Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : async gettoken
4 : Copyright (C) Volker Lendecke 2009
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "util/debug.h"
22 : #include "winbindd.h"
23 : #include "librpc/gen_ndr/ndr_winbind_c.h"
24 : #include "../libcli/security/security.h"
25 : #include "passdb/machine_sid.h"
26 :
27 : struct wb_gettoken_state {
28 : struct tevent_context *ev;
29 : struct dom_sid usersid;
30 : bool expand_local_aliases;
31 : uint32_t num_sids;
32 : struct dom_sid *sids;
33 : };
34 :
35 : static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
36 : uint32_t *pnum_sids,
37 : struct dom_sid **psids,
38 : const struct dom_sid *domain_sid,
39 : uint32_t num_rids, uint32_t *rids);
40 :
41 : static void wb_gettoken_gotuser(struct tevent_req *subreq);
42 : static void wb_gettoken_gotgroups(struct tevent_req *subreq);
43 : static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq);
44 : static void wb_gettoken_gotbuiltins(struct tevent_req *subreq);
45 :
46 2420 : struct tevent_req *wb_gettoken_send(TALLOC_CTX *mem_ctx,
47 : struct tevent_context *ev,
48 : const struct dom_sid *sid,
49 : bool expand_local_aliases)
50 : {
51 0 : struct tevent_req *req, *subreq;
52 0 : struct wb_gettoken_state *state;
53 0 : struct dom_sid_buf buf;
54 :
55 2420 : req = tevent_req_create(mem_ctx, &state, struct wb_gettoken_state);
56 2420 : if (req == NULL) {
57 0 : return NULL;
58 : }
59 2420 : sid_copy(&state->usersid, sid);
60 2420 : state->ev = ev;
61 2420 : state->expand_local_aliases = expand_local_aliases;
62 :
63 2420 : D_INFO("WB command gettoken start.\n"
64 : "Query user SID %s (expand local aliases is %d).\n",
65 : dom_sid_str_buf(sid, &buf),
66 : expand_local_aliases);
67 2420 : subreq = wb_queryuser_send(state, ev, &state->usersid);
68 2420 : if (tevent_req_nomem(subreq, req)) {
69 0 : return tevent_req_post(req, ev);
70 : }
71 2420 : tevent_req_set_callback(subreq, wb_gettoken_gotuser, req);
72 2420 : return req;
73 : }
74 :
75 2420 : static void wb_gettoken_gotuser(struct tevent_req *subreq)
76 : {
77 2420 : struct tevent_req *req = tevent_req_callback_data(
78 : subreq, struct tevent_req);
79 2420 : struct wb_gettoken_state *state = tevent_req_data(
80 : req, struct wb_gettoken_state);
81 0 : struct wbint_userinfo *info;
82 0 : NTSTATUS status;
83 0 : struct dom_sid_buf buf0, buf1;
84 :
85 2420 : status = wb_queryuser_recv(subreq, state, &info);
86 2420 : TALLOC_FREE(subreq);
87 2420 : if (tevent_req_nterror(req, status)) {
88 108 : return;
89 : }
90 :
91 2312 : state->sids = talloc_array(state, struct dom_sid, 2);
92 2312 : if (tevent_req_nomem(state->sids, req)) {
93 0 : return;
94 : }
95 2312 : state->num_sids = 2;
96 :
97 2312 : D_DEBUG("Got user SID %s and group SID %s\n",
98 : dom_sid_str_buf(&info->user_sid, &buf0),
99 : dom_sid_str_buf(&info->group_sid, &buf1));
100 2312 : sid_copy(&state->sids[0], &info->user_sid);
101 2312 : sid_copy(&state->sids[1], &info->group_sid);
102 :
103 2312 : D_DEBUG("Looking up user groups for the user SID.\n");
104 2312 : subreq = wb_lookupusergroups_send(state, state->ev, &info->user_sid);
105 2312 : if (tevent_req_nomem(subreq, req)) {
106 0 : return;
107 : }
108 2312 : tevent_req_set_callback(subreq, wb_gettoken_gotgroups, req);
109 : }
110 :
111 2312 : static void wb_gettoken_gotgroups(struct tevent_req *subreq)
112 : {
113 2312 : struct tevent_req *req = tevent_req_callback_data(
114 : subreq, struct tevent_req);
115 2312 : struct wb_gettoken_state *state = tevent_req_data(
116 : req, struct wb_gettoken_state);
117 0 : uint32_t i, num_groups;
118 0 : struct dom_sid *groups;
119 0 : struct winbindd_domain *domain;
120 0 : NTSTATUS status;
121 0 : struct dom_sid_buf buf;
122 :
123 2312 : status = wb_lookupusergroups_recv(subreq, state, &num_groups, &groups);
124 2312 : TALLOC_FREE(subreq);
125 2312 : if (!NT_STATUS_IS_OK(status)) {
126 0 : tevent_req_done(req);
127 202 : return;
128 : }
129 :
130 2312 : D_DEBUG("Received %"PRIu32" group(s).\n", num_groups);
131 4782 : for (i = 0; i < num_groups; i++) {
132 2470 : D_DEBUG("Adding SID %s.\n", dom_sid_str_buf(&groups[i], &buf));
133 2470 : status = add_sid_to_array_unique(
134 2470 : state, &groups[i], &state->sids, &state->num_sids);
135 :
136 2470 : if (tevent_req_nterror(req, status)) {
137 0 : return;
138 : }
139 : }
140 :
141 2312 : if (!state->expand_local_aliases) {
142 202 : D_DEBUG("Done. Not asked to expand local aliases.\n");
143 202 : tevent_req_done(req);
144 202 : return;
145 : }
146 :
147 : /*
148 : * Expand our domain's aliases
149 : */
150 2110 : domain = find_domain_from_sid_noinit(get_global_sam_sid());
151 2110 : if (domain == NULL) {
152 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
153 0 : return;
154 : }
155 :
156 2110 : D_DEBUG("Expand domain's aliases for %"PRIu32" SID(s).\n",
157 : state->num_sids);
158 2110 : subreq = wb_lookupuseraliases_send(state, state->ev, domain,
159 2110 : state->num_sids, state->sids);
160 2110 : if (tevent_req_nomem(subreq, req)) {
161 0 : return;
162 : }
163 2110 : tevent_req_set_callback(subreq, wb_gettoken_gotlocalgroups, req);
164 : }
165 :
166 2110 : static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq)
167 : {
168 2110 : struct tevent_req *req = tevent_req_callback_data(
169 : subreq, struct tevent_req);
170 2110 : struct wb_gettoken_state *state = tevent_req_data(
171 : req, struct wb_gettoken_state);
172 0 : uint32_t num_rids;
173 0 : uint32_t *rids;
174 0 : struct winbindd_domain *domain;
175 0 : NTSTATUS status;
176 :
177 2110 : status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
178 2110 : TALLOC_FREE(subreq);
179 2110 : if (tevent_req_nterror(req, status)) {
180 0 : return;
181 : }
182 :
183 2110 : D_DEBUG("Got %"PRIu32" RID(s).\n", num_rids);
184 2110 : status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
185 2110 : get_global_sam_sid(), num_rids, rids);
186 2110 : if (tevent_req_nterror(req, status)) {
187 0 : return;
188 : }
189 2110 : TALLOC_FREE(rids);
190 :
191 : /*
192 : * Now expand the builtin groups
193 : */
194 :
195 2110 : D_DEBUG("Expand the builtin groups for %"PRIu32" SID(s).\n",
196 : state->num_sids);
197 2110 : domain = find_domain_from_sid(&global_sid_Builtin);
198 2110 : if (domain == NULL) {
199 0 : tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
200 0 : return;
201 : }
202 :
203 2110 : subreq = wb_lookupuseraliases_send(state, state->ev, domain,
204 2110 : state->num_sids, state->sids);
205 2110 : if (tevent_req_nomem(subreq, req)) {
206 0 : return;
207 : }
208 2110 : tevent_req_set_callback(subreq, wb_gettoken_gotbuiltins, req);
209 : }
210 :
211 2110 : static void wb_gettoken_gotbuiltins(struct tevent_req *subreq)
212 : {
213 2110 : struct tevent_req *req = tevent_req_callback_data(
214 : subreq, struct tevent_req);
215 2110 : struct wb_gettoken_state *state = tevent_req_data(
216 : req, struct wb_gettoken_state);
217 0 : uint32_t num_rids;
218 0 : uint32_t *rids;
219 0 : NTSTATUS status;
220 :
221 2110 : status = wb_lookupuseraliases_recv(subreq, state, &num_rids, &rids);
222 2110 : TALLOC_FREE(subreq);
223 2110 : if (tevent_req_nterror(req, status)) {
224 0 : return;
225 : }
226 2110 : D_DEBUG("Got %"PRIu32" RID(s).\n", num_rids);
227 2110 : status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
228 : &global_sid_Builtin, num_rids, rids);
229 2110 : if (tevent_req_nterror(req, status)) {
230 0 : return;
231 : }
232 2110 : tevent_req_done(req);
233 : }
234 :
235 2420 : NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
236 : uint32_t *num_sids, struct dom_sid **sids)
237 : {
238 2420 : struct wb_gettoken_state *state = tevent_req_data(
239 : req, struct wb_gettoken_state);
240 0 : NTSTATUS status;
241 0 : uint32_t i;
242 :
243 2420 : if (tevent_req_is_nterror(req, &status)) {
244 108 : return status;
245 : }
246 2312 : *num_sids = state->num_sids;
247 2312 : D_INFO("WB command gettoken end.\nReceived %"PRIu32" SID(s).\n",
248 : state->num_sids);
249 :
250 2312 : if (CHECK_DEBUGLVL(DBGLVL_INFO)) {
251 0 : for (i = 0; i < state->num_sids; i++) {
252 0 : struct dom_sid_buf sidbuf;
253 0 : D_INFO("%"PRIu32": %s\n",
254 : i,
255 : dom_sid_str_buf(&state->sids[i],
256 : &sidbuf));
257 : }
258 : }
259 :
260 2312 : *sids = talloc_move(mem_ctx, &state->sids);
261 2312 : return NT_STATUS_OK;
262 : }
263 :
264 4220 : static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
265 : uint32_t *pnum_sids,
266 : struct dom_sid **psids,
267 : const struct dom_sid *domain_sid,
268 : uint32_t num_rids, uint32_t *rids)
269 : {
270 0 : uint32_t i;
271 :
272 4220 : D_DEBUG("%"PRIu32" SID(s) will be uniquely added to the SID array.\n"
273 : "Before the addition the array has %"PRIu32" SID(s).\n",
274 : num_rids, *pnum_sids);
275 :
276 4572 : for (i = 0; i < num_rids; i++) {
277 0 : NTSTATUS status;
278 0 : struct dom_sid sid;
279 :
280 352 : sid_compose(&sid, domain_sid, rids[i]);
281 352 : status = add_sid_to_array_unique(
282 : mem_ctx, &sid, psids, pnum_sids);
283 352 : if (!NT_STATUS_IS_OK(status)) {
284 0 : return status;
285 : }
286 : }
287 4220 : D_DEBUG("After the addition the array has %"PRIu32" SID(s).\n",
288 : *pnum_sids);
289 4220 : return NT_STATUS_OK;
290 : }
|