00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #include "includes.h"
00027 #include "winbindd.h"
00028
00029 extern BOOL opt_nocache;
00030
00031 #undef DBGC_CLASS
00032 #define DBGC_CLASS DBGC_WINBIND
00033
00034 static void add_member(const char *domain, const char *user,
00035 char **pp_members, size_t *p_num_members)
00036 {
00037 fstring name;
00038
00039 fill_domain_username(name, domain, user, True);
00040 safe_strcat(name, ",", sizeof(name)-1);
00041 string_append(pp_members, name);
00042 *p_num_members += 1;
00043 }
00044
00045
00046
00047
00048
00049 static void add_expanded_sid(const DOM_SID *sid, char **pp_members, size_t *p_num_members)
00050 {
00051 DOM_SID dom_sid;
00052 uint32 rid;
00053 struct winbindd_domain *domain;
00054 size_t i;
00055
00056 char *domain_name = NULL;
00057 char *name = NULL;
00058 enum lsa_SidType type;
00059
00060 uint32 num_names;
00061 DOM_SID *sid_mem;
00062 char **names;
00063 uint32 *types;
00064
00065 NTSTATUS result;
00066
00067 TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid");
00068
00069 if (mem_ctx == NULL) {
00070 DEBUG(1, ("talloc_init failed\n"));
00071 return;
00072 }
00073
00074 sid_copy(&dom_sid, sid);
00075 sid_split_rid(&dom_sid, &rid);
00076
00077 domain = find_lookup_domain_from_sid(sid);
00078
00079 if (domain == NULL) {
00080 DEBUG(3, ("Could not find domain for sid %s\n",
00081 sid_string_static(sid)));
00082 goto done;
00083 }
00084
00085 result = domain->methods->sid_to_name(domain, mem_ctx, sid,
00086 &domain_name, &name, &type);
00087
00088 if (!NT_STATUS_IS_OK(result)) {
00089 DEBUG(3, ("sid_to_name failed for sid %s\n",
00090 sid_string_static(sid)));
00091 goto done;
00092 }
00093
00094 DEBUG(10, ("Found name %s, type %d\n", name, type));
00095
00096 if (type == SID_NAME_USER) {
00097 add_member(domain_name, name, pp_members, p_num_members);
00098 goto done;
00099 }
00100
00101 if (type != SID_NAME_DOM_GRP) {
00102 DEBUG(10, ("Alias member %s neither user nor group, ignore\n",
00103 name));
00104 goto done;
00105 }
00106
00107
00108
00109 domain = find_domain_from_sid(sid);
00110
00111 if (domain == NULL) {
00112 DEBUG(3, ("Could not find domain from SID %s\n",
00113 sid_string_static(sid)));
00114 goto done;
00115 }
00116
00117 result = domain->methods->lookup_groupmem(domain, mem_ctx,
00118 sid, &num_names,
00119 &sid_mem, &names,
00120 &types);
00121
00122 if (!NT_STATUS_IS_OK(result)) {
00123 DEBUG(10, ("Could not lookup group members for %s: %s\n",
00124 name, nt_errstr(result)));
00125 goto done;
00126 }
00127
00128 for (i=0; i<num_names; i++) {
00129 DEBUG(10, ("Adding group member SID %s\n",
00130 sid_string_static(&sid_mem[i])));
00131
00132 if (types[i] != SID_NAME_USER) {
00133 DEBUG(1, ("Hmmm. Member %s of group %s is no user. "
00134 "Ignoring.\n", names[i], name));
00135 continue;
00136 }
00137
00138 add_member(domain->name, names[i], pp_members, p_num_members);
00139 }
00140
00141 done:
00142 talloc_destroy(mem_ctx);
00143 return;
00144 }
00145
00146 static BOOL fill_passdb_alias_grmem(struct winbindd_domain *domain,
00147 DOM_SID *group_sid,
00148 size_t *num_gr_mem, char **gr_mem, size_t *gr_mem_len)
00149 {
00150 DOM_SID *members;
00151 size_t i, num_members;
00152
00153 *num_gr_mem = 0;
00154 *gr_mem = NULL;
00155 *gr_mem_len = 0;
00156
00157 if (!NT_STATUS_IS_OK(pdb_enum_aliasmem(group_sid, &members,
00158 &num_members)))
00159 return True;
00160
00161 for (i=0; i<num_members; i++) {
00162 add_expanded_sid(&members[i], gr_mem, num_gr_mem);
00163 }
00164
00165 TALLOC_FREE(members);
00166
00167 if (*gr_mem != NULL) {
00168 size_t len;
00169
00170
00171 len = strlen(*gr_mem);
00172 (*gr_mem)[len-1] = '\0';
00173 *gr_mem_len = len;
00174 }
00175
00176 return True;
00177 }
00178
00179
00180
00181 static BOOL fill_grent(struct winbindd_gr *gr, const char *dom_name,
00182 const char *gr_name, gid_t unix_gid)
00183 {
00184 fstring full_group_name;
00185
00186 fill_domain_username( full_group_name, dom_name, gr_name, True );
00187
00188 gr->gr_gid = unix_gid;
00189
00190
00191
00192 safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1);
00193 safe_strcpy(gr->gr_passwd, "*", sizeof(gr->gr_passwd) - 1);
00194
00195 return True;
00196 }
00197
00198
00199
00200 static BOOL fill_grent_mem(struct winbindd_domain *domain,
00201 struct winbindd_cli_state *state,
00202 DOM_SID *group_sid,
00203 enum lsa_SidType group_name_type,
00204 size_t *num_gr_mem, char **gr_mem, size_t *gr_mem_len)
00205 {
00206 DOM_SID *sid_mem = NULL;
00207 uint32 num_names = 0;
00208 uint32 *name_types = NULL;
00209 unsigned int buf_len = 0, buf_ndx = 0, i;
00210 char **names = NULL, *buf = NULL;
00211 BOOL result = False;
00212 TALLOC_CTX *mem_ctx;
00213 NTSTATUS status;
00214 uint32 group_rid;
00215 fstring sid_string;
00216
00217 if (!(mem_ctx = talloc_init("fill_grent_mem(%s)", domain->name)))
00218 return False;
00219
00220
00221
00222 DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid)));
00223
00224
00225 *num_gr_mem = 0;
00226
00227
00228
00229
00230
00231 if (domain->internal) {
00232 result = fill_passdb_alias_grmem(domain, group_sid,
00233 num_gr_mem,
00234 gr_mem, gr_mem_len);
00235 goto done;
00236 }
00237
00238 if ( !((group_name_type==SID_NAME_DOM_GRP) ||
00239 ((group_name_type==SID_NAME_ALIAS) && domain->primary)) )
00240 {
00241 DEBUG(1, ("SID %s in domain %s isn't a domain group (%d)\n",
00242 sid_to_string(sid_string, group_sid), domain->name,
00243 group_name_type));
00244 goto done;
00245 }
00246
00247
00248
00249
00250
00251
00252
00253
00254
00255 sid_peek_rid( group_sid, &group_rid );
00256 if (!lp_winbind_enum_users() && group_rid == DOMAIN_GROUP_RID_USERS) {
00257 DOM_SID querying_user_sid;
00258 DOM_SID *pquerying_user_sid = NULL;
00259 uint32 num_groups = 0;
00260 DOM_SID *user_sids = NULL;
00261 BOOL u_in_group = False;
00262
00263 DEBUG(10,("fill_grent_mem: optimized lookup for sid %s domain %s\n",
00264 sid_to_string(sid_string, group_sid), domain->name ));
00265
00266 if (state) {
00267 uid_t ret_uid = (uid_t)-1;
00268 if (sys_getpeereid(state->sock, &ret_uid)==0) {
00269
00270
00271 status = idmap_uid_to_sid(&querying_user_sid, ret_uid);
00272 if (NT_STATUS_IS_OK(status)) {
00273 pquerying_user_sid = &querying_user_sid;
00274 DEBUG(10,("fill_grent_mem: querying uid %u -> %s\n",
00275 (unsigned int)ret_uid,
00276 sid_to_string(sid_string, pquerying_user_sid) ));
00277 }
00278 }
00279 }
00280
00281
00282 if (pquerying_user_sid &&
00283 (sid_compare_domain(pquerying_user_sid, &domain->sid) == 0)) {
00284
00285 DEBUG(10,("fill_grent_mem: querying user = %s\n",
00286 sid_to_string(sid_string, pquerying_user_sid) ));
00287
00288 status = domain->methods->lookup_usergroups(domain,
00289 mem_ctx,
00290 pquerying_user_sid,
00291 &num_groups,
00292 &user_sids);
00293 if (!NT_STATUS_IS_OK(status)) {
00294 DEBUG(1, ("fill_grent_mem: lookup_usergroups failed "
00295 "for sid %s in domain %s (error: %s)\n",
00296 sid_to_string(sid_string, pquerying_user_sid),
00297 domain->name,
00298 nt_errstr(status)));
00299 goto done;
00300 }
00301
00302 for (i = 0; i < num_groups; i++) {
00303 if (sid_equal(group_sid, &user_sids[i])) {
00304
00305
00306 u_in_group = True;
00307 break;
00308 }
00309 }
00310 }
00311
00312 if (u_in_group) {
00313 size_t len = 0;
00314 char *domainname = NULL;
00315 char *username = NULL;
00316 fstring name;
00317 enum lsa_SidType type;
00318
00319 DEBUG(10,("fill_grent_mem: sid %s in 'Domain Users' in domain %s\n",
00320 sid_to_string(sid_string, pquerying_user_sid), domain->name ));
00321
00322 status = domain->methods->sid_to_name(domain, mem_ctx,
00323 pquerying_user_sid,
00324 &domainname,
00325 &username,
00326 &type);
00327 if (!NT_STATUS_IS_OK(status)) {
00328 DEBUG(1, ("could not lookup username for user "
00329 "sid %s in domain %s (error: %s)\n",
00330 sid_to_string(sid_string, pquerying_user_sid),
00331 domain->name,
00332 nt_errstr(status)));
00333 goto done;
00334 }
00335 fill_domain_username(name, domain->name, username, True);
00336 len = strlen(name);
00337 buf_len = len + 1;
00338 if (!(buf = (char *)SMB_MALLOC(buf_len))) {
00339 DEBUG(1, ("out of memory\n"));
00340 goto done;
00341 }
00342 memcpy(buf, name, buf_len);
00343
00344 DEBUG(10,("fill_grent_mem: user %s in 'Domain Users' in domain %s\n",
00345 name, domain->name ));
00346
00347
00348 *num_gr_mem = 1;
00349 }
00350
00351 *gr_mem = buf;
00352 *gr_mem_len = buf_len;
00353
00354 DEBUG(10, ("num_mem = %u, len = %u, mem = %s\n", (unsigned int)*num_gr_mem,
00355 (unsigned int)buf_len, *num_gr_mem ? buf : "NULL"));
00356 result = True;
00357 goto done;
00358 }
00359
00360
00361 status = domain->methods->lookup_groupmem(domain, mem_ctx, group_sid, &num_names,
00362 &sid_mem, &names, &name_types);
00363 if (!NT_STATUS_IS_OK(status)) {
00364 DEBUG(1, ("could not lookup membership for group sid %s in domain %s (error: %s)\n",
00365 sid_to_string(sid_string, group_sid), domain->name, nt_errstr(status)));
00366 goto done;
00367 }
00368
00369 DEBUG(10, ("looked up %d names\n", num_names));
00370
00371 if (DEBUGLEVEL >= 10) {
00372 for (i = 0; i < num_names; i++)
00373 DEBUG(10, ("\t%20s %s %d\n", names[i],
00374 sid_string_static(&sid_mem[i]),
00375 name_types[i]));
00376 }
00377
00378
00379
00380 again:
00381
00382 for (i = 0; i < num_names; i++) {
00383 char *the_name;
00384 fstring name;
00385 int len;
00386
00387 the_name = names[i];
00388
00389 DEBUG(10, ("processing name %s\n", the_name));
00390
00391
00392
00393
00394
00395
00396
00397 if (name_types[i] != SID_NAME_USER && name_types[i] != SID_NAME_COMPUTER) {
00398 DEBUG(3, ("name %s isn't a domain user (%s)\n", the_name, sid_type_lookup(name_types[i])));
00399 continue;
00400 }
00401
00402
00403
00404 fill_domain_username(name, domain->name, the_name, True);
00405
00406 len = strlen(name);
00407
00408
00409
00410 if (!buf) {
00411 buf_len += len + 1;
00412 (*num_gr_mem)++;
00413 DEBUG(10, ("buf_len + %d = %d\n", len + 1, buf_len));
00414 } else {
00415 DEBUG(10, ("appending %s at ndx %d\n", name, buf_ndx));
00416 safe_strcpy(&buf[buf_ndx], name, len);
00417 buf_ndx += len;
00418 buf[buf_ndx] = ',';
00419 buf_ndx++;
00420 }
00421 }
00422
00423
00424
00425 if (!buf && buf_len != 0) {
00426 if (!(buf = (char *)SMB_MALLOC(buf_len))) {
00427 DEBUG(1, ("out of memory\n"));
00428 result = False;
00429 goto done;
00430 }
00431 memset(buf, 0, buf_len);
00432 goto again;
00433 }
00434
00435 if (buf && buf_ndx > 0) {
00436 buf[buf_ndx - 1] = '\0';
00437 }
00438
00439 *gr_mem = buf;
00440 *gr_mem_len = buf_len;
00441
00442 DEBUG(10, ("num_mem = %u, len = %u, mem = %s\n", (unsigned int)*num_gr_mem,
00443 (unsigned int)buf_len, *num_gr_mem ? buf : "NULL"));
00444 result = True;
00445
00446 done:
00447
00448 talloc_destroy(mem_ctx);
00449
00450 DEBUG(10, ("fill_grent_mem returning %d\n", result));
00451
00452 return result;
00453 }
00454
00455
00456
00457 void winbindd_getgrnam(struct winbindd_cli_state *state)
00458 {
00459 DOM_SID group_sid, tmp_sid;
00460 uint32 grp_rid;
00461 struct winbindd_domain *domain;
00462 enum lsa_SidType name_type;
00463 fstring name_domain, name_group;
00464 char *tmp, *gr_mem;
00465 size_t gr_mem_len;
00466 size_t num_gr_mem;
00467 gid_t gid;
00468 union unid_t id;
00469 NTSTATUS status;
00470
00471
00472 state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0';
00473
00474 DEBUG(3, ("[%5lu]: getgrnam %s\n", (unsigned long)state->pid,
00475 state->request.data.groupname));
00476
00477
00478
00479 memset(name_group, 0, sizeof(fstring));
00480
00481 tmp = state->request.data.groupname;
00482
00483 name_domain[0] = '\0';
00484 name_group[0] = '\0';
00485
00486 parse_domain_user(tmp, name_domain, name_group);
00487
00488
00489
00490
00491 if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
00492 fstrcpy(name_domain, get_global_sam_name());
00493 }
00494
00495
00496
00497 if ((domain = find_domain_from_name(name_domain)) == NULL) {
00498 DEBUG(3, ("could not get domain sid for domain %s\n",
00499 name_domain));
00500 request_error(state);
00501 return;
00502 }
00503
00504
00505 if ( lp_winbind_trusted_domains_only() && domain->primary) {
00506 DEBUG(7,("winbindd_getgrnam: My domain -- rejecting "
00507 "getgrnam() for %s\\%s.\n", name_domain, name_group));
00508 request_error(state);
00509 return;
00510 }
00511
00512
00513
00514 ws_name_replace( name_group, WB_REPLACE_CHAR );
00515
00516 if (!winbindd_lookup_sid_by_name(state->mem_ctx, domain, domain->name,
00517 name_group, &group_sid, &name_type)) {
00518 DEBUG(1, ("group %s in domain %s does not exist\n",
00519 name_group, name_domain));
00520 request_error(state);
00521 return;
00522 }
00523
00524 if ( !((name_type==SID_NAME_DOM_GRP) ||
00525 ((name_type==SID_NAME_ALIAS) && domain->primary) ||
00526 ((name_type==SID_NAME_ALIAS) && domain->internal) ||
00527 ((name_type==SID_NAME_WKN_GRP) && domain->internal)) )
00528 {
00529 DEBUG(1, ("name '%s' is not a local, domain or builtin "
00530 "group: %d\n", name_group, name_type));
00531 request_error(state);
00532 return;
00533 }
00534
00535
00536
00537
00538 sid_copy( &tmp_sid, &group_sid );
00539 sid_split_rid( &tmp_sid, &grp_rid );
00540 if ( !sid_equal( &tmp_sid, &domain->sid ) ) {
00541 DEBUG(3,("winbindd_getgrnam: group %s resolves to a SID in the wrong domain [%s]\n",
00542 state->request.data.groupname, sid_string_static(&group_sid)));
00543 request_error(state);
00544 return;
00545 }
00546
00547
00548
00549
00550
00551 status = idmap_sid_to_gid(&group_sid, &gid);
00552
00553 if (NT_STATUS_IS_OK(status)) {
00554 goto got_gid;
00555 }
00556
00557
00558
00559 if (pdb_sid_to_id(&group_sid, &id, &name_type) &&
00560 ((name_type == SID_NAME_ALIAS) ||
00561 (name_type == SID_NAME_WKN_GRP))) {
00562 gid = id.gid;
00563 goto got_gid;
00564 }
00565
00566 DEBUG(1, ("error converting unix gid to sid\n"));
00567 request_error(state);
00568 return;
00569
00570 got_gid:
00571
00572 if (!fill_grent(&state->response.data.gr, name_domain,
00573 name_group, gid) ||
00574 !fill_grent_mem(domain, state, &group_sid, name_type,
00575 &num_gr_mem,
00576 &gr_mem, &gr_mem_len)) {
00577 request_error(state);
00578 return;
00579 }
00580
00581 state->response.data.gr.num_gr_mem = (uint32)num_gr_mem;
00582
00583
00584
00585 state->response.data.gr.gr_mem_ofs = 0;
00586
00587 state->response.length += gr_mem_len;
00588 state->response.extra_data.data = gr_mem;
00589 request_ok(state);
00590 }
00591
00592 static void getgrgid_got_sid(struct winbindd_cli_state *state, DOM_SID group_sid)
00593 {
00594 struct winbindd_domain *domain;
00595 enum lsa_SidType name_type;
00596 char *dom_name;
00597 char *group_name;
00598 size_t gr_mem_len;
00599 size_t num_gr_mem;
00600 char *gr_mem;
00601
00602
00603
00604 if (!winbindd_lookup_name_by_sid(state->mem_ctx, &group_sid, &dom_name,
00605 &group_name, &name_type)) {
00606 DEBUG(1, ("could not lookup sid\n"));
00607 request_error(state);
00608 TALLOC_FREE(group_name);
00609 TALLOC_FREE(dom_name);
00610 return;
00611 }
00612
00613
00614
00615 domain = find_domain_from_sid_noinit(&group_sid);
00616
00617 if (!domain) {
00618 DEBUG(1,("Can't find domain from sid\n"));
00619 request_error(state);
00620 TALLOC_FREE(group_name);
00621 TALLOC_FREE(dom_name);
00622 return;
00623 }
00624
00625 if ( !((name_type==SID_NAME_DOM_GRP) ||
00626 ((name_type==SID_NAME_ALIAS) && domain->primary) ||
00627 ((name_type==SID_NAME_ALIAS) && domain->internal)) )
00628 {
00629 DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
00630 group_name, name_type));
00631 request_error(state);
00632 TALLOC_FREE(group_name);
00633 TALLOC_FREE(dom_name);
00634 return;
00635 }
00636
00637 if (!fill_grent(&state->response.data.gr, dom_name, group_name,
00638 state->request.data.gid) ||
00639 !fill_grent_mem(domain, state, &group_sid, name_type,
00640 &num_gr_mem,
00641 &gr_mem, &gr_mem_len)) {
00642 request_error(state);
00643 TALLOC_FREE(group_name);
00644 TALLOC_FREE(dom_name);
00645 return;
00646 }
00647
00648 state->response.data.gr.num_gr_mem = (uint32)num_gr_mem;
00649
00650
00651
00652 state->response.data.gr.gr_mem_ofs = 0;
00653
00654 state->response.length += gr_mem_len;
00655 state->response.extra_data.data = gr_mem;
00656
00657 TALLOC_FREE(group_name);
00658 TALLOC_FREE(dom_name);
00659
00660 request_ok(state);
00661 }
00662
00663 static void getgrgid_recv(void *private_data, BOOL success, const char *sid)
00664 {
00665 struct winbindd_cli_state *state = talloc_get_type_abort(private_data, struct winbindd_cli_state);
00666 enum lsa_SidType name_type;
00667 DOM_SID group_sid;
00668
00669 if (success) {
00670 DEBUG(10,("getgrgid_recv: gid %lu has sid %s\n",
00671 (unsigned long)(state->request.data.gid), sid));
00672
00673 string_to_sid(&group_sid, sid);
00674 getgrgid_got_sid(state, group_sid);
00675 return;
00676 }
00677
00678
00679 if (pdb_gid_to_sid(state->request.data.gid, &group_sid) &&
00680 lookup_sid(state->mem_ctx, &group_sid, NULL, NULL, &name_type) &&
00681 (name_type == SID_NAME_ALIAS)) {
00682
00683 DEBUG(10,("getgrgid_recv: we have an alias with gid %lu and sid %s\n",
00684 (unsigned long)(state->request.data.gid), sid));
00685 getgrgid_got_sid(state, group_sid);
00686 return;
00687 }
00688
00689 DEBUG(1, ("could not convert gid %lu to sid\n",
00690 (unsigned long)state->request.data.gid));
00691 request_error(state);
00692 }
00693
00694
00695 void winbindd_getgrgid(struct winbindd_cli_state *state)
00696 {
00697 DEBUG(3, ("[%5lu]: getgrgid %lu\n", (unsigned long)state->pid,
00698 (unsigned long)state->request.data.gid));
00699
00700
00701 winbindd_gid2sid_async(state->mem_ctx, state->request.data.gid, getgrgid_recv, state);
00702 }
00703
00704
00705
00706
00707
00708
00709
00710 static BOOL winbindd_setgrent_internal(struct winbindd_cli_state *state)
00711 {
00712 struct winbindd_domain *domain;
00713
00714 DEBUG(3, ("[%5lu]: setgrent\n", (unsigned long)state->pid));
00715
00716
00717
00718 if (!lp_winbind_enum_groups()) {
00719 return False;
00720 }
00721
00722
00723
00724 if (state->getgrent_state != NULL) {
00725 free_getent_state(state->getgrent_state);
00726 state->getgrent_state = NULL;
00727 }
00728
00729
00730
00731 for (domain = domain_list(); domain != NULL; domain = domain->next) {
00732 struct getent_state *domain_state;
00733
00734
00735
00736
00737
00738
00739 if ( lp_winbind_trusted_domains_only() && domain->primary )
00740 {
00741 continue;
00742 }
00743
00744
00745 if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL) {
00746 DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n"));
00747 return False;
00748 }
00749
00750 ZERO_STRUCTP(domain_state);
00751
00752 fstrcpy(domain_state->domain_name, domain->name);
00753
00754
00755
00756 DLIST_ADD(state->getgrent_state, domain_state);
00757 }
00758
00759 state->getgrent_initialized = True;
00760 return True;
00761 }
00762
00763 void winbindd_setgrent(struct winbindd_cli_state *state)
00764 {
00765 if (winbindd_setgrent_internal(state)) {
00766 request_ok(state);
00767 } else {
00768 request_error(state);
00769 }
00770 }
00771
00772
00773
00774 void winbindd_endgrent(struct winbindd_cli_state *state)
00775 {
00776 DEBUG(3, ("[%5lu]: endgrent\n", (unsigned long)state->pid));
00777
00778 free_getent_state(state->getgrent_state);
00779 state->getgrent_initialized = False;
00780 state->getgrent_state = NULL;
00781 request_ok(state);
00782 }
00783
00784
00785
00786
00787
00788
00789 static BOOL get_sam_group_entries(struct getent_state *ent)
00790 {
00791 NTSTATUS status;
00792 uint32 num_entries;
00793 struct acct_info *name_list = NULL;
00794 TALLOC_CTX *mem_ctx;
00795 BOOL result = False;
00796 struct acct_info *sam_grp_entries = NULL;
00797 struct winbindd_domain *domain;
00798
00799 if (ent->got_sam_entries)
00800 return False;
00801
00802 if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)",
00803 ent->domain_name))) {
00804 DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n"));
00805 return False;
00806 }
00807
00808
00809
00810 SAFE_FREE(ent->sam_entries);
00811 ent->num_sam_entries = 0;
00812 ent->got_sam_entries = True;
00813
00814
00815
00816 num_entries = 0;
00817
00818 if (!(domain = find_domain_from_name(ent->domain_name))) {
00819 DEBUG(3, ("no such domain %s in get_sam_group_entries\n", ent->domain_name));
00820 goto done;
00821 }
00822
00823
00824
00825 status = domain->methods->enum_dom_groups(domain, mem_ctx, &num_entries, &sam_grp_entries);
00826
00827 if (!NT_STATUS_IS_OK(status)) {
00828 DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s\n", nt_errstr(status)));
00829 result = False;
00830 goto done;
00831 }
00832
00833
00834
00835 if (num_entries) {
00836 if ( !(name_list = SMB_MALLOC_ARRAY(struct acct_info, num_entries)) ) {
00837 DEBUG(0,("get_sam_group_entries: Failed to malloc memory for %d domain groups!\n",
00838 num_entries));
00839 result = False;
00840 goto done;
00841 }
00842 memcpy( name_list, sam_grp_entries, num_entries * sizeof(struct acct_info) );
00843 }
00844
00845 ent->num_sam_entries = num_entries;
00846
00847
00848
00849
00850 if ( ( lp_security() != SEC_ADS && domain->native_mode
00851 && domain->primary) || domain->internal )
00852 {
00853 DEBUG(4,("get_sam_group_entries: %s domain; enumerating local groups as well\n",
00854 domain->native_mode ? "Native Mode 2k":"BUILTIN or local"));
00855
00856 status = domain->methods->enum_local_groups(domain, mem_ctx, &num_entries, &sam_grp_entries);
00857
00858 if ( !NT_STATUS_IS_OK(status) ) {
00859 DEBUG(3,("get_sam_group_entries: Failed to enumerate domain local groups!\n"));
00860 num_entries = 0;
00861 }
00862 else
00863 DEBUG(4,("get_sam_group_entries: Returned %d local groups\n", num_entries));
00864
00865
00866
00867 if ( num_entries ) {
00868 if ( !(name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) )
00869 {
00870 DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n",
00871 num_entries));
00872 result = False;
00873 goto done;
00874 }
00875
00876 memcpy( &name_list[ent->num_sam_entries], sam_grp_entries,
00877 num_entries * sizeof(struct acct_info) );
00878 }
00879
00880 ent->num_sam_entries += num_entries;
00881 }
00882
00883
00884
00885
00886 ent->sam_entries = name_list;
00887 ent->sam_entry_index = 0;
00888
00889 result = (ent->num_sam_entries > 0);
00890
00891 done:
00892 talloc_destroy(mem_ctx);
00893
00894 return result;
00895 }
00896
00897
00898
00899 #define MAX_GETGRENT_GROUPS 500
00900
00901 void winbindd_getgrent(struct winbindd_cli_state *state)
00902 {
00903 struct getent_state *ent;
00904 struct winbindd_gr *group_list = NULL;
00905 int num_groups, group_list_ndx, gr_mem_list_len = 0;
00906 char *gr_mem_list = NULL;
00907
00908 DEBUG(3, ("[%5lu]: getgrent\n", (unsigned long)state->pid));
00909
00910
00911
00912 if (!lp_winbind_enum_groups()) {
00913 request_error(state);
00914 return;
00915 }
00916
00917 num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
00918
00919 if (num_groups == 0) {
00920 request_error(state);
00921 return;
00922 }
00923
00924 if ((state->response.extra_data.data = SMB_MALLOC_ARRAY(struct winbindd_gr, num_groups)) == NULL) {
00925 request_error(state);
00926 return;
00927 }
00928
00929 memset(state->response.extra_data.data, '\0',
00930 num_groups * sizeof(struct winbindd_gr) );
00931
00932 state->response.data.num_entries = 0;
00933
00934 group_list = (struct winbindd_gr *)state->response.extra_data.data;
00935
00936 if (!state->getgrent_initialized)
00937 winbindd_setgrent_internal(state);
00938
00939 if (!(ent = state->getgrent_state)) {
00940 request_error(state);
00941 return;
00942 }
00943
00944
00945
00946 for (group_list_ndx = 0; group_list_ndx < num_groups; ) {
00947 struct acct_info *name_list = NULL;
00948 fstring domain_group_name;
00949 uint32 result;
00950 gid_t group_gid;
00951 size_t gr_mem_len;
00952 char *gr_mem;
00953 DOM_SID group_sid;
00954 struct winbindd_domain *domain;
00955
00956
00957
00958 tryagain:
00959
00960 DEBUG(10, ("entry_index = %d, num_entries = %d\n",
00961 ent->sam_entry_index, ent->num_sam_entries));
00962
00963 if (ent->num_sam_entries == ent->sam_entry_index) {
00964
00965 while(ent && !get_sam_group_entries(ent)) {
00966 struct getent_state *next_ent;
00967
00968 DEBUG(10, ("freeing state info for domain %s\n", ent->domain_name));
00969
00970
00971
00972 SAFE_FREE(ent->sam_entries);
00973
00974 next_ent = ent->next;
00975 DLIST_REMOVE(state->getgrent_state, ent);
00976
00977 SAFE_FREE(ent);
00978 ent = next_ent;
00979 }
00980
00981
00982
00983 if (!ent)
00984 break;
00985 }
00986
00987 name_list = (struct acct_info *)ent->sam_entries;
00988
00989 if (!(domain =
00990 find_domain_from_name(ent->domain_name))) {
00991 DEBUG(3, ("No such domain %s in winbindd_getgrent\n", ent->domain_name));
00992 result = False;
00993 goto done;
00994 }
00995
00996
00997
00998 sid_copy(&group_sid, &domain->sid);
00999 sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
01000
01001 if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &group_gid))) {
01002 union unid_t id;
01003 enum lsa_SidType type;
01004
01005 DEBUG(10, ("SID %s not in idmap\n",
01006 sid_string_static(&group_sid)));
01007
01008 if (!pdb_sid_to_id(&group_sid, &id, &type)) {
01009 DEBUG(1, ("could not look up gid for group "
01010 "%s\n",
01011 name_list[ent->sam_entry_index].acct_name));
01012 ent->sam_entry_index++;
01013 goto tryagain;
01014 }
01015
01016 if ((type != SID_NAME_DOM_GRP) &&
01017 (type != SID_NAME_ALIAS) &&
01018 (type != SID_NAME_WKN_GRP)) {
01019 DEBUG(1, ("Group %s is a %s, not a group\n",
01020 sid_type_lookup(type),
01021 name_list[ent->sam_entry_index].acct_name));
01022 ent->sam_entry_index++;
01023 goto tryagain;
01024 }
01025 group_gid = id.gid;
01026 }
01027
01028 DEBUG(10, ("got gid %lu for group %lu\n", (unsigned long)group_gid,
01029 (unsigned long)name_list[ent->sam_entry_index].rid));
01030
01031
01032
01033 fill_domain_username(domain_group_name, ent->domain_name,
01034 name_list[ent->sam_entry_index].acct_name, True);
01035
01036 result = fill_grent(&group_list[group_list_ndx],
01037 ent->domain_name,
01038 name_list[ent->sam_entry_index].acct_name,
01039 group_gid);
01040
01041
01042
01043 if (result) {
01044 size_t num_gr_mem = 0;
01045 DOM_SID member_sid;
01046 group_list[group_list_ndx].num_gr_mem = 0;
01047 gr_mem = NULL;
01048 gr_mem_len = 0;
01049
01050
01051 if (state->request.cmd == WINBINDD_GETGRLST) {
01052 result = True;
01053 } else {
01054 sid_copy(&member_sid, &domain->sid);
01055 sid_append_rid(&member_sid, name_list[ent->sam_entry_index].rid);
01056 result = fill_grent_mem(
01057 domain,
01058 NULL,
01059 &member_sid,
01060 SID_NAME_DOM_GRP,
01061 &num_gr_mem,
01062 &gr_mem, &gr_mem_len);
01063
01064 group_list[group_list_ndx].num_gr_mem = (uint32)num_gr_mem;
01065 }
01066 }
01067
01068 if (result) {
01069
01070 gr_mem_list = (char *)SMB_REALLOC(
01071 gr_mem_list, gr_mem_list_len + gr_mem_len);
01072
01073 if (!gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) {
01074 DEBUG(0, ("out of memory\n"));
01075 gr_mem_list_len = 0;
01076 break;
01077 }
01078
01079 DEBUG(10, ("list_len = %d, mem_len = %u\n",
01080 gr_mem_list_len, (unsigned int)gr_mem_len));
01081
01082 memcpy(&gr_mem_list[gr_mem_list_len], gr_mem,
01083 gr_mem_len);
01084
01085 SAFE_FREE(gr_mem);
01086
01087 group_list[group_list_ndx].gr_mem_ofs =
01088 gr_mem_list_len;
01089
01090 gr_mem_list_len += gr_mem_len;
01091 }
01092
01093 ent->sam_entry_index++;
01094
01095
01096
01097 if (result) {
01098
01099 DEBUG(10, ("adding group num_entries = %d\n",
01100 state->response.data.num_entries));
01101
01102 group_list_ndx++;
01103 state->response.data.num_entries++;
01104
01105 state->response.length +=
01106 sizeof(struct winbindd_gr);
01107
01108 } else {
01109 DEBUG(0, ("could not lookup domain group %s\n",
01110 domain_group_name));
01111 }
01112 }
01113
01114
01115
01116 if (group_list_ndx == 0)
01117 goto done;
01118
01119 state->response.extra_data.data = SMB_REALLOC(
01120 state->response.extra_data.data,
01121 group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
01122
01123 if (!state->response.extra_data.data) {
01124 DEBUG(0, ("out of memory\n"));
01125 group_list_ndx = 0;
01126 SAFE_FREE(gr_mem_list);
01127 request_error(state);
01128 return;
01129 }
01130
01131 memcpy(&((char *)state->response.extra_data.data)
01132 [group_list_ndx * sizeof(struct winbindd_gr)],
01133 gr_mem_list, gr_mem_list_len);
01134
01135 state->response.length += gr_mem_list_len;
01136
01137 DEBUG(10, ("returning %d groups, length = %d\n",
01138 group_list_ndx, gr_mem_list_len));
01139
01140
01141
01142 done:
01143
01144 SAFE_FREE(gr_mem_list);
01145
01146 if (group_list_ndx > 0)
01147 request_ok(state);
01148 else
01149 request_error(state);
01150 }
01151
01152
01153
01154 void winbindd_list_groups(struct winbindd_cli_state *state)
01155 {
01156 uint32 total_entries = 0;
01157 struct winbindd_domain *domain;
01158 const char *which_domain;
01159 char *extra_data = NULL;
01160 unsigned int extra_data_len = 0, i;
01161
01162 DEBUG(3, ("[%5lu]: list groups\n", (unsigned long)state->pid));
01163
01164
01165 state->request.domain_name[sizeof(state->request.domain_name)-1]='\0';
01166 which_domain = state->request.domain_name;
01167
01168
01169
01170 for (domain = domain_list(); domain; domain = domain->next) {
01171 struct getent_state groups;
01172
01173
01174
01175
01176
01177 if ( *which_domain && !strequal(which_domain, domain->name) )
01178 continue;
01179
01180 ZERO_STRUCT(groups);
01181
01182
01183
01184 fstrcpy(groups.domain_name, domain->name);
01185
01186 get_sam_group_entries(&groups);
01187
01188 if (groups.num_sam_entries == 0) {
01189
01190 continue;
01191 }
01192
01193
01194
01195 total_entries += groups.num_sam_entries;
01196
01197
01198
01199 extra_data = (char *)SMB_REALLOC(
01200 extra_data, sizeof(fstring) * total_entries);
01201
01202 if (!extra_data) {
01203 DEBUG(0,("failed to enlarge buffer!\n"));
01204 request_error(state);
01205 return;
01206 }
01207
01208
01209 for (i = 0; i < groups.num_sam_entries; i++) {
01210 char *group_name = ((struct acct_info *)
01211 groups.sam_entries)[i].acct_name;
01212 fstring name;
01213
01214 fill_domain_username(name, domain->name, group_name, True);
01215
01216 memcpy(&extra_data[extra_data_len], name,
01217 strlen(name));
01218 extra_data_len += strlen(name);
01219 extra_data[extra_data_len++] = ',';
01220 }
01221
01222 SAFE_FREE(groups.sam_entries);
01223 }
01224
01225
01226 if (extra_data) {
01227 extra_data[extra_data_len - 1] = '\0';
01228 state->response.extra_data.data = extra_data;
01229 state->response.length += extra_data_len;
01230 }
01231
01232
01233
01234
01235 request_ok(state);
01236 }
01237
01238
01239
01240
01241
01242
01243
01244 struct getgroups_state {
01245 struct winbindd_cli_state *state;
01246 struct winbindd_domain *domain;
01247 char *domname;
01248 char *username;
01249 DOM_SID user_sid;
01250
01251 const DOM_SID *token_sids;
01252 size_t i, num_token_sids;
01253
01254 gid_t *token_gids;
01255 size_t num_token_gids;
01256 };
01257
01258 static void getgroups_usersid_recv(void *private_data, BOOL success,
01259 const DOM_SID *sid, enum lsa_SidType type);
01260 static void getgroups_tokensids_recv(void *private_data, BOOL success,
01261 DOM_SID *token_sids, size_t num_token_sids);
01262 static void getgroups_sid2gid_recv(void *private_data, BOOL success, gid_t gid);
01263
01264 void winbindd_getgroups(struct winbindd_cli_state *state)
01265 {
01266 struct getgroups_state *s;
01267
01268
01269 state->request.data.username
01270 [sizeof(state->request.data.username)-1]='\0';
01271
01272 DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid,
01273 state->request.data.username));
01274
01275
01276
01277 s = TALLOC_P(state->mem_ctx, struct getgroups_state);
01278 if (s == NULL) {
01279 DEBUG(0, ("talloc failed\n"));
01280 request_error(state);
01281 return;
01282 }
01283
01284 s->state = state;
01285
01286 ws_name_return( state->request.data.username, WB_REPLACE_CHAR );
01287
01288 if (!parse_domain_user_talloc(state->mem_ctx,
01289 state->request.data.username,
01290 &s->domname, &s->username)) {
01291 DEBUG(5, ("Could not parse domain user: %s\n",
01292 state->request.data.username));
01293
01294
01295
01296 if ( !lp_winbind_nested_groups() ) {
01297 request_error(state);
01298 return;
01299 }
01300
01301 s->domname = talloc_strdup( state->mem_ctx, get_global_sam_name() );
01302 s->username = talloc_strdup( state->mem_ctx, state->request.data.username );
01303 }
01304
01305
01306
01307 s->domain = find_domain_from_name_noinit(s->domname);
01308
01309 if (s->domain == NULL) {
01310 DEBUG(7, ("could not find domain entry for domain %s\n",
01311 s->domname));
01312 request_error(state);
01313 return;
01314 }
01315
01316 if ( s->domain->primary && lp_winbind_trusted_domains_only()) {
01317 DEBUG(7,("winbindd_getgroups: My domain -- rejecting "
01318 "getgroups() for %s\\%s.\n", s->domname,
01319 s->username));
01320 request_error(state);
01321 return;
01322 }
01323
01324
01325
01326 winbindd_lookupname_async(state->mem_ctx, s->domname, s->username,
01327 getgroups_usersid_recv, s);
01328 }
01329
01330 static void getgroups_usersid_recv(void *private_data, BOOL success,
01331 const DOM_SID *sid, enum lsa_SidType type)
01332 {
01333 struct getgroups_state *s =
01334 (struct getgroups_state *)private_data;
01335
01336 if ((!success) ||
01337 ((type != SID_NAME_USER) && (type != SID_NAME_COMPUTER))) {
01338 request_error(s->state);
01339 return;
01340 }
01341
01342 sid_copy(&s->user_sid, sid);
01343
01344 winbindd_gettoken_async(s->state->mem_ctx, &s->user_sid,
01345 getgroups_tokensids_recv, s);
01346 }
01347
01348 static void getgroups_tokensids_recv(void *private_data, BOOL success,
01349 DOM_SID *token_sids, size_t num_token_sids)
01350 {
01351 struct getgroups_state *s =
01352 (struct getgroups_state *)private_data;
01353
01354
01355
01356
01357 if ((!success) || (num_token_sids < 2)) {
01358 request_error(s->state);
01359 return;
01360 }
01361
01362 s->token_sids = token_sids;
01363 s->num_token_sids = num_token_sids;
01364 s->i = 0;
01365
01366 s->token_gids = NULL;
01367 s->num_token_gids = 0;
01368
01369 getgroups_sid2gid_recv(s, False, 0);
01370 }
01371
01372 static void getgroups_sid2gid_recv(void *private_data, BOOL success, gid_t gid)
01373 {
01374 struct getgroups_state *s =
01375 (struct getgroups_state *)private_data;
01376
01377 if (success) {
01378 if (!add_gid_to_array_unique(s->state->mem_ctx, gid,
01379 &s->token_gids,
01380 &s->num_token_gids)) {
01381 return;
01382 }
01383 }
01384
01385 if (s->i < s->num_token_sids) {
01386 const DOM_SID *sid = &s->token_sids[s->i];
01387 s->i += 1;
01388
01389 if (sid_equal(sid, &s->user_sid)) {
01390 getgroups_sid2gid_recv(s, False, 0);
01391 return;
01392 }
01393
01394 winbindd_sid2gid_async(s->state->mem_ctx, sid,
01395 getgroups_sid2gid_recv, s);
01396 return;
01397 }
01398
01399 s->state->response.data.num_entries = s->num_token_gids;
01400
01401 if (s->num_token_gids != 0) {
01402 s->state->response.extra_data.data = smb_xmemdup(
01403 s->token_gids, s->num_token_gids * sizeof(gid_t));
01404 s->state->response.length += s->num_token_gids * sizeof(gid_t);
01405 }
01406 request_ok(s->state);
01407 }
01408
01409
01410
01411
01412
01413
01414
01415
01416
01417
01418
01419
01420
01421 static void getusersids_recv(void *private_data, BOOL success, DOM_SID *sids,
01422 size_t num_sids);
01423
01424 void winbindd_getusersids(struct winbindd_cli_state *state)
01425 {
01426 DOM_SID *user_sid;
01427
01428
01429 state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
01430
01431 user_sid = TALLOC_P(state->mem_ctx, DOM_SID);
01432 if (user_sid == NULL) {
01433 DEBUG(1, ("talloc failed\n"));
01434 request_error(state);
01435 return;
01436 }
01437
01438 if (!string_to_sid(user_sid, state->request.data.sid)) {
01439 DEBUG(1, ("Could not get convert sid %s from string\n",
01440 state->request.data.sid));
01441 request_error(state);
01442 return;
01443 }
01444
01445 winbindd_gettoken_async(state->mem_ctx, user_sid, getusersids_recv,
01446 state);
01447 }
01448
01449 static void getusersids_recv(void *private_data, BOOL success, DOM_SID *sids,
01450 size_t num_sids)
01451 {
01452 struct winbindd_cli_state *state =
01453 (struct winbindd_cli_state *)private_data;
01454 char *ret = NULL;
01455 unsigned ofs, ret_size = 0;
01456 size_t i;
01457
01458 if (!success) {
01459 request_error(state);
01460 return;
01461 }
01462
01463
01464 for (i = 0; i < num_sids; i++) {
01465 const char *s = sid_string_static(&sids[i]);
01466 ret_size += strlen(s) + 1;
01467 }
01468
01469
01470 ret = (char *)SMB_MALLOC(ret_size);
01471 if (!ret) {
01472 DEBUG(0, ("malloc failed\n"));
01473 request_error(state);
01474 return;
01475 }
01476 ofs = 0;
01477 for (i = 0; i < num_sids; i++) {
01478 const char *s = sid_string_static(&sids[i]);
01479 safe_strcpy(ret + ofs, s, ret_size - ofs - 1);
01480 ofs += strlen(ret+ofs) + 1;
01481 }
01482
01483
01484 state->response.data.num_entries = num_sids;
01485 state->response.extra_data.data = ret;
01486 state->response.length += ret_size;
01487 request_ok(state);
01488 }
01489
01490 void winbindd_getuserdomgroups(struct winbindd_cli_state *state)
01491 {
01492 DOM_SID user_sid;
01493 struct winbindd_domain *domain;
01494
01495
01496 state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
01497
01498 if (!string_to_sid(&user_sid, state->request.data.sid)) {
01499 DEBUG(1, ("Could not get convert sid %s from string\n",
01500 state->request.data.sid));
01501 request_error(state);
01502 return;
01503 }
01504
01505
01506 if ((domain = find_domain_from_sid_noinit(&user_sid)) == NULL) {
01507 DEBUG(0,("could not find domain entry for sid %s\n",
01508 sid_string_static(&user_sid)));
01509 request_error(state);
01510 return;
01511 }
01512
01513 sendto_domain(state, domain);
01514 }
01515
01516 enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *domain,
01517 struct winbindd_cli_state *state)
01518 {
01519 DOM_SID user_sid;
01520 NTSTATUS status;
01521
01522 char *sidstring;
01523 ssize_t len;
01524 DOM_SID *groups;
01525 uint32 num_groups;
01526
01527
01528 state->request.data.sid[sizeof(state->request.data.sid)-1]='\0';
01529
01530 if (!string_to_sid(&user_sid, state->request.data.sid)) {
01531 DEBUG(1, ("Could not get convert sid %s from string\n",
01532 state->request.data.sid));
01533 return WINBINDD_ERROR;
01534 }
01535
01536 status = domain->methods->lookup_usergroups(domain, state->mem_ctx,
01537 &user_sid, &num_groups,
01538 &groups);
01539 if (!NT_STATUS_IS_OK(status))
01540 return WINBINDD_ERROR;
01541
01542 if (num_groups == 0) {
01543 state->response.data.num_entries = 0;
01544 state->response.extra_data.data = NULL;
01545 return WINBINDD_OK;
01546 }
01547
01548 if (!print_sidlist(state->mem_ctx, groups, num_groups, &sidstring, &len)) {
01549 DEBUG(0, ("talloc failed\n"));
01550 return WINBINDD_ERROR;
01551 }
01552
01553 state->response.extra_data.data = SMB_STRDUP(sidstring);
01554 if (!state->response.extra_data.data) {
01555 return WINBINDD_ERROR;
01556 }
01557 state->response.length += len+1;
01558 state->response.data.num_entries = num_groups;
01559
01560 return WINBINDD_OK;
01561 }