search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-winbind: Implemented samr backend function sam_lookup_groupmem.
[Samba/gebeck_regimport.git] / source3 / winbindd / wb_group_members.c
blob2649926d7374f30b34f107909437fa461c335d3c
1 /*
2 Unix SMB/CIFS implementation.
3 async lookupgroupmembers
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/cli_wbint.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
24
25 /*
26 * We have 3 sets of routines here:
27 *
28 * wb_lookupgroupmem is the low-level one-group routine
29 *
30 * wb_groups_members walks a list of groups
31 *
32 * wb_group_members finally is the high-level routine expanding groups
33 * recursively
34 */
35
36 /*
37 * TODO: fill_grent_mem_domusers must be re-added
38 */
39
40 /*
41 * Look up members of a single group. Essentially a wrapper around the
42 * lookup_groupmem winbindd_methods routine.
43 */
44
45 struct wb_lookupgroupmem_state {
46 struct dom_sid sid;
47 struct wbint_Principals members;
48 };
49
50 static void wb_lookupgroupmem_done(struct tevent_req *subreq);
51
52 static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx,
53 struct tevent_context *ev,
54 const struct dom_sid *group_sid,
55 enum lsa_SidType type)
56 {
57 struct tevent_req *req, *subreq;
58 struct wb_lookupgroupmem_state *state;
59 struct winbindd_domain *domain;
60
61 req = tevent_req_create(mem_ctx, &state,
62 struct wb_lookupgroupmem_state);
63 if (req == NULL) {
64 return NULL;
65 }
66 sid_copy(&state->sid, group_sid);
67
68 domain = find_domain_from_sid_noinit(group_sid);
69 if (domain == NULL) {
70 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
71 return tevent_req_post(req, ev);
72 }
73
74 subreq = rpccli_wbint_LookupGroupMembers_send(
75 state, ev, domain->child.rpccli, &state->sid, type,
76 &state->members);
77 if (tevent_req_nomem(subreq, req)) {
78 return tevent_req_post(req, ev);
79 }
80 tevent_req_set_callback(subreq, wb_lookupgroupmem_done, req);
81 return req;
82 }
83
84 static void wb_lookupgroupmem_done(struct tevent_req *subreq)
85 {
86 struct tevent_req *req = tevent_req_callback_data(
87 subreq, struct tevent_req);
88 struct wb_lookupgroupmem_state *state = tevent_req_data(
89 req, struct wb_lookupgroupmem_state);
90 NTSTATUS status, result;
91
92 status = rpccli_wbint_LookupGroupMembers_recv(subreq, state, &result);
93 TALLOC_FREE(subreq);
94 if (!NT_STATUS_IS_OK(status)) {
95 tevent_req_nterror(req, status);
96 return;
97 }
98 if (!NT_STATUS_IS_OK(result)) {
99 tevent_req_nterror(req, result);
100 return;
101 }
102 tevent_req_done(req);
103 }
104
105 static NTSTATUS wb_lookupgroupmem_recv(struct tevent_req *req,
106 TALLOC_CTX *mem_ctx,
107 int *num_members,
108 struct wbint_Principal **members)
109 {
110 struct wb_lookupgroupmem_state *state = tevent_req_data(
111 req, struct wb_lookupgroupmem_state);
112 NTSTATUS status;
113
114 if (tevent_req_is_nterror(req, &status)) {
115 return status;
116 }
117
118 *num_members = state->members.num_principals;
119 *members = talloc_move(mem_ctx, &state->members.principals);
120 return NT_STATUS_OK;
121 }
122
123 /*
124 * Same as wb_lookupgroupmem for a list of groups
125 */
126
127 struct wb_groups_members_state {
128 struct tevent_context *ev;
129 struct wbint_Principal *groups;
130 int num_groups;
131 int next_group;
132 struct wbint_Principal *all_members;
133 };
134
135 static NTSTATUS wb_groups_members_next_subreq(
136 struct wb_groups_members_state *state,
137 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
138 static void wb_groups_members_done(struct tevent_req *subreq);
139
140 static struct tevent_req *wb_groups_members_send(TALLOC_CTX *mem_ctx,
141 struct tevent_context *ev,
142 int num_groups,
143 struct wbint_Principal *groups)
144 {
145 struct tevent_req *req, *subreq;
146 struct wb_groups_members_state *state;
147 NTSTATUS status;
148
149 req = tevent_req_create(mem_ctx, &state,
150 struct wb_groups_members_state);
151 if (req == NULL) {
152 return NULL;
153 }
154 state->ev = ev;
155 state->groups = groups;
156 state->num_groups = num_groups;
157 state->next_group = 0;
158 state->all_members = NULL;
159
160 status = wb_groups_members_next_subreq(state, state, &subreq);
161 if (!NT_STATUS_IS_OK(status)) {
162 tevent_req_nterror(req, status);
163 return tevent_req_post(req, ev);
164 }
165 if (subreq == NULL) {
166 tevent_req_done(req);
167 return tevent_req_post(req, ev);
168 }
169 tevent_req_set_callback(subreq, wb_groups_members_done, req);
170 return req;
171 }
172
173 static NTSTATUS wb_groups_members_next_subreq(
174 struct wb_groups_members_state *state,
175 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
176 {
177 struct tevent_req *subreq;
178 struct wbint_Principal *g;
179
180 if (state->next_group >= state->num_groups) {
181 *psubreq = NULL;
182 return NT_STATUS_OK;
183 }
184
185 g = &state->groups[state->next_group];
186 state->next_group += 1;
187
188 subreq = wb_lookupgroupmem_send(mem_ctx, state->ev, &g->sid, g->type);
189 if (subreq == NULL) {
190 return NT_STATUS_NO_MEMORY;
191 }
192 *psubreq = subreq;
193 return NT_STATUS_OK;
194 }
195
196 static void wb_groups_members_done(struct tevent_req *subreq)
197 {
198 struct tevent_req *req = tevent_req_callback_data(
199 subreq, struct tevent_req);
200 struct wb_groups_members_state *state = tevent_req_data(
201 req, struct wb_groups_members_state);
202 int i, num_all_members;
203 int num_members = 0;
204 struct wbint_Principal *members = NULL;
205 NTSTATUS status;
206
207 status = wb_lookupgroupmem_recv(subreq, state, &num_members,
208 &members);
209 TALLOC_FREE(subreq);
210
211 /*
212 * In this error handling here we might have to be a bit more generous
213 * and just continue if an error occured.
214 */
215
216 if (!NT_STATUS_IS_OK(status)) {
217 tevent_req_nterror(req, status);
218 return;
219 }
220
221 num_all_members = talloc_array_length(state->all_members);
222
223 state->all_members = talloc_realloc(
224 state, state->all_members, struct wbint_Principal,
225 num_all_members + num_members);
226 if ((num_all_members + num_members != 0)
227 && tevent_req_nomem(state->all_members, req)) {
228 return;
229 }
230 for (i=0; i<num_members; i++) {
231 struct wbint_Principal *src, *dst;
232 src = &members[i];
233 dst = &state->all_members[num_all_members + i];
234 sid_copy(&dst->sid, &src->sid);
235 dst->name = talloc_move(state->all_members, &src->name);
236 dst->type = src->type;
237 }
238 TALLOC_FREE(members);
239
240 status = wb_groups_members_next_subreq(state, state, &subreq);
241 if (!NT_STATUS_IS_OK(status)) {
242 tevent_req_nterror(req, status);
243 return;
244 }
245 if (subreq == NULL) {
246 tevent_req_done(req);
247 return;
248 }
249 tevent_req_set_callback(subreq, wb_groups_members_done, req);
250 }
251
252 static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
253 TALLOC_CTX *mem_ctx,
254 int *num_members,
255 struct wbint_Principal **members)
256 {
257 struct wb_groups_members_state *state = tevent_req_data(
258 req, struct wb_groups_members_state);
259 NTSTATUS status;
260
261 if (tevent_req_is_nterror(req, &status)) {
262 return status;
263 }
264 *num_members = talloc_array_length(state->all_members);
265 *members = talloc_move(mem_ctx, &state->all_members);
266 return NT_STATUS_OK;
267 }
268
269
270 /*
271 * This is the routine expanding a list of groups up to a certain level. We
272 * collect the users in a talloc_dict: We have to add them without duplicates,
273 * and talloc_dict is an indexed (here indexed by SID) data structure.
274 */
275
276 struct wb_group_members_state {
277 struct tevent_context *ev;
278 int depth;
279 struct talloc_dict *users;
280 struct wbint_Principal *groups;
281 };
282
283 static NTSTATUS wb_group_members_next_subreq(
284 struct wb_group_members_state *state,
285 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
286 static void wb_group_members_done(struct tevent_req *subreq);
287
288 struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
289 struct tevent_context *ev,
290 const struct dom_sid *sid,
291 enum lsa_SidType type,
292 int max_depth)
293 {
294 struct tevent_req *req, *subreq;
295 struct wb_group_members_state *state;
296 NTSTATUS status;
297
298 req = tevent_req_create(mem_ctx, &state,
299 struct wb_group_members_state);
300 if (req == NULL) {
301 return NULL;
302 }
303 state->ev = ev;
304 state->depth = max_depth;
305 state->users = talloc_dict_init(state);
306 if (tevent_req_nomem(state->users, req)) {
307 return tevent_req_post(req, ev);
308 }
309
310 state->groups = talloc(state, struct wbint_Principal);
311 if (tevent_req_nomem(state->groups, req)) {
312 return tevent_req_post(req, ev);
313 }
314 state->groups->name = NULL;
315 sid_copy(&state->groups->sid, sid);
316 state->groups->type = type;
317
318 status = wb_group_members_next_subreq(state, state, &subreq);
319 if (!NT_STATUS_IS_OK(status)) {
320 tevent_req_nterror(req, status);
321 return tevent_req_post(req, ev);
322 }
323 if (subreq == NULL) {
324 tevent_req_done(req);
325 return tevent_req_post(req, ev);
326 }
327 tevent_req_set_callback(subreq, wb_group_members_done, req);
328 return req;
329 }
330
331 static NTSTATUS wb_group_members_next_subreq(
332 struct wb_group_members_state *state,
333 TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
334 {
335 struct tevent_req *subreq;
336
337 if ((talloc_array_length(state->groups) == 0)
338 || (state->depth <= 0)) {
339 *psubreq = NULL;
340 return NT_STATUS_OK;
341 }
342 state->depth -= 1;
343
344 subreq = wb_groups_members_send(
345 mem_ctx, state->ev, talloc_array_length(state->groups),
346 state->groups);
347 if (subreq == NULL) {
348 return NT_STATUS_NO_MEMORY;
349 }
350 *psubreq = subreq;
351 return NT_STATUS_OK;
352 }
353
354 static void wb_group_members_done(struct tevent_req *subreq)
355 {
356 struct tevent_req *req = tevent_req_callback_data(
357 subreq, struct tevent_req);
358 struct wb_group_members_state *state = tevent_req_data(
359 req, struct wb_group_members_state);
360 int i, num_groups, new_users, new_groups;
361 int num_members = 0;
362 struct wbint_Principal *members = NULL;
363 NTSTATUS status;
364
365 status = wb_groups_members_recv(subreq, state, &num_members, &members);
366 TALLOC_FREE(subreq);
367 if (!NT_STATUS_IS_OK(status)) {
368 tevent_req_nterror(req, status);
369 return;
370 }
371
372 new_users = new_groups = 0;
373 for (i=0; i<num_members; i++) {
374 switch (members[i].type) {
375 case SID_NAME_DOM_GRP:
376 case SID_NAME_ALIAS:
377 case SID_NAME_WKN_GRP:
378 new_groups += 1;
379 break;
380 default:
381 /* Ignore everything else */
382 break;
383 }
384 }
385
386 num_groups = 0;
387 TALLOC_FREE(state->groups);
388 state->groups = talloc_array(state, struct wbint_Principal,
389 new_groups);
390
391 /*
392 * Collect the users into state->users and the groups into
393 * state->groups for the next iteration.
394 */
395
396 for (i=0; i<num_members; i++) {
397 switch (members[i].type) {
398 case SID_NAME_USER:
399 case SID_NAME_COMPUTER: {
400 /*
401 * Add a copy of members[i] to state->users
402 */
403 struct wbint_Principal *m;
404 struct dom_sid *sid;
405 DATA_BLOB key;
406
407 m = talloc(talloc_tos(), struct wbint_Principal);
408 if (tevent_req_nomem(m, req)) {
409 return;
410 }
411 sid_copy(&m->sid, &members[i].sid);
412 m->name = talloc_move(m, &members[i].name);
413 m->type = members[i].type;
414
415 sid = &members[i].sid;
416 key = data_blob_const(
417 sid, ndr_size_dom_sid(sid, 0));
418
419 if (!talloc_dict_set(state->users, key, &m)) {
420 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
421 return;
422 }
423 break;
424 }
425 case SID_NAME_DOM_GRP:
426 case SID_NAME_ALIAS:
427 case SID_NAME_WKN_GRP: {
428 struct wbint_Principal *g;
429 /*
430 * Save members[i] for the next round
431 */
432 g = &state->groups[num_groups];
433 sid_copy(&g->sid, &members[i].sid);
434 g->name = talloc_move(state->groups, &members[i].name);
435 g->type = members[i].type;
436 num_groups += 1;
437 break;
438 }
439 default:
440 /* Ignore everything else */
441 break;
442 }
443 }
444
445 status = wb_group_members_next_subreq(state, state, &subreq);
446 if (!NT_STATUS_IS_OK(status)) {
447 tevent_req_nterror(req, status);
448 return;
449 }
450 if (subreq == NULL) {
451 tevent_req_done(req);
452 return;
453 }
454 tevent_req_set_callback(subreq, wb_group_members_done, req);
455 }
456
457 NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
458 struct talloc_dict **members)
459 {
460 struct wb_group_members_state *state = tevent_req_data(
461 req, struct wb_group_members_state);
462 NTSTATUS status;
463
464 if (tevent_req_is_nterror(req, &status)) {
465 return status;
466 }
467 *members = talloc_move(mem_ctx, &state->users);
468 return NT_STATUS_OK;
469 }
reg import