2001-05-07 05:03:40 +00:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
2001-05-07 05:03:40 +00:00
Winbind daemon - sid related functions
Copyright ( C ) Tim Potter 2000
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2001-05-07 05:03:40 +00:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2001-05-07 05:03:40 +00:00
*/
2003-11-12 01:51:10 +00:00
# include "includes.h"
2001-05-07 05:03:40 +00:00
# include "winbindd.h"
2002-07-15 10:35:28 +00:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_WINBIND
2001-05-07 05:03:40 +00:00
/* Convert a string */
2007-10-18 17:40:25 -07:00
static void lookupsid_recv ( void * private_data , bool success ,
2005-06-08 22:10:34 +00:00
const char * dom_name , const char * name ,
2006-09-08 14:28:06 +00:00
enum lsa_SidType type ) ;
2005-06-08 22:10:34 +00:00
2005-06-20 13:42:29 +00:00
void winbindd_lookupsid ( struct winbindd_cli_state * state )
2001-05-07 05:03:40 +00:00
{
2004-04-07 12:43:44 +00:00
DOM_SID sid ;
2001-05-07 05:03:40 +00:00
2002-08-17 17:00:51 +00:00
/* Ensure null termination */
state - > request . data . sid [ sizeof ( state - > request . data . sid ) - 1 ] = ' \0 ' ;
2003-07-22 04:31:20 +00:00
DEBUG ( 3 , ( " [%5lu]: lookupsid %s \n " , ( unsigned long ) state - > pid ,
2001-05-07 05:03:40 +00:00
state - > request . data . sid ) ) ;
2002-03-20 00:56:36 +00:00
if ( ! string_to_sid ( & sid , state - > request . data . sid ) ) {
DEBUG ( 5 , ( " %s not a SID \n " , state - > request . data . sid ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2002-03-20 00:56:36 +00:00
}
2001-05-07 05:03:40 +00:00
2005-06-08 22:10:34 +00:00
winbindd_lookupsid_async ( state - > mem_ctx , & sid , lookupsid_recv , state ) ;
}
2001-05-07 05:03:40 +00:00
2007-10-18 17:40:25 -07:00
static void lookupsid_recv ( void * private_data , bool success ,
2005-06-08 22:10:34 +00:00
const char * dom_name , const char * name ,
2006-09-08 14:28:06 +00:00
enum lsa_SidType type )
2005-06-08 22:10:34 +00:00
{
struct winbindd_cli_state * state =
2005-06-24 20:25:18 +00:00
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
2005-06-08 22:10:34 +00:00
if ( ! success ) {
DEBUG ( 5 , ( " lookupsid returned an error \n " ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
2005-06-08 22:10:34 +00:00
return ;
2001-05-07 05:03:40 +00:00
}
2002-01-26 09:55:38 +00:00
fstrcpy ( state - > response . data . name . dom_name , dom_name ) ;
fstrcpy ( state - > response . data . name . name , name ) ;
2001-05-07 05:03:40 +00:00
state - > response . data . name . type = type ;
2005-06-20 13:42:29 +00:00
request_ok ( state ) ;
2001-05-07 05:03:40 +00:00
}
2003-01-15 17:39:47 +00:00
/**
* Look up the SID for a qualified name .
* */
2005-06-08 22:10:34 +00:00
2007-10-18 17:40:25 -07:00
static void lookupname_recv ( void * private_data , bool success ,
2006-09-08 14:28:06 +00:00
const DOM_SID * sid , enum lsa_SidType type ) ;
2005-06-08 22:10:34 +00:00
2005-06-20 13:42:29 +00:00
void winbindd_lookupname ( struct winbindd_cli_state * state )
2001-05-07 05:03:40 +00:00
{
2002-01-26 09:55:38 +00:00
char * name_domain , * name_user ;
2003-11-19 08:11:14 +00:00
char * p ;
2002-03-22 05:43:08 +00:00
2002-08-17 17:00:51 +00:00
/* Ensure null termination */
2005-12-16 00:01:15 +00:00
state - > request . data . name . dom_name [ sizeof ( state - > request . data . name . dom_name ) - 1 ] = ' \0 ' ;
2002-08-17 17:00:51 +00:00
/* Ensure null termination */
2005-12-16 00:01:15 +00:00
state - > request . data . name . name [ sizeof ( state - > request . data . name . name ) - 1 ] = ' \0 ' ;
2002-08-17 17:00:51 +00:00
2003-11-19 08:11:14 +00:00
/* cope with the name being a fully qualified name */
p = strstr ( state - > request . data . name . name , lp_winbind_separator ( ) ) ;
if ( p ) {
* p = 0 ;
name_domain = state - > request . data . name . name ;
name_user = p + 1 ;
} else {
name_domain = state - > request . data . name . dom_name ;
name_user = state - > request . data . name . name ;
}
2001-05-07 05:03:40 +00:00
2003-11-19 08:11:14 +00:00
DEBUG ( 3 , ( " [%5lu]: lookupname %s%s%s \n " , ( unsigned long ) state - > pid ,
name_domain , lp_winbind_separator ( ) , name_user ) ) ;
2001-05-07 05:03:40 +00:00
2005-06-08 22:10:34 +00:00
winbindd_lookupname_async ( state - > mem_ctx , name_domain , name_user ,
2007-05-30 19:47:35 +00:00
lookupname_recv , WINBINDD_LOOKUPNAME ,
state ) ;
2005-06-08 22:10:34 +00:00
}
2001-05-07 05:03:40 +00:00
2007-10-18 17:40:25 -07:00
static void lookupname_recv ( void * private_data , bool success ,
2006-09-08 14:28:06 +00:00
const DOM_SID * sid , enum lsa_SidType type )
2005-06-08 22:10:34 +00:00
{
struct winbindd_cli_state * state =
2005-06-24 20:25:18 +00:00
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
2005-06-08 22:10:34 +00:00
if ( ! success ) {
DEBUG ( 5 , ( " lookupname returned an error \n " ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
2005-06-08 22:10:34 +00:00
return ;
2001-05-07 05:03:40 +00:00
}
2007-12-15 22:47:30 +01:00
sid_to_fstring ( state - > response . data . sid . sid , sid ) ;
2001-05-07 05:03:40 +00:00
state - > response . data . sid . type = type ;
2005-06-20 13:42:29 +00:00
request_ok ( state ) ;
2005-06-08 22:10:34 +00:00
return ;
}
2001-05-07 05:03:40 +00:00
2006-07-11 18:01:26 +00:00
void winbindd_lookuprids ( struct winbindd_cli_state * state )
{
struct winbindd_domain * domain ;
DOM_SID domain_sid ;
/* Ensure null termination */
state - > request . data . sid [ sizeof ( state - > request . data . sid ) - 1 ] = ' \0 ' ;
DEBUG ( 10 , ( " lookup_rids: %s \n " , state - > request . data . sid ) ) ;
if ( ! string_to_sid ( & domain_sid , state - > request . data . sid ) ) {
DEBUG ( 5 , ( " Could not convert %s to SID \n " ,
state - > request . data . sid ) ) ;
request_error ( state ) ;
return ;
}
domain = find_lookup_domain_from_sid ( & domain_sid ) ;
if ( domain = = NULL ) {
DEBUG ( 10 , ( " Could not find domain for name %s \n " ,
state - > request . domain_name ) ) ;
request_error ( state ) ;
return ;
}
sendto_domain ( state , domain ) ;
}
2001-05-07 05:03:40 +00:00
/* Convert a sid to a uid. We assume we only have one rid attached to the
sid . */
2007-10-18 17:40:25 -07:00
static void sid2uid_recv ( void * private_data , bool success , uid_t uid )
2006-12-12 14:52:13 +00:00
{
struct winbindd_cli_state * state =
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
2008-07-07 22:09:39 +02:00
struct dom_sid sid ;
string_to_sid ( & sid , state - > request . data . sid ) ;
2006-12-12 14:52:13 +00:00
if ( ! success ) {
DEBUG ( 5 , ( " Could not convert sid %s \n " ,
state - > request . data . sid ) ) ;
request_error ( state ) ;
return ;
}
state - > response . data . uid = uid ;
request_ok ( state ) ;
}
2005-06-08 22:10:34 +00:00
2007-10-18 17:40:25 -07:00
static void sid2uid_lookupsid_recv ( void * private_data , bool success ,
2007-04-21 21:29:31 +00:00
const char * domain_name ,
const char * name ,
enum lsa_SidType type )
{
struct winbindd_cli_state * state =
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
DOM_SID sid ;
2008-07-07 22:09:39 +02:00
if ( ! string_to_sid ( & sid , state - > request . data . sid ) ) {
DEBUG ( 1 , ( " sid2uid_lookupsid_recv: Could not get convert sid "
" %s from string \n " , state - > request . data . sid ) ) ;
request_error ( state ) ;
return ;
}
2007-04-21 21:29:31 +00:00
if ( ! success ) {
DEBUG ( 5 , ( " sid2uid_lookupsid_recv Could not convert get sid type for %s \n " ,
state - > request . data . sid ) ) ;
2008-07-07 22:09:39 +02:00
goto fail ;
2007-04-21 21:29:31 +00:00
}
2007-04-22 09:32:14 +00:00
if ( ( type ! = SID_NAME_USER ) & & ( type ! = SID_NAME_COMPUTER ) ) {
2007-04-21 21:29:31 +00:00
DEBUG ( 5 , ( " sid2uid_lookupsid_recv: Sid %s is not a user or a computer. \n " ,
state - > request . data . sid ) ) ;
2008-07-07 22:09:39 +02:00
goto fail ;
2007-04-21 21:29:31 +00:00
}
/* always use the async interface (may block) */
winbindd_sid2uid_async ( state - > mem_ctx , & sid , sid2uid_recv , state ) ;
2008-07-07 22:09:39 +02:00
return ;
fail :
2008-07-13 12:07:40 +02:00
/*
* We have to set the cache ourselves here , the child which is
* normally responsible was not queried yet .
*/
2008-07-07 22:09:39 +02:00
idmap_cache_set_sid2uid ( & sid , - 1 ) ;
request_error ( state ) ;
return ;
2007-04-21 21:29:31 +00:00
}
2005-06-20 13:42:29 +00:00
void winbindd_sid_to_uid ( struct winbindd_cli_state * state )
2001-05-07 05:03:40 +00:00
{
DOM_SID sid ;
2008-07-07 22:09:39 +02:00
uid_t uid ;
bool expired ;
2001-05-07 05:03:40 +00:00
2002-08-17 17:00:51 +00:00
/* Ensure null termination */
state - > request . data . sid [ sizeof ( state - > request . data . sid ) - 1 ] = ' \0 ' ;
2003-07-22 04:31:20 +00:00
DEBUG ( 3 , ( " [%5lu]: sid to uid %s \n " , ( unsigned long ) state - > pid ,
2001-05-07 05:03:40 +00:00
state - > request . data . sid ) ) ;
2005-06-08 22:10:34 +00:00
if ( ! string_to_sid ( & sid , state - > request . data . sid ) ) {
DEBUG ( 1 , ( " Could not get convert sid %s from string \n " ,
state - > request . data . sid ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2003-11-07 14:39:47 +00:00
}
2005-06-08 22:10:34 +00:00
2008-07-07 22:09:39 +02:00
if ( idmap_cache_find_sid2uid ( & sid , & uid , & expired ) ) {
DEBUG ( 10 , ( " idmap_cache_find_sid2uid found %d%s \n " ,
( int ) uid , expired ? " (expired) " : " " ) ) ;
if ( expired & & IS_DOMAIN_ONLINE ( find_our_domain ( ) ) ) {
DEBUG ( 10 , ( " revalidating expired entry \n " ) ) ;
goto backend ;
}
if ( uid = = - 1 ) {
DEBUG ( 10 , ( " Returning negative cache entry \n " ) ) ;
request_error ( state ) ;
return ;
}
DEBUG ( 10 , ( " Returning positive cache entry \n " ) ) ;
state - > response . data . uid = uid ;
request_ok ( state ) ;
return ;
}
2007-04-21 21:29:31 +00:00
/* Validate the SID as a user. Hopefully this will hit cache.
Needed to prevent DoS by exhausting the uid allocation
range from random SIDs . */
2008-07-07 22:09:39 +02:00
backend :
2007-04-21 21:29:31 +00:00
winbindd_lookupsid_async ( state - > mem_ctx , & sid , sid2uid_lookupsid_recv , state ) ;
2005-06-08 22:10:34 +00:00
}
2004-09-15 08:55:01 +00:00
2006-12-12 14:52:13 +00:00
/* Convert a sid to a gid. We assume we only have one rid attached to the
sid . */
2007-10-18 17:40:25 -07:00
static void sid2gid_recv ( void * private_data , bool success , gid_t gid )
2005-06-08 22:10:34 +00:00
{
struct winbindd_cli_state * state =
2005-06-24 20:25:18 +00:00
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
2008-07-11 13:58:31 +02:00
struct dom_sid sid ;
string_to_sid ( & sid , state - > request . data . sid ) ;
2005-06-08 22:10:34 +00:00
if ( ! success ) {
DEBUG ( 5 , ( " Could not convert sid %s \n " ,
state - > request . data . sid ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
2005-06-08 22:10:34 +00:00
return ;
2001-05-07 05:03:40 +00:00
}
2006-12-12 14:52:13 +00:00
state - > response . data . gid = gid ;
2005-06-20 13:42:29 +00:00
request_ok ( state ) ;
2001-05-07 05:03:40 +00:00
}
2007-10-18 17:40:25 -07:00
static void sid2gid_lookupsid_recv ( void * private_data , bool success ,
2007-04-21 21:29:31 +00:00
const char * domain_name ,
const char * name ,
enum lsa_SidType type )
{
struct winbindd_cli_state * state =
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
DOM_SID sid ;
2008-07-11 13:58:31 +02:00
if ( ! string_to_sid ( & sid , state - > request . data . sid ) ) {
DEBUG ( 1 , ( " sid2gid_lookupsid_recv: Could not get convert sid "
" %s from string \n " , state - > request . data . sid ) ) ;
request_error ( state ) ;
return ;
}
2007-04-21 21:29:31 +00:00
if ( ! success ) {
2007-05-01 21:22:55 +00:00
DEBUG ( 5 , ( " sid2gid_lookupsid_recv: Could not get sid type for %s \n " ,
2007-04-21 21:29:31 +00:00
state - > request . data . sid ) ) ;
2008-07-11 13:58:31 +02:00
goto fail ;
2007-04-21 21:29:31 +00:00
}
2007-04-22 09:32:14 +00:00
if ( ( type ! = SID_NAME_DOM_GRP ) & &
( type ! = SID_NAME_ALIAS ) & &
2007-04-21 21:29:31 +00:00
( type ! = SID_NAME_WKN_GRP ) )
{
DEBUG ( 5 , ( " sid2gid_lookupsid_recv: Sid %s is not a group. \n " ,
state - > request . data . sid ) ) ;
2008-07-11 13:58:31 +02:00
goto fail ;
2007-04-21 21:29:31 +00:00
}
/* always use the async interface (may block) */
winbindd_sid2gid_async ( state - > mem_ctx , & sid , sid2gid_recv , state ) ;
2008-07-11 13:58:31 +02:00
return ;
fail :
2008-07-13 12:07:40 +02:00
/*
* We have to set the cache ourselves here , the child which is
* normally responsible was not queried yet .
*/
2008-07-11 13:58:31 +02:00
idmap_cache_set_sid2gid ( & sid , - 1 ) ;
request_error ( state ) ;
return ;
2007-04-21 21:29:31 +00:00
}
2005-06-20 13:42:29 +00:00
void winbindd_sid_to_gid ( struct winbindd_cli_state * state )
2001-05-07 05:03:40 +00:00
{
DOM_SID sid ;
2008-07-11 13:58:31 +02:00
gid_t gid ;
bool expired ;
2001-05-07 05:03:40 +00:00
2002-08-17 17:00:51 +00:00
/* Ensure null termination */
state - > request . data . sid [ sizeof ( state - > request . data . sid ) - 1 ] = ' \0 ' ;
2005-06-08 22:10:34 +00:00
DEBUG ( 3 , ( " [%5lu]: sid to gid %s \n " , ( unsigned long ) state - > pid ,
2001-05-07 05:03:40 +00:00
state - > request . data . sid ) ) ;
2005-06-08 22:10:34 +00:00
if ( ! string_to_sid ( & sid , state - > request . data . sid ) ) {
DEBUG ( 1 , ( " Could not get convert sid %s from string \n " ,
state - > request . data . sid ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2003-11-07 14:39:47 +00:00
}
2005-06-08 22:10:34 +00:00
2008-07-11 13:58:31 +02:00
if ( idmap_cache_find_sid2gid ( & sid , & gid , & expired ) ) {
DEBUG ( 10 , ( " idmap_cache_find_sid2gid found %d%s \n " ,
( int ) gid , expired ? " (expired) " : " " ) ) ;
if ( expired & & IS_DOMAIN_ONLINE ( find_our_domain ( ) ) ) {
DEBUG ( 10 , ( " revalidating expired entry \n " ) ) ;
goto backend ;
}
if ( gid = = - 1 ) {
DEBUG ( 10 , ( " Returning negative cache entry \n " ) ) ;
request_error ( state ) ;
return ;
}
DEBUG ( 10 , ( " Returning positive cache entry \n " ) ) ;
state - > response . data . gid = gid ;
request_ok ( state ) ;
return ;
}
2007-04-21 21:29:31 +00:00
/* Validate the SID as a group. Hopefully this will hit cache.
Needed to prevent DoS by exhausting the uid allocation
range from random SIDs . */
2008-07-11 13:58:31 +02:00
backend :
2007-04-21 21:29:31 +00:00
winbindd_lookupsid_async ( state - > mem_ctx , & sid , sid2gid_lookupsid_recv , state ) ;
2005-06-08 22:10:34 +00:00
}
2004-09-15 08:55:01 +00:00
2007-10-18 17:40:25 -07:00
static void set_mapping_recv ( void * private_data , bool success )
2006-08-08 15:33:09 +00:00
{
2006-08-18 14:05:25 +00:00
struct winbindd_cli_state * state =
2006-12-12 14:52:13 +00:00
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
2006-08-08 15:33:09 +00:00
2006-12-12 14:52:13 +00:00
if ( ! success ) {
DEBUG ( 5 , ( " Could not set sid mapping \n " ) ) ;
request_error ( state ) ;
2006-08-08 15:33:09 +00:00
return ;
}
2006-12-12 14:52:13 +00:00
request_ok ( state ) ;
}
2006-08-08 15:33:09 +00:00
2006-12-12 14:52:13 +00:00
void winbindd_set_mapping ( struct winbindd_cli_state * state )
{
struct id_map map ;
DOM_SID sid ;
2001-05-07 05:03:40 +00:00
2006-12-12 14:52:13 +00:00
DEBUG ( 3 , ( " [%5lu]: set id map \n " , ( unsigned long ) state - > pid ) ) ;
2001-05-07 05:03:40 +00:00
2006-12-12 14:52:13 +00:00
if ( ! state - > privileged ) {
DEBUG ( 0 , ( " Only root is allowed to set mappings! \n " ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2005-06-08 22:10:34 +00:00
}
2006-12-12 14:52:13 +00:00
if ( ! string_to_sid ( & sid , state - > request . data . dual_idmapset . sid ) ) {
DEBUG ( 1 , ( " Could not get convert sid %s from string \n " ,
state - > request . data . sid ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2005-06-08 22:10:34 +00:00
}
2006-12-12 14:52:13 +00:00
map . sid = & sid ;
map . xid . id = state - > request . data . dual_idmapset . id ;
map . xid . type = state - > request . data . dual_idmapset . type ;
2005-06-08 22:10:34 +00:00
2006-12-12 14:52:13 +00:00
winbindd_set_mapping_async ( state - > mem_ctx , & map ,
set_mapping_recv , state ) ;
2005-06-08 22:10:34 +00:00
}
2007-10-18 17:40:25 -07:00
static void set_hwm_recv ( void * private_data , bool success )
2005-06-08 22:10:34 +00:00
{
2006-12-12 14:52:13 +00:00
struct winbindd_cli_state * state =
talloc_get_type_abort ( private_data , struct winbindd_cli_state ) ;
2005-06-08 22:10:34 +00:00
if ( ! success ) {
2006-12-12 14:52:13 +00:00
DEBUG ( 5 , ( " Could not set sid mapping \n " ) ) ;
request_error ( state ) ;
2005-06-08 22:10:34 +00:00
return ;
}
2006-12-12 14:52:13 +00:00
request_ok ( state ) ;
2005-06-08 22:10:34 +00:00
}
2006-12-12 14:52:13 +00:00
void winbindd_set_hwm ( struct winbindd_cli_state * state )
2005-06-08 22:10:34 +00:00
{
2006-12-12 14:52:13 +00:00
struct unixid xid ;
DEBUG ( 3 , ( " [%5lu]: set hwm \n " , ( unsigned long ) state - > pid ) ) ;
2005-06-08 22:10:34 +00:00
2006-12-12 14:52:13 +00:00
if ( ! state - > privileged ) {
DEBUG ( 0 , ( " Only root is allowed to set mappings! \n " ) ) ;
request_error ( state ) ;
2005-06-08 22:10:34 +00:00
return ;
}
2006-12-12 14:52:13 +00:00
xid . id = state - > request . data . dual_idmapset . id ;
xid . type = state - > request . data . dual_idmapset . type ;
2005-06-08 22:10:34 +00:00
2006-12-12 14:52:13 +00:00
winbindd_set_hwm_async ( state - > mem_ctx , & xid , set_hwm_recv , state ) ;
2005-06-08 22:10:34 +00:00
}
2006-12-12 14:52:13 +00:00
/* Convert a uid to a sid */
2006-08-08 15:33:09 +00:00
2008-07-07 22:09:39 +02:00
static void uid2sid_recv ( void * private_data , bool success , const char * sidstr )
2001-05-07 05:03:40 +00:00
{
2006-12-12 14:52:13 +00:00
struct winbindd_cli_state * state =
( struct winbindd_cli_state * ) private_data ;
2008-07-07 22:09:39 +02:00
struct dom_sid sid ;
2005-06-08 22:10:34 +00:00
2008-07-07 22:09:39 +02:00
if ( ! success | | ! string_to_sid ( & sid , sidstr ) ) {
ZERO_STRUCT ( sid ) ;
idmap_cache_set_sid2uid ( & sid , state - > request . data . uid ) ;
request_error ( state ) ;
2005-06-20 13:42:29 +00:00
return ;
2003-11-07 14:39:47 +00:00
}
2001-05-07 05:03:40 +00:00
2008-07-07 22:09:39 +02:00
DEBUG ( 10 , ( " uid2sid: uid %lu has sid %s \n " ,
( unsigned long ) ( state - > request . data . uid ) , sidstr ) ) ;
idmap_cache_set_sid2uid ( & sid , state - > request . data . uid ) ;
fstrcpy ( state - > response . data . sid . sid , sidstr ) ;
state - > response . data . sid . type = SID_NAME_USER ;
request_ok ( state ) ;
2006-12-12 14:52:13 +00:00
return ;
}
2005-06-08 22:10:34 +00:00
2006-12-12 14:52:13 +00:00
void winbindd_uid_to_sid ( struct winbindd_cli_state * state )
{
2008-07-07 22:09:39 +02:00
struct dom_sid sid ;
bool expired ;
2006-12-12 14:52:13 +00:00
DEBUG ( 3 , ( " [%5lu]: uid to sid %lu \n " , ( unsigned long ) state - > pid ,
( unsigned long ) state - > request . data . uid ) ) ;
2005-06-08 22:10:34 +00:00
2008-07-07 22:09:39 +02:00
if ( idmap_cache_find_uid2sid ( state - > request . data . uid , & sid ,
& expired ) ) {
DEBUG ( 10 , ( " idmap_cache_find_uid2sid found %d%s \n " ,
( int ) state - > request . data . uid ,
expired ? " (expired) " : " " ) ) ;
if ( expired & & IS_DOMAIN_ONLINE ( find_our_domain ( ) ) ) {
DEBUG ( 10 , ( " revalidating expired entry \n " ) ) ;
goto backend ;
}
if ( is_null_sid ( & sid ) ) {
DEBUG ( 10 , ( " Returning negative cache entry \n " ) ) ;
request_error ( state ) ;
return ;
}
DEBUG ( 10 , ( " Returning positive cache entry \n " ) ) ;
sid_to_fstring ( state - > response . data . sid . sid , & sid ) ;
request_ok ( state ) ;
return ;
}
2006-12-12 14:52:13 +00:00
/* always go via the async interface (may block) */
2008-07-07 22:09:39 +02:00
backend :
2006-12-12 14:52:13 +00:00
winbindd_uid2sid_async ( state - > mem_ctx , state - > request . data . uid , uid2sid_recv , state ) ;
2006-08-08 15:33:09 +00:00
}
2006-12-12 14:52:13 +00:00
/* Convert a gid to a sid */
2008-07-11 13:58:31 +02:00
static void gid2sid_recv ( void * private_data , bool success , const char * sidstr )
2006-08-08 15:33:09 +00:00
{
2006-08-18 14:05:25 +00:00
struct winbindd_cli_state * state =
( struct winbindd_cli_state * ) private_data ;
2008-07-11 13:58:31 +02:00
struct dom_sid sid ;
2006-08-08 15:33:09 +00:00
2008-07-11 13:58:31 +02:00
if ( ! success | | ! string_to_sid ( & sid , sidstr ) ) {
ZERO_STRUCT ( sid ) ;
idmap_cache_set_sid2gid ( & sid , state - > request . data . gid ) ;
request_error ( state ) ;
2006-08-08 15:33:09 +00:00
return ;
}
2008-07-11 13:58:31 +02:00
DEBUG ( 10 , ( " gid2sid: gid %lu has sid %s \n " ,
2008-07-13 12:07:40 +02:00
( unsigned long ) ( state - > request . data . gid ) , sidstr ) ) ;
2006-08-08 15:33:09 +00:00
2008-07-11 13:58:31 +02:00
idmap_cache_set_sid2gid ( & sid , state - > request . data . gid ) ;
fstrcpy ( state - > response . data . sid . sid , sidstr ) ;
state - > response . data . sid . type = SID_NAME_DOM_GRP ;
request_ok ( state ) ;
2006-12-12 14:52:13 +00:00
return ;
2005-06-08 22:10:34 +00:00
}
2006-12-12 14:52:13 +00:00
void winbindd_gid_to_sid ( struct winbindd_cli_state * state )
2005-06-08 22:10:34 +00:00
{
2008-07-11 13:58:31 +02:00
struct dom_sid sid ;
bool expired ;
2006-12-12 14:52:13 +00:00
DEBUG ( 3 , ( " [%5lu]: gid to sid %lu \n " , ( unsigned long ) state - > pid ,
( unsigned long ) state - > request . data . gid ) ) ;
2005-06-08 22:10:34 +00:00
2008-07-11 13:58:31 +02:00
if ( idmap_cache_find_gid2sid ( state - > request . data . gid , & sid ,
& expired ) ) {
DEBUG ( 10 , ( " idmap_cache_find_gid2sid found %d%s \n " ,
( int ) state - > request . data . gid ,
expired ? " (expired) " : " " ) ) ;
if ( expired & & IS_DOMAIN_ONLINE ( find_our_domain ( ) ) ) {
DEBUG ( 10 , ( " revalidating expired entry \n " ) ) ;
goto backend ;
}
if ( is_null_sid ( & sid ) ) {
DEBUG ( 10 , ( " Returning negative cache entry \n " ) ) ;
request_error ( state ) ;
return ;
}
DEBUG ( 10 , ( " Returning positive cache entry \n " ) ) ;
sid_to_fstring ( state - > response . data . sid . sid , & sid ) ;
request_ok ( state ) ;
return ;
}
2006-12-12 14:52:13 +00:00
/* always use async calls (may block) */
2008-07-11 13:58:31 +02:00
backend :
2006-12-12 14:52:13 +00:00
winbindd_gid2sid_async ( state - > mem_ctx , state - > request . data . gid , gid2sid_recv , state ) ;
2001-05-07 05:03:40 +00:00
}
2004-04-07 12:43:44 +00:00
2006-02-03 22:19:41 +00:00
void winbindd_allocate_uid ( struct winbindd_cli_state * state )
2004-04-07 12:43:44 +00:00
{
if ( ! state - > privileged ) {
2006-02-03 22:19:41 +00:00
DEBUG ( 2 , ( " winbindd_allocate_uid: non-privileged access "
2004-04-07 12:43:44 +00:00
" denied! \n " ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2004-04-07 12:43:44 +00:00
}
2005-06-20 13:42:29 +00:00
sendto_child ( state , idmap_child ( ) ) ;
2005-06-08 22:10:34 +00:00
}
2006-02-03 22:19:41 +00:00
enum winbindd_result winbindd_dual_allocate_uid ( struct winbindd_domain * domain ,
2005-06-08 22:10:34 +00:00
struct winbindd_cli_state * state )
{
2006-12-12 14:52:13 +00:00
struct unixid xid ;
2004-04-07 12:43:44 +00:00
2006-12-12 14:52:13 +00:00
if ( ! NT_STATUS_IS_OK ( idmap_allocate_uid ( & xid ) ) ) {
2004-04-07 12:43:44 +00:00
return WINBINDD_ERROR ;
2006-02-03 22:19:41 +00:00
}
2006-12-12 14:52:13 +00:00
state - > response . data . uid = xid . id ;
2004-04-07 12:43:44 +00:00
return WINBINDD_OK ;
}
2005-06-08 22:10:34 +00:00
2006-02-03 22:19:41 +00:00
void winbindd_allocate_gid ( struct winbindd_cli_state * state )
2005-06-08 22:10:34 +00:00
{
if ( ! state - > privileged ) {
2006-02-03 22:19:41 +00:00
DEBUG ( 2 , ( " winbindd_allocate_gid: non-privileged access "
2005-06-08 22:10:34 +00:00
" denied! \n " ) ) ;
2005-06-20 13:42:29 +00:00
request_error ( state ) ;
return ;
2005-06-08 22:10:34 +00:00
}
2005-06-20 13:42:29 +00:00
sendto_child ( state , idmap_child ( ) ) ;
2005-06-08 22:10:34 +00:00
}
2006-02-03 22:19:41 +00:00
enum winbindd_result winbindd_dual_allocate_gid ( struct winbindd_domain * domain ,
struct winbindd_cli_state * state )
2005-06-08 22:10:34 +00:00
{
2006-12-12 14:52:13 +00:00
struct unixid xid ;
2005-06-08 22:10:34 +00:00
2006-12-12 14:52:13 +00:00
if ( ! NT_STATUS_IS_OK ( idmap_allocate_gid ( & xid ) ) ) {
2005-06-08 22:10:34 +00:00
return WINBINDD_ERROR ;
2006-02-03 22:19:41 +00:00
}
2006-12-12 14:52:13 +00:00
state - > response . data . gid = xid . id ;
2005-06-08 22:10:34 +00:00
return WINBINDD_OK ;
}