dsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in acl_rename()
[Samba/gebeck_regimport.git] / source3 / winbindd / wb_fill_pwent.c
bloba6a9013419dbdf26a1be1c4babda3b41655df35b
1 /*
2 Unix SMB/CIFS implementation.
3 async fill_pwent
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/ndr_wbint_c.h"
24 struct wb_fill_pwent_state {
25 struct tevent_context *ev;
26 struct wbint_userinfo *info;
27 struct winbindd_pw *pw;
30 static bool fillup_pw_field(const char *lp_template,
31 const char *username,
32 const char *domname,
33 uid_t uid,
34 gid_t gid,
35 const char *in,
36 fstring out);
38 static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq);
39 static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq);
41 struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx,
42 struct tevent_context *ev,
43 struct wbint_userinfo *info,
44 struct winbindd_pw *pw)
46 struct tevent_req *req, *subreq;
47 struct wb_fill_pwent_state *state;
49 req = tevent_req_create(mem_ctx, &state, struct wb_fill_pwent_state);
50 if (req == NULL) {
51 return NULL;
53 state->ev = ev;
54 state->info = info;
55 state->pw = pw;
57 subreq = wb_sids2xids_send(state, state->ev, &state->info->user_sid, 1);
58 if (tevent_req_nomem(subreq, req)) {
59 return tevent_req_post(req, ev);
61 tevent_req_set_callback(subreq, wb_fill_pwent_sid2uid_done, req);
62 return req;
65 static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)
67 struct tevent_req *req = tevent_req_callback_data(
68 subreq, struct tevent_req);
69 struct wb_fill_pwent_state *state = tevent_req_data(
70 req, struct wb_fill_pwent_state);
71 NTSTATUS status;
72 struct unixid xid;
74 status = wb_sids2xids_recv(subreq, &xid);
75 TALLOC_FREE(subreq);
76 if (tevent_req_nterror(req, status)) {
77 return;
81 * We are filtering further down in sids2xids, but that filtering
82 * depends on the actual type of the sid handed in (as determined
83 * by lookupsids). Here we need to filter for the type of object
84 * actually requested, in this case uid.
86 if (!(xid.type == ID_TYPE_UID || xid.type == ID_TYPE_BOTH)) {
87 tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
88 return;
91 state->pw->pw_uid = (uid_t)xid.id;
93 subreq = wb_sids2xids_send(state, state->ev, &state->info->group_sid, 1);
94 if (tevent_req_nomem(subreq, req)) {
95 return;
97 tevent_req_set_callback(subreq, wb_fill_pwent_sid2gid_done, req);
100 static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
102 struct tevent_req *req = tevent_req_callback_data(
103 subreq, struct tevent_req);
104 struct wb_fill_pwent_state *state = tevent_req_data(
105 req, struct wb_fill_pwent_state);
106 struct winbindd_domain *domain;
107 char *dom_name;
108 fstring user_name, output_username;
109 char *mapped_name = NULL;
110 NTSTATUS status;
111 struct unixid xid;
113 status = wb_sids2xids_recv(subreq, &xid);
114 TALLOC_FREE(subreq);
115 if (tevent_req_nterror(req, status)) {
116 return;
120 * We are filtering further down in sids2xids, but that filtering
121 * depends on the actual type of the sid handed in (as determined
122 * by lookupsids). Here we need to filter for the type of object
123 * actually requested, in this case uid.
125 if (!(xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH)) {
126 tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
127 return;
130 state->pw->pw_gid = (gid_t)xid.id;
132 domain = find_domain_from_sid_noinit(&state->info->user_sid);
133 if (domain == NULL) {
134 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
135 return;
137 dom_name = domain->name;
139 /* Username */
141 fstrcpy(user_name, state->info->acct_name);
142 if (!strlower_m(user_name)) {
143 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
144 return;
146 status = normalize_name_map(state, domain, user_name, &mapped_name);
148 /* Basic removal of whitespace */
149 if (NT_STATUS_IS_OK(status)) {
150 fill_domain_username(output_username, dom_name, mapped_name,
151 true);
153 /* Complete name replacement */
154 else if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
155 fstrcpy(output_username, mapped_name);
157 /* No change at all */
158 else {
159 fill_domain_username(output_username, dom_name, user_name,
160 true);
163 strlcpy(state->pw->pw_name,
164 output_username,
165 sizeof(state->pw->pw_name));
166 fstrcpy(state->pw->pw_gecos, state->info->full_name);
168 /* Home directory and shell */
170 if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name,
171 state->pw->pw_uid, state->pw->pw_gid,
172 state->info->homedir, state->pw->pw_dir)) {
173 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
174 return;
177 if (!fillup_pw_field(lp_template_shell(), user_name, dom_name,
178 state->pw->pw_uid, state->pw->pw_gid,
179 state->info->shell, state->pw->pw_shell)) {
180 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
181 return;
184 /* Password - set to "*" as we can't generate anything useful here.
185 Authentication can be done using the pam_winbind module. */
187 fstrcpy(state->pw->pw_passwd, "*");
188 tevent_req_done(req);
191 NTSTATUS wb_fill_pwent_recv(struct tevent_req *req)
193 return tevent_req_simple_recv_ntstatus(req);
196 static bool fillup_pw_field(const char *lp_template,
197 const char *username,
198 const char *domname,
199 uid_t uid,
200 gid_t gid,
201 const char *in,
202 fstring out)
204 char *templ;
206 if (out == NULL)
207 return False;
209 /* The substitution of %U and %D in the 'template
210 homedir' is done by talloc_sub_specified() below.
211 If we have an in string (which means the value has already
212 been set in the nss_info backend), then use that.
213 Otherwise use the template value passed in. */
215 if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
216 templ = talloc_sub_specified(talloc_tos(), in,
217 username, domname,
218 uid, gid);
219 } else {
220 templ = talloc_sub_specified(talloc_tos(), lp_template,
221 username, domname,
222 uid, gid);
225 if (!templ)
226 return False;
228 strlcpy(out, templ, sizeof(fstring));
229 TALLOC_FREE(templ);
231 return True;