2xids_state
{
29 struct tevent_context
*ev
;
34 struct id_map
*cached
;
36 struct dom_sid
*non_cached
;
37 uint32_t num_non_cached
;
40 * Domain array to use for the idmap call. The output from
41 * lookupsids cannot be used directly since for migrated
42 * objects the returned domain SID can be different that the
43 * original one. The new domain SID cannot be combined with
44 * the RID from the previous domain.
46 * The proper way would be asking for the correct RID in the
47 * new domain, but this approach avoids id mappings for
50 struct lsa_RefDomainList
*idmap_doms
;
52 struct wbint_TransIDArray ids
;
56 static bool wb_sids2xids_in_cache(struct dom_sid
*sid
, struct id_map
*map
);
57 static void wb_sids2xids_lookupsids_done(struct tevent_req
*subreq
);
58 static void wb_sids2xids_done(struct tevent_req
*subreq
);
60 struct tevent_req
*wb_sids2xids_send(TALLOC_CTX
*mem_ctx
,
61 struct tevent_context
*ev
,
62 const struct dom_sid
*sids
,
63 const uint32_t num_sids
)
65 struct tevent_req
*req
, *subreq
;
66 struct wb_sids2xids_state
*state
;
69 req
= tevent_req_create(mem_ctx
, &state
,
70 struct wb_sids2xids_state
);
77 state
->num_sids
= num_sids
;
79 state
->sids
= talloc_zero_array(state
, struct dom_sid
, num_sids
);
80 if (tevent_req_nomem(state
->sids
, req
)) {
81 return tevent_req_post(req
, ev
);
84 for (i
= 0; i
< num_sids
; i
++) {
85 sid_copy(&state
->sids
[i
], &sids
[i
]);
88 state
->cached
= talloc_zero_array(state
, struct id_map
, num_sids
);
89 if (tevent_req_nomem(state
->cached
, req
)) {
90 return tevent_req_post(req
, ev
);
93 state
->non_cached
= talloc_array(state
, struct dom_sid
, num_sids
);
94 if (tevent_req_nomem(state
->non_cached
, req
)) {
95 return tevent_req_post(req
, ev
);
99 * Extract those sids that can not be resolved from cache
100 * into a separate list to be handed to id mapping, keeping
103 for (i
=0; i
<state
->num_sids
; i
++) {
105 DEBUG(10, ("SID %d: %s\n", (int)i
,
106 sid_string_dbg(&state
->sids
[i
])));
108 if (wb_sids2xids_in_cache(&state
->sids
[i
], &state
->cached
[i
])) {
111 sid_copy(&state
->non_cached
[state
->num_non_cached
],
113 state
->num_non_cached
+= 1;
116 if (state
->num_non_cached
== 0) {
117 tevent_req_done(req
);
118 return tevent_req_post(req
, ev
);
121 subreq
= wb_lookupsids_send(state
, ev
, state
->non_cached
,
122 state
->num_non_cached
);
123 if (tevent_req_nomem(subreq
, req
)) {
124 return tevent_req_post(req
, ev
);
126 tevent_req_set_callback(subreq
, wb_sids2xids_lookupsids_done
, req
);
130 static bool wb_sids2xids_in_cache(struct dom_sid
*sid
, struct id_map
*map
)
135 if (!winbindd_use_idmap_cache()) {
138 if (idmap_cache_find_sid2unixid(sid
, &id
, &expired
)) {
139 if (expired
&& is_domain_online(find_our_domain())) {
144 map
->status
= ID_MAPPED
;
150 static enum id_type
lsa_SidType_to_id_type(const enum lsa_SidType sid_type
);
152 static void wb_sids2xids_lookupsids_done(struct tevent_req
*subreq
)
154 struct tevent_req
*req
= tevent_req_callback_data(
155 subreq
, struct tevent_req
);
156 struct wb_sids2xids_state
*state
= tevent_req_data(
157 req
, struct wb_sids2xids_state
);
158 struct lsa_RefDomainList
*domains
= NULL
;
159 struct lsa_TransNameArray
*names
= NULL
;
160 struct winbindd_child
*child
;
164 status
= wb_lookupsids_recv(subreq
, state
, &domains
, &names
);
166 if (tevent_req_nterror(req
, status
)) {
170 state
->ids
.num_ids
= state
->num_non_cached
;
171 state
->ids
.ids
= talloc_array(state
, struct wbint_TransID
,
172 state
->num_non_cached
);
173 if (tevent_req_nomem(state
->ids
.ids
, req
)) {
177 state
->idmap_doms
= talloc_zero(state
, struct lsa_RefDomainList
);
178 if (tevent_req_nomem(state
->idmap_doms
, req
)) {
182 for (i
=0; i
<state
->num_non_cached
; i
++) {
183 struct dom_sid dom_sid
;
184 struct lsa_DomainInfo
*info
;
185 struct lsa_TranslatedName
*n
= &names
->names
[i
];
186 struct wbint_TransID
*t
= &state
->ids
.ids
[i
];
188 sid_copy(&dom_sid
, &state
->non_cached
[i
]);
189 sid_split_rid(&dom_sid
, &t
->rid
);
191 info
= &domains
->domains
[n
->sid_index
];
192 t
->type
= lsa_SidType_to_id_type(n
->sid_type
);
193 t
->domain_index
= init_lsa_ref_domain_list(state
,
197 t
->xid
.id
= UINT32_MAX
;
198 t
->xid
.type
= t
->type
;
202 TALLOC_FREE(domains
);
204 child
= idmap_child();
206 subreq
= dcerpc_wbint_Sids2UnixIDs_send(
207 state
, state
->ev
, child
->binding_handle
, state
->idmap_doms
,
209 if (tevent_req_nomem(subreq
, req
)) {
212 tevent_req_set_callback(subreq
, wb_sids2xids_done
, req
);
215 static enum id_type
lsa_SidType_to_id_type(const enum lsa_SidType sid_type
)
220 case SID_NAME_COMPUTER
:
224 case SID_NAME_DOM_GRP
:
226 case SID_NAME_WKN_GRP
:
230 type
= ID_TYPE_NOT_SPECIFIED
;
238 static void wb_sids2xids_done(struct tevent_req
*subreq
)
240 struct tevent_req
*req
= tevent_req_callback_data(
241 subreq
, struct tevent_req
);
242 struct wb_sids2xids_state
*state
= tevent_req_data(
243 req
, struct wb_sids2xids_state
);
244 NTSTATUS status
, result
;
246 status
= dcerpc_wbint_Sids2UnixIDs_recv(subreq
, state
, &result
);
248 if (any_nt_status_not_ok(status
, result
, &status
)) {
249 tevent_req_nterror(req
, status
);
252 tevent_req_done(req
);
255 NTSTATUS
wb_sids2xids_recv(struct tevent_req
*req
,
258 struct wb_sids2xids_state
*state
= tevent_req_data(
259 req
, struct wb_sids2xids_state
);
261 uint32_t i
, num_non_cached
;
263 if (tevent_req_is_nterror(req
, &status
)) {
264 DEBUG(5, ("wb_sids_to_xids failed: %s\n", nt_errstr(status
)));
270 for (i
=0; i
<state
->num_sids
; i
++) {
275 if (state
->cached
[i
].sid
!= NULL
) {
276 xid
= state
->cached
[i
].xid
;
278 xid
= state
->ids
.ids
[num_non_cached
].xid
;
280 idmap_cache_set_sid2unixid(
281 &state
->non_cached
[num_non_cached
],