2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "util/debug.h"
23 #include "librpc/gen_ndr/ndr_winbind_c.h"
24 #include "../libcli/security/security.h"
25 #include "passdb/machine_sid.h"
27 struct wb_gettoken_state {
28 struct tevent_context *ev;
29 struct dom_sid usersid;
30 bool expand_local_aliases;
35 static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
37 struct dom_sid **psids,
38 const struct dom_sid *domain_sid,
39 uint32_t num_rids, uint32_t *rids);
41 static void wb_gettoken_gotuser(struct tevent_req *subreq);
42 static void wb_gettoken_gotgroups(struct tevent_req *subreq);
43 static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq);
44 static void wb_gettoken_gotbuiltins(struct tevent_req *subreq);
46 struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
47 struct tevent_context *ev,
48 const struct dom_sid *sid,
49 bool expand_local_aliases)
51 struct tevent_req *req, *subreq;
52 struct wb_gettoken_state *state;
53 struct dom_sid_buf buf;
55 req = tevent_req_create(mem_ctx, &state, struct wb_gettoken_state);
59 sid_copy(&state->usersid, sid);
61 state->expand_local_aliases = expand_local_aliases;
63 D_INFO("WB command gettoken start.\n"
64 "Query user SID %s (expand local aliases is %d).\n",
65 dom_sid_str_buf(sid, &buf),
66 expand_local_aliases);
67 subreq = wb_queryuser_send(state, ev, &state->usersid);
68 if (tevent_req_nomem(subreq, req)) {
69 return tevent_req_post(req, ev);
71 tevent_req_set_callback(subreq, wb_gettoken_gotuser, req);
75 static void wb_gettoken_gotuser(struct tevent_req *subreq)
77 struct tevent_req *req = tevent_req_callback_data(
78 subreq, struct tevent_req);
79 struct wb_gettoken_state *state = tevent_req_data(
80 req, struct wb_gettoken_state);
81 struct wbint_userinfo *info;
83 struct dom_sid_buf buf0, buf1;
85 status = wb_queryuser_recv(subreq, state, &info);
87 if (tevent_req_nterror(req, status)) {
91 state->sids = talloc_array(state, struct dom_sid, 2);
92 if (tevent_req_nomem(state->sids, req)) {
97 D_DEBUG("Got user SID %s and group SID %s\n",
98 dom_sid_str_buf(&info->user_sid, &buf0),
99 dom_sid_str_buf(&info->group_sid, &buf1));
100 sid_copy(&state->sids[0], &info->user_sid);
101 sid_copy(&state->sids[1], &info->group_sid);
103 D_DEBUG("Looking up user groups for the user SID.\n");
104 subreq = wb_lookupusergroups_send(state, state->ev, &info->user_sid);
105 if (tevent_req_nomem(subreq, req)) {
108 tevent_req_set_callback(subreq, wb_gettoken_gotgroups, req);
111 static void wb_gettoken_gotgroups(struct tevent_req *subreq)
113 struct tevent_req *req = tevent_req_callback_data(
114 subreq, struct tevent_req);
115 struct wb_gettoken_state *state = tevent_req_data(
116 req, struct wb_gettoken_state);
117 uint32_t i, num_groups;
118 struct dom_sid *groups;
119 struct winbindd_domain *domain;
121 struct dom_sid_buf buf;
123 status = wb_lookupusergroups_recv(subreq, state, &num_groups, &groups);
125 if (!NT_STATUS_IS_OK(status)) {
126 tevent_req_done(req);
130 D_DEBUG("Received %"PRIu32" group(s).\n", num_groups);
131 for (i = 0; i < num_groups; i++) {
132 D_DEBUG("Adding SID %s.\n", dom_sid_str_buf(&groups[i], &buf));
133 status = add_sid_to_array_unique(
134 state, &groups[i], &state->sids, &state->num_sids);
136 if (tevent_req_nterror(req, status)) {
141 if (!state->expand_local_aliases) {
142 D_DEBUG("Done. Not asked to expand local aliases.\n");
143 tevent_req_done(req);
148 * Expand our domain's aliases
150 domain = find_domain_from_sid_noinit(get_global_sam_sid());
151 if (domain == NULL) {
152 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
156 D_DEBUG("Expand domain's aliases for %"PRIu32" SID(s).\n",
158 subreq = wb_lookupuseraliases_send(state, state->ev, domain,
159 state->num_sids, state->sids);
160 if (tevent_req_nomem(subreq, req)) {
163 tevent_req_set_callback(subreq, wb_gettoken_gotlocalgroups, req);
166 static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq)
168 struct tevent_req *req = tevent_req_callback_data(
169 subreq, struct tevent_req);
170 struct wb_gettoken_state *state = tevent_req_data(
171 req, struct wb_gettoken_state);
174 struct winbindd_domain *domain;
177 status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
179 if (tevent_req_nterror(req, status)) {
183 D_DEBUG("Got %"PRIu32" RID(s).\n", num_rids);
184 status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
185 get_global_sam_sid(), num_rids, rids);
186 if (tevent_req_nterror(req, status)) {
192 * Now expand the builtin groups
195 D_DEBUG("Expand the builtin groups for %"PRIu32" SID(s).\n",
197 domain = find_domain_from_sid(&global_sid_Builtin);
198 if (domain == NULL) {
199 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
203 subreq = wb_lookupuseraliases_send(state, state->ev, domain,
204 state->num_sids, state->sids);
205 if (tevent_req_nomem(subreq, req)) {
208 tevent_req_set_callback(subreq, wb_gettoken_gotbuiltins, req);
211 static void wb_gettoken_gotbuiltins(struct tevent_req *subreq)
213 struct tevent_req *req = tevent_req_callback_data(
214 subreq, struct tevent_req);
215 struct wb_gettoken_state *state = tevent_req_data(
216 req, struct wb_gettoken_state);
221 status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
223 if (tevent_req_nterror(req, status)) {
226 D_DEBUG("Got %"PRIu32" RID(s).\n", num_rids);
227 status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
228 &global_sid_Builtin, num_rids, rids);
229 if (tevent_req_nterror(req, status)) {
232 tevent_req_done(req);
235 NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
236 uint32_t *num_sids, struct dom_sid **sids)
238 struct wb_gettoken_state *state = tevent_req_data(
239 req, struct wb_gettoken_state);
243 if (tevent_req_is_nterror(req, &status)) {
246 *num_sids = state->num_sids;
247 D_INFO("WB command gettoken end.\nReceived %"PRIu32" SID(s).\n",
250 if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
251 for (i = 0; i < state->num_sids; i++) {
252 struct dom_sid_buf sidbuf;
253 D_INFO("%"PRIu32": %s\n",
255 dom_sid_str_buf(&state->sids[i],
260 *sids = talloc_move(mem_ctx, &state->sids);
264 static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
266 struct dom_sid **psids,
267 const struct dom_sid *domain_sid,
268 uint32_t num_rids, uint32_t *rids)
272 D_DEBUG("%"PRIu32" SID(s) will be uniquely added to the SID array.\n"
273 "Before the addition the array has %"PRIu32" SID(s).\n",
274 num_rids, *pnum_sids);
276 for (i = 0; i < num_rids; i++) {
280 sid_compose(&sid, domain_sid, rids[i]);
281 status = add_sid_to_array_unique(
282 mem_ctx, &sid, psids, pnum_sids);
283 if (!NT_STATUS_IS_OK(status)) {
287 D_DEBUG("After the addition the array has %"PRIu32" SID(s).\n",