diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 1 | ||||
| -rw-r--r-- | source3/winbindd/winbindd.c | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_async.c | 165 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_getusersids.c | 120 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_group.c | 84 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 11 |
6 files changed, 130 insertions, 255 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index f1fac93d5b..e53dcb991a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1184,6 +1184,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_show_sequence.o \ winbindd/winbindd_getgrgid.o \ winbindd/winbindd_getgrnam.o \ + winbindd/winbindd_getusersids.o \ auth/token_util.o \ ../nsswitch/libwbclient/wb_reqtrans.o \ smbd/connection.o diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 1a76f87463..5c2ed961ef 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -431,8 +431,6 @@ static struct winbindd_dispatch_table { { WINBINDD_ENDPWENT, winbindd_endpwent, "ENDPWENT" }, { WINBINDD_GETPWENT, winbindd_getpwent, "GETPWENT" }, - { WINBINDD_GETUSERSIDS, winbindd_getusersids, "GETUSERSIDS" }, - /* Group functions */ { WINBINDD_SETGRENT, winbindd_setgrent, "SETGRENT" }, @@ -538,6 +536,8 @@ static struct winbindd_async_dispatch_table async_nonpriv_table[] = { winbindd_getgrgid_send, winbindd_getgrgid_recv }, { WINBINDD_GETGRNAM, "GETGRNAM", winbindd_getgrnam_send, winbindd_getgrnam_recv }, + { WINBINDD_GETUSERSIDS, "GETUSERSIDS", + winbindd_getusersids_send, winbindd_getusersids_recv }, { 0, NULL, NULL, NULL } }; diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c index 58080a8800..d16a1f8288 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/winbindd/winbindd_async.c @@ -824,171 +824,6 @@ void winbindd_getsidaliases_async(struct winbindd_domain *domain, (void *)cont, private_data); } -struct gettoken_state { - TALLOC_CTX *mem_ctx; - DOM_SID user_sid; - struct winbindd_domain *alias_domain; - struct winbindd_domain *local_alias_domain; - struct winbindd_domain *builtin_domain; - DOM_SID *sids; - size_t num_sids; - void (*cont)(void *private_data, bool success, DOM_SID *sids, size_t num_sids); - void *private_data; -}; - -static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, bool success, - struct winbindd_response *response, - void *c, void *private_data); -static void gettoken_recvaliases(void *private_data, bool success, - const DOM_SID *aliases, - size_t num_aliases); - - -void winbindd_gettoken_async(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid, - void (*cont)(void *private_data, bool success, - DOM_SID *sids, size_t num_sids), - void *private_data) -{ - struct winbindd_domain *domain; - struct winbindd_request request; - struct gettoken_state *state; - - state = TALLOC_ZERO_P(mem_ctx, struct gettoken_state); - if (state == NULL) { - DEBUG(0, ("talloc failed\n")); - cont(private_data, False, NULL, 0); - return; - } - - state->mem_ctx = mem_ctx; - sid_copy(&state->user_sid, user_sid); - state->alias_domain = find_our_domain(); - state->local_alias_domain = find_domain_from_name( get_global_sam_name() ); - state->builtin_domain = find_builtin_domain(); - state->cont = cont; - state->private_data = private_data; - - domain = find_domain_from_sid_noinit(user_sid); - if (domain == NULL) { - DEBUG(5, ("Could not find domain from SID %s\n", - sid_string_dbg(user_sid))); - cont(private_data, False, NULL, 0); - return; - } - - ZERO_STRUCT(request); - request.cmd = WINBINDD_GETUSERDOMGROUPS; - sid_to_fstring(request.data.sid, user_sid); - - do_async_domain(mem_ctx, domain, &request, gettoken_recvdomgroups, - NULL, state); -} - -static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, bool success, - struct winbindd_response *response, - void *c, void *private_data) -{ - struct gettoken_state *state = - talloc_get_type_abort(private_data, struct gettoken_state); - char *sids_str; - - if (!success) { - DEBUG(10, ("Could not get domain groups\n")); - state->cont(state->private_data, False, NULL, 0); - return; - } - - sids_str = (char *)response->extra_data.data; - - if (sids_str == NULL) { - /* This could be normal if we are dealing with a - local user and local groups */ - - if ( !sid_check_is_in_our_domain( &state->user_sid ) ) { - DEBUG(10, ("Received no domain groups\n")); - state->cont(state->private_data, True, NULL, 0); - return; - } - } - - state->sids = NULL; - state->num_sids = 0; - - if (!NT_STATUS_IS_OK(add_sid_to_array(mem_ctx, &state->user_sid, - &state->sids, &state->num_sids))) - { - DEBUG(0, ("Out of memory\n")); - state->cont(state->private_data, False, NULL, 0); - return; - } - - if (sids_str && !parse_sidlist(mem_ctx, sids_str, &state->sids, - &state->num_sids)) { - DEBUG(0, ("Could not parse sids\n")); - state->cont(state->private_data, False, NULL, 0); - return; - } - - if (state->alias_domain == NULL) { - DEBUG(10, ("Don't expand domain local groups\n")); - state->cont(state->private_data, True, state->sids, - state->num_sids); - return; - } - - winbindd_getsidaliases_async(state->alias_domain, mem_ctx, - state->sids, state->num_sids, - gettoken_recvaliases, state); -} - -static void gettoken_recvaliases(void *private_data, bool success, - const DOM_SID *aliases, - size_t num_aliases) -{ - struct gettoken_state *state = (struct gettoken_state *)private_data; - size_t i; - - if (!success) { - DEBUG(10, ("Could not receive domain local groups\n")); - state->cont(state->private_data, False, NULL, 0); - return; - } - - for (i=0; i<num_aliases; i++) { - if (!NT_STATUS_IS_OK(add_sid_to_array(state->mem_ctx, - &aliases[i], - &state->sids, - &state->num_sids))) - { - DEBUG(0, ("Out of memory\n")); - state->cont(state->private_data, False, NULL, 0); - return; - } - } - - if (state->local_alias_domain != NULL) { - struct winbindd_domain *local_domain = state->local_alias_domain; - DEBUG(10, ("Expanding our own local groups\n")); - state->local_alias_domain = NULL; - winbindd_getsidaliases_async(local_domain, state->mem_ctx, - state->sids, state->num_sids, - gettoken_recvaliases, state); - return; - } - - if (state->builtin_domain != NULL) { - struct winbindd_domain *builtin_domain = state->builtin_domain; - DEBUG(10, ("Expanding our own BUILTIN groups\n")); - state->builtin_domain = NULL; - winbindd_getsidaliases_async(builtin_domain, state->mem_ctx, - state->sids, state->num_sids, - gettoken_recvaliases, state); - return; - } - - state->cont(state->private_data, True, state->sids, state->num_sids); -} - static void query_user_recv(TALLOC_CTX *mem_ctx, bool success, struct winbindd_response *response, void *c, void *private_data) diff --git a/source3/winbindd/winbindd_getusersids.c b/source3/winbindd/winbindd_getusersids.c new file mode 100644 index 0000000000..257b7e4847 --- /dev/null +++ b/source3/winbindd/winbindd_getusersids.c @@ -0,0 +1,120 @@ +/* + Unix SMB/CIFS implementation. + async implementation of WINBINDD_GETUSERSIDS + Copyright (C) Volker Lendecke 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" + +struct winbindd_getusersids_state { + struct dom_sid sid; + int num_sids; + struct dom_sid *sids; +}; + +static void winbindd_getusersids_done(struct tevent_req *subreq); + +struct tevent_req *winbindd_getusersids_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request) +{ + struct tevent_req *req, *subreq; + struct winbindd_getusersids_state *state; + + req = tevent_req_create(mem_ctx, &state, + struct winbindd_getusersids_state); + if (req == NULL) { + return NULL; + } + + /* Ensure null termination */ + request->data.sid[sizeof(request->data.sid)-1]='\0'; + + DEBUG(3, ("getusersids %s\n", request->data.sid)); + + if (!string_to_sid(&state->sid, request->data.sid)) { + DEBUG(1, ("Could not get convert sid %s from string\n", + request->data.sid)); + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + + subreq = wb_gettoken_send(state, ev, &state->sid); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, winbindd_getusersids_done, req); + return req; +} + +static void winbindd_getusersids_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct winbindd_getusersids_state *state = tevent_req_data( + req, struct winbindd_getusersids_state); + NTSTATUS status; + + status = wb_gettoken_recv(subreq, state, &state->num_sids, + &state->sids); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + tevent_req_done(req); +} + +NTSTATUS winbindd_getusersids_recv(struct tevent_req *req, + struct winbindd_response *response) +{ + struct winbindd_getusersids_state *state = tevent_req_data( + req, struct winbindd_getusersids_state); + NTSTATUS status; + int i; + char *result; + + if (tevent_req_is_nterror(req, &status)) { + DEBUG(5, ("Could not convert sid %s: %s\n", + sid_string_dbg(&state->sid), nt_errstr(status))); + return status; + } + + result = talloc_strdup(response, ""); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<state->num_sids; i++) { + char *str = sid_string_tos(&state->sids[i]); + if (str == NULL) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + result = talloc_asprintf_append_buffer(result, "%s\n", str); + TALLOC_FREE(str); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + response->data.num_entries = state->num_sids; + response->extra_data.data = result; + response->length += talloc_get_size(result); + return NT_STATUS_OK; +} diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 6520c43f2f..16defc793d 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -1255,90 +1255,6 @@ struct getgroups_state { size_t num_token_gids; }; - -/* Get user supplementary sids. This is equivalent to the - winbindd_getgroups() function but it involves a SID->SIDs mapping - rather than a NAME->SID->SIDS->GIDS mapping, which means we avoid - idmap. This call is designed to be used with applications that need - to do ACL evaluation themselves. Note that the cached info3 data is - not used - - this function assumes that the SID that comes in is a user SID. If - you pass in another type of SID then you may get unpredictable - results. -*/ - -static void getusersids_recv(void *private_data, bool success, DOM_SID *sids, - size_t num_sids); - -void winbindd_getusersids(struct winbindd_cli_state *state) -{ - DOM_SID *user_sid; - - /* Ensure null termination */ - state->request->data.sid[sizeof(state->request->data.sid)-1]='\0'; - - user_sid = TALLOC_P(state->mem_ctx, DOM_SID); - if (user_sid == NULL) { - DEBUG(1, ("talloc failed\n")); - request_error(state); - return; - } - - if (!string_to_sid(user_sid, state->request->data.sid)) { - DEBUG(1, ("Could not get convert sid %s from string\n", - state->request->data.sid)); - request_error(state); - return; - } - - winbindd_gettoken_async(state->mem_ctx, user_sid, getusersids_recv, - state); -} - -static void getusersids_recv(void *private_data, bool success, DOM_SID *sids, - size_t num_sids) -{ - struct winbindd_cli_state *state = - (struct winbindd_cli_state *)private_data; - char *ret = NULL; - unsigned ofs, ret_size = 0; - size_t i; - - if (!success) { - request_error(state); - return; - } - - /* work out the response size */ - for (i = 0; i < num_sids; i++) { - fstring s; - sid_to_fstring(s, &sids[i]); - ret_size += strlen(s) + 1; - } - - /* build the reply */ - ret = talloc_array(state->mem_ctx, char, ret_size); - if (!ret) { - DEBUG(0, ("malloc failed\n")); - request_error(state); - return; - } - ofs = 0; - for (i = 0; i < num_sids; i++) { - fstring s; - sid_to_fstring(s, &sids[i]); - safe_strcpy(ret + ofs, s, ret_size - ofs - 1); - ofs += strlen(ret+ofs) + 1; - } - - /* Send data back to client */ - state->response->data.num_entries = num_sids; - state->response->extra_data.data = ret; - state->response->length += ret_size; - request_ok(state); -} - enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *domain, struct winbindd_cli_state *state) { diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 3faf25a751..aeb841edd1 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -114,10 +114,6 @@ void winbindd_getsidaliases_async(struct winbindd_domain *domain, void *private_data); enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, struct winbindd_cli_state *state); -void winbindd_gettoken_async(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid, - void (*cont)(void *private_data, bool success, - DOM_SID *sids, size_t num_sids), - void *private_data); void query_user_async(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, const DOM_SID *sid, void (*cont)(void *private_data, bool success, @@ -846,4 +842,11 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx, NTSTATUS winbindd_getgrnam_recv(struct tevent_req *req, struct winbindd_response *response); +struct tevent_req *winbindd_getusersids_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request); +NTSTATUS winbindd_getusersids_recv(struct tevent_req *req, + struct winbindd_response *response); + #endif /* _WINBINDD_PROTO_H_ */ |