s4-smbtorture: add ndr test for nbt_netlogon_packet to avoid future regressions.

[Samba/gebeck_regimport.git] / source3 / smbd / msg_idmap.c

/*
 * Samba Unix/Linux SMB client library
 *
 * Copyright (C) Gregor Beck 2011
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include "includes.h"
#include "smbd/globals.h"
#include "smbd/smbd.h"
#include "../libcli/security/dom_sid.h"
#include "../libcli/security/security_token.h"
#include "idmap_cache.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
#include "messages.h"
#include "lib/id_cache.h"

static bool uid_in_use(const struct user_struct *user, uid_t uid)
{
        while (user) {
                if (user->session_info &&
                    (user->session_info->unix_token->uid == uid)) {
                        return true;
                }
                user = user->next;
        }
        return false;
}

static bool gid_in_use(const struct user_struct *user, gid_t gid)
{
        while (user) {
                if (user->session_info != NULL) {
                        int i;
                        struct security_unix_token *utok;

                        utok = user->session_info->unix_token;
                        if (utok->gid == gid) {
                                return true;
                        }
                        for(i=0; i<utok->ngroups; i++) {
                                if (utok->groups[i] == gid) {
                                        return true;
                                }
                        }
                }
                user = user->next;
        }
        return false;
}

static bool sid_in_use(const struct user_struct *user,
                       const struct dom_sid *psid)
{
        while (user) {
                struct security_token *tok;

                if (user->session_info == NULL) {
                        continue;
                }
                tok = user->session_info->security_token;
                if (tok == NULL) {
                        /*
                         * Not sure session_info->security_token can
                         * ever be NULL. This check might be not
                         * necessary.
                         */
                        continue;
                }
                if (security_token_has_sid(tok, psid)) {
                        return true;
                }
                user = user->next;
        }
        return false;
}

static bool id_in_use(const struct user_struct *user,
                      const struct id_cache_ref *id)
{
        switch(id->type) {
        case UID:
                return uid_in_use(user, id->id.uid);
        case GID:
                return gid_in_use(user, id->id.gid);
        case SID:
                return sid_in_use(user, &id->id.sid);
        default:
                break;
        }
        return false;
}

static void id_cache_kill(struct messaging_context *msg_ctx,
                          void *private_data,
                          uint32_t msg_type,
                          struct server_id server_id,
                          DATA_BLOB* data)
{
        const char *msg = (data && data->data)
                ? (const char *)data->data : "<NULL>";
        struct smbd_server_connection *sconn;
        struct user_struct *validated_users;
        struct id_cache_ref id;

        sconn = msg_ctx_to_sconn(msg_ctx);
        if (sconn == NULL) {
                DEBUG(1, ("could not find sconn\n"));
                return;
        }

        validated_users = sconn->smb1.sessions.validated_users;

        if (!id_cache_ref_parse(msg, &id)) {
                DEBUG(0, ("Invalid ?ID: %s\n", msg));
                return;
        }

        if (am_parent) {
                messaging_send_to_children(msg_ctx, msg_type, data);
        }

        if (id_in_use(validated_users, &id)) {
                exit_server_cleanly(msg);
        }
        id_cache_delete_from_cache(&id);
}

static void id_cache_flush(struct messaging_context *ctx,
                           void* data,
                           uint32_t msg_type,
                           struct server_id srv_id,
                           DATA_BLOB* msg_data)
{
        id_cache_flush_message(ctx, data, msg_type, srv_id, msg_data);

        if (am_parent) {
                messaging_send_to_children(ctx, msg_type, msg_data);
        }
}

static void id_cache_delete(struct messaging_context *ctx,
                            void* data,
                            uint32_t msg_type,
                            struct server_id srv_id,
                            DATA_BLOB* msg_data)
{
        id_cache_delete_message(ctx, data, msg_type, srv_id, msg_data);

        if (am_parent) {
                messaging_send_to_children(ctx, msg_type, msg_data);
        }
}


void msg_idmap_register_msg(struct messaging_context *ctx)
{
        messaging_register(ctx, NULL, ID_CACHE_FLUSH,  id_cache_flush);
        messaging_register(ctx, NULL, ID_CACHE_DELETE, id_cache_delete);
        messaging_register(ctx, NULL, ID_CACHE_KILL, id_cache_kill);
}