summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_group.c
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-08-27 23:33:45 +0200
committerVolker Lendecke <vl@samba.org>2009-08-29 19:42:27 +0200
commite47491e83c27c5cd8dbc10e69b57f54ff570f703 (patch)
tree71b12dbde4d59a2b90d069f58b222a16a564f471 /source3/winbindd/winbindd_group.c
parente71714830e23032bef9e5f644ca9531e8bc168b6 (diff)
downloadsamba-e47491e83c27c5cd8dbc10e69b57f54ff570f703.tar.gz
samba-e47491e83c27c5cd8dbc10e69b57f54ff570f703.tar.bz2
samba-e47491e83c27c5cd8dbc10e69b57f54ff570f703.zip
s3:winbind: Convert the getgrent functions to the new API
Diffstat (limited to 'source3/winbindd/winbindd_group.c')
-rw-r--r--source3/winbindd/winbindd_group.c1031
1 files changed, 0 insertions, 1031 deletions
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 21ab3f7ef9..8a76071265 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -28,158 +28,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-static void add_member(const char *domain, const char *user,
- char **pp_members, size_t *p_num_members)
-{
- fstring name;
-
- if (domain != NULL) {
- fill_domain_username(name, domain, user, True);
- } else {
- fstrcpy(name, user);
- }
- safe_strcat(name, ",", sizeof(name)-1);
- string_append(pp_members, name);
- *p_num_members += 1;
-}
-
-/**********************************************************************
- Add member users resulting from sid. Expand if it is a domain group.
-**********************************************************************/
-
-static void add_expanded_sid(const DOM_SID *sid,
- char **pp_members,
- size_t *p_num_members)
-{
- DOM_SID dom_sid;
- uint32 rid;
- struct winbindd_domain *domain;
- size_t i;
-
- char *domain_name = NULL;
- char *name = NULL;
- enum lsa_SidType type;
-
- uint32 num_names;
- DOM_SID *sid_mem;
- char **names;
- uint32 *types;
-
- NTSTATUS result;
-
- TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid");
-
- if (mem_ctx == NULL) {
- DEBUG(1, ("talloc_init failed\n"));
- return;
- }
-
- sid_copy(&dom_sid, sid);
- sid_split_rid(&dom_sid, &rid);
-
- domain = find_lookup_domain_from_sid(sid);
-
- if (domain == NULL) {
- DEBUG(3, ("Could not find domain for sid %s\n",
- sid_string_dbg(sid)));
- goto done;
- }
-
- result = domain->methods->sid_to_name(domain, mem_ctx, sid,
- &domain_name, &name, &type);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3, ("sid_to_name failed for sid %s\n",
- sid_string_dbg(sid)));
- goto done;
- }
-
- DEBUG(10, ("Found name %s, type %d\n", name, type));
-
- if (type == SID_NAME_USER) {
- add_member(domain_name, name, pp_members, p_num_members);
- goto done;
- }
-
- if (type != SID_NAME_DOM_GRP) {
- DEBUG(10, ("Alias member %s neither user nor group, ignore\n",
- name));
- goto done;
- }
-
- /* Expand the domain group, this must be done via the target domain */
-
- domain = find_domain_from_sid(sid);
-
- if (domain == NULL) {
- DEBUG(3, ("Could not find domain from SID %s\n",
- sid_string_dbg(sid)));
- goto done;
- }
-
- result = domain->methods->lookup_groupmem(domain, mem_ctx,
- sid, SID_NAME_DOM_GRP,
- &num_names,
- &sid_mem, &names,
- &types);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10, ("Could not lookup group members for %s: %s\n",
- name, nt_errstr(result)));
- goto done;
- }
-
- for (i=0; i<num_names; i++) {
- DEBUG(10, ("Adding group member SID %s\n",
- sid_string_dbg(&sid_mem[i])));
-
- if (types[i] != SID_NAME_USER) {
- DEBUG(1, ("Hmmm. Member %s of group %s is no user. "
- "Ignoring.\n", names[i], name));
- continue;
- }
-
- add_member(NULL, names[i], pp_members, p_num_members);
- }
-
- done:
- talloc_destroy(mem_ctx);
- return;
-}
-
-static bool fill_passdb_alias_grmem(struct winbindd_domain *domain,
- DOM_SID *group_sid, size_t *num_gr_mem,
- char **gr_mem, size_t *gr_mem_len)
-{
- DOM_SID *members;
- size_t i, num_members;
-
- *num_gr_mem = 0;
- *gr_mem = NULL;
- *gr_mem_len = 0;
-
- if (!NT_STATUS_IS_OK(pdb_enum_aliasmem(group_sid, talloc_tos(),
- &members, &num_members)))
- return True;
-
- for (i=0; i<num_members; i++) {
- add_expanded_sid(&members[i], gr_mem, num_gr_mem);
- }
-
- TALLOC_FREE(members);
-
- if (*gr_mem != NULL) {
- size_t len;
-
- /* We have at least one member, strip off the last "," */
- len = strlen(*gr_mem);
- (*gr_mem)[len-1] = '\0';
- *gr_mem_len = len;
- }
-
- return True;
-}
-
/* Fill a grent structure from various other information */
bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
@@ -218,627 +66,6 @@ bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
return True;
}
-/***********************************************************************
- If "enum users" is set to false, and the group being looked
- up is the Domain Users SID: S-1-5-domain-513, then for the
- list of members check if the querying user is in that group,
- and if so only return that user as the gr_mem array.
- We can change this to a different parameter than "enum users"
- if neccessaey, or parameterize the group list we do this for.
-***********************************************************************/
-
-static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
- struct winbindd_cli_state *state,
- DOM_SID *group_sid,
- enum lsa_SidType group_name_type,
- size_t *num_gr_mem, char **gr_mem,
- size_t *gr_mem_len)
-{
- DOM_SID querying_user_sid;
- DOM_SID *pquerying_user_sid = NULL;
- uint32 num_groups = 0;
- DOM_SID *user_sids = NULL;
- bool u_in_group = False;
- NTSTATUS status;
- int i;
- unsigned int buf_len = 0;
- char *buf = NULL;
-
- DEBUG(10,("fill_grent_mem_domain_users: domain %s\n",
- domain->name ));
-
- if (state) {
- uid_t ret_uid = (uid_t)-1;
- if (sys_getpeereid(state->sock, &ret_uid)==0) {
- /* We know who's asking - look up their SID if
- it's one we've mapped before. */
- status = idmap_uid_to_sid(domain->name,
- &querying_user_sid, ret_uid);
- if (NT_STATUS_IS_OK(status)) {
- pquerying_user_sid = &querying_user_sid;
- DEBUG(10,("fill_grent_mem_domain_users: "
- "querying uid %u -> %s\n",
- (unsigned int)ret_uid,
- sid_string_dbg(pquerying_user_sid)));
- }
- }
- }
-
- /* Only look up if it was a winbindd user in this domain. */
- if (pquerying_user_sid &&
- (sid_compare_domain(pquerying_user_sid, &domain->sid) == 0)) {
-
- DEBUG(10,("fill_grent_mem_domain_users: querying user = %s\n",
- sid_string_dbg(pquerying_user_sid) ));
-
- status = domain->methods->lookup_usergroups(domain,
- mem_ctx,
- pquerying_user_sid,
- &num_groups,
- &user_sids);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("fill_grent_mem_domain_users: "
- "lookup_usergroups failed "
- "for sid %s in domain %s (error: %s)\n",
- sid_string_dbg(pquerying_user_sid),
- domain->name,
- nt_errstr(status)));
- return False;
- }
-
- for (i = 0; i < num_groups; i++) {
- if (sid_equal(group_sid, &user_sids[i])) {
- /* User is in Domain Users, add their name
- as the only group member. */
- u_in_group = True;
- break;
- }
- }
- }
-
- if (u_in_group) {
- size_t len = 0;
- char *domainname = NULL;
- char *username = NULL;
- fstring name;
- char *mapped_name = NULL;
- enum lsa_SidType type;
- struct winbindd_domain *target_domain = NULL;
- NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(10,("fill_grent_mem_domain_users: "
- "sid %s in 'Domain Users' in domain %s\n",
- sid_string_dbg(pquerying_user_sid),
- domain->name ));
-
- status = domain->methods->sid_to_name(domain, mem_ctx,
- pquerying_user_sid,
- &domainname,
- &username,
- &type);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("could not lookup username for user "
- "sid %s in domain %s (error: %s)\n",
- sid_string_dbg(pquerying_user_sid),
- domain->name,
- nt_errstr(status)));
- return False;
- }
-
- target_domain = find_domain_from_name_noinit(domainname);
- name_map_status = normalize_name_map(mem_ctx, target_domain,
- username, &mapped_name);
-
- /* Basic whitespace replacement */
- if (NT_STATUS_IS_OK(name_map_status)) {
- fill_domain_username(name, domainname, mapped_name, true);
- }
- /* Mapped to an alias */
- else if (NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) {
- fstrcpy(name, mapped_name);
- }
- /* no mapping done...use original name */
- else {
- fill_domain_username(name, domainname, username, true);
- }
-
- len = strlen(name);
- buf_len = len + 1;
- if (!(buf = (char *)SMB_MALLOC(buf_len))) {
- DEBUG(1, ("out of memory\n"));
- return False;
- }
- memcpy(buf, name, buf_len);
-
- DEBUG(10,("fill_grent_mem_domain_users: user %s in "
- "'Domain Users' in domain %s\n",
- name, domain->name ));
-
- /* user is the only member */
- *num_gr_mem = 1;
- }
-
- *gr_mem = buf;
- *gr_mem_len = buf_len;
-
- DEBUG(10, ("fill_grent_mem_domain_users: "
- "num_mem = %u, len = %u, mem = %s\n",
- (unsigned int)*num_gr_mem,
- (unsigned int)buf_len, *num_gr_mem ? buf : "NULL"));
-
- return True;
-}
-
-/***********************************************************************
- Add names to a list. Assumes a canonical version of the string
- in DOMAIN\user
-***********************************************************************/
-
-static int namecmp( const void *a, const void *b )
-{
- return StrCaseCmp( * (char * const *) a, * (char * const *) b);
-}
-
-static void sort_unique_list(char ***list, uint32 *n_list)
-{
- uint32_t i;
-
- /* search for duplicates for sorting and looking for matching
- neighbors */
-
- qsort(*list, *n_list, sizeof(char*), QSORT_CAST namecmp);
-
- for (i=1; i < *n_list; i++) {
- if (strcmp((*list)[i-1], (*list)[i]) == 0) {
- memmove(&((*list)[i-1]), &((*list)[i]),
- sizeof(char*)*((*n_list)-i));
- (*n_list)--;
- }
- }
-}
-
-static NTSTATUS add_names_to_list( TALLOC_CTX *ctx,
- char ***list, uint32 *n_list,
- char **names, uint32 n_names )
-{
- char **new_list = NULL;
- uint32 n_new_list = 0;
- int i, j;
-
- if ( !names || (n_names == 0) )
- return NT_STATUS_OK;
-
- /* Alloc the maximum size we'll need */
-
- if ( *list == NULL ) {
- if ((new_list = TALLOC_ARRAY(ctx, char *, n_names)) == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- n_new_list = n_names;
- } else {
- new_list = TALLOC_REALLOC_ARRAY( ctx, *list, char *,
- (*n_list) + n_names );
- if ( !new_list )
- return NT_STATUS_NO_MEMORY;
- n_new_list = (*n_list) + n_names;
- }
-
- /* Add all names */
-
- for ( i=*n_list, j=0; i<n_new_list; i++, j++ ) {
- new_list[i] = talloc_strdup( new_list, names[j] );
- }
-
- *list = new_list;
- *n_list = n_new_list;
-
- return NT_STATUS_OK;
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static NTSTATUS expand_groups( TALLOC_CTX *ctx,
- struct winbindd_domain *d,
- DOM_SID *glist, uint32 n_glist,
- DOM_SID **new_glist, uint32 *n_new_glist,
- char ***members, uint32 *n_members )
-{
- int i, j;
- NTSTATUS status = NT_STATUS_OK;
- uint32 num_names = 0;
- uint32 *name_types = NULL;
- char **names = NULL;
- DOM_SID *sid_mem = NULL;
- TALLOC_CTX *tmp_ctx = NULL;
- DOM_SID *new_groups = NULL;
- size_t new_groups_size = 0;
-
- *members = NULL;
- *n_members = 0;
- *new_glist = NULL;
- *n_new_glist = 0;
-
- DEBUG(10,("expand_groups:\n"));
-
- for ( i=0; i<n_glist; i++ ) {
-
- NTSTATUS lookup_status;
-
- tmp_ctx = talloc_new( ctx );
-
- /* Lookup the group membership */
-
- lookup_status = d->methods->lookup_groupmem(d, tmp_ctx,
- &glist[i],
- SID_NAME_DOM_GRP,
- &num_names,
- &sid_mem, &names,
- &name_types);
- if (!NT_STATUS_IS_OK(lookup_status)) {
- DEBUG(10,("expand_groups: lookup_groupmem for "
- "sid %s failed with: %s\n",
- sid_string_dbg(&glist[i]),
- nt_errstr(lookup_status)));
-
- /* we might have hit a logic error when called for an
- * alias, in that case just continue with group
- * expansion - Guenther */
-
- if (NT_STATUS_EQUAL(lookup_status, NT_STATUS_NO_SUCH_GROUP)) {
- continue;
- }
- status = lookup_status;
- goto out;
- }
-
- /* Separate users and groups into two lists */
-
- for ( j=0; j<num_names; j++ ) {
-
- /* Users */
- if ( name_types[j] == SID_NAME_USER ||
- name_types[j] == SID_NAME_COMPUTER )
- {
- status = add_names_to_list( ctx, members,
- n_members,
- names+j, 1 );
- if ( !NT_STATUS_IS_OK(status) )
- goto out;
-
- continue;
- }
-
- /* Groups */
- if ( name_types[j] == SID_NAME_DOM_GRP ||
- name_types[j] == SID_NAME_ALIAS )
- {
- status = add_sid_to_array_unique(ctx,
- &sid_mem[j],
- &new_groups,
- &new_groups_size);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
-
- continue;
- }
- }
-
- TALLOC_FREE( tmp_ctx );
- }
-
- *new_glist = new_groups;
- *n_new_glist = (uint32)new_groups_size;
-
- out:
- TALLOC_FREE( tmp_ctx );
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("expand_groups: returning with %s\n",
- nt_errstr(status)));
- }
-
- return status;
-}
-
-/***********************************************************************
- Fill in the group membership field of a NT group given by group_sid
-***********************************************************************/
-
-static bool fill_grent_mem(struct winbindd_domain *domain,
- struct winbindd_cli_state *state,
- DOM_SID *group_sid,
- enum lsa_SidType group_name_type,
- size_t *num_gr_mem, char **gr_mem,
- size_t *gr_mem_len)
-{
- uint32 num_names = 0;
- unsigned int buf_len = 0, buf_ndx = 0, i;
- char **names = NULL, *buf = NULL;
- bool result = False;
- TALLOC_CTX *mem_ctx;
- uint32 group_rid;
- DOM_SID *glist = NULL;
- DOM_SID *new_glist = NULL;
- uint32 n_glist, n_new_glist;
- int max_depth = lp_winbind_expand_groups();
-
- if (!(mem_ctx = talloc_init("fill_grent_mem(%s)", domain->name)))
- return False;
-
- DEBUG(10, ("group SID %s\n", sid_string_dbg(group_sid)));
-
- /* Initialize with no members */
-
- *num_gr_mem = 0;
-
- /* HACK ALERT!! This whole routine does not cope with group members
- * from more than one domain, ie aliases. Thus we have to work it out
- * ourselves in a special routine. */
-
- if (domain->internal) {
- result = fill_passdb_alias_grmem(domain, group_sid,
- num_gr_mem,
- gr_mem, gr_mem_len);
- goto done;
- }
-
- /* Verify name type */
-
- if ( !((group_name_type==SID_NAME_DOM_GRP) ||
- ((group_name_type==SID_NAME_ALIAS) && domain->primary)) )
- {
- DEBUG(1, ("SID %s in domain %s isn't a domain group (%d)\n",
- sid_string_dbg(group_sid),
- domain->name, group_name_type));
- goto done;
- }
-
- /* OPTIMIZATION / HACK. See comment in
- fill_grent_mem_domusers() */
-
- sid_peek_rid( group_sid, &group_rid );
- if (!lp_winbind_enum_users() && group_rid == DOMAIN_GROUP_RID_USERS) {
- result = fill_grent_mem_domusers( mem_ctx, domain, state,
- group_sid, group_name_type,
- num_gr_mem, gr_mem,
- gr_mem_len );
- goto done;
- }
-
- /* Real work goes here. Create a list of group names to
- expand starting with the initial one. Pass that to
- expand_groups() which returns a list of more group names
- to expand. Do this up to the max search depth. */
-
- if ( (glist = TALLOC_ARRAY(mem_ctx, DOM_SID, 1 )) == NULL ) {
- result = False;
- DEBUG(0,("fill_grent_mem: talloc failure!\n"));
- goto done;
- }
- sid_copy( &glist[0], group_sid );
- n_glist = 1;
-
- for ( i=0; i<max_depth && glist; i++ ) {
- uint32 n_members = 0;
- char **members = NULL;
- NTSTATUS nt_status;
- int j;
-
- nt_status = expand_groups( mem_ctx, domain,
- glist, n_glist,
- &new_glist, &n_new_glist,
- &members, &n_members);
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- result = False;
- goto done;
- }
-
- /* Add new group members to list. Pass through the
- alias mapping function */
-
- for (j=0; j<n_members; j++) {
- fstring name_domain, name_acct;
- fstring qualified_name;
- char *mapped_name = NULL;
- NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
- struct winbindd_domain *target_domain = NULL;
-
- if (parse_domain_user(members[j], name_domain, name_acct)) {
- target_domain = find_domain_from_name_noinit(name_domain);
- /* NOW WHAT ? */
- }
- if (!target_domain) {
- target_domain = domain;
- }
-
- name_map_status = normalize_name_map(members, target_domain,
- name_acct, &mapped_name);
-
- /* Basic whitespace replacement */
- if (NT_STATUS_IS_OK(name_map_status)) {
- fill_domain_username(qualified_name, name_domain,
- mapped_name, true);
- mapped_name = qualified_name;
- }
- /* no mapping at all */
- else if (!NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) {
- mapped_name = members[j];
- }
-
- nt_status = add_names_to_list( mem_ctx, &names,
- &num_names,
- &mapped_name, 1);
- if ( !NT_STATUS_IS_OK(nt_status) ) {
- result = False;
- goto done;
- }
- }
-
- TALLOC_FREE( members );
-
- /* If we have no more groups to expand, break out
- early */
-
- if (new_glist == NULL)
- break;
-
- /* One more round */
- TALLOC_FREE(glist);
- glist = new_glist;
- n_glist = n_new_glist;
- }
- TALLOC_FREE( glist );
-
- sort_unique_list(&names, &num_names);
-
- DEBUG(10, ("looked up %d names\n", num_names));
-
- again:
- /* Add members to list */
-
- for (i = 0; i < num_names; i++) {
- int len;
-
- DEBUG(10, ("processing name %s\n", names[i]));
-
- len = strlen(names[i]);
-
- /* Add to list or calculate buffer length */
-
- if (!buf) {
- buf_len += len + 1; /* List is comma separated */
- (*num_gr_mem)++;
- DEBUG(10, ("buf_len + %d = %d\n", len + 1, buf_len));
- } else {
- DEBUG(10, ("appending %s at ndx %d\n",
- names[i], buf_ndx));
- parse_add_domuser(&buf[buf_ndx], names[i], &len);
- buf_ndx += len;
- buf[buf_ndx] = ',';
- buf_ndx++;
- }
- }
-
- /* Allocate buffer */
-
- if (!buf && buf_len != 0) {
- if (!(buf = (char *)SMB_MALLOC(buf_len))) {
- DEBUG(1, ("out of memory\n"));
- result = False;
- goto done;
- }
- memset(buf, 0, buf_len);
- goto again;
- }
-
- /* Now we're done */
-
- if (buf && buf_ndx > 0) {
- buf[buf_ndx - 1] = '\0';
- }
-
- *gr_mem = buf;
- *gr_mem_len = buf_len;
-
- DEBUG(10, ("num_mem = %u, len = %u, mem = %s\n",
- (unsigned int)*num_gr_mem,
- (unsigned int)buf_len, *num_gr_mem ? buf : "NULL"));
- result = True;
-
-done:
-
- talloc_destroy(mem_ctx);
-
- DEBUG(10,("fill_grent_mem returning %s\n",
- result == true ? "true" : "false"));
-
- return result;
-}
-
-/*
- * set/get/endgrent functions
- */
-
-/* "Rewind" file pointer for group database enumeration */
-
-static bool winbindd_setgrent_internal(struct winbindd_cli_state *state)
-{
- struct winbindd_domain *domain;
-
- DEBUG(3, ("[%5lu]: setgrent\n", (unsigned long)state->pid));
-
- /* Check user has enabled this */
-
- if (!lp_winbind_enum_groups()) {
- return False;
- }
-
- /* Free old static data if it exists */
-
- if (state->getgrent_state != NULL) {
- free_getent_state(state->getgrent_state);
- state->getgrent_state = NULL;
- }
-
- /* Create sam pipes for each domain we know about */
-
- for (domain = domain_list(); domain != NULL; domain = domain->next) {
- struct getent_state *domain_state;
-
- /* Create a state record for this domain */
-
- /* don't add our domaina if we are a PDC or if we
- are a member of a Samba domain */
-
- if ( lp_winbind_trusted_domains_only() && domain->primary )
- {
- continue;
- }
-
- domain_state = SMB_MALLOC_P(struct getent_state);
- if (!domain_state) {
- DEBUG(1, ("winbindd_setgrent: "
- "malloc failed for domain_state!\n"));
- return False;
- }
-
- ZERO_STRUCTP(domain_state);
-
- fstrcpy(domain_state->domain_name, domain->name);
-
- /* Add to list of open domains */
-
- DLIST_ADD(state->getgrent_state, domain_state);
- }
-
- state->getgrent_initialized = True;
- return True;
-}
-
-void winbindd_setgrent(struct winbindd_cli_state *state)
-{
- if (winbindd_setgrent_internal(state)) {
- request_ok(state);
- } else {
- request_error(state);
- }
-}
-
-/* Close file pointer to ntdom group database */
-
-void winbindd_endgrent(struct winbindd_cli_state *state)
-{
- DEBUG(3, ("[%5lu]: endgrent\n", (unsigned long)state->pid));
-
- free_getent_state(state->getgrent_state);
- state->getgrent_initialized = False;
- state->getgrent_state = NULL;
- request_ok(state);
-}
-
/* Get the list of domain groups and domain aliases for a domain. We fill in
the sam_entries and num_sam_entries fields with domain group information.
Return True if some groups were returned, False otherwise. */
@@ -974,264 +201,6 @@ bool get_sam_group_entries(struct getent_state *ent)
return result;
}
-/* Fetch next group entry from ntdom database */
-
-#define MAX_GETGRENT_GROUPS 500
-
-void winbindd_getgrent(struct winbindd_cli_state *state)
-{
- struct getent_state *ent;
- struct winbindd_gr *group_list = NULL;
- int num_groups, group_list_ndx, gr_mem_list_len = 0;
- char *gr_mem_list = NULL;
-
- DEBUG(3, ("[%5lu]: getgrent\n", (unsigned long)state->pid));
-
- /* Check user has enabled this */
-
- if (!lp_winbind_enum_groups()) {
- request_error(state);
- return;
- }
-
- num_groups = MIN(MAX_GETGRENT_GROUPS, state->request->data.num_entries);
-
- if (num_groups == 0) {
- request_error(state);
- return;
- }
-
- group_list = talloc_zero_array(state->mem_ctx, struct winbindd_gr,
- num_groups);
- if (!group_list) {
- request_error(state);
- return;
- }
- state->response->extra_data.data = group_list;
-
- state->response->data.num_entries = 0;
-
- if (!state->getgrent_initialized)
- winbindd_setgrent_internal(state);
-
- if (!(ent = state->getgrent_state)) {
- request_error(state);
- return;
- }
-
- /* Start sending back groups */
-
- for (group_list_ndx = 0; group_list_ndx < num_groups; ) {
- struct acct_info *name_list = NULL;
- fstring domain_group_name;
- uint32 result;
- gid_t group_gid;
- size_t gr_mem_len;
- char *gr_mem;
- DOM_SID group_sid;
- struct winbindd_domain *domain;
-
- /* Do we need to fetch another chunk of groups? */
-
- tryagain:
-
- DEBUG(10, ("entry_index = %d, num_entries = %d\n",
- ent->sam_entry_index, ent->num_sam_entries));
-
- if (ent->num_sam_entries == ent->sam_entry_index) {
-
- while(ent && !get_sam_group_entries(ent)) {
- struct getent_state *next_ent;
-
- DEBUG(10, ("freeing state info for domain %s\n",
- ent->domain_name));
-
- /* Free state information for this domain */
-
- SAFE_FREE(ent->sam_entries);
-
- next_ent = ent->next;
- DLIST_REMOVE(state->getgrent_state, ent);
-
- SAFE_FREE(ent);
- ent = next_ent;
- }
-
- /* No more domains */
-
- if (!ent)
- break;
- }
-
- name_list = (struct acct_info *)ent->sam_entries;
-
- if (!(domain = find_domain_from_name(ent->domain_name))) {
- DEBUG(3, ("No such domain %s in winbindd_getgrent\n",
- ent->domain_name));
- result = False;
- goto done;
- }
-
- /* Lookup group info */
-
- sid_copy(&group_sid, &domain->sid);
- sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
-
- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(domain->have_idmap_config
- ? domain->name : "",
- &group_sid, &group_gid)))
- {
- union unid_t id;
- enum lsa_SidType type;
-
- DEBUG(10, ("SID %s not in idmap\n",
- sid_string_dbg(&group_sid)));
-
- if (!pdb_sid_to_id(&group_sid, &id, &type)) {
- DEBUG(1,("could not look up gid for group %s\n",
- name_list[ent->sam_entry_index].acct_name));
- ent->sam_entry_index++;
- goto tryagain;
- }
-
- if ((type != SID_NAME_DOM_GRP) &&
- (type != SID_NAME_ALIAS) &&
- (type != SID_NAME_WKN_GRP)) {
- DEBUG(1, ("Group %s is a %s, not a group\n",
- sid_type_lookup(type),
- name_list[ent->sam_entry_index].acct_name));
- ent->sam_entry_index++;
- goto tryagain;
- }
- group_gid = id.gid;
- }
-
- DEBUG(10, ("got gid %lu for group %lu\n",
- (unsigned long)group_gid,
- (unsigned long)name_list[ent->sam_entry_index].rid));
-
- /* Fill in group entry */
-
- fill_domain_username(domain_group_name, ent->domain_name,
- name_list[ent->sam_entry_index].acct_name, True);
-
- result = fill_grent(state->mem_ctx, &group_list[group_list_ndx],
- ent->domain_name,
- name_list[ent->sam_entry_index].acct_name,
- group_gid);
-
- /* Fill in group membership entry */
-
- if (result) {
- size_t num_gr_mem = 0;
- DOM_SID member_sid;
- group_list[group_list_ndx].num_gr_mem = 0;
- gr_mem = NULL;
- gr_mem_len = 0;
-
- /* Get group membership */
- if (state->request->cmd == WINBINDD_GETGRLST) {
- result = True;
- } else {
- sid_copy(&member_sid, &domain->sid);
- sid_append_rid(&member_sid, name_list[ent->sam_entry_index].rid);
- result = fill_grent_mem(
- domain,
- NULL,
- &member_sid,
- SID_NAME_DOM_GRP,
- &num_gr_mem,
- &gr_mem, &gr_mem_len);
-
- group_list[group_list_ndx].num_gr_mem = (uint32)num_gr_mem;
- }
- }
-
- if (result) {
- /* Append to group membership list */
- gr_mem_list = (char *)SMB_REALLOC(
- gr_mem_list, gr_mem_list_len + gr_mem_len);
-
- if (!gr_mem_list &&
- (group_list[group_list_ndx].num_gr_mem != 0)) {
- DEBUG(0, ("out of memory\n"));
- gr_mem_list_len = 0;
- break;
- }
-
- DEBUG(10, ("list_len = %d, mem_len = %u\n",
- gr_mem_list_len, (unsigned int)gr_mem_len));
-
- memcpy(&gr_mem_list[gr_mem_list_len], gr_mem,
- gr_mem_len);
-
- SAFE_FREE(gr_mem);
-
- group_list[group_list_ndx].gr_mem_ofs =
- gr_mem_list_len;
-
- gr_mem_list_len += gr_mem_len;
- }
-
- ent->sam_entry_index++;
-
- /* Add group to return list */
-
- if (result) {
-
- DEBUG(10, ("adding group num_entries = %d\n",
- state->response->data.num_entries));
-
- group_list_ndx++;
- state->response->data.num_entries++;
-
- state->response->length +=
- sizeof(struct winbindd_gr);
-
- } else {
- DEBUG(0, ("could not lookup domain group %s\n",
- domain_group_name));
- }
- }
-
- /* Copy the list of group memberships to the end of the extra data */
-
- if (group_list_ndx == 0)
- goto done;
-
- state->response->extra_data.data = talloc_realloc_size(
- state->mem_ctx, state->response->extra_data.data,
- group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
-
- if (!state->response->extra_data.data) {
- DEBUG(0, ("out of memory\n"));
- group_list_ndx = 0;
- SAFE_FREE(gr_mem_list);
- request_error(state);
- return;
- }
-
- memcpy(&((char *)state->response->extra_data.data)
- [group_list_ndx * sizeof(struct winbindd_gr)],
- gr_mem_list, gr_mem_list_len);
-
- state->response->length += gr_mem_list_len;
-
- DEBUG(10, ("returning %d groups, length = %d\n",
- group_list_ndx, gr_mem_list_len));
-
- /* Out of domains */
-
- done:
-
- SAFE_FREE(gr_mem_list);
-
- if (group_list_ndx > 0)
- request_ok(state);
- else
- request_error(state);
-}
-
/* List domain groups without mapping to unix ids */
void winbindd_list_groups(struct winbindd_cli_state *state)
{
generated by cgit (git 2.34.1) at 2024-06-02 16:41:25 +0000