source3/winbindd/wb_alias_members.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    async alias_members
   4    Copyright (C) Pavel Filipenský 2023
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "winbindd.h"
  22 #include "librpc/gen_ndr/ndr_winbind_c.h"
  23 #include "../libcli/security/security.h"
  24
  25 struct wb_alias_members_state {
  26         struct tevent_context *ev;
  27         struct dom_sid sid;
  28         struct wbint_SidArray sids;
  29 };
  30
  31 static void wb_alias_members_done(struct tevent_req *subreq);
  32
  33 struct tevent_req *wb_alias_members_send(TALLOC_CTX *mem_ctx,
  34                                          struct tevent_context *ev,
  35                                          const struct dom_sid *sid,
  36                                          enum lsa_SidType type,
  37                                          int max_nesting)
  38 {
  39         struct tevent_req *req, *subreq;
  40         struct wb_alias_members_state *state;
  41         struct winbindd_domain *domain;
  42         NTSTATUS status;
  43         struct dom_sid_buf buf;
  44
  45         req = tevent_req_create(mem_ctx, &state, struct wb_alias_members_state);
  46         if (req == NULL) {
  47                 return NULL;
  48         }
  49         D_INFO("WB command alias_members start.\nLooking up SID %s.\n",
  50                dom_sid_str_buf(sid, &buf));
  51
  52         if (max_nesting <= 0) {
  53                 D_DEBUG("Finished. The depth based on 'winbind expand groups' is %d.\n", max_nesting);
  54                 state->sids.num_sids = 0;
  55                 state->sids.sids = NULL;
  56                 tevent_req_done(req);
  57                 return tevent_req_post(req, ev);
  58         }
  59
  60         sid_copy(&state->sid, sid);
  61
  62         status = lookup_usergroups_cached(state,
  63                                           &state->sid,
  64                                           &state->sids.num_sids,
  65                                           &state->sids.sids);
  66         if (NT_STATUS_IS_OK(status)) {
  67                 tevent_req_done(req);
  68                 return tevent_req_post(req, ev);
  69         }
  70
  71         domain = find_domain_from_sid_noinit(&state->sid);
  72         if (domain == NULL) {
  73                 DBG_WARNING("could not find domain entry for sid %s\n",
  74                             dom_sid_str_buf(&state->sid, &buf));
  75                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_ALIAS);
  76                 return tevent_req_post(req, ev);
  77         }
  78
  79         subreq = dcerpc_wbint_LookupAliasMembers_send(state,
  80                                                       ev,
  81                                                       dom_child_handle(domain),
  82                                                       &state->sid,
  83                                                       type,
  84                                                       &state->sids);
  85         if (tevent_req_nomem(subreq, req)) {
  86                 return tevent_req_post(req, ev);
  87         }
  88         tevent_req_set_callback(subreq, wb_alias_members_done, req);
  89         return req;
  90 }
  91
  92 static void wb_alias_members_done(struct tevent_req *subreq)
  93 {
  94         struct tevent_req *req =
  95                 tevent_req_callback_data(subreq, struct tevent_req);
  96         struct wb_alias_members_state *state =
  97                 tevent_req_data(req, struct wb_alias_members_state);
  98         NTSTATUS status, result;
  99
 100         status = dcerpc_wbint_LookupAliasMembers_recv(subreq, state, &result);
 101         TALLOC_FREE(subreq);
 102         if (any_nt_status_not_ok(status, result, &status)) {
 103                 D_WARNING("Failed with %s.\n", nt_errstr(status));
 104                 tevent_req_nterror(req, status);
 105                 return;
 106         }
 107         tevent_req_done(req);
 108 }
 109
 110 NTSTATUS wb_alias_members_recv(struct tevent_req *req,
 111                                TALLOC_CTX *mem_ctx,
 112                                uint32_t *num_sids,
 113                                struct dom_sid **sids)
 114 {
 115         struct wb_alias_members_state *state =
 116                 tevent_req_data(req, struct wb_alias_members_state);
 117         NTSTATUS status;
 118         uint32_t i;
 119
 120         if (tevent_req_is_nterror(req, &status)) {
 121                 return status;
 122         }
 123         *num_sids = state->sids.num_sids;
 124         *sids = talloc_move(mem_ctx, &state->sids.sids);
 125
 126         D_INFO("WB command alias_members end.\nReceived %" PRIu32 " SID(s).\n",
 127                *num_sids);
 128         if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
 129                 for (i = 0; i < *num_sids; i++) {
 130                         struct dom_sid_buf buf;
 131                         D_INFO("%" PRIu32 ": %s\n",
 132                                i,
 133                                dom_sid_str_buf(&(*sids)[i], &buf));
 134                 }
 135         }
 136         return NT_STATUS_OK;
 137 }