2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_GETGROUPS
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
24 struct winbindd_getgroups_state {
25 struct tevent_context *ev;
30 enum lsa_SidType type;
37 static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq);
38 static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq);
39 static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq);
41 struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
42 struct tevent_context *ev,
43 struct winbindd_cli_state *cli,
44 struct winbindd_request *request)
46 struct tevent_req *req, *subreq;
47 struct winbindd_getgroups_state *state;
48 char *domuser, *mapped_user;
52 req = tevent_req_create(mem_ctx, &state,
53 struct winbindd_getgroups_state);
59 /* Ensure null termination */
60 request->data.username[sizeof(request->data.username)-1]='\0';
62 DBG_NOTICE("[%s (%u)] getgroups %s\n",
64 (unsigned int)cli->pid,
65 request->data.username);
67 domuser = request->data.username;
69 status = normalize_name_unmap(state, domuser, &mapped_user);
71 if (NT_STATUS_IS_OK(status)
72 || NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
73 /* normalize_name_unmapped did something */
74 domuser = mapped_user;
77 ok = parse_domain_user(domuser,
82 DEBUG(5, ("Could not parse domain user: %s\n", domuser));
83 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
84 return tevent_req_post(req, ev);
87 subreq = wb_lookupname_send(state, ev,
92 if (tevent_req_nomem(subreq, req)) {
93 return tevent_req_post(req, ev);
95 tevent_req_set_callback(subreq, winbindd_getgroups_lookupname_done,
100 static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq)
102 struct tevent_req *req = tevent_req_callback_data(
103 subreq, struct tevent_req);
104 struct winbindd_getgroups_state *state = tevent_req_data(
105 req, struct winbindd_getgroups_state);
108 status = wb_lookupname_recv(subreq, &state->sid, &state->type);
110 if (tevent_req_nterror(req, status)) {
114 subreq = wb_gettoken_send(state, state->ev, &state->sid, true);
115 if (tevent_req_nomem(subreq, req)) {
118 tevent_req_set_callback(subreq, winbindd_getgroups_gettoken_done, req);
121 static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq)
123 struct tevent_req *req = tevent_req_callback_data(
124 subreq, struct tevent_req);
125 struct winbindd_getgroups_state *state = tevent_req_data(
126 req, struct winbindd_getgroups_state);
129 status = wb_gettoken_recv(subreq, state, &state->num_sids,
132 if (tevent_req_nterror(req, status)) {
137 * Convert the group SIDs to gids. state->sids[0] contains the user
138 * sid. If the idmap backend uses ID_TYPE_BOTH, we might need the
139 * the id of the user sid in the list of group sids, so map the
143 subreq = wb_sids2xids_send(state, state->ev,
144 state->sids, state->num_sids);
145 if (tevent_req_nomem(subreq, req)) {
148 tevent_req_set_callback(subreq, winbindd_getgroups_sid2gid_done, req);
151 static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq)
153 struct tevent_req *req = tevent_req_callback_data(
154 subreq, struct tevent_req);
155 struct winbindd_getgroups_state *state = tevent_req_data(
156 req, struct winbindd_getgroups_state);
161 xids = talloc_array(state, struct unixid, state->num_sids);
162 if (tevent_req_nomem(xids, req)) {
165 for (i=0; i < state->num_sids; i++) {
166 xids[i].type = ID_TYPE_NOT_SPECIFIED;
167 xids[i].id = UINT32_MAX;
170 status = wb_sids2xids_recv(subreq, xids, state->num_sids);
172 if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) ||
173 NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED))
175 status = NT_STATUS_OK;
177 if (tevent_req_nterror(req, status)) {
181 state->gids = talloc_array(state, gid_t, state->num_sids);
182 if (tevent_req_nomem(state->gids, req)) {
187 for (i=0; i < state->num_sids; i++) {
188 bool include_gid = false;
189 const char *debug_missing = NULL;
191 switch (xids[i].type) {
192 case ID_TYPE_NOT_SPECIFIED:
193 debug_missing = "not specified";
197 debug_missing = "uid";
207 if (debug_missing == NULL) {
211 DEBUG(10, ("WARNING: skipping unix id (%u) for sid %s "
212 "from group list because the idmap type "
214 "This might be a security problem when ACLs "
215 "contain DENY ACEs!\n",
216 (unsigned)xids[i].id,
217 sid_string_tos(&state->sids[i]),
222 state->gids[state->num_gids] = (gid_t)xids[i].id;
223 state->num_gids += 1;
227 * This should not fail, as it does not do any reallocation,
228 * just updating the talloc size.
230 state->gids = talloc_realloc(state, state->gids, gid_t, state->num_gids);
231 if (tevent_req_nomem(state->gids, req)) {
235 tevent_req_done(req);
238 NTSTATUS winbindd_getgroups_recv(struct tevent_req *req,
239 struct winbindd_response *response)
241 struct winbindd_getgroups_state *state = tevent_req_data(
242 req, struct winbindd_getgroups_state);
245 if (tevent_req_is_nterror(req, &status)) {
246 DEBUG(5, ("Could not convert sid %s: %s\n",
247 sid_string_dbg(&state->sid), nt_errstr(status)));
251 response->data.num_entries = state->num_gids;
253 if (state->num_gids > 0) {
254 response->extra_data.data = talloc_move(response,
256 response->length += state->num_gids * sizeof(gid_t);