2 Unix SMB/CIFS implementation.
3 async lookupgroupmembers
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/cli_wbint.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
26 * We have 3 sets of routines here:
28 * wb_lookupgroupmem is the low-level one-group routine
30 * wb_groups_members walks a list of groups
32 * wb_group_members finally is the high-level routine expanding groups
37 * TODO: fill_grent_mem_domusers must be re-added
41 * Look up members of a single group. Essentially a wrapper around the
42 * lookup_groupmem winbindd_methods routine.
45 struct wb_lookupgroupmem_state
{
47 struct wbint_Principals members
;
50 static void wb_lookupgroupmem_done(struct tevent_req
*subreq
);
52 static struct tevent_req
*wb_lookupgroupmem_send(TALLOC_CTX
*mem_ctx
,
53 struct tevent_context
*ev
,
54 const struct dom_sid
*group_sid
,
55 enum lsa_SidType type
)
57 struct tevent_req
*req
, *subreq
;
58 struct wb_lookupgroupmem_state
*state
;
59 struct winbindd_domain
*domain
;
61 req
= tevent_req_create(mem_ctx
, &state
,
62 struct wb_lookupgroupmem_state
);
66 sid_copy(&state
->sid
, group_sid
);
68 domain
= find_domain_from_sid_noinit(group_sid
);
70 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_GROUP
);
71 return tevent_req_post(req
, ev
);
74 subreq
= dcerpc_wbint_LookupGroupMembers_send(
75 state
, ev
, domain
->child
.binding_handle
, &state
->sid
, type
,
77 if (tevent_req_nomem(subreq
, req
)) {
78 return tevent_req_post(req
, ev
);
80 tevent_req_set_callback(subreq
, wb_lookupgroupmem_done
, req
);
84 static void wb_lookupgroupmem_done(struct tevent_req
*subreq
)
86 struct tevent_req
*req
= tevent_req_callback_data(
87 subreq
, struct tevent_req
);
88 struct wb_lookupgroupmem_state
*state
= tevent_req_data(
89 req
, struct wb_lookupgroupmem_state
);
90 NTSTATUS status
, result
;
92 status
= dcerpc_wbint_LookupGroupMembers_recv(subreq
, state
, &result
);
94 if (!NT_STATUS_IS_OK(status
)) {
95 tevent_req_nterror(req
, status
);
98 if (!NT_STATUS_IS_OK(result
)) {
99 tevent_req_nterror(req
, result
);
102 tevent_req_done(req
);
105 static NTSTATUS
wb_lookupgroupmem_recv(struct tevent_req
*req
,
108 struct wbint_Principal
**members
)
110 struct wb_lookupgroupmem_state
*state
= tevent_req_data(
111 req
, struct wb_lookupgroupmem_state
);
114 if (tevent_req_is_nterror(req
, &status
)) {
118 *num_members
= state
->members
.num_principals
;
119 *members
= talloc_move(mem_ctx
, &state
->members
.principals
);
124 * Same as wb_lookupgroupmem for a list of groups
127 struct wb_groups_members_state
{
128 struct tevent_context
*ev
;
129 struct wbint_Principal
*groups
;
132 struct wbint_Principal
*all_members
;
135 static NTSTATUS
wb_groups_members_next_subreq(
136 struct wb_groups_members_state
*state
,
137 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
);
138 static void wb_groups_members_done(struct tevent_req
*subreq
);
140 static struct tevent_req
*wb_groups_members_send(TALLOC_CTX
*mem_ctx
,
141 struct tevent_context
*ev
,
143 struct wbint_Principal
*groups
)
145 struct tevent_req
*req
, *subreq
;
146 struct wb_groups_members_state
*state
;
149 req
= tevent_req_create(mem_ctx
, &state
,
150 struct wb_groups_members_state
);
155 state
->groups
= groups
;
156 state
->num_groups
= num_groups
;
157 state
->next_group
= 0;
158 state
->all_members
= NULL
;
160 status
= wb_groups_members_next_subreq(state
, state
, &subreq
);
161 if (!NT_STATUS_IS_OK(status
)) {
162 tevent_req_nterror(req
, status
);
163 return tevent_req_post(req
, ev
);
165 if (subreq
== NULL
) {
166 tevent_req_done(req
);
167 return tevent_req_post(req
, ev
);
169 tevent_req_set_callback(subreq
, wb_groups_members_done
, req
);
173 static NTSTATUS
wb_groups_members_next_subreq(
174 struct wb_groups_members_state
*state
,
175 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
)
177 struct tevent_req
*subreq
;
178 struct wbint_Principal
*g
;
180 if (state
->next_group
>= state
->num_groups
) {
185 g
= &state
->groups
[state
->next_group
];
186 state
->next_group
+= 1;
188 subreq
= wb_lookupgroupmem_send(mem_ctx
, state
->ev
, &g
->sid
, g
->type
);
189 if (subreq
== NULL
) {
190 return NT_STATUS_NO_MEMORY
;
196 static void wb_groups_members_done(struct tevent_req
*subreq
)
198 struct tevent_req
*req
= tevent_req_callback_data(
199 subreq
, struct tevent_req
);
200 struct wb_groups_members_state
*state
= tevent_req_data(
201 req
, struct wb_groups_members_state
);
202 int i
, num_all_members
;
204 struct wbint_Principal
*members
= NULL
;
207 status
= wb_lookupgroupmem_recv(subreq
, state
, &num_members
,
212 * In this error handling here we might have to be a bit more generous
213 * and just continue if an error occured.
216 if (!NT_STATUS_IS_OK(status
)) {
217 tevent_req_nterror(req
, status
);
221 num_all_members
= talloc_array_length(state
->all_members
);
223 state
->all_members
= talloc_realloc(
224 state
, state
->all_members
, struct wbint_Principal
,
225 num_all_members
+ num_members
);
226 if ((num_all_members
+ num_members
!= 0)
227 && tevent_req_nomem(state
->all_members
, req
)) {
230 for (i
=0; i
<num_members
; i
++) {
231 struct wbint_Principal
*src
, *dst
;
233 dst
= &state
->all_members
[num_all_members
+ i
];
234 sid_copy(&dst
->sid
, &src
->sid
);
235 dst
->name
= talloc_move(state
->all_members
, &src
->name
);
236 dst
->type
= src
->type
;
238 TALLOC_FREE(members
);
240 status
= wb_groups_members_next_subreq(state
, state
, &subreq
);
241 if (!NT_STATUS_IS_OK(status
)) {
242 tevent_req_nterror(req
, status
);
245 if (subreq
== NULL
) {
246 tevent_req_done(req
);
249 tevent_req_set_callback(subreq
, wb_groups_members_done
, req
);
252 static NTSTATUS
wb_groups_members_recv(struct tevent_req
*req
,
255 struct wbint_Principal
**members
)
257 struct wb_groups_members_state
*state
= tevent_req_data(
258 req
, struct wb_groups_members_state
);
261 if (tevent_req_is_nterror(req
, &status
)) {
264 *num_members
= talloc_array_length(state
->all_members
);
265 *members
= talloc_move(mem_ctx
, &state
->all_members
);
271 * This is the routine expanding a list of groups up to a certain level. We
272 * collect the users in a talloc_dict: We have to add them without duplicates,
273 * and talloc_dict is an indexed (here indexed by SID) data structure.
276 struct wb_group_members_state
{
277 struct tevent_context
*ev
;
279 struct talloc_dict
*users
;
280 struct wbint_Principal
*groups
;
283 static NTSTATUS
wb_group_members_next_subreq(
284 struct wb_group_members_state
*state
,
285 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
);
286 static void wb_group_members_done(struct tevent_req
*subreq
);
288 struct tevent_req
*wb_group_members_send(TALLOC_CTX
*mem_ctx
,
289 struct tevent_context
*ev
,
290 const struct dom_sid
*sid
,
291 enum lsa_SidType type
,
294 struct tevent_req
*req
, *subreq
;
295 struct wb_group_members_state
*state
;
298 req
= tevent_req_create(mem_ctx
, &state
,
299 struct wb_group_members_state
);
304 state
->depth
= max_depth
;
305 state
->users
= talloc_dict_init(state
);
306 if (tevent_req_nomem(state
->users
, req
)) {
307 return tevent_req_post(req
, ev
);
310 state
->groups
= talloc(state
, struct wbint_Principal
);
311 if (tevent_req_nomem(state
->groups
, req
)) {
312 return tevent_req_post(req
, ev
);
314 state
->groups
->name
= NULL
;
315 sid_copy(&state
->groups
->sid
, sid
);
316 state
->groups
->type
= type
;
318 status
= wb_group_members_next_subreq(state
, state
, &subreq
);
319 if (!NT_STATUS_IS_OK(status
)) {
320 tevent_req_nterror(req
, status
);
321 return tevent_req_post(req
, ev
);
323 if (subreq
== NULL
) {
324 tevent_req_done(req
);
325 return tevent_req_post(req
, ev
);
327 tevent_req_set_callback(subreq
, wb_group_members_done
, req
);
331 static NTSTATUS
wb_group_members_next_subreq(
332 struct wb_group_members_state
*state
,
333 TALLOC_CTX
*mem_ctx
, struct tevent_req
**psubreq
)
335 struct tevent_req
*subreq
;
337 if ((talloc_array_length(state
->groups
) == 0)
338 || (state
->depth
<= 0)) {
344 subreq
= wb_groups_members_send(
345 mem_ctx
, state
->ev
, talloc_array_length(state
->groups
),
347 if (subreq
== NULL
) {
348 return NT_STATUS_NO_MEMORY
;
354 static void wb_group_members_done(struct tevent_req
*subreq
)
356 struct tevent_req
*req
= tevent_req_callback_data(
357 subreq
, struct tevent_req
);
358 struct wb_group_members_state
*state
= tevent_req_data(
359 req
, struct wb_group_members_state
);
360 int i
, num_groups
, new_users
, new_groups
;
362 struct wbint_Principal
*members
= NULL
;
365 status
= wb_groups_members_recv(subreq
, state
, &num_members
, &members
);
367 if (!NT_STATUS_IS_OK(status
)) {
368 tevent_req_nterror(req
, status
);
372 new_users
= new_groups
= 0;
373 for (i
=0; i
<num_members
; i
++) {
374 switch (members
[i
].type
) {
375 case SID_NAME_DOM_GRP
:
377 case SID_NAME_WKN_GRP
:
381 /* Ignore everything else */
387 TALLOC_FREE(state
->groups
);
388 state
->groups
= talloc_array(state
, struct wbint_Principal
,
392 * Collect the users into state->users and the groups into
393 * state->groups for the next iteration.
396 for (i
=0; i
<num_members
; i
++) {
397 switch (members
[i
].type
) {
399 case SID_NAME_COMPUTER
: {
401 * Add a copy of members[i] to state->users
403 struct wbint_Principal
*m
;
407 m
= talloc(talloc_tos(), struct wbint_Principal
);
408 if (tevent_req_nomem(m
, req
)) {
411 sid_copy(&m
->sid
, &members
[i
].sid
);
412 m
->name
= talloc_move(m
, &members
[i
].name
);
413 m
->type
= members
[i
].type
;
415 sid
= &members
[i
].sid
;
416 key
= data_blob_const(
417 sid
, ndr_size_dom_sid(sid
, 0));
419 if (!talloc_dict_set(state
->users
, key
, &m
)) {
420 tevent_req_nterror(req
, NT_STATUS_NO_MEMORY
);
425 case SID_NAME_DOM_GRP
:
427 case SID_NAME_WKN_GRP
: {
428 struct wbint_Principal
*g
;
430 * Save members[i] for the next round
432 g
= &state
->groups
[num_groups
];
433 sid_copy(&g
->sid
, &members
[i
].sid
);
434 g
->name
= talloc_move(state
->groups
, &members
[i
].name
);
435 g
->type
= members
[i
].type
;
440 /* Ignore everything else */
445 status
= wb_group_members_next_subreq(state
, state
, &subreq
);
446 if (!NT_STATUS_IS_OK(status
)) {
447 tevent_req_nterror(req
, status
);
450 if (subreq
== NULL
) {
451 tevent_req_done(req
);
454 tevent_req_set_callback(subreq
, wb_group_members_done
, req
);
457 NTSTATUS
wb_group_members_recv(struct tevent_req
*req
, TALLOC_CTX
*mem_ctx
,
458 struct talloc_dict
**members
)
460 struct wb_group_members_state
*state
= tevent_req_data(
461 req
, struct wb_group_members_state
);
464 if (tevent_req_is_nterror(req
, &status
)) {
467 *members
= talloc_move(mem_ctx
, &state
->users
);