2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2009
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "librpc/gen_ndr/ndr_wbint_c.h"
23 #include "../libcli/security/security.h"
24 #include "passdb/machine_sid.h"
26 struct wb_gettoken_state {
27 struct tevent_context *ev;
28 struct dom_sid usersid;
33 static bool wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
34 int *pnum_sids, struct dom_sid **psids,
35 const struct dom_sid *domain_sid,
36 int num_rids, uint32_t *rids);
38 static void wb_gettoken_gotgroups(struct tevent_req *subreq);
39 static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq);
40 static void wb_gettoken_gotbuiltins(struct tevent_req *subreq);
42 struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
43 struct tevent_context *ev,
44 const struct dom_sid *sid)
46 struct tevent_req *req, *subreq;
47 struct wb_gettoken_state *state;
48 struct winbindd_domain *domain;
50 req = tevent_req_create(mem_ctx, &state, struct wb_gettoken_state);
54 sid_copy(&state->usersid, sid);
57 domain = find_domain_from_sid_noinit(sid);
59 DEBUG(5, ("Could not find domain from SID %s\n",
60 sid_string_dbg(sid)));
61 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
62 return tevent_req_post(req, ev);
65 if (lp_winbind_trusted_domains_only() && domain->primary) {
66 DEBUG(7, ("wb_gettoken: My domain -- rejecting getgroups() "
67 "for %s.\n", sid_string_tos(sid)));
68 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
69 return tevent_req_post(req, ev);
72 subreq = wb_lookupusergroups_send(state, ev, domain, &state->usersid);
73 if (tevent_req_nomem(subreq, req)) {
74 return tevent_req_post(req, ev);
76 tevent_req_set_callback(subreq, wb_gettoken_gotgroups, req);
80 static void wb_gettoken_gotgroups(struct tevent_req *subreq)
82 struct tevent_req *req = tevent_req_callback_data(
83 subreq, struct tevent_req);
84 struct wb_gettoken_state *state = tevent_req_data(
85 req, struct wb_gettoken_state);
87 struct winbindd_domain *domain;
90 status = wb_lookupusergroups_recv(subreq, state, &state->num_sids,
93 if (tevent_req_nterror(req, status)) {
97 sids = talloc_realloc(state, state->sids, struct dom_sid,
99 if (tevent_req_nomem(sids, req)) {
102 memmove(&sids[1], &sids[0], state->num_sids * sizeof(sids[0]));
103 sid_copy(&sids[0], &state->usersid);
104 state->num_sids += 1;
108 * Expand our domain's aliases
110 domain = find_domain_from_sid_noinit(get_global_sam_sid());
111 if (domain == NULL) {
112 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
116 subreq = wb_lookupuseraliases_send(state, state->ev, domain,
117 state->num_sids, state->sids);
118 if (tevent_req_nomem(subreq, req)) {
121 tevent_req_set_callback(subreq, wb_gettoken_gotlocalgroups, req);
124 static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq)
126 struct tevent_req *req = tevent_req_callback_data(
127 subreq, struct tevent_req);
128 struct wb_gettoken_state *state = tevent_req_data(
129 req, struct wb_gettoken_state);
132 struct winbindd_domain *domain;
135 status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
137 if (tevent_req_nterror(req, status)) {
140 domain = find_domain_from_sid_noinit(get_global_sam_sid());
141 if (domain == NULL) {
142 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
145 if (!wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
146 &domain->sid, num_rids, rids)) {
147 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
153 * Now expand the builtin groups
156 domain = find_builtin_domain();
157 if (domain == NULL) {
158 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
162 subreq = wb_lookupuseraliases_send(state, state->ev, domain,
163 state->num_sids, state->sids);
164 if (tevent_req_nomem(subreq, req)) {
167 tevent_req_set_callback(subreq, wb_gettoken_gotbuiltins, req);
170 static void wb_gettoken_gotbuiltins(struct tevent_req *subreq)
172 struct tevent_req *req = tevent_req_callback_data(
173 subreq, struct tevent_req);
174 struct wb_gettoken_state *state = tevent_req_data(
175 req, struct wb_gettoken_state);
180 status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
182 if (tevent_req_nterror(req, status)) {
185 if (!wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
186 &global_sid_Builtin, num_rids, rids)) {
187 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
190 tevent_req_done(req);
193 NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
194 int *num_sids, struct dom_sid **sids)
196 struct wb_gettoken_state *state = tevent_req_data(
197 req, struct wb_gettoken_state);
200 if (tevent_req_is_nterror(req, &status)) {
203 *num_sids = state->num_sids;
204 *sids = talloc_move(mem_ctx, &state->sids);
208 static bool wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
209 int *pnum_sids, struct dom_sid **psids,
210 const struct dom_sid *domain_sid,
211 int num_rids, uint32_t *rids)
213 struct dom_sid *sids;
216 sids = talloc_realloc(mem_ctx, *psids, struct dom_sid,
217 *pnum_sids + num_rids);
221 for (i=0; i<num_rids; i++) {
222 sid_compose(&sids[i+*pnum_sids], domain_sid, rids[i]);
225 *pnum_sids += num_rids;
git.samba.org / gd / samba-autobuild / .git / blob