/* Unix SMB/CIFS implementation. Async helpers for blocking functions Copyright (C) Volker Lendecke 2005 Copyright (C) Gerald Carter 2006 Copyright (C) Simo Sorce 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include "winbindd.h" #include "../libcli/security/security.h" #include "passdb/lookup_sid.h" #include "lib/global_contexts.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND static struct winbindd_child *static_idmap_child = NULL; /* * Map idmap ranges to domain names, taken from smb.conf. This is * stored in the parent winbind and used to assemble xids2sids/sids2xids calls * into per-idmap-domain chunks. */ static struct wb_parent_idmap_config static_parent_idmap_config; struct winbindd_child *idmap_child(void) { return static_idmap_child; } bool is_idmap_child(const struct winbindd_child *child) { if (child == static_idmap_child) { return true; } return false; } pid_t idmap_child_pid(void) { return static_idmap_child->pid; } struct dcerpc_binding_handle *idmap_child_handle(void) { /* * The caller needs to use wb_parent_idmap_setup_send/recv * before talking to the idmap child! */ SMB_ASSERT(static_parent_idmap_config.num_doms > 0); return static_idmap_child->binding_handle; } static void init_idmap_child_done(struct tevent_req *subreq); NTSTATUS init_idmap_child(TALLOC_CTX *mem_ctx) { struct tevent_req *subreq = NULL; if (static_idmap_child != NULL) { DBG_ERR("idmap child already allocated\n"); return NT_STATUS_INTERNAL_ERROR; } static_idmap_child = talloc_zero(mem_ctx, struct winbindd_child); if (static_idmap_child == NULL) { return NT_STATUS_NO_MEMORY; } subreq = wb_parent_idmap_setup_send(static_idmap_child, global_event_context()); if (subreq == NULL) { /* * This is only an optimization, so we're free to * to ignore errors */ DBG_ERR("wb_parent_idmap_setup_send() failed\n"); return NT_STATUS_NO_MEMORY; } tevent_req_set_callback(subreq, init_idmap_child_done, NULL); DBG_DEBUG("wb_parent_idmap_setup_send() started\n"); return NT_STATUS_OK; } static void init_idmap_child_done(struct tevent_req *subreq) { const struct wb_parent_idmap_config *cfg = NULL; NTSTATUS status; status = wb_parent_idmap_setup_recv(subreq, &cfg); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { /* * This is only an optimization, so we're free to * to ignore errors */ DBG_ERR("wb_parent_idmap_setup_recv() failed %s\n", nt_errstr(status)); return; } DBG_DEBUG("wb_parent_idmap_setup_recv() finished\n"); } struct wb_parent_idmap_setup_state { struct tevent_context *ev; struct wb_parent_idmap_config *cfg; size_t dom_idx; }; static void wb_parent_idmap_setup_cleanup(struct tevent_req *req, enum tevent_req_state req_state) { struct wb_parent_idmap_setup_state *state = tevent_req_data(req, struct wb_parent_idmap_setup_state); if (req_state == TEVENT_REQ_DONE) { state->cfg = NULL; return; } if (state->cfg == NULL) { return; } state->cfg->num_doms = 0; state->cfg->initialized = false; TALLOC_FREE(state->cfg->doms); state->cfg = NULL; } static void wb_parent_idmap_setup_queue_wait_done(struct tevent_req *subreq); static bool wb_parent_idmap_setup_scan_config(const char *domname, void *private_data); static void wb_parent_idmap_setup_lookupname_next(struct tevent_req *req); static void wb_parent_idmap_setup_lookupname_done(struct tevent_req *subreq); struct tevent_req *wb_parent_idmap_setup_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev) { struct tevent_req *req = NULL; struct wb_parent_idmap_setup_state *state = NULL; struct tevent_req *subreq = NULL; req = tevent_req_create(mem_ctx, &state, struct wb_parent_idmap_setup_state); if (req == NULL) { return NULL; } *state = (struct wb_parent_idmap_setup_state) { .ev = ev, .cfg = &static_parent_idmap_config, .dom_idx = 0, }; if (state->cfg->initialized) { tevent_req_done(req); return tevent_req_post(req, ev); } if (state->cfg->queue == NULL) { state->cfg->queue = tevent_queue_create(NULL, "wb_parent_idmap_config_queue"); if (tevent_req_nomem(state->cfg->queue, req)) { return tevent_req_post(req, ev); } } subreq = tevent_queue_wait_send(state, state->ev, state->cfg->queue); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } tevent_req_set_callback(subreq, wb_parent_idmap_setup_queue_wait_done, req); return req; } static void wb_parent_idmap_setup_queue_wait_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct wb_parent_idmap_setup_state *state = tevent_req_data(req, struct wb_parent_idmap_setup_state); bool ok; /* * Note we don't call TALLOC_FREE(subreq) here in order to block the * queue until tevent_req_received() in wb_parent_idmap_setup_recv() * will destroy it implicitly. */ ok = tevent_queue_wait_recv(subreq); if (!ok) { DBG_ERR("tevent_queue_wait_recv() failed\n"); tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); return; } if (state->cfg->num_doms != 0) { /* * If we're not the first one we're done. */ tevent_req_done(req); return; } /* * From this point we start changing state->cfg, * which is &static_parent_idmap_config, * so we better setup a cleanup function * to undo the changes on failure. */ tevent_req_set_cleanup_fn(req, wb_parent_idmap_setup_cleanup); /* * Put the passdb idmap domain first. We always need to try * there first. */ state->cfg->doms = talloc_zero_array(NULL, struct wb_parent_idmap_config_dom, 1); if (tevent_req_nomem(state->cfg->doms, req)) { return; } state->cfg->doms[0].low_id = 0; state->cfg->doms[0].high_id = UINT_MAX; state->cfg->doms[0].name = talloc_strdup(state->cfg->doms, get_global_sam_name()); if (tevent_req_nomem(state->cfg->doms[0].name, req)) { return; } state->cfg->num_doms += 1; lp_scan_idmap_domains(wb_parent_idmap_setup_scan_config, req); if (!tevent_req_is_in_progress(req)) { return; } wb_parent_idmap_setup_lookupname_next(req); } static bool wb_parent_idmap_setup_scan_config(const char *domname, void *private_data) { struct tevent_req *req = talloc_get_type_abort(private_data, struct tevent_req); struct wb_parent_idmap_setup_state *state = tevent_req_data(req, struct wb_parent_idmap_setup_state); struct wb_parent_idmap_config_dom *map = NULL; size_t i; const char *range; unsigned low_id, high_id; int ret; range = idmap_config_const_string(domname, "range", NULL); if (range == NULL) { DBG_DEBUG("No range for domain %s found\n", domname); return false; } ret = sscanf(range, "%u - %u", &low_id, &high_id); if (ret != 2) { DBG_DEBUG("Invalid range spec \"%s\" for domain %s\n", range, domname); return false; } if (low_id > high_id) { DBG_DEBUG("Invalid range %u - %u for domain %s\n", low_id, high_id, domname); return false; } for (i=0; icfg->num_doms; i++) { if (strequal(domname, state->cfg->doms[i].name)) { map = &state->cfg->doms[i]; break; } } if (map == NULL) { struct wb_parent_idmap_config_dom *tmp; char *name; name = talloc_strdup(state, domname); if (name == NULL) { DBG_ERR("talloc failed\n"); return false; } tmp = talloc_realloc( NULL, state->cfg->doms, struct wb_parent_idmap_config_dom, state->cfg->num_doms+1); if (tmp == NULL) { DBG_ERR("talloc failed\n"); return false; } state->cfg->doms = tmp; map = &state->cfg->doms[state->cfg->num_doms]; state->cfg->num_doms += 1; ZERO_STRUCTP(map); map->name = talloc_move(state->cfg->doms, &name); } map->low_id = low_id; map->high_id = high_id; return false; } static void wb_parent_idmap_setup_lookupname_next(struct tevent_req *req) { struct wb_parent_idmap_setup_state *state = tevent_req_data(req, struct wb_parent_idmap_setup_state); struct wb_parent_idmap_config_dom *dom = &state->cfg->doms[state->dom_idx]; struct tevent_req *subreq = NULL; next_domain: if (state->dom_idx == state->cfg->num_doms) { /* * We're done, so start the idmap child */ setup_child(NULL, static_idmap_child, "log.winbindd", "idmap"); static_parent_idmap_config.initialized = true; tevent_req_done(req); return; } if (strequal(dom->name, "*")) { state->dom_idx++; goto next_domain; } subreq = wb_lookupname_send(state, state->ev, dom->name, dom->name, "", LOOKUP_NAME_NO_NSS); if (tevent_req_nomem(subreq, req)) { return; } tevent_req_set_callback(subreq, wb_parent_idmap_setup_lookupname_done, req); } static void wb_parent_idmap_setup_lookupname_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct wb_parent_idmap_setup_state *state = tevent_req_data(req, struct wb_parent_idmap_setup_state); struct wb_parent_idmap_config_dom *dom = &state->cfg->doms[state->dom_idx]; enum lsa_SidType type; NTSTATUS status; status = wb_lookupname_recv(subreq, &dom->sid, &type); TALLOC_FREE(subreq); if (NT_STATUS_IS_OK(status) && type == SID_NAME_UNKNOWN) { status = NT_STATUS_NONE_MAPPED; } if (!NT_STATUS_IS_OK(status)) { DBG_ERR("Lookup domain name '%s' failed '%s'\n", dom->name, nt_errstr(status)); state->dom_idx++; wb_parent_idmap_setup_lookupname_next(req); return; } if (type != SID_NAME_DOMAIN) { struct dom_sid_buf buf; DBG_ERR("SID %s for idmap domain name '%s' " "not a domain SID\n", dom_sid_str_buf(&dom->sid, &buf), dom->name); ZERO_STRUCT(dom->sid); } state->dom_idx++; wb_parent_idmap_setup_lookupname_next(req); return; } NTSTATUS wb_parent_idmap_setup_recv(struct tevent_req *req, const struct wb_parent_idmap_config **_cfg) { const struct wb_parent_idmap_config *cfg = &static_parent_idmap_config; NTSTATUS status; *_cfg = NULL; if (tevent_req_is_nterror(req, &status)) { tevent_req_received(req); return status; } /* * Note state->cfg is already set to NULL by * wb_parent_idmap_setup_cleanup() */ *_cfg = cfg; tevent_req_received(req); return NT_STATUS_OK; }