2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/ndr_wbint_c.h"
23 #include "../libcli/security/security.h"
25 struct wb_getgrsid_state
{
26 struct tevent_context
*ev
;
31 enum lsa_SidType type
;
33 struct talloc_dict
*members
;
36 static void wb_getgrsid_lookupsid_done(struct tevent_req
*subreq
);
37 static void wb_getgrsid_sid2gid_done(struct tevent_req
*subreq
);
38 static void wb_getgrsid_got_members(struct tevent_req
*subreq
);
40 struct tevent_req
*wb_getgrsid_send(TALLOC_CTX
*mem_ctx
,
41 struct tevent_context
*ev
,
42 const struct dom_sid
*group_sid
,
45 struct tevent_req
*req
, *subreq
;
46 struct wb_getgrsid_state
*state
;
48 req
= tevent_req_create(mem_ctx
, &state
, struct wb_getgrsid_state
);
52 sid_copy(&state
->sid
, group_sid
);
54 state
->max_nesting
= max_nesting
;
56 if (lp_winbind_trusted_domains_only()) {
57 struct winbindd_domain
*our_domain
= find_our_domain();
59 if (dom_sid_compare_domain(group_sid
, &our_domain
->sid
) == 0) {
60 DEBUG(7, ("winbindd_getgrsid: My domain -- rejecting "
61 "getgrsid() for %s\n", sid_string_tos(group_sid
)));
62 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_GROUP
);
63 return tevent_req_post(req
, ev
);
67 subreq
= wb_lookupsid_send(state
, ev
, &state
->sid
);
68 if (tevent_req_nomem(subreq
, req
)) {
69 return tevent_req_post(req
, ev
);
71 tevent_req_set_callback(subreq
, wb_getgrsid_lookupsid_done
, req
);
75 static void wb_getgrsid_lookupsid_done(struct tevent_req
*subreq
)
77 struct tevent_req
*req
= tevent_req_callback_data(
78 subreq
, struct tevent_req
);
79 struct wb_getgrsid_state
*state
= tevent_req_data(
80 req
, struct wb_getgrsid_state
);
83 status
= wb_lookupsid_recv(subreq
, state
, &state
->type
,
84 &state
->domname
, &state
->name
);
86 if (tevent_req_nterror(req
, status
)) {
90 switch (state
->type
) {
91 case SID_NAME_DOM_GRP
:
93 case SID_NAME_WKN_GRP
:
96 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_GROUP
);
100 subreq
= wb_sids2xids_send(state
, state
->ev
, &state
->sid
, 1);
101 if (tevent_req_nomem(subreq
, req
)) {
104 tevent_req_set_callback(subreq
, wb_getgrsid_sid2gid_done
, req
);
107 static void wb_getgrsid_sid2gid_done(struct tevent_req
*subreq
)
109 struct tevent_req
*req
= tevent_req_callback_data(
110 subreq
, struct tevent_req
);
111 struct wb_getgrsid_state
*state
= tevent_req_data(
112 req
, struct wb_getgrsid_state
);
116 status
= wb_sids2xids_recv(subreq
, &xid
);
118 if (tevent_req_nterror(req
, status
)) {
123 * We are filtering further down in sids2xids, but that filtering
124 * depends on the actual type of the sid handed in (as determined
125 * by lookupsids). Here we need to filter for the type of object
126 * actually requested, in this case uid.
128 if (!(xid
.type
== ID_TYPE_GID
|| xid
.type
== ID_TYPE_BOTH
)) {
129 tevent_req_nterror(req
, NT_STATUS_NONE_MAPPED
);
133 state
->gid
= (gid_t
)xid
.id
;
135 subreq
= wb_group_members_send(state
, state
->ev
, &state
->sid
,
136 state
->type
, state
->max_nesting
);
137 if (tevent_req_nomem(subreq
, req
)) {
140 tevent_req_set_callback(subreq
, wb_getgrsid_got_members
, req
);
143 static void wb_getgrsid_got_members(struct tevent_req
*subreq
)
145 struct tevent_req
*req
= tevent_req_callback_data(
146 subreq
, struct tevent_req
);
147 struct wb_getgrsid_state
*state
= tevent_req_data(
148 req
, struct wb_getgrsid_state
);
151 status
= wb_group_members_recv(subreq
, state
, &state
->members
);
153 if (tevent_req_nterror(req
, status
)) {
156 tevent_req_done(req
);
159 NTSTATUS
wb_getgrsid_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
160 const char **domname
, const char **name
, gid_t
*gid
,
161 struct talloc_dict
**members
)
163 struct wb_getgrsid_state
*state
= tevent_req_data(
164 req
, struct wb_getgrsid_state
);
167 if (tevent_req_is_nterror(req
, &status
)) {
170 *domname
= talloc_move(mem_ctx
, &state
->domname
);
171 *name
= talloc_move(mem_ctx
, &state
->name
);
173 *members
= talloc_move(mem_ctx
, &state
->members
);