search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:utils: Fix 'Usage:' for 'net ads enctypes'
[samba4-gss.git] / source3 / winbindd / wb_gettoken.c
blob4e29691802de37fa6f8feb7338e5064e460b6a51
1 /*
2 Unix SMB/CIFS implementation.
3 async gettoken
4 Copyright (C) Volker Lendecke 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "util/debug.h"
22 #include "winbindd.h"
23 #include "librpc/gen_ndr/ndr_winbind_c.h"
24 #include "../libcli/security/security.h"
25 #include "passdb/machine_sid.h"
26
27 struct wb_gettoken_state {
28 struct tevent_context *ev;
29 struct dom_sid usersid;
30 bool expand_local_aliases;
31 uint32_t num_sids;
32 struct dom_sid *sids;
33 };
34
35 static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
36 uint32_t *pnum_sids,
37 struct dom_sid **psids,
38 const struct dom_sid *domain_sid,
39 uint32_t num_rids, uint32_t *rids);
40
41 static void wb_gettoken_gotuser(struct tevent_req *subreq);
42 static void wb_gettoken_gotgroups(struct tevent_req *subreq);
43 static void wb_gettoken_trylocalgroups(struct tevent_req *req);
44 static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq);
45 static void wb_gettoken_trybuiltins(struct tevent_req *req);
46 static void wb_gettoken_gotbuiltins(struct tevent_req *subreq);
47
48 struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
49 struct tevent_context *ev,
50 const struct dom_sid *sid,
51 bool expand_local_aliases)
52 {
53 struct tevent_req *req, *subreq;
54 struct wb_gettoken_state *state;
55 struct dom_sid_buf buf;
56
57 req = tevent_req_create(mem_ctx, &state, struct wb_gettoken_state);
58 if (req == NULL) {
59 return NULL;
60 }
61 sid_copy(&state->usersid, sid);
62 state->ev = ev;
63 state->expand_local_aliases = expand_local_aliases;
64
65 D_INFO("WB command gettoken start.\n"
66 "Query user SID %s (expand local aliases is %d).\n",
67 dom_sid_str_buf(sid, &buf),
68 expand_local_aliases);
69 subreq = wb_queryuser_send(state, ev, &state->usersid);
70 if (tevent_req_nomem(subreq, req)) {
71 return tevent_req_post(req, ev);
72 }
73 tevent_req_set_callback(subreq, wb_gettoken_gotuser, req);
74 return req;
75 }
76
77 static void wb_gettoken_gotuser(struct tevent_req *subreq)
78 {
79 struct tevent_req *req = tevent_req_callback_data(
80 subreq, struct tevent_req);
81 struct wb_gettoken_state *state = tevent_req_data(
82 req, struct wb_gettoken_state);
83 struct wbint_userinfo *info;
84 NTSTATUS status;
85 struct dom_sid_buf buf0, buf1;
86
87 status = wb_queryuser_recv(subreq, state, &info);
88 TALLOC_FREE(subreq);
89 if (tevent_req_nterror(req, status)) {
90 return;
91 }
92
93 state->sids = talloc_array(state, struct dom_sid, 2);
94 if (tevent_req_nomem(state->sids, req)) {
95 return;
96 }
97 state->num_sids = 2;
98
99 D_DEBUG("Got user SID %s and group SID %s\n",
100 dom_sid_str_buf(&info->user_sid, &buf0),
101 dom_sid_str_buf(&info->group_sid, &buf1));
102 sid_copy(&state->sids[0], &info->user_sid);
103 sid_copy(&state->sids[1], &info->group_sid);
104
105 D_DEBUG("Looking up user groups for the user SID.\n");
106 subreq = wb_lookupusergroups_send(state, state->ev, &info->user_sid);
107 if (tevent_req_nomem(subreq, req)) {
108 return;
109 }
110 tevent_req_set_callback(subreq, wb_gettoken_gotgroups, req);
111 }
112
113 static void wb_gettoken_gotgroups(struct tevent_req *subreq)
114 {
115 struct tevent_req *req = tevent_req_callback_data(
116 subreq, struct tevent_req);
117 struct wb_gettoken_state *state = tevent_req_data(
118 req, struct wb_gettoken_state);
119 uint32_t i, num_groups;
120 struct dom_sid *groups;
121 NTSTATUS status;
122 struct dom_sid_buf buf;
123
124 status = wb_lookupusergroups_recv(subreq, state, &num_groups, &groups);
125 TALLOC_FREE(subreq);
126 if (!NT_STATUS_IS_OK(status)) {
127 tevent_req_done(req);
128 return;
129 }
130
131 D_DEBUG("Received %"PRIu32" group(s).\n", num_groups);
132 for (i = 0; i < num_groups; i++) {
133 D_DEBUG("Adding SID %s.\n", dom_sid_str_buf(&groups[i], &buf));
134 status = add_sid_to_array_unique(
135 state, &groups[i], &state->sids, &state->num_sids);
136
137 if (tevent_req_nterror(req, status)) {
138 return;
139 }
140 }
141
142 wb_gettoken_trylocalgroups(req);
143 }
144
145 static void wb_gettoken_trylocalgroups(struct tevent_req *req)
146 {
147 struct wb_gettoken_state *state = tevent_req_data(
148 req, struct wb_gettoken_state);
149 struct winbindd_domain *domain = NULL;
150 struct tevent_req *subreq = NULL;
151
152 if (!state->expand_local_aliases) {
153 D_DEBUG("Done. Not asked to expand local aliases.\n");
154 tevent_req_done(req);
155 return;
156 }
157
158 /*
159 * Expand our domain's aliases
160 */
161 domain = find_domain_from_sid_noinit(get_global_sam_sid());
162 if (domain == NULL) {
163 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
164 return;
165 }
166
167 D_DEBUG("Expand domain's aliases for %"PRIu32" SID(s).\n",
168 state->num_sids);
169 subreq = wb_lookupuseraliases_send(state, state->ev, domain,
170 state->num_sids, state->sids);
171 if (tevent_req_nomem(subreq, req)) {
172 return;
173 }
174 tevent_req_set_callback(subreq, wb_gettoken_gotlocalgroups, req);
175 }
176
177 static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq)
178 {
179 struct tevent_req *req = tevent_req_callback_data(
180 subreq, struct tevent_req);
181 struct wb_gettoken_state *state = tevent_req_data(
182 req, struct wb_gettoken_state);
183 uint32_t num_rids;
184 uint32_t *rids;
185 NTSTATUS status;
186
187 status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
188 TALLOC_FREE(subreq);
189 if (tevent_req_nterror(req, status)) {
190 return;
191 }
192
193 D_DEBUG("Got %"PRIu32" RID(s).\n", num_rids);
194 status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
195 get_global_sam_sid(), num_rids, rids);
196 if (tevent_req_nterror(req, status)) {
197 return;
198 }
199 TALLOC_FREE(rids);
200
201 wb_gettoken_trybuiltins(req);
202 }
203
204 static void wb_gettoken_trybuiltins(struct tevent_req *req)
205 {
206 struct wb_gettoken_state *state = tevent_req_data(
207 req, struct wb_gettoken_state);
208 struct winbindd_domain *domain = NULL;
209 struct tevent_req *subreq = NULL;
210
211 /*
212 * Now expand the builtin groups
213 */
214
215 D_DEBUG("Expand the builtin groups for %"PRIu32" SID(s).\n",
216 state->num_sids);
217 domain = find_domain_from_sid(&global_sid_Builtin);
218 if (domain == NULL) {
219 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
220 return;
221 }
222
223 subreq = wb_lookupuseraliases_send(state, state->ev, domain,
224 state->num_sids, state->sids);
225 if (tevent_req_nomem(subreq, req)) {
226 return;
227 }
228 tevent_req_set_callback(subreq, wb_gettoken_gotbuiltins, req);
229 }
230
231 static void wb_gettoken_gotbuiltins(struct tevent_req *subreq)
232 {
233 struct tevent_req *req = tevent_req_callback_data(
234 subreq, struct tevent_req);
235 struct wb_gettoken_state *state = tevent_req_data(
236 req, struct wb_gettoken_state);
237 uint32_t num_rids;
238 uint32_t *rids;
239 NTSTATUS status;
240
241 status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
242 TALLOC_FREE(subreq);
243 if (tevent_req_nterror(req, status)) {
244 return;
245 }
246 D_DEBUG("Got %"PRIu32" RID(s).\n", num_rids);
247 status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
248 &global_sid_Builtin, num_rids, rids);
249 if (tevent_req_nterror(req, status)) {
250 return;
251 }
252 tevent_req_done(req);
253 }
254
255 NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
256 uint32_t *num_sids, struct dom_sid **sids)
257 {
258 struct wb_gettoken_state *state = tevent_req_data(
259 req, struct wb_gettoken_state);
260 NTSTATUS status;
261 uint32_t i;
262
263 if (tevent_req_is_nterror(req, &status)) {
264 return status;
265 }
266 *num_sids = state->num_sids;
267 D_INFO("WB command gettoken end.\nReceived %"PRIu32" SID(s).\n",
268 state->num_sids);
269
270 if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
271 for (i = 0; i < state->num_sids; i++) {
272 struct dom_sid_buf sidbuf;
273 D_INFO("%"PRIu32": %s\n",
274 i,
275 dom_sid_str_buf(&state->sids[i],
276 &sidbuf));
277 }
278 }
279
280 *sids = talloc_move(mem_ctx, &state->sids);
281 return NT_STATUS_OK;
282 }
283
284 static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
285 uint32_t *pnum_sids,
286 struct dom_sid **psids,
287 const struct dom_sid *domain_sid,
288 uint32_t num_rids, uint32_t *rids)
289 {
290 uint32_t i;
291
292 D_DEBUG("%"PRIu32" SID(s) will be uniquely added to the SID array.\n"
293 "Before the addition the array has %"PRIu32" SID(s).\n",
294 num_rids, *pnum_sids);
295
296 for (i = 0; i < num_rids; i++) {
297 NTSTATUS status;
298 struct dom_sid sid;
299
300 sid_compose(&sid, domain_sid, rids[i]);
301 status = add_sid_to_array_unique(
302 mem_ctx, &sid, psids, pnum_sids);
303 if (!NT_STATUS_IS_OK(status)) {
304 return status;
305 }
306 }
307 D_DEBUG("After the addition the array has %"PRIu32" SID(s).\n",
308 *pnum_sids);
309 return NT_STATUS_OK;
310 }
GSS-enabled samba4