source3/winbindd/wb_group_members.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    async lookupgroupmembers
   4    Copyright (C) Volker Lendecke 2009
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "winbindd.h"
  22 #include "librpc/gen_ndr/cli_wbint.h"
  23
  24 /*
  25  * We have 3 sets of routines here:
  26  *
  27  * wb_lookupgroupmem is the low-level one-group routine
  28  *
  29  * wb_groups_members walks a list of groups
  30  *
  31  * wb_group_members finally is the high-level routine expanding groups
  32  * recursively
  33  */
  34
  35 /*
  36  * Look up members of a single group. Essentially a wrapper around the
  37  * lookup_groupmem winbindd_methods routine.
  38  */
  39
  40 struct wb_lookupgroupmem_state {
  41         struct dom_sid sid;
  42         struct wbint_GroupMembers members;
  43 };
  44
  45 static void wb_lookupgroupmem_done(struct tevent_req *subreq);
  46
  47 static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx,
  48                                                  struct tevent_context *ev,
  49                                                  const struct dom_sid *group_sid,
  50                                                  enum lsa_SidType type)
  51 {
  52         struct tevent_req *req, *subreq;
  53         struct wb_lookupgroupmem_state *state;
  54         struct winbindd_domain *domain;
  55
  56         req = tevent_req_create(mem_ctx, &state,
  57                                 struct wb_lookupgroupmem_state);
  58         if (req == NULL) {
  59                 return NULL;
  60         }
  61         sid_copy(&state->sid, group_sid);
  62
  63         domain = find_domain_from_sid_noinit(group_sid);
  64         if (domain == NULL) {
  65                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
  66                 return tevent_req_post(req, ev);
  67         }
  68
  69         subreq = rpccli_wbint_LookupGroupMembers_send(
  70                 state, ev, domain->child.rpccli, &state->sid, type,
  71                 &state->members);
  72         if (tevent_req_nomem(subreq, req)) {
  73                 return tevent_req_post(req, ev);
  74         }
  75         tevent_req_set_callback(subreq, wb_lookupgroupmem_done, req);
  76         return req;
  77 }
  78
  79 static void wb_lookupgroupmem_done(struct tevent_req *subreq)
  80 {
  81         struct tevent_req *req = tevent_req_callback_data(
  82                 subreq, struct tevent_req);
  83         struct wb_lookupgroupmem_state *state = tevent_req_data(
  84                 req, struct wb_lookupgroupmem_state);
  85         NTSTATUS status, result;
  86
  87         status = rpccli_wbint_LookupGroupMembers_recv(subreq, state, &result);
  88         TALLOC_FREE(subreq);
  89         if (!NT_STATUS_IS_OK(status)) {
  90                 tevent_req_nterror(req, status);
  91                 return;
  92         }
  93         if (!NT_STATUS_IS_OK(result)) {
  94                 tevent_req_nterror(req, result);
  95                 return;
  96         }
  97         tevent_req_done(req);
  98 }
  99
 100 static NTSTATUS wb_lookupgroupmem_recv(struct tevent_req *req,
 101                                            TALLOC_CTX *mem_ctx,
 102                                            int *num_members,
 103                                            struct wbint_Principal **members)
 104 {
 105         struct wb_lookupgroupmem_state *state = tevent_req_data(
 106                 req, struct wb_lookupgroupmem_state);
 107         NTSTATUS status;
 108
 109         if (tevent_req_is_nterror(req, &status)) {
 110                 return status;
 111         }
 112
 113         *num_members = state->members.num_members;
 114         *members = talloc_move(mem_ctx, &state->members.members);
 115         return NT_STATUS_OK;
 116 }
 117
 118 /*
 119  * Same as wb_lookupgroupmem for a list of groups
 120  */
 121
 122 struct wb_groups_members_state {
 123         struct tevent_context *ev;
 124         struct wbint_Principal *groups;
 125         int num_groups;
 126         int next_group;
 127         struct wbint_Principal *all_members;
 128 };
 129
 130 static NTSTATUS wb_groups_members_next_subreq(
 131         struct wb_groups_members_state *state,
 132         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
 133 static void wb_groups_members_done(struct tevent_req *subreq);
 134
 135 static struct tevent_req *wb_groups_members_send(TALLOC_CTX *mem_ctx,
 136                                                  struct tevent_context *ev,
 137                                                  int num_groups,
 138                                                  struct wbint_Principal *groups)
 139 {
 140         struct tevent_req *req, *subreq;
 141         struct wb_groups_members_state *state;
 142         NTSTATUS status;
 143
 144         req = tevent_req_create(mem_ctx, &state,
 145                                 struct wb_groups_members_state);
 146         if (req == NULL) {
 147                 return NULL;
 148         }
 149         state->ev = ev;
 150         state->groups = groups;
 151         state->num_groups = num_groups;
 152         state->next_group = 0;
 153         state->all_members = NULL;
 154
 155         status = wb_groups_members_next_subreq(state, state, &subreq);
 156         if (!NT_STATUS_IS_OK(status)) {
 157                 tevent_req_nterror(req, status);
 158                 return tevent_req_post(req, ev);
 159         }
 160         if (subreq == NULL) {
 161                 tevent_req_done(req);
 162                 return tevent_req_post(req, ev);
 163         }
 164         tevent_req_set_callback(subreq, wb_groups_members_done, req);
 165         return req;
 166 }
 167
 168 static NTSTATUS wb_groups_members_next_subreq(
 169         struct wb_groups_members_state *state,
 170         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
 171 {
 172         struct tevent_req *subreq;
 173         struct wbint_Principal *g;
 174
 175         if (state->next_group >= state->num_groups) {
 176                 *psubreq = NULL;
 177                 return NT_STATUS_OK;
 178         }
 179
 180         g = &state->groups[state->next_group];
 181         state->next_group += 1;
 182
 183         subreq = wb_lookupgroupmem_send(mem_ctx, state->ev, &g->sid, g->type);
 184         if (subreq == NULL) {
 185                 return NT_STATUS_NO_MEMORY;
 186         }
 187         *psubreq = subreq;
 188         return NT_STATUS_OK;
 189 }
 190
 191 static void wb_groups_members_done(struct tevent_req *subreq)
 192 {
 193         struct tevent_req *req = tevent_req_callback_data(
 194                 subreq, struct tevent_req);
 195         struct wb_groups_members_state *state = tevent_req_data(
 196                 req, struct wb_groups_members_state);
 197         int i, num_all_members;
 198         int num_members = 0;
 199         struct wbint_Principal *members = NULL;
 200         NTSTATUS status;
 201
 202         status = wb_lookupgroupmem_recv(subreq, state, &num_members,
 203                                             &members);
 204         TALLOC_FREE(subreq);
 205
 206         /*
 207          * In this error handling here we might have to be a bit more generous
 208          * and just continue if an error occured.
 209          */
 210
 211         if (!NT_STATUS_IS_OK(status)) {
 212                 tevent_req_nterror(req, status);
 213                 return;
 214         }
 215
 216         num_all_members = talloc_array_length(state->all_members);
 217
 218         state->all_members = talloc_realloc(
 219                 state, state->all_members, struct wbint_Principal,
 220                 num_all_members + num_members);
 221         if ((num_all_members + num_members != 0)
 222             && tevent_req_nomem(state->all_members, req)) {
 223                 return;
 224         }
 225         for (i=0; i<num_members; i++) {
 226                 struct wbint_Principal *src, *dst;
 227                 src = &members[i];
 228                 dst = &state->all_members[num_all_members + i];
 229                 sid_copy(&dst->sid, &src->sid);
 230                 dst->name = talloc_move(state->all_members, &src->name);
 231                 dst->type = src->type;
 232         }
 233         TALLOC_FREE(members);
 234
 235         status = wb_groups_members_next_subreq(state, state, &subreq);
 236         if (!NT_STATUS_IS_OK(status)) {
 237                 tevent_req_nterror(req, status);
 238                 return;
 239         }
 240         if (subreq == NULL) {
 241                 tevent_req_done(req);
 242                 return;
 243         }
 244         tevent_req_set_callback(subreq, wb_groups_members_done, req);
 245 }
 246
 247 static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
 248                                        TALLOC_CTX *mem_ctx,
 249                                        int *num_members,
 250                                        struct wbint_Principal **members)
 251 {
 252         struct wb_groups_members_state *state = tevent_req_data(
 253                 req, struct wb_groups_members_state);
 254         NTSTATUS status;
 255
 256         if (tevent_req_is_nterror(req, &status)) {
 257                 return status;
 258         }
 259         *num_members = talloc_array_length(state->all_members);
 260         *members = talloc_move(mem_ctx, &state->all_members);
 261         return NT_STATUS_OK;
 262 }
 263
 264
 265 /*
 266  * This is the routine expanding a list of groups up to a certain level. We
 267  * collect the users in a talloc_dict: We have to add them without duplicates,
 268  * and and talloc_dict is an indexed (here indexed by SID) data structure.
 269  */
 270
 271 struct wb_group_members_state {
 272         struct tevent_context *ev;
 273         int depth;
 274         struct talloc_dict *users;
 275         struct wbint_Principal *groups;
 276 };
 277
 278 static NTSTATUS wb_group_members_next_subreq(
 279         struct wb_group_members_state *state,
 280         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
 281 static void wb_group_members_done(struct tevent_req *subreq);
 282
 283 struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
 284                                          struct tevent_context *ev,
 285                                          const struct dom_sid *sid,
 286                                          enum lsa_SidType type,
 287                                          int max_depth)
 288 {
 289         struct tevent_req *req, *subreq;
 290         struct wb_group_members_state *state;
 291         NTSTATUS status;
 292
 293         req = tevent_req_create(mem_ctx, &state,
 294                                 struct wb_group_members_state);
 295         if (req == NULL) {
 296                 return NULL;
 297         }
 298         state->ev = ev;
 299         state->depth = max_depth;
 300         state->users = talloc_dict_init(state);
 301         if (tevent_req_nomem(state->users, req)) {
 302                 return tevent_req_post(req, ev);
 303         }
 304
 305         state->groups = talloc(state, struct wbint_Principal);
 306         if (tevent_req_nomem(state->groups, req)) {
 307                 return tevent_req_post(req, ev);
 308         }
 309         state->groups->name = NULL;
 310         sid_copy(&state->groups->sid, sid);
 311         state->groups->type = type;
 312
 313         status = wb_group_members_next_subreq(state, state, &subreq);
 314         if (!NT_STATUS_IS_OK(status)) {
 315                 tevent_req_nterror(req, status);
 316                 return tevent_req_post(req, ev);
 317         }
 318         if (subreq == NULL) {
 319                 tevent_req_done(req);
 320                 return tevent_req_post(req, ev);
 321         }
 322         tevent_req_set_callback(subreq, wb_group_members_done, req);
 323         return req;
 324 }
 325
 326 static NTSTATUS wb_group_members_next_subreq(
 327         struct wb_group_members_state *state,
 328         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
 329 {
 330         struct tevent_req *subreq;
 331
 332         if ((talloc_array_length(state->groups) == 0)
 333             || (state->depth <= 0)) {
 334                 *psubreq = NULL;
 335                 return NT_STATUS_OK;
 336         }
 337         state->depth -= 1;
 338
 339         subreq = wb_groups_members_send(
 340                 mem_ctx, state->ev, talloc_array_length(state->groups),
 341                 state->groups);
 342         if (subreq == NULL) {
 343                 return NT_STATUS_NO_MEMORY;
 344         }
 345         *psubreq = subreq;
 346         return NT_STATUS_OK;
 347 }
 348
 349 static void wb_group_members_done(struct tevent_req *subreq)
 350 {
 351         struct tevent_req *req = tevent_req_callback_data(
 352                 subreq, struct tevent_req);
 353         struct wb_group_members_state *state = tevent_req_data(
 354                 req, struct wb_group_members_state);
 355         int i, num_groups, new_users, new_groups;
 356         int num_members = 0;
 357         struct wbint_Principal *members = NULL;
 358         NTSTATUS status;
 359
 360         status = wb_groups_members_recv(subreq, state, &num_members, &members);
 361         TALLOC_FREE(subreq);
 362         if (!NT_STATUS_IS_OK(status)) {
 363                 tevent_req_nterror(req, status);
 364                 return;
 365         }
 366
 367         new_users = new_groups = 0;
 368         for (i=0; i<num_members; i++) {
 369                 switch (members[i].type) {
 370                 case SID_NAME_DOM_GRP:
 371                 case SID_NAME_ALIAS:
 372                 case SID_NAME_WKN_GRP:
 373                         new_groups += 1;
 374                         break;
 375                 default:
 376                         /* Ignore everything else */
 377                         break;
 378                 }
 379         }
 380
 381         num_groups = 0;
 382         TALLOC_FREE(state->groups);
 383         state->groups = talloc_array(state, struct wbint_Principal,
 384                                      new_groups);
 385
 386         /*
 387          * Collect the users into state->users and the groups into
 388          * state->groups for the next iteration.
 389          */
 390
 391         for (i=0; i<num_members; i++) {
 392                 switch (members[i].type) {
 393                 case SID_NAME_USER:
 394                 case SID_NAME_COMPUTER: {
 395                         /*
 396                          * Add a copy of members[i] to state->users
 397                          */
 398                         struct wbint_Principal *m;
 399                         struct dom_sid *sid;
 400                         DATA_BLOB key;
 401
 402                         m = talloc(talloc_tos(), struct wbint_Principal);
 403                         if (tevent_req_nomem(m, req)) {
 404                                 return;
 405                         }
 406                         sid_copy(&m->sid, &members[i].sid);
 407                         m->name = talloc_move(m, &members[i].name);
 408                         m->type = members[i].type;
 409
 410                         sid = &members[i].sid;
 411                         key = data_blob_const(
 412                                 sid, ndr_size_dom_sid(sid, NULL, 0));
 413
 414                         if (!talloc_dict_set(state->users, key, &m)) {
 415                                 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
 416                                 return;
 417                         }
 418                         break;
 419                 }
 420                 case SID_NAME_DOM_GRP:
 421                 case SID_NAME_ALIAS:
 422                 case SID_NAME_WKN_GRP: {
 423                         struct wbint_Principal *g;
 424                         /*
 425                          * Save members[i] for the next round
 426                          */
 427                         g = &state->groups[num_groups];
 428                         sid_copy(&g->sid, &members[i].sid);
 429                         g->name = talloc_move(state->groups, &members[i].name);
 430                         g->type = members[i].type;
 431                         num_groups += 1;
 432                         break;
 433                 }
 434                 default:
 435                         /* Ignore everything else */
 436                         break;
 437                 }
 438         }
 439
 440         status = wb_group_members_next_subreq(state, state, &subreq);
 441         if (!NT_STATUS_IS_OK(status)) {
 442                 tevent_req_nterror(req, status);
 443                 return;
 444         }
 445         if (subreq == NULL) {
 446                 tevent_req_done(req);
 447                 return;
 448         }
 449         tevent_req_set_callback(subreq, wb_group_members_done, req);
 450 }
 451
 452 NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 453                                struct talloc_dict **members)
 454 {
 455         struct wb_group_members_state *state = tevent_req_data(
 456                 req, struct wb_group_members_state);
 457         NTSTATUS status;
 458
 459         if (tevent_req_is_nterror(req, &status)) {
 460                 return status;
 461         }
 462         *members = talloc_move(mem_ctx, &state->users);
 463         return NT_STATUS_OK;
 464 }