mirror of
https://github.com/samba-team/samba.git
synced 2025-01-05 09:18:06 +03:00
148a102800
Previously LookupNames would fail if a name could not be translated, so winbindd clients like libwbclient couldn't differentiate between not being able to talk to a DC and just an unkown name. As a visible change this alters $ bin/wbinfo -n Idontexist failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name Idontexist to $ bin/wbinfo -n Idontexist failed to call wbcLookupName: WBC_ERR_SOME_NOT_MAPPED Could not lookup name Idontexist Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
440 lines
11 KiB
C
440 lines
11 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
Async helpers for blocking functions
|
|
|
|
Copyright (C) Volker Lendecke 2005
|
|
Copyright (C) Gerald Carter 2006
|
|
Copyright (C) Simo Sorce 2007
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include "winbindd.h"
|
|
#include "../libcli/security/security.h"
|
|
#include "passdb/lookup_sid.h"
|
|
#include "lib/global_contexts.h"
|
|
|
|
#undef DBGC_CLASS
|
|
#define DBGC_CLASS DBGC_WINBIND
|
|
|
|
static struct winbindd_child *static_idmap_child = NULL;
|
|
|
|
/*
|
|
* Map idmap ranges to domain names, taken from smb.conf. This is
|
|
* stored in the parent winbind and used to assemble xids2sids/sids2xids calls
|
|
* into per-idmap-domain chunks.
|
|
*/
|
|
static struct wb_parent_idmap_config static_parent_idmap_config;
|
|
|
|
struct winbindd_child *idmap_child(void)
|
|
{
|
|
return static_idmap_child;
|
|
}
|
|
|
|
bool is_idmap_child(const struct winbindd_child *child)
|
|
{
|
|
if (child == static_idmap_child) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
pid_t idmap_child_pid(void)
|
|
{
|
|
return static_idmap_child->pid;
|
|
}
|
|
|
|
struct dcerpc_binding_handle *idmap_child_handle(void)
|
|
{
|
|
/*
|
|
* The caller needs to use wb_parent_idmap_setup_send/recv
|
|
* before talking to the idmap child!
|
|
*/
|
|
SMB_ASSERT(static_parent_idmap_config.num_doms > 0);
|
|
return static_idmap_child->binding_handle;
|
|
}
|
|
|
|
static void init_idmap_child_done(struct tevent_req *subreq);
|
|
|
|
NTSTATUS init_idmap_child(TALLOC_CTX *mem_ctx)
|
|
{
|
|
struct tevent_req *subreq = NULL;
|
|
|
|
if (static_idmap_child != NULL) {
|
|
DBG_ERR("idmap child already allocated\n");
|
|
return NT_STATUS_INTERNAL_ERROR;
|
|
}
|
|
|
|
static_idmap_child = talloc_zero(mem_ctx, struct winbindd_child);
|
|
if (static_idmap_child == NULL) {
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
|
|
subreq = wb_parent_idmap_setup_send(static_idmap_child,
|
|
global_event_context());
|
|
if (subreq == NULL) {
|
|
/*
|
|
* This is only an optimization, so we're free to
|
|
* to ignore errors
|
|
*/
|
|
DBG_ERR("wb_parent_idmap_setup_send() failed\n");
|
|
return NT_STATUS_NO_MEMORY;
|
|
}
|
|
tevent_req_set_callback(subreq, init_idmap_child_done, NULL);
|
|
DBG_DEBUG("wb_parent_idmap_setup_send() started\n");
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
static void init_idmap_child_done(struct tevent_req *subreq)
|
|
{
|
|
const struct wb_parent_idmap_config *cfg = NULL;
|
|
NTSTATUS status;
|
|
|
|
status = wb_parent_idmap_setup_recv(subreq, &cfg);
|
|
TALLOC_FREE(subreq);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
/*
|
|
* This is only an optimization, so we're free to
|
|
* to ignore errors
|
|
*/
|
|
DBG_ERR("wb_parent_idmap_setup_recv() failed %s\n",
|
|
nt_errstr(status));
|
|
return;
|
|
}
|
|
|
|
DBG_DEBUG("wb_parent_idmap_setup_recv() finished\n");
|
|
}
|
|
|
|
struct wb_parent_idmap_setup_state {
|
|
struct tevent_context *ev;
|
|
struct wb_parent_idmap_config *cfg;
|
|
size_t dom_idx;
|
|
};
|
|
|
|
static void wb_parent_idmap_setup_cleanup(struct tevent_req *req,
|
|
enum tevent_req_state req_state)
|
|
{
|
|
struct wb_parent_idmap_setup_state *state =
|
|
tevent_req_data(req,
|
|
struct wb_parent_idmap_setup_state);
|
|
|
|
if (req_state == TEVENT_REQ_DONE) {
|
|
state->cfg = NULL;
|
|
return;
|
|
}
|
|
|
|
if (state->cfg == NULL) {
|
|
return;
|
|
}
|
|
|
|
state->cfg->num_doms = 0;
|
|
state->cfg->initialized = false;
|
|
TALLOC_FREE(state->cfg->doms);
|
|
state->cfg = NULL;
|
|
}
|
|
|
|
static void wb_parent_idmap_setup_queue_wait_done(struct tevent_req *subreq);
|
|
static bool wb_parent_idmap_setup_scan_config(const char *domname,
|
|
void *private_data);
|
|
static void wb_parent_idmap_setup_lookupname_next(struct tevent_req *req);
|
|
static void wb_parent_idmap_setup_lookupname_done(struct tevent_req *subreq);
|
|
|
|
struct tevent_req *wb_parent_idmap_setup_send(TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev)
|
|
{
|
|
struct tevent_req *req = NULL;
|
|
struct wb_parent_idmap_setup_state *state = NULL;
|
|
struct tevent_req *subreq = NULL;
|
|
|
|
req = tevent_req_create(mem_ctx, &state,
|
|
struct wb_parent_idmap_setup_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
*state = (struct wb_parent_idmap_setup_state) {
|
|
.ev = ev,
|
|
.cfg = &static_parent_idmap_config,
|
|
.dom_idx = 0,
|
|
};
|
|
|
|
if (state->cfg->initialized) {
|
|
tevent_req_done(req);
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
if (state->cfg->queue == NULL) {
|
|
state->cfg->queue = tevent_queue_create(NULL,
|
|
"wb_parent_idmap_config_queue");
|
|
if (tevent_req_nomem(state->cfg->queue, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
}
|
|
|
|
subreq = tevent_queue_wait_send(state, state->ev, state->cfg->queue);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(subreq,
|
|
wb_parent_idmap_setup_queue_wait_done,
|
|
req);
|
|
|
|
return req;
|
|
}
|
|
|
|
static void wb_parent_idmap_setup_queue_wait_done(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req =
|
|
tevent_req_callback_data(subreq,
|
|
struct tevent_req);
|
|
struct wb_parent_idmap_setup_state *state =
|
|
tevent_req_data(req,
|
|
struct wb_parent_idmap_setup_state);
|
|
bool ok;
|
|
|
|
/*
|
|
* Note we don't call TALLOC_FREE(subreq) here in order to block the
|
|
* queue until tevent_req_received() in wb_parent_idmap_setup_recv()
|
|
* will destroy it implicitly.
|
|
*/
|
|
ok = tevent_queue_wait_recv(subreq);
|
|
if (!ok) {
|
|
DBG_ERR("tevent_queue_wait_recv() failed\n");
|
|
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
|
|
return;
|
|
}
|
|
|
|
if (state->cfg->num_doms != 0) {
|
|
/*
|
|
* If we're not the first one we're done.
|
|
*/
|
|
tevent_req_done(req);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* From this point we start changing state->cfg,
|
|
* which is &static_parent_idmap_config,
|
|
* so we better setup a cleanup function
|
|
* to undo the changes on failure.
|
|
*/
|
|
tevent_req_set_cleanup_fn(req, wb_parent_idmap_setup_cleanup);
|
|
|
|
/*
|
|
* Put the passdb idmap domain first. We always need to try
|
|
* there first.
|
|
*/
|
|
state->cfg->doms = talloc_zero_array(NULL,
|
|
struct wb_parent_idmap_config_dom,
|
|
1);
|
|
if (tevent_req_nomem(state->cfg->doms, req)) {
|
|
return;
|
|
}
|
|
state->cfg->doms[0].low_id = 0;
|
|
state->cfg->doms[0].high_id = UINT_MAX;
|
|
state->cfg->doms[0].name = talloc_strdup(state->cfg->doms,
|
|
get_global_sam_name());
|
|
if (tevent_req_nomem(state->cfg->doms[0].name, req)) {
|
|
return;
|
|
}
|
|
state->cfg->num_doms += 1;
|
|
|
|
lp_scan_idmap_domains(wb_parent_idmap_setup_scan_config, req);
|
|
if (!tevent_req_is_in_progress(req)) {
|
|
return;
|
|
}
|
|
|
|
wb_parent_idmap_setup_lookupname_next(req);
|
|
}
|
|
|
|
static bool wb_parent_idmap_setup_scan_config(const char *domname,
|
|
void *private_data)
|
|
{
|
|
struct tevent_req *req =
|
|
talloc_get_type_abort(private_data,
|
|
struct tevent_req);
|
|
struct wb_parent_idmap_setup_state *state =
|
|
tevent_req_data(req,
|
|
struct wb_parent_idmap_setup_state);
|
|
struct wb_parent_idmap_config_dom *map = NULL;
|
|
size_t i;
|
|
const char *range;
|
|
unsigned low_id, high_id;
|
|
int ret;
|
|
|
|
range = idmap_config_const_string(domname, "range", NULL);
|
|
if (range == NULL) {
|
|
DBG_DEBUG("No range for domain %s found\n", domname);
|
|
return false;
|
|
}
|
|
|
|
ret = sscanf(range, "%u - %u", &low_id, &high_id);
|
|
if (ret != 2) {
|
|
DBG_DEBUG("Invalid range spec \"%s\" for domain %s\n",
|
|
range, domname);
|
|
return false;
|
|
}
|
|
|
|
if (low_id > high_id) {
|
|
DBG_DEBUG("Invalid range %u - %u for domain %s\n",
|
|
low_id, high_id, domname);
|
|
return false;
|
|
}
|
|
|
|
for (i=0; i<state->cfg->num_doms; i++) {
|
|
if (strequal(domname, state->cfg->doms[i].name)) {
|
|
map = &state->cfg->doms[i];
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (map == NULL) {
|
|
struct wb_parent_idmap_config_dom *tmp;
|
|
char *name;
|
|
|
|
name = talloc_strdup(state, domname);
|
|
if (name == NULL) {
|
|
DBG_ERR("talloc failed\n");
|
|
return false;
|
|
}
|
|
|
|
tmp = talloc_realloc(
|
|
NULL, state->cfg->doms, struct wb_parent_idmap_config_dom,
|
|
state->cfg->num_doms+1);
|
|
if (tmp == NULL) {
|
|
DBG_ERR("talloc failed\n");
|
|
return false;
|
|
}
|
|
state->cfg->doms = tmp;
|
|
|
|
map = &state->cfg->doms[state->cfg->num_doms];
|
|
state->cfg->num_doms += 1;
|
|
ZERO_STRUCTP(map);
|
|
map->name = talloc_move(state->cfg->doms, &name);
|
|
}
|
|
|
|
map->low_id = low_id;
|
|
map->high_id = high_id;
|
|
|
|
return false;
|
|
}
|
|
|
|
static void wb_parent_idmap_setup_lookupname_next(struct tevent_req *req)
|
|
{
|
|
struct wb_parent_idmap_setup_state *state =
|
|
tevent_req_data(req,
|
|
struct wb_parent_idmap_setup_state);
|
|
struct wb_parent_idmap_config_dom *dom =
|
|
&state->cfg->doms[state->dom_idx];
|
|
struct tevent_req *subreq = NULL;
|
|
|
|
next_domain:
|
|
if (state->dom_idx == state->cfg->num_doms) {
|
|
/*
|
|
* We're done, so start the idmap child
|
|
*/
|
|
setup_child(NULL, static_idmap_child, "log.winbindd", "idmap");
|
|
static_parent_idmap_config.initialized = true;
|
|
tevent_req_done(req);
|
|
return;
|
|
}
|
|
|
|
if (strequal(dom->name, "*")) {
|
|
state->dom_idx++;
|
|
goto next_domain;
|
|
}
|
|
|
|
subreq = wb_lookupname_send(state,
|
|
state->ev,
|
|
dom->name,
|
|
dom->name,
|
|
"",
|
|
LOOKUP_NAME_NO_NSS);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return;
|
|
}
|
|
tevent_req_set_callback(subreq,
|
|
wb_parent_idmap_setup_lookupname_done,
|
|
req);
|
|
}
|
|
|
|
static void wb_parent_idmap_setup_lookupname_done(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req =
|
|
tevent_req_callback_data(subreq,
|
|
struct tevent_req);
|
|
struct wb_parent_idmap_setup_state *state =
|
|
tevent_req_data(req,
|
|
struct wb_parent_idmap_setup_state);
|
|
struct wb_parent_idmap_config_dom *dom =
|
|
&state->cfg->doms[state->dom_idx];
|
|
enum lsa_SidType type;
|
|
NTSTATUS status;
|
|
|
|
status = wb_lookupname_recv(subreq, &dom->sid, &type);
|
|
TALLOC_FREE(subreq);
|
|
if (NT_STATUS_IS_OK(status) && type == SID_NAME_UNKNOWN) {
|
|
status = NT_STATUS_NONE_MAPPED;
|
|
}
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
DBG_ERR("Lookup domain name '%s' failed '%s'\n",
|
|
dom->name,
|
|
nt_errstr(status));
|
|
|
|
state->dom_idx++;
|
|
wb_parent_idmap_setup_lookupname_next(req);
|
|
return;
|
|
}
|
|
|
|
if (type != SID_NAME_DOMAIN) {
|
|
struct dom_sid_buf buf;
|
|
|
|
DBG_ERR("SID %s for idmap domain name '%s' "
|
|
"not a domain SID\n",
|
|
dom_sid_str_buf(&dom->sid, &buf),
|
|
dom->name);
|
|
|
|
ZERO_STRUCT(dom->sid);
|
|
}
|
|
|
|
state->dom_idx++;
|
|
wb_parent_idmap_setup_lookupname_next(req);
|
|
|
|
return;
|
|
}
|
|
|
|
NTSTATUS wb_parent_idmap_setup_recv(struct tevent_req *req,
|
|
const struct wb_parent_idmap_config **_cfg)
|
|
{
|
|
const struct wb_parent_idmap_config *cfg = &static_parent_idmap_config;
|
|
NTSTATUS status;
|
|
|
|
*_cfg = NULL;
|
|
|
|
if (tevent_req_is_nterror(req, &status)) {
|
|
tevent_req_received(req);
|
|
return status;
|
|
}
|
|
|
|
/*
|
|
* Note state->cfg is already set to NULL by
|
|
* wb_parent_idmap_setup_cleanup()
|
|
*/
|
|
*_cfg = cfg;
|
|
tevent_req_received(req);
|
|
return NT_STATUS_OK;
|
|
}
|