2009-08-05 00:22:42 +04:00
/*
Unix SMB / CIFS implementation .
async gettoken
Copyright ( C ) Volker Lendecke 2009
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2022-06-07 20:33:57 +03:00
# include "util/debug.h"
2009-08-05 00:22:42 +04:00
# include "winbindd.h"
2014-05-08 04:17:32 +04:00
# include "librpc/gen_ndr/ndr_winbind_c.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-03-22 18:50:02 +03:00
# include "passdb/machine_sid.h"
2009-08-05 00:22:42 +04:00
struct wb_gettoken_state {
struct tevent_context * ev ;
struct dom_sid usersid ;
2017-01-03 17:54:46 +03:00
bool expand_local_aliases ;
2017-01-18 18:54:03 +03:00
uint32_t num_sids ;
2009-08-05 00:22:42 +04:00
struct dom_sid * sids ;
} ;
2017-01-18 18:54:03 +03:00
static NTSTATUS wb_add_rids_to_sids ( TALLOC_CTX * mem_ctx ,
uint32_t * pnum_sids ,
struct dom_sid * * psids ,
const struct dom_sid * domain_sid ,
2022-07-11 23:41:46 +03:00
uint32_t num_rids , uint32_t * rids ) ;
2009-08-05 00:22:42 +04:00
2016-12-25 13:16:31 +03:00
static void wb_gettoken_gotuser ( struct tevent_req * subreq ) ;
2017-03-02 17:14:51 +03:00
static void wb_gettoken_gotgroups ( struct tevent_req * subreq ) ;
2009-08-05 00:22:42 +04:00
static void wb_gettoken_gotlocalgroups ( struct tevent_req * subreq ) ;
static void wb_gettoken_gotbuiltins ( struct tevent_req * subreq ) ;
struct tevent_req * wb_gettoken_send ( TALLOC_CTX * mem_ctx ,
struct tevent_context * ev ,
2017-01-03 17:54:46 +03:00
const struct dom_sid * sid ,
bool expand_local_aliases )
2009-08-05 00:22:42 +04:00
{
struct tevent_req * req , * subreq ;
struct wb_gettoken_state * state ;
2022-06-07 20:33:57 +03:00
struct dom_sid_buf buf ;
2009-08-05 00:22:42 +04:00
req = tevent_req_create ( mem_ctx , & state , struct wb_gettoken_state ) ;
if ( req = = NULL ) {
return NULL ;
}
sid_copy ( & state - > usersid , sid ) ;
state - > ev = ev ;
2017-01-03 17:54:46 +03:00
state - > expand_local_aliases = expand_local_aliases ;
2009-08-05 00:22:42 +04:00
2022-06-07 20:33:57 +03:00
D_INFO ( " WB command gettoken start. \n "
" Query user SID %s (expand local aliases is %d). \n " ,
dom_sid_str_buf ( sid , & buf ) ,
expand_local_aliases ) ;
2016-12-25 13:16:31 +03:00
subreq = wb_queryuser_send ( state , ev , & state - > usersid ) ;
2009-08-05 00:22:42 +04:00
if ( tevent_req_nomem ( subreq , req ) ) {
return tevent_req_post ( req , ev ) ;
}
2016-12-25 13:16:31 +03:00
tevent_req_set_callback ( subreq , wb_gettoken_gotuser , req ) ;
2009-08-05 00:22:42 +04:00
return req ;
}
2016-12-25 13:16:31 +03:00
static void wb_gettoken_gotuser ( struct tevent_req * subreq )
2009-08-05 00:22:42 +04:00
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_gettoken_state * state = tevent_req_data (
req , struct wb_gettoken_state ) ;
2016-12-25 13:16:31 +03:00
struct wbint_userinfo * info ;
2009-08-05 00:22:42 +04:00
NTSTATUS status ;
2022-06-07 20:33:57 +03:00
struct dom_sid_buf buf0 , buf1 ;
2009-08-05 00:22:42 +04:00
2016-12-25 13:16:31 +03:00
status = wb_queryuser_recv ( subreq , state , & info ) ;
2009-08-05 00:22:42 +04:00
TALLOC_FREE ( subreq ) ;
2011-05-10 13:05:47 +04:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-05 00:22:42 +04:00
return ;
}
2017-01-18 18:54:03 +03:00
state - > sids = talloc_array ( state , struct dom_sid , 2 ) ;
if ( tevent_req_nomem ( state - > sids , req ) ) {
2016-12-25 13:16:31 +03:00
return ;
}
state - > num_sids = 2 ;
2022-06-07 20:33:57 +03:00
D_DEBUG ( " Got user SID %s and group SID %s \n " ,
dom_sid_str_buf ( & info - > user_sid , & buf0 ) ,
dom_sid_str_buf ( & info - > group_sid , & buf1 ) ) ;
2016-12-25 13:16:31 +03:00
sid_copy ( & state - > sids [ 0 ] , & info - > user_sid ) ;
sid_copy ( & state - > sids [ 1 ] , & info - > group_sid ) ;
2022-06-07 20:33:57 +03:00
D_DEBUG ( " Looking up user groups for the user SID. \n " ) ;
2017-03-02 17:14:51 +03:00
subreq = wb_lookupusergroups_send ( state , state - > ev , & info - > user_sid ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
return ;
}
tevent_req_set_callback ( subreq , wb_gettoken_gotgroups , req ) ;
}
static void wb_gettoken_gotgroups ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_gettoken_state * state = tevent_req_data (
req , struct wb_gettoken_state ) ;
2022-07-11 22:40:08 +03:00
uint32_t i , num_groups ;
2017-03-02 17:14:51 +03:00
struct dom_sid * groups ;
struct winbindd_domain * domain ;
NTSTATUS status ;
2022-06-07 20:33:57 +03:00
struct dom_sid_buf buf ;
2017-03-02 17:14:51 +03:00
status = wb_lookupusergroups_recv ( subreq , state , & num_groups , & groups ) ;
TALLOC_FREE ( subreq ) ;
2016-12-25 13:16:31 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
tevent_req_done ( req ) ;
return ;
}
2022-07-18 16:28:10 +03:00
D_DEBUG ( " Received % " PRIu32 " group(s). \n " , num_groups ) ;
2022-06-07 20:33:57 +03:00
for ( i = 0 ; i < num_groups ; i + + ) {
D_DEBUG ( " Adding SID %s. \n " , dom_sid_str_buf ( & groups [ i ] , & buf ) ) ;
2017-01-18 18:54:03 +03:00
status = add_sid_to_array_unique (
state , & groups [ i ] , & state - > sids , & state - > num_sids ) ;
2016-12-25 13:16:31 +03:00
2017-01-18 18:54:03 +03:00
if ( tevent_req_nterror ( req , status ) ) {
return ;
}
2009-08-05 00:22:42 +04:00
}
2016-12-25 13:16:31 +03:00
2017-01-03 17:54:46 +03:00
if ( ! state - > expand_local_aliases ) {
2022-06-07 20:33:57 +03:00
D_DEBUG ( " Done. Not asked to expand local aliases. \n " ) ;
2017-01-03 17:54:46 +03:00
tevent_req_done ( req ) ;
return ;
}
2009-08-05 00:22:42 +04:00
/*
* Expand our domain ' s aliases
*/
2010-12-05 22:40:21 +03:00
domain = find_domain_from_sid_noinit ( get_global_sam_sid ( ) ) ;
2009-08-05 00:22:42 +04:00
if ( domain = = NULL ) {
tevent_req_nterror ( req , NT_STATUS_INTERNAL_ERROR ) ;
return ;
}
2022-07-18 16:28:10 +03:00
D_DEBUG ( " Expand domain's aliases for % " PRIu32 " SID(s). \n " ,
state - > num_sids ) ;
2009-08-05 00:22:42 +04:00
subreq = wb_lookupuseraliases_send ( state , state - > ev , domain ,
state - > num_sids , state - > sids ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
return ;
}
tevent_req_set_callback ( subreq , wb_gettoken_gotlocalgroups , req ) ;
}
static void wb_gettoken_gotlocalgroups ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_gettoken_state * state = tevent_req_data (
req , struct wb_gettoken_state ) ;
uint32_t num_rids ;
uint32_t * rids ;
struct winbindd_domain * domain ;
NTSTATUS status ;
status = wb_lookupuseraliases_recv ( subreq , state , & num_rids , & rids ) ;
TALLOC_FREE ( subreq ) ;
2011-05-10 13:05:47 +04:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-05 00:22:42 +04:00
return ;
}
2017-01-18 18:54:03 +03:00
2022-07-18 16:28:10 +03:00
D_DEBUG ( " Got % " PRIu32 " RID(s). \n " , num_rids ) ;
2017-01-18 18:54:03 +03:00
status = wb_add_rids_to_sids ( state , & state - > num_sids , & state - > sids ,
get_global_sam_sid ( ) , num_rids , rids ) ;
if ( tevent_req_nterror ( req , status ) ) {
2009-08-05 00:22:42 +04:00
return ;
}
TALLOC_FREE ( rids ) ;
/*
* Now expand the builtin groups
*/
2022-07-18 16:28:10 +03:00
D_DEBUG ( " Expand the builtin groups for % " PRIu32 " SID(s). \n " ,
state - > num_sids ) ;
2016-12-30 14:51:37 +03:00
domain = find_domain_from_sid ( & global_sid_Builtin ) ;
2009-08-05 00:22:42 +04:00
if ( domain = = NULL ) {
tevent_req_nterror ( req , NT_STATUS_INTERNAL_ERROR ) ;
return ;
}
subreq = wb_lookupuseraliases_send ( state , state - > ev , domain ,
state - > num_sids , state - > sids ) ;
if ( tevent_req_nomem ( subreq , req ) ) {
return ;
}
tevent_req_set_callback ( subreq , wb_gettoken_gotbuiltins , req ) ;
}
static void wb_gettoken_gotbuiltins ( struct tevent_req * subreq )
{
struct tevent_req * req = tevent_req_callback_data (
subreq , struct tevent_req ) ;
struct wb_gettoken_state * state = tevent_req_data (
req , struct wb_gettoken_state ) ;
uint32_t num_rids ;
uint32_t * rids ;
NTSTATUS status ;
status = wb_lookupuseraliases_recv ( subreq , state , & num_rids , & rids ) ;
TALLOC_FREE ( subreq ) ;
2011-05-10 13:05:47 +04:00
if ( tevent_req_nterror ( req , status ) ) {
2009-08-05 00:22:42 +04:00
return ;
}
2022-07-18 16:28:10 +03:00
D_DEBUG ( " Got % " PRIu32 " RID(s). \n " , num_rids ) ;
2017-01-18 18:54:03 +03:00
status = wb_add_rids_to_sids ( state , & state - > num_sids , & state - > sids ,
& global_sid_Builtin , num_rids , rids ) ;
if ( tevent_req_nterror ( req , status ) ) {
2009-08-05 00:22:42 +04:00
return ;
}
tevent_req_done ( req ) ;
}
NTSTATUS wb_gettoken_recv ( struct tevent_req * req , TALLOC_CTX * mem_ctx ,
2022-07-11 22:40:08 +03:00
uint32_t * num_sids , struct dom_sid * * sids )
2009-08-05 00:22:42 +04:00
{
struct wb_gettoken_state * state = tevent_req_data (
req , struct wb_gettoken_state ) ;
NTSTATUS status ;
2022-07-11 22:40:08 +03:00
uint32_t i ;
2009-08-05 00:22:42 +04:00
if ( tevent_req_is_nterror ( req , & status ) ) {
return status ;
}
* num_sids = state - > num_sids ;
2022-07-18 16:28:10 +03:00
D_INFO ( " WB command gettoken end. \n Received % " PRIu32 " SID(s). \n " ,
state - > num_sids ) ;
2022-07-19 17:48:09 +03:00
if ( CHECK_DEBUGLVL ( DBGLVL_INFO ) ) {
for ( i = 0 ; i < state - > num_sids ; i + + ) {
struct dom_sid_buf sidbuf ;
D_INFO ( " % " PRIu32 " : %s \n " ,
i ,
dom_sid_str_buf ( & state - > sids [ i ] ,
& sidbuf ) ) ;
}
2022-06-07 20:33:57 +03:00
}
2009-08-05 00:22:42 +04:00
* sids = talloc_move ( mem_ctx , & state - > sids ) ;
return NT_STATUS_OK ;
}
2017-01-18 18:54:03 +03:00
static NTSTATUS wb_add_rids_to_sids ( TALLOC_CTX * mem_ctx ,
uint32_t * pnum_sids ,
struct dom_sid * * psids ,
const struct dom_sid * domain_sid ,
2022-07-11 23:41:46 +03:00
uint32_t num_rids , uint32_t * rids )
2009-08-05 00:22:42 +04:00
{
2022-07-11 23:41:46 +03:00
uint32_t i ;
2022-07-18 16:28:10 +03:00
D_DEBUG ( " % " PRIu32 " SID(s) will be uniquely added to the SID array. \n "
" Before the addition the array has % " PRIu32 " SID(s). \n " ,
2022-06-07 20:33:57 +03:00
num_rids , * pnum_sids ) ;
2022-07-18 16:28:10 +03:00
2022-06-07 20:33:57 +03:00
for ( i = 0 ; i < num_rids ; i + + ) {
2017-01-18 18:54:03 +03:00
NTSTATUS status ;
struct dom_sid sid ;
sid_compose ( & sid , domain_sid , rids [ i ] ) ;
status = add_sid_to_array_unique (
mem_ctx , & sid , psids , pnum_sids ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2009-08-05 00:22:42 +04:00
}
2022-07-18 16:28:10 +03:00
D_DEBUG ( " After the addition the array has % " PRIu32 " SID(s). \n " ,
* pnum_sids ) ;
2017-01-18 18:54:03 +03:00
return NT_STATUS_OK ;
2009-08-05 00:22:42 +04:00
}