2009-08-16 10:58:43 +02:00
/*
Unix SMB / CIFS implementation .
async lookupgroupmembers
Copyright ( C ) Volker Lendecke 2009
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "winbindd.h"
2014-05-08 12:17:32 +12:00
# include "librpc/gen_ndr/ndr_winbind_c.h"
2010-05-28 02:19:32 +02:00
# include "../librpc/gen_ndr/ndr_security.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2017-08-06 15:49:01 +02:00
# include "lib/util/util_tdb.h"
# include "lib/dbwrap/dbwrap.h"
# include "lib/dbwrap/dbwrap_rbt.h"
2009-08-16 10:58:43 +02:00
/*
* We have 3 sets of routines here :
*
* wb_lookupgroupmem is the low - level one - group routine
*
* wb_groups_members walks a list of groups
*
* wb_group_members finally is the high - level routine expanding groups
* recursively
*/
2009-08-29 15:21:29 +02:00
/*
* TODO : fill_grent_mem_domusers must be re - added
*/
2009-08-16 10:58:43 +02:00
/*
* Look up members of a single group . Essentially a wrapper around the
* lookup_groupmem winbindd_methods routine .
*/
struct wb_lookupgroupmem_state {
struct dom_sid sid ;
2009-08-23 12:43:43 +02:00
struct wbint_Principals members ;
2009-08-16 10:58:43 +02:00
} ;
static void wb_lookupgroupmem_done ( struct tevent_req * subreq ) ;
static struct tevent_req * wb_lookupgroupmem_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
const struct dom_sid * group_sid ,
enum lsa_SidType type )
{
struct tevent_req * req , * subreq ;
struct wb_lookupgroupmem_state * state ;
struct winbindd_domain * domain ;
req = tevent_req_create ( mem_ctx , & state ,
struct wb_lookupgroupmem_state ) ;
if ( req = = NULL ) {
return NULL ;
}
sid_copy ( & state - > sid , group_sid ) ;
domain = find_domain_from_sid_noinit ( group_sid ) ;
if ( domain = = NULL ) {
tevent_req_nterror ( req , NT_STATUS_NO_SUCH_GROUP ) ;
return tevent_req_post ( req , ev ) ;
}
2010-08-12 15:13:54 +02:00
subreq = dcerpc_wbint_LookupGroupMembers_send (
2010-04-07 17:45:12 +02:00
state , ev , dom_child_handle ( domain ) , & state - > sid , type ,
2009-08-16 10:58:43 +02:00
& state - > members ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
return tevent_req_post ( req , ev ) ;
}
tevent_req_set_callback ( subreq , wb_lookupgroupmem_done , req ) ;
return req ;
}
static void wb_lookupgroupmem_done ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_lookupgroupmem_state * state = tevent_req_data (
req , struct wb_lookupgroupmem_state ) ;
NTSTATUS status , result ;
2010-08-12 15:13:54 +02:00
status = dcerpc_wbint_LookupGroupMembers_recv ( subreq , state , & result ) ;
2009-08-16 10:58:43 +02:00
TALLOC_FREE ( subreq ) ;
2010-10-18 10:10:43 +02:00
if ( any_nt_status_not_ok ( status , result , & status ) ) {
2009-08-16 10:58:43 +02:00
tevent_req_nterror ( req , status ) ;
return ;
}
tevent_req_done ( req ) ;
}
static NTSTATUS wb_lookupgroupmem_recv ( struct tevent_req * req ,
TALLOC_CTX * mem_ctx ,
int * num_members ,
2009-08-23 12:38:35 +02:00
struct wbint_Principal * * members )
2009-08-16 10:58:43 +02:00
{
struct wb_lookupgroupmem_state * state = tevent_req_data (
req , struct wb_lookupgroupmem_state ) ;
NTSTATUS status ;
if ( tevent_req_is_nterror ( req , & status ) ) {
return status ;
}
2009-08-23 12:43:43 +02:00
* num_members = state - > members . num_principals ;
* members = talloc_move ( mem_ctx , & state - > members . principals ) ;
2009-08-16 10:58:43 +02:00
return NT_STATUS_OK ;
}
/*
* Same as wb_lookupgroupmem for a list of groups
*/
struct wb_groups_members_state {
struct tevent_context * ev ;
2009-08-23 12:38:35 +02:00
struct wbint_Principal * groups ;
2009-08-16 10:58:43 +02:00
int num_groups ;
int next_group ;
2009-08-23 12:38:35 +02:00
struct wbint_Principal * all_members ;
2009-08-16 10:58:43 +02:00
} ;
static NTSTATUS wb_groups_members_next_subreq (
struct wb_groups_members_state * state ,
TALLOC_CTX * mem_ctx , struct tevent_req * * psubreq ) ;
static void wb_groups_members_done ( struct tevent_req * subreq ) ;
static struct tevent_req * wb_groups_members_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
int num_groups ,
2009-08-23 12:38:35 +02:00
struct wbint_Principal * groups )
2009-08-16 10:58:43 +02:00
{
2013-12-10 17:50:36 +01:00
struct tevent_req * req , * subreq = NULL ;
2009-08-16 10:58:43 +02:00
struct wb_groups_members_state * state ;
NTSTATUS status ;
req = tevent_req_create ( mem_ctx , & state ,
struct wb_groups_members_state ) ;
if ( req = = NULL ) {
return NULL ;
}
state - > ev = ev ;
state - > groups = groups ;
state - > num_groups = num_groups ;
state - > next_group = 0 ;
state - > all_members = NULL ;
status = wb_groups_members_next_subreq ( state , state , & subreq ) ;
2011-05-10 11:05:47 +02:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-16 10:58:43 +02:00
return tevent_req_post ( req , ev ) ;
}
if ( subreq = = NULL ) {
tevent_req_done ( req ) ;
return tevent_req_post ( req , ev ) ;
}
tevent_req_set_callback ( subreq , wb_groups_members_done , req ) ;
return req ;
}
static NTSTATUS wb_groups_members_next_subreq (
struct wb_groups_members_state * state ,
TALLOC_CTX * mem_ctx , struct tevent_req * * psubreq )
{
struct tevent_req * subreq ;
2009-08-23 12:38:35 +02:00
struct wbint_Principal * g ;
2009-08-16 10:58:43 +02:00
if ( state - > next_group > = state - > num_groups ) {
* psubreq = NULL ;
return NT_STATUS_OK ;
}
g = & state - > groups [ state - > next_group ] ;
state - > next_group + = 1 ;
2009-08-23 12:38:35 +02:00
subreq = wb_lookupgroupmem_send ( mem_ctx , state - > ev , & g - > sid , g - > type ) ;
2009-08-16 10:58:43 +02:00
if ( subreq = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
* psubreq = subreq ;
return NT_STATUS_OK ;
}
static void wb_groups_members_done ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_groups_members_state * state = tevent_req_data (
req , struct wb_groups_members_state ) ;
int i , num_all_members ;
int num_members = 0 ;
2009-08-23 12:38:35 +02:00
struct wbint_Principal * members = NULL ;
2009-08-16 10:58:43 +02:00
NTSTATUS status ;
status = wb_lookupgroupmem_recv ( subreq , state , & num_members ,
& members ) ;
TALLOC_FREE ( subreq ) ;
/*
* In this error handling here we might have to be a bit more generous
2017-02-18 08:46:28 +13:00
* and just continue if an error occurred .
2009-08-16 10:58:43 +02:00
*/
2011-08-25 20:13:09 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
if ( ! NT_STATUS_EQUAL (
status , NT_STATUS_TRUSTED_DOMAIN_FAILURE ) ) {
tevent_req_nterror ( req , status ) ;
return ;
}
num_members = 0 ;
2009-08-16 10:58:43 +02:00
}
num_all_members = talloc_array_length ( state - > all_members ) ;
state - > all_members = talloc_realloc (
2009-08-23 12:38:35 +02:00
state , state - > all_members , struct wbint_Principal ,
2009-08-16 10:58:43 +02:00
num_all_members + num_members ) ;
if ( ( num_all_members + num_members ! = 0 )
& & tevent_req_nomem ( state - > all_members , req ) ) {
return ;
}
for ( i = 0 ; i < num_members ; i + + ) {
2009-08-23 12:38:35 +02:00
struct wbint_Principal * src , * dst ;
2009-08-16 10:58:43 +02:00
src = & members [ i ] ;
dst = & state - > all_members [ num_all_members + i ] ;
sid_copy ( & dst - > sid , & src - > sid ) ;
dst - > name = talloc_move ( state - > all_members , & src - > name ) ;
dst - > type = src - > type ;
}
TALLOC_FREE ( members ) ;
status = wb_groups_members_next_subreq ( state , state , & subreq ) ;
2011-05-10 11:05:47 +02:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-16 10:58:43 +02:00
return ;
}
if ( subreq = = NULL ) {
tevent_req_done ( req ) ;
return ;
}
tevent_req_set_callback ( subreq , wb_groups_members_done , req ) ;
}
static NTSTATUS wb_groups_members_recv ( struct tevent_req * req ,
TALLOC_CTX * mem_ctx ,
int * num_members ,
2009-08-23 12:38:35 +02:00
struct wbint_Principal * * members )
2009-08-16 10:58:43 +02:00
{
struct wb_groups_members_state * state = tevent_req_data (
req , struct wb_groups_members_state ) ;
NTSTATUS status ;
if ( tevent_req_is_nterror ( req , & status ) ) {
return status ;
}
* num_members = talloc_array_length ( state - > all_members ) ;
* members = talloc_move ( mem_ctx , & state - > all_members ) ;
return NT_STATUS_OK ;
}
/*
* This is the routine expanding a list of groups up to a certain level . We
2017-08-06 15:49:01 +02:00
* collect the users in a rbt database : We have to add them without duplicates ,
* and the db is indexed by SID .
2009-08-16 10:58:43 +02:00
*/
struct wb_group_members_state {
struct tevent_context * ev ;
int depth ;
2017-08-06 15:49:01 +02:00
struct db_context * users ;
2009-08-23 12:38:35 +02:00
struct wbint_Principal * groups ;
2009-08-16 10:58:43 +02:00
} ;
static NTSTATUS wb_group_members_next_subreq (
struct wb_group_members_state * state ,
TALLOC_CTX * mem_ctx , struct tevent_req * * psubreq ) ;
static void wb_group_members_done ( struct tevent_req * subreq ) ;
struct tevent_req * wb_group_members_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
const struct dom_sid * sid ,
enum lsa_SidType type ,
int max_depth )
{
2013-12-10 17:50:36 +01:00
struct tevent_req * req , * subreq = NULL ;
2009-08-16 10:58:43 +02:00
struct wb_group_members_state * state ;
NTSTATUS status ;
req = tevent_req_create ( mem_ctx , & state ,
struct wb_group_members_state ) ;
if ( req = = NULL ) {
return NULL ;
}
state - > ev = ev ;
state - > depth = max_depth ;
2017-08-06 15:49:01 +02:00
state - > users = db_open_rbt ( state ) ;
2009-08-16 10:58:43 +02:00
if ( tevent_req_nomem ( state - > users , req ) ) {
return tevent_req_post ( req , ev ) ;
}
2009-08-23 12:38:35 +02:00
state - > groups = talloc ( state , struct wbint_Principal ) ;
2009-08-16 10:58:43 +02:00
if ( tevent_req_nomem ( state - > groups , req ) ) {
return tevent_req_post ( req , ev ) ;
}
state - > groups - > name = NULL ;
sid_copy ( & state - > groups - > sid , sid ) ;
state - > groups - > type = type ;
status = wb_group_members_next_subreq ( state , state , & subreq ) ;
2011-05-10 11:05:47 +02:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-16 10:58:43 +02:00
return tevent_req_post ( req , ev ) ;
}
if ( subreq = = NULL ) {
tevent_req_done ( req ) ;
return tevent_req_post ( req , ev ) ;
}
tevent_req_set_callback ( subreq , wb_group_members_done , req ) ;
return req ;
}
static NTSTATUS wb_group_members_next_subreq (
struct wb_group_members_state * state ,
TALLOC_CTX * mem_ctx , struct tevent_req * * psubreq )
{
struct tevent_req * subreq ;
if ( ( talloc_array_length ( state - > groups ) = = 0 )
| | ( state - > depth < = 0 ) ) {
* psubreq = NULL ;
return NT_STATUS_OK ;
}
state - > depth - = 1 ;
subreq = wb_groups_members_send (
mem_ctx , state - > ev , talloc_array_length ( state - > groups ) ,
state - > groups ) ;
if ( subreq = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
* psubreq = subreq ;
return NT_STATUS_OK ;
}
2017-08-06 15:49:01 +02:00
NTSTATUS add_member_to_db ( struct db_context * db , struct dom_sid * sid ,
const char * name )
2012-12-06 18:06:49 +01:00
{
2017-08-06 15:49:01 +02:00
size_t len = ndr_size_dom_sid ( sid , 0 ) ;
uint8_t sidbuf [ len ] ;
TDB_DATA key = { . dptr = sidbuf , . dsize = sizeof ( sidbuf ) } ;
NTSTATUS status ;
2012-12-06 18:06:49 +01:00
2017-08-06 15:49:01 +02:00
sid_linearize ( sidbuf , sizeof ( sidbuf ) , sid ) ;
2012-12-06 18:06:49 +01:00
2017-08-06 15:49:01 +02:00
status = dbwrap_store ( db , key , string_term_tdb_data ( name ) , 0 ) ;
return status ;
2012-12-06 18:06:49 +01:00
}
2009-08-16 10:58:43 +02:00
static void wb_group_members_done ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_group_members_state * state = tevent_req_data (
req , struct wb_group_members_state ) ;
2012-02-17 14:12:40 -08:00
int i , num_groups , new_groups ;
2009-08-16 10:58:43 +02:00
int num_members = 0 ;
2009-08-23 12:38:35 +02:00
struct wbint_Principal * members = NULL ;
2009-08-16 10:58:43 +02:00
NTSTATUS status ;
status = wb_groups_members_recv ( subreq , state , & num_members , & members ) ;
TALLOC_FREE ( subreq ) ;
2011-05-10 11:05:47 +02:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-16 10:58:43 +02:00
return ;
}
2012-02-17 14:12:40 -08:00
new_groups = 0 ;
2009-08-16 10:58:43 +02:00
for ( i = 0 ; i < num_members ; i + + ) {
switch ( members [ i ] . type ) {
case SID_NAME_DOM_GRP :
case SID_NAME_ALIAS :
case SID_NAME_WKN_GRP :
new_groups + = 1 ;
break ;
default :
/* Ignore everything else */
break ;
}
}
num_groups = 0 ;
TALLOC_FREE ( state - > groups ) ;
2009-08-23 12:38:35 +02:00
state - > groups = talloc_array ( state , struct wbint_Principal ,
2009-08-16 10:58:43 +02:00
new_groups ) ;
/*
* Collect the users into state - > users and the groups into
* state - > groups for the next iteration .
*/
for ( i = 0 ; i < num_members ; i + + ) {
switch ( members [ i ] . type ) {
case SID_NAME_USER :
case SID_NAME_COMPUTER : {
/*
* Add a copy of members [ i ] to state - > users
*/
2017-08-06 15:49:01 +02:00
status = add_member_to_db ( state - > users , & members [ i ] . sid ,
members [ i ] . name ) ;
2012-12-06 18:06:49 +01:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-16 10:58:43 +02:00
return ;
}
break ;
}
case SID_NAME_DOM_GRP :
case SID_NAME_ALIAS :
case SID_NAME_WKN_GRP : {
2009-08-23 12:38:35 +02:00
struct wbint_Principal * g ;
2009-08-16 10:58:43 +02:00
/*
* Save members [ i ] for the next round
*/
g = & state - > groups [ num_groups ] ;
sid_copy ( & g - > sid , & members [ i ] . sid ) ;
g - > name = talloc_move ( state - > groups , & members [ i ] . name ) ;
g - > type = members [ i ] . type ;
num_groups + = 1 ;
break ;
}
default :
/* Ignore everything else */
break ;
}
}
status = wb_group_members_next_subreq ( state , state , & subreq ) ;
2011-05-10 11:05:47 +02:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-16 10:58:43 +02:00
return ;
}
if ( subreq = = NULL ) {
tevent_req_done ( req ) ;
return ;
}
tevent_req_set_callback ( subreq , wb_group_members_done , req ) ;
}
NTSTATUS wb_group_members_recv ( struct tevent_req * req , TALLOC_CTX * mem_ctx ,
2017-08-06 15:49:01 +02:00
struct db_context * * members )
2009-08-16 10:58:43 +02:00
{
struct wb_group_members_state * state = tevent_req_data (
req , struct wb_group_members_state ) ;
NTSTATUS status ;
if ( tevent_req_is_nterror ( req , & status ) ) {
return status ;
}
* members = talloc_move ( mem_ctx , & state - > users ) ;
return NT_STATUS_OK ;
}