dsdb-acl: Do not apply ACL on special DNs to hide attributes that the user shouldn...
[Samba/id10ts.git] / source3 / winbindd / wb_getgrsid.c
blob2097539e29cc5d614731daa12e2c0bd0db2c0798
1 /*
2 Unix SMB/CIFS implementation.
3 async getgrsid
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/ndr_wbint_c.h"
23 #include "../libcli/security/security.h"
25 struct wb_getgrsid_state {
26 struct tevent_context *ev;
27 struct dom_sid sid;
28 int max_nesting;
29 const char *domname;
30 const char *name;
31 enum lsa_SidType type;
32 gid_t gid;
33 struct talloc_dict *members;
36 static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq);
37 static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq);
38 static void wb_getgrsid_got_members(struct tevent_req *subreq);
40 struct tevent_req *wb_getgrsid_send(TALLOC_CTX *mem_ctx,
41 struct tevent_context *ev,
42 const struct dom_sid *group_sid,
43 int max_nesting)
45 struct tevent_req *req, *subreq;
46 struct wb_getgrsid_state *state;
48 req = tevent_req_create(mem_ctx, &state, struct wb_getgrsid_state);
49 if (req == NULL) {
50 return NULL;
52 sid_copy(&state->sid, group_sid);
53 state->ev = ev;
54 state->max_nesting = max_nesting;
56 if (lp_winbind_trusted_domains_only()) {
57 struct winbindd_domain *our_domain = find_our_domain();
59 if (dom_sid_compare_domain(group_sid, &our_domain->sid) == 0) {
60 DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
61 "getgrsid() for %s\n", sid_string_tos(group_sid)));
62 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
63 return tevent_req_post(req, ev);
67 subreq = wb_lookupsid_send(state, ev, &state->sid);
68 if (tevent_req_nomem(subreq, req)) {
69 return tevent_req_post(req, ev);
71 tevent_req_set_callback(subreq, wb_getgrsid_lookupsid_done, req);
72 return req;
75 static void wb_getgrsid_lookupsid_done(struct tevent_req *subreq)
77 struct tevent_req *req = tevent_req_callback_data(
78 subreq, struct tevent_req);
79 struct wb_getgrsid_state *state = tevent_req_data(
80 req, struct wb_getgrsid_state);
81 NTSTATUS status;
83 status = wb_lookupsid_recv(subreq, state, &state->type,
84 &state->domname, &state->name);
85 TALLOC_FREE(subreq);
86 if (tevent_req_nterror(req, status)) {
87 return;
90 switch (state->type) {
91 case SID_NAME_DOM_GRP:
92 case SID_NAME_ALIAS:
93 case SID_NAME_WKN_GRP:
94 break;
95 default:
96 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
97 return;
100 subreq = wb_sids2xids_send(state, state->ev, &state->sid, 1);
101 if (tevent_req_nomem(subreq, req)) {
102 return;
104 tevent_req_set_callback(subreq, wb_getgrsid_sid2gid_done, req);
107 static void wb_getgrsid_sid2gid_done(struct tevent_req *subreq)
109 struct tevent_req *req = tevent_req_callback_data(
110 subreq, struct tevent_req);
111 struct wb_getgrsid_state *state = tevent_req_data(
112 req, struct wb_getgrsid_state);
113 NTSTATUS status;
114 struct unixid xid;
116 status = wb_sids2xids_recv(subreq, &xid);
117 TALLOC_FREE(subreq);
118 if (tevent_req_nterror(req, status)) {
119 return;
123 * We are filtering further down in sids2xids, but that filtering
124 * depends on the actual type of the sid handed in (as determined
125 * by lookupsids). Here we need to filter for the type of object
126 * actually requested, in this case uid.
128 if (!(xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH)) {
129 tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
130 return;
133 state->gid = (gid_t)xid.id;
135 subreq = wb_group_members_send(state, state->ev, &state->sid,
136 state->type, state->max_nesting);
137 if (tevent_req_nomem(subreq, req)) {
138 return;
140 tevent_req_set_callback(subreq, wb_getgrsid_got_members, req);
143 static void wb_getgrsid_got_members(struct tevent_req *subreq)
145 struct tevent_req *req = tevent_req_callback_data(
146 subreq, struct tevent_req);
147 struct wb_getgrsid_state *state = tevent_req_data(
148 req, struct wb_getgrsid_state);
149 NTSTATUS status;
151 status = wb_group_members_recv(subreq, state, &state->members);
152 TALLOC_FREE(subreq);
153 if (tevent_req_nterror(req, status)) {
154 return;
156 tevent_req_done(req);
159 NTSTATUS wb_getgrsid_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
160 const char **domname, const char **name, gid_t *gid,
161 struct talloc_dict **members)
163 struct wb_getgrsid_state *state = tevent_req_data(
164 req, struct wb_getgrsid_state);
165 NTSTATUS status;
167 if (tevent_req_is_nterror(req, &status)) {
168 return status;
170 *domname = talloc_move(mem_ctx, &state->domname);
171 *name = talloc_move(mem_ctx, &state->name);
172 *gid = state->gid;
173 *members = talloc_move(mem_ctx, &state->members);
174 return NT_STATUS_OK;