f37641bd0d8e6edc22c2c3b2538b14528e407507
[ira/wip.git] / source3 / winbindd / wb_group_members.c
1 /*
2    Unix SMB/CIFS implementation.
3    async lookupgroupmembers
4    Copyright (C) Volker Lendecke 2009
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "librpc/gen_ndr/cli_wbint.h"
23
24 /*
25  * We have 3 sets of routines here:
26  *
27  * wb_lookupgroupmem is the low-level one-group routine
28  *
29  * wb_groups_members walks a list of groups
30  *
31  * wb_group_members finally is the high-level routine expanding groups
32  * recursively
33  */
34
35 /*
36  * Look up members of a single group. Essentially a wrapper around the
37  * lookup_groupmem winbindd_methods routine.
38  */
39
40 struct wb_lookupgroupmem_state {
41         struct dom_sid sid;
42         struct wbint_GroupMembers members;
43 };
44
45 static void wb_lookupgroupmem_done(struct tevent_req *subreq);
46
47 static struct tevent_req *wb_lookupgroupmem_send(TALLOC_CTX *mem_ctx,
48                                                  struct tevent_context *ev,
49                                                  const struct dom_sid *group_sid,
50                                                  enum lsa_SidType type)
51 {
52         struct tevent_req *req, *subreq;
53         struct wb_lookupgroupmem_state *state;
54         struct winbindd_domain *domain;
55
56         req = tevent_req_create(mem_ctx, &state,
57                                 struct wb_lookupgroupmem_state);
58         if (req == NULL) {
59                 return NULL;
60         }
61         sid_copy(&state->sid, group_sid);
62
63         domain = find_domain_from_sid_noinit(group_sid);
64         if (domain == NULL) {
65                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_GROUP);
66                 return tevent_req_post(req, ev);
67         }
68
69         subreq = rpccli_wbint_LookupGroupMembers_send(
70                 state, ev, domain->child.rpccli, &state->sid, type,
71                 &state->members);
72         if (tevent_req_nomem(subreq, req)) {
73                 return tevent_req_post(req, ev);
74         }
75         tevent_req_set_callback(subreq, wb_lookupgroupmem_done, req);
76         return req;
77 }
78
79 static void wb_lookupgroupmem_done(struct tevent_req *subreq)
80 {
81         struct tevent_req *req = tevent_req_callback_data(
82                 subreq, struct tevent_req);
83         struct wb_lookupgroupmem_state *state = tevent_req_data(
84                 req, struct wb_lookupgroupmem_state);
85         NTSTATUS status, result;
86
87         status = rpccli_wbint_LookupGroupMembers_recv(subreq, state, &result);
88         TALLOC_FREE(subreq);
89         if (!NT_STATUS_IS_OK(status)) {
90                 tevent_req_nterror(req, status);
91                 return;
92         }
93         if (!NT_STATUS_IS_OK(result)) {
94                 tevent_req_nterror(req, result);
95                 return;
96         }
97         tevent_req_done(req);
98 }
99
100 static NTSTATUS wb_lookupgroupmem_recv(struct tevent_req *req,
101                                            TALLOC_CTX *mem_ctx,
102                                            int *num_members,
103                                            struct wbint_GroupMember **members)
104 {
105         struct wb_lookupgroupmem_state *state = tevent_req_data(
106                 req, struct wb_lookupgroupmem_state);
107         NTSTATUS status;
108
109         if (tevent_req_is_nterror(req, &status)) {
110                 return status;
111         }
112
113         *num_members = state->members.num_members;
114         *members = talloc_move(mem_ctx, &state->members.members);
115         return NT_STATUS_OK;
116 }
117
118 /*
119  * Same as wb_lookupgroupmem for a list of groups
120  */
121
122 struct wb_groups_members_state {
123         struct tevent_context *ev;
124         struct wbint_GroupMember *groups;
125         int num_groups;
126         int next_group;
127         struct wbint_GroupMember *all_members;
128 };
129
130 static NTSTATUS wb_groups_members_next_subreq(
131         struct wb_groups_members_state *state,
132         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
133 static void wb_groups_members_done(struct tevent_req *subreq);
134
135 static struct tevent_req *wb_groups_members_send(TALLOC_CTX *mem_ctx,
136                                                  struct tevent_context *ev,
137                                                  int num_groups,
138                                                  struct wbint_GroupMember *groups)
139 {
140         struct tevent_req *req, *subreq;
141         struct wb_groups_members_state *state;
142         NTSTATUS status;
143
144         req = tevent_req_create(mem_ctx, &state,
145                                 struct wb_groups_members_state);
146         if (req == NULL) {
147                 return NULL;
148         }
149         state->ev = ev;
150         state->groups = groups;
151         state->num_groups = num_groups;
152         state->next_group = 0;
153         state->all_members = NULL;
154
155         status = wb_groups_members_next_subreq(state, state, &subreq);
156         if (!NT_STATUS_IS_OK(status)) {
157                 tevent_req_nterror(req, status);
158                 return tevent_req_post(req, ev);
159         }
160         if (subreq == NULL) {
161                 tevent_req_done(req);
162                 return tevent_req_post(req, ev);
163         }
164         tevent_req_set_callback(subreq, wb_groups_members_done, req);
165         return req;
166 }
167
168 static NTSTATUS wb_groups_members_next_subreq(
169         struct wb_groups_members_state *state,
170         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
171 {
172         struct tevent_req *subreq;
173         struct wbint_GroupMember *g;
174
175         if (state->next_group >= state->num_groups) {
176                 *psubreq = NULL;
177                 return NT_STATUS_OK;
178         }
179
180         g = &state->groups[state->next_group];
181         state->next_group += 1;
182
183         subreq = wb_lookupgroupmem_send(mem_ctx, state->ev, &g->sid,
184                                             g->type);
185         if (subreq == NULL) {
186                 return NT_STATUS_NO_MEMORY;
187         }
188         *psubreq = subreq;
189         return NT_STATUS_OK;
190 }
191
192 static void wb_groups_members_done(struct tevent_req *subreq)
193 {
194         struct tevent_req *req = tevent_req_callback_data(
195                 subreq, struct tevent_req);
196         struct wb_groups_members_state *state = tevent_req_data(
197                 req, struct wb_groups_members_state);
198         int i, num_all_members;
199         int num_members = 0;
200         struct wbint_GroupMember *members = NULL;
201         NTSTATUS status;
202
203         status = wb_lookupgroupmem_recv(subreq, state, &num_members,
204                                             &members);
205         TALLOC_FREE(subreq);
206
207         /*
208          * In this error handling here we might have to be a bit more generous
209          * and just continue if an error occured.
210          */
211
212         if (!NT_STATUS_IS_OK(status)) {
213                 tevent_req_nterror(req, status);
214                 return;
215         }
216
217         num_all_members = talloc_array_length(state->all_members);
218
219         state->all_members = talloc_realloc(
220                 state, state->all_members, struct wbint_GroupMember,
221                 num_all_members + num_members);
222         if ((num_all_members + num_members != 0)
223             && tevent_req_nomem(state->all_members, req)) {
224                 return;
225         }
226         for (i=0; i<num_members; i++) {
227                 struct wbint_GroupMember *src, *dst;
228                 src = &members[i];
229                 dst = &state->all_members[num_all_members + i];
230                 sid_copy(&dst->sid, &src->sid);
231                 dst->name = talloc_move(state->all_members, &src->name);
232                 dst->type = src->type;
233         }
234         TALLOC_FREE(members);
235
236         status = wb_groups_members_next_subreq(state, state, &subreq);
237         if (!NT_STATUS_IS_OK(status)) {
238                 tevent_req_nterror(req, status);
239                 return;
240         }
241         if (subreq == NULL) {
242                 tevent_req_done(req);
243                 return;
244         }
245         tevent_req_set_callback(subreq, wb_groups_members_done, req);
246 }
247
248 static NTSTATUS wb_groups_members_recv(struct tevent_req *req,
249                                        TALLOC_CTX *mem_ctx,
250                                        int *num_members,
251                                        struct wbint_GroupMember **members)
252 {
253         struct wb_groups_members_state *state = tevent_req_data(
254                 req, struct wb_groups_members_state);
255         NTSTATUS status;
256
257         if (tevent_req_is_nterror(req, &status)) {
258                 return status;
259         }
260         *num_members = talloc_array_length(state->all_members);
261         *members = talloc_move(mem_ctx, &state->all_members);
262         return NT_STATUS_OK;
263 }
264
265
266 /*
267  * This is the routine expanding a list of groups up to a certain level. We
268  * collect the users in a talloc_dict: We have to add them without duplicates,
269  * and and talloc_dict is an indexed (here indexed by SID) data structure.
270  */
271
272 struct wb_group_members_state {
273         struct tevent_context *ev;
274         int depth;
275         struct talloc_dict *users;
276         struct wbint_GroupMember *groups;
277 };
278
279 static NTSTATUS wb_group_members_next_subreq(
280         struct wb_group_members_state *state,
281         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq);
282 static void wb_group_members_done(struct tevent_req *subreq);
283
284 struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
285                                          struct tevent_context *ev,
286                                          const struct dom_sid *sid,
287                                          enum lsa_SidType type,
288                                          int max_depth)
289 {
290         struct tevent_req *req, *subreq;
291         struct wb_group_members_state *state;
292         NTSTATUS status;
293
294         req = tevent_req_create(mem_ctx, &state,
295                                 struct wb_group_members_state);
296         if (req == NULL) {
297                 return NULL;
298         }
299         state->ev = ev;
300         state->depth = max_depth;
301         state->users = talloc_dict_init(state);
302         if (tevent_req_nomem(state->users, req)) {
303                 return tevent_req_post(req, ev);
304         }
305
306         state->groups = talloc(state, struct wbint_GroupMember);
307         if (tevent_req_nomem(state->groups, req)) {
308                 return tevent_req_post(req, ev);
309         }
310         state->groups->name = NULL;
311         sid_copy(&state->groups->sid, sid);
312         state->groups->type = type;
313
314         status = wb_group_members_next_subreq(state, state, &subreq);
315         if (!NT_STATUS_IS_OK(status)) {
316                 tevent_req_nterror(req, status);
317                 return tevent_req_post(req, ev);
318         }
319         if (subreq == NULL) {
320                 tevent_req_done(req);
321                 return tevent_req_post(req, ev);
322         }
323         tevent_req_set_callback(subreq, wb_group_members_done, req);
324         return req;
325 }
326
327 static NTSTATUS wb_group_members_next_subreq(
328         struct wb_group_members_state *state,
329         TALLOC_CTX *mem_ctx, struct tevent_req **psubreq)
330 {
331         struct tevent_req *subreq;
332
333         if ((talloc_array_length(state->groups) == 0)
334             || (state->depth <= 0)) {
335                 *psubreq = NULL;
336                 return NT_STATUS_OK;
337         }
338         state->depth -= 1;
339
340         subreq = wb_groups_members_send(
341                 mem_ctx, state->ev, talloc_array_length(state->groups),
342                 state->groups);
343         if (subreq == NULL) {
344                 return NT_STATUS_NO_MEMORY;
345         }
346         *psubreq = subreq;
347         return NT_STATUS_OK;
348 }
349
350 static void wb_group_members_done(struct tevent_req *subreq)
351 {
352         struct tevent_req *req = tevent_req_callback_data(
353                 subreq, struct tevent_req);
354         struct wb_group_members_state *state = tevent_req_data(
355                 req, struct wb_group_members_state);
356         int i, num_groups, new_users, new_groups;
357         int num_members = 0;
358         struct wbint_GroupMember *members = NULL;
359         NTSTATUS status;
360
361         status = wb_groups_members_recv(subreq, state, &num_members, &members);
362         TALLOC_FREE(subreq);
363         if (!NT_STATUS_IS_OK(status)) {
364                 tevent_req_nterror(req, status);
365                 return;
366         }
367
368         new_users = new_groups = 0;
369         for (i=0; i<num_members; i++) {
370                 switch (members[i].type) {
371                 case SID_NAME_DOM_GRP:
372                 case SID_NAME_ALIAS:
373                 case SID_NAME_WKN_GRP:
374                         new_groups += 1;
375                         break;
376                 default:
377                         /* Ignore everything else */
378                         break;
379                 }
380         }
381
382         num_groups = 0;
383         TALLOC_FREE(state->groups);
384         state->groups = talloc_array(state, struct wbint_GroupMember,
385                                      new_groups);
386
387         /*
388          * Collect the users into state->users and the groups into
389          * state->groups for the next iteration.
390          */
391
392         for (i=0; i<num_members; i++) {
393                 switch (members[i].type) {
394                 case SID_NAME_USER:
395                 case SID_NAME_COMPUTER: {
396                         /*
397                          * Add a copy of members[i] to state->users
398                          */
399                         struct wbint_GroupMember *m;
400                         struct dom_sid *sid;
401                         DATA_BLOB key;
402
403                         m = talloc(talloc_tos(), struct wbint_GroupMember);
404                         if (tevent_req_nomem(m, req)) {
405                                 return;
406                         }
407                         sid_copy(&m->sid, &members[i].sid);
408                         m->name = talloc_move(m, &members[i].name);
409                         m->type = members[i].type;
410
411                         sid = &members[i].sid;
412                         key = data_blob_const(
413                                 sid, ndr_size_dom_sid(sid, NULL, 0));
414
415                         if (!talloc_dict_set(state->users, key, &m)) {
416                                 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
417                                 return;
418                         }
419                         break;
420                 }
421                 case SID_NAME_DOM_GRP:
422                 case SID_NAME_ALIAS:
423                 case SID_NAME_WKN_GRP: {
424                         struct wbint_GroupMember *g;
425                         /*
426                          * Save members[i] for the next round
427                          */
428                         g = &state->groups[num_groups];
429                         sid_copy(&g->sid, &members[i].sid);
430                         g->name = talloc_move(state->groups, &members[i].name);
431                         g->type = members[i].type;
432                         num_groups += 1;
433                         break;
434                 }
435                 default:
436                         /* Ignore everything else */
437                         break;
438                 }
439         }
440
441         status = wb_group_members_next_subreq(state, state, &subreq);
442         if (!NT_STATUS_IS_OK(status)) {
443                 tevent_req_nterror(req, status);
444                 return;
445         }
446         if (subreq == NULL) {
447                 tevent_req_done(req);
448                 return;
449         }
450         tevent_req_set_callback(subreq, wb_group_members_done, req);
451 }
452
453 NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
454                                struct talloc_dict **members)
455 {
456         struct wb_group_members_state *state = tevent_req_data(
457                 req, struct wb_group_members_state);
458         NTSTATUS status;
459
460         if (tevent_req_is_nterror(req, &status)) {
461                 return status;
462         }
463         *members = talloc_move(mem_ctx, &state->users);
464         return NT_STATUS_OK;
465 }