From: Samuel Cabrero Date: Mon, 6 Feb 2023 17:32:21 +0000 (+0100) Subject: winbind:varlink: Implement group record enumeration X-Git-Tag: tevent-0.17.0~740 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9144e091219b176260f5a5fd8d411682109f74e8;p=thirdparty%2Fsamba.git winbind:varlink: Implement group record enumeration $> userdbctl -s org.samba.winbind group NAME DISPOSITION GID DESCRIPTION ... AFOREST+enterprise read-only domain controllers regular 20498 - AFOREST+domain admins regular 20512 - AFOREST+domain users regular 20513 - AFOREST+domain guests regular 20514 - AFOREST+domain computers regular 20515 - AFOREST+domain controllers regular 20516 - AFOREST+cert publishers regular 20517 - AFOREST+schema admins regular 20518 - AFOREST+enterprise admins regular 20519 - AFOREST+group policy creator owners regular 20520 - AFOREST+read-only domain controllers regular 20521 - AFOREST+cloneable domain controllers regular 20522 - AFOREST+protected users regular 20525 - AFOREST+ras and ias servers regular 20553 - AFOREST+allowed rodc password replication group regular 20571 - AFOREST+denied rodc password replication group regular 20572 - AFOREST+winrmremotewmiusers__ regular 21000 - AFOREST+dnsadmins regular 21102 - AFOREST+dnsupdateproxy regular 21103 - ... $> SYSTEMD_LOG_LEVEL=7 getent -sgroup:systemd group varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetGroupRecord","parameters":{"service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":21000,"groupName":"AFOREST+winrmremotewmiusers__","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+winrmremotewmiusers__","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+winrmremotewmiusers__:x:21000: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20515,"groupName":"AFOREST+domain computers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+domain computers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+domain computers:x:20515: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20516,"groupName":"AFOREST+domain controllers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+domain controllers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+domain controllers:x:20516: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20518,"groupName":"AFOREST+schema admins","members":["AFOREST+administrator"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+schema admins","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+schema admins:x:20518:AFOREST+administrator /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20519,"groupName":"AFOREST+enterprise admins","members":["AFOREST+administrator"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+enterprise admins","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+enterprise admins:x:20519:AFOREST+administrator /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20517,"groupName":"AFOREST+cert publishers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+cert publishers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+cert publishers:x:20517: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20512,"groupName":"AFOREST+domain admins","members":["AFOREST+administrator"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+domain admins","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+domain admins:x:20512:AFOREST+administrator /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20513,"groupName":"AFOREST+domain users","members":["AFOREST+user1","AFOREST+administrator","AFOREST+krbtgt"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+domain users","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+domain users:x:20513:AFOREST+user1,AFOREST+administrator,AFOREST+krbtgt /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20514,"groupName":"AFOREST+domain guests","members":["AFOREST+guest"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+domain guests","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+domain guests:x:20514:AFOREST+guest /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20520,"groupName":"AFOREST+group policy creator owners","members":["AFOREST+administrator"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+group policy creator owners","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+group policy creator owners:x:20520:AFOREST+administrator /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20553,"groupName":"AFOREST+ras and ias servers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+ras and ias servers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+ras and ias servers:x:20553: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20571,"groupName":"AFOREST+allowed rodc password replication group","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+allowed rodc password replication group","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+allowed rodc password replication group:x:20571: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20572,"groupName":"AFOREST+denied rodc password replication group","members":["AFOREST+krbtgt"],"service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+denied rodc password replication group","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+denied rodc password replication group:x:20572:AFOREST+krbtgt /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20521,"groupName":"AFOREST+read-only domain controllers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+read-only domain controllers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+read-only domain controllers:x:20521: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20498,"groupName":"AFOREST+enterprise read-only domain controllers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+enterprise read-only domain controllers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+enterprise read-only domain controllers:x:20498: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20522,"groupName":"AFOREST+cloneable domain controllers","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+cloneable domain controllers","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+cloneable domain controllers:x:20522: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":20525,"groupName":"AFOREST+protected users","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+protected users","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+protected users:x:20525: /run/systemd/userdb/org.samba.winbind: New incoming message: {"continues":true,"parameters":{"incomplete":false,"record":{"gid":21102,"groupName":"AFOREST+dnsadmins","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → awaiting-reply-more varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+dnsadmins","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+dnsadmins:x:21102: /run/systemd/userdb/org.samba.winbind: New incoming message: {"parameters":{"incomplete":false,"record":{"gid":21103,"groupName":"AFOREST+dnsupdateproxy","service":"org.samba.winbind"}}} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"groupName":"AFOREST+dnsupdateproxy","service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client AFOREST+dnsupdateproxy:x:21103: varlink: Setting state idle-client /run/systemd/userdb/org.samba.winbind: Sending message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"service":"org.samba.winbind"},"more":true} /run/systemd/userdb/org.samba.winbind: Changing state idle-client → awaiting-reply-more /run/systemd/userdb/org.samba.winbind: New incoming message: {"error":"io.systemd.UserDatabase.NoRecordFound"} /run/systemd/userdb/org.samba.winbind: Changing state awaiting-reply-more → processing-reply Got lookup error: io.systemd.UserDatabase.NoRecordFound /run/systemd/userdb/org.samba.winbind: Changing state processing-reply → idle-client Signed-off-by: Samuel Cabrero Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/winbindd_varlink.c b/source3/winbindd/winbindd_varlink.c index 20b2265b8b7..e1c089d5a6b 100644 --- a/source3/winbindd/winbindd_varlink.c +++ b/source3/winbindd/winbindd_varlink.c @@ -225,9 +225,82 @@ static long io_systemd_getgrouprecord(VarlinkService *service, uint64_t flags, void *userdata) { - return varlink_call_reply_error(call, - WB_VL_REPLY_ERROR_NO_RECORD_FOUND, - NULL); + struct wb_vl_state *state = + talloc_get_type_abort(userdata, struct wb_vl_state); + const char *parm_name = NULL; + const char *parm_service = NULL; + const char *service_name = NULL; + int64_t parm_gid = -1; + NTSTATUS status; + long rc; + + rc = varlink_object_get_string(parameters, "service", &parm_service); + if (rc < 0) { + DBG_ERR("Failed to get service parameter: %s\n", + varlink_error_string(rc)); + varlink_call_reply_error(call, + WB_VL_REPLY_ERROR_BAD_SERVICE, + NULL); + return 0; + } + + service_name = lp_parm_const_string(-1, + "winbind varlink", + "service name", + WB_VL_SERVICE_NAME); + + if (!strequal(parm_service, service_name)) { + varlink_call_reply_error(call, + WB_VL_REPLY_ERROR_BAD_SERVICE, + NULL); + return 0; + } + + rc = varlink_object_get_string(parameters, "groupName", &parm_name); + if (rc < 0 && rc != -VARLINK_ERROR_UNKNOWN_FIELD) { + DBG_ERR("Failed to get groupName parameter: %ld (%s)\n", + rc, + varlink_error_string(rc)); + goto fail; + } + + rc = varlink_object_get_int(parameters, "gid", &parm_gid); + if (rc < 0 && rc != -VARLINK_ERROR_UNKNOWN_FIELD) { + DBG_ERR("Failed to get gid parameter: %ld (%s)\n", + rc, + varlink_error_string(rc)); + goto fail; + } + + DBG_DEBUG("GetGroupRecord call parameters: service='%s', " + "groupName='%s', gid='%" PRId64 "'\n", + parm_service, + parm_name, + parm_gid); + + /* + * The wb_vl_group_* functions will reply theirselves when return + * NT_STATUS_OK + */ + if (parm_name == NULL && parm_gid == -1) { + /* Enumeration */ + status = wb_vl_group_enumerate(state, + state->ev_ctx, + call, + flags, + parm_service); + } + + if (NT_STATUS_IS_ERR(status)) { + goto fail; + } + + return 0; +fail: + varlink_call_reply_error(call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + return 0; } static long io_systemd_getmemberships(VarlinkService *service, diff --git a/source3/winbindd/winbindd_varlink.h b/source3/winbindd/winbindd_varlink.h index 21155173949..44fcb87a068 100644 --- a/source3/winbindd/winbindd_varlink.h +++ b/source3/winbindd/winbindd_varlink.h @@ -67,6 +67,13 @@ NTSTATUS wb_vl_user_by_name_and_uid(TALLOC_CTX *mem_ctx, const char *user_name, int64_t gid); +/* GetGroupRecord */ +NTSTATUS wb_vl_group_enumerate(TALLOC_CTX *state, + struct tevent_context *ev_ctx, + VarlinkCall *call, + uint64_t flags, + const char *service); + bool winbind_setup_varlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx); #endif /* _SOURCE3_WINBIND_VARLINK_H_ */ diff --git a/source3/winbindd/winbindd_varlink_getgrouprecord.c b/source3/winbindd/winbindd_varlink_getgrouprecord.c new file mode 100644 index 00000000000..7ad8c456100 --- /dev/null +++ b/source3/winbindd/winbindd_varlink_getgrouprecord.c @@ -0,0 +1,380 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Samuel Cabrero 2023 + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "winbindd.h" +#include "winbindd_varlink.h" + +static void group_record_reply(VarlinkCall *call, + struct winbindd_gr *gr, + char *gr_members, + bool continues) +{ + VarlinkObject *record = NULL; + VarlinkArray *members = NULL; + VarlinkObject *out = NULL; + const char *service_name = NULL; + char *p = NULL; + char *name = NULL; + int i; + + service_name = lp_parm_const_string(-1, + "winbind varlink", + "service name", + WB_VL_SERVICE_NAME); + + varlink_object_new(&record); + varlink_object_set_string(record, "service", service_name); + varlink_object_set_string(record, "groupName", gr->gr_name); + varlink_object_set_int(record, "gid", gr->gr_gid); + + if (gr->num_gr_mem > 0 && gr_members != NULL) { + varlink_array_new(&members); + for ((name = strtok_r(gr_members, ",", &p)), i = 0; + name != NULL; + name = strtok_r(NULL, ",", &p), i++) { + if (i == gr->num_gr_mem) { + break; + } + varlink_array_append_string(members, name); + } + varlink_object_set_array(record, "members", members); + } + + varlink_object_new(&out); + varlink_object_set_object(out, "record", record); + varlink_object_set_bool(out, "incomplete", false); + + varlink_call_reply(call, out, continues ? VARLINK_REPLY_CONTINUES : 0); + varlink_object_unref(out); +} + +/****************************************************************************** + * Group enumeration + *****************************************************************************/ + +struct group_enum_state { + struct tevent_context *ev_ctx; + struct winbindd_request *fake_req; + struct winbindd_cli_state *fake_cli; + VarlinkCall *call; + + struct winbindd_gr *last_gr; + char *last_members; +}; + +static int group_enum_state_destructor(struct group_enum_state *s) +{ + if (s->call != NULL) { + s->call = varlink_call_unref(s->call); + } + + return 0; +} + +static void group_enum_endgrent_done(struct tevent_req *req) +{ + struct group_enum_state *s = + tevent_req_callback_data(req, struct group_enum_state); + struct winbindd_response *response = NULL; + NTSTATUS status; + + /* winbindd_*_recv functions expect a talloc-allocated response */ + response = talloc_zero(s, struct winbindd_response); + if (response == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + status = winbindd_endgrent_recv(req, response); + TALLOC_FREE(req); + + if (NT_STATUS_IS_ERR(status)) { + DBG_ERR("winbindd_endgrent failed: %s\n", nt_errstr(status)); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + if (s->last_gr == NULL) { + varlink_call_reply_error(s->call, + WB_VL_REPLY_ERROR_NO_RECORD_FOUND, + NULL); + goto out; + } + + group_record_reply(s->call, s->last_gr, s->last_members, false); + +out: + TALLOC_FREE(s); +} + +static void group_enum_getgrent_done(struct tevent_req *req) +{ + struct group_enum_state *s = + tevent_req_callback_data(req, struct group_enum_state); + struct winbindd_response *response = NULL; + struct winbindd_gr *grs = NULL; + char *member_data = NULL; + NTSTATUS status; + uint32_t i; + + /* winbindd_*_recv functions expect a talloc-allocated response */ + response = talloc_zero(s, struct winbindd_response); + if (response == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + status = winbindd_getgrent_recv(req, response); + TALLOC_FREE(req); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) { + ZERO_STRUCTP(s->fake_req); + s->fake_req->cmd = WINBINDD_ENDGRENT; + req = winbindd_endgrent_send(s, + s->ev_ctx, + s->fake_cli, + s->fake_req); + if (req == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + tevent_req_set_callback(req, group_enum_endgrent_done, s); + return; + } else if (NT_STATUS_IS_ERR(status)) { + DBG_ERR("winbindd_getgrent failed: %s\n", nt_errstr(status)); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + if (response->data.num_entries == 0) { + varlink_call_reply_error(s->call, + WB_VL_REPLY_ERROR_NO_RECORD_FOUND, + NULL); + goto out; + } + + /* + * We got a new chunk, send the last entry from previous chunk with + * continue flag set + */ + if (s->last_gr != NULL) { + group_record_reply(s->call, s->last_gr, s->last_members, true); + } + + /* + * Send returned records except last one because we don't know if + * will be more coming and the continue flag must be set + * + * The returned winbindd_gr structs start at the beginning of the + * extra data. + */ + grs = (struct winbindd_gr *)response->extra_data.data; + + /* The memberships stats after all returned winbindd_gr structs */ + member_data = (char *)response->extra_data.data + + response->data.num_entries * sizeof(struct winbindd_gr); + + for (i = 0; i < response->data.num_entries - 1; i++) { + struct winbindd_gr *gr = &grs[i]; + char *gr_members = &member_data[gr->gr_mem_ofs]; + group_record_reply(s->call, gr, gr_members, true); + } + + s->last_gr = talloc_zero(s, struct winbindd_gr); + if (s->last_gr == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + /* Save last one */ + *s->last_gr = grs[i]; + s->last_members = + talloc_strdup(s, &member_data[s->last_gr->gr_mem_ofs]); + if (s->last_members == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + /* Get next chunk */ + TALLOC_FREE(response); + ZERO_STRUCTP(s->fake_req); + s->fake_req->cmd = WINBINDD_GETGRENT; + s->fake_req->data.num_entries = 500; + req = winbindd_getgrent_send(s, s->ev_ctx, s->fake_cli, s->fake_req); + if (req == NULL) { + DBG_ERR("No memory"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + tevent_req_set_callback(req, group_enum_getgrent_done, s); + return; +out: + TALLOC_FREE(s); +} + +static void group_enum_setgrent_done(struct tevent_req *req) +{ + struct group_enum_state *s = + tevent_req_callback_data(req, struct group_enum_state); + struct winbindd_response *response = NULL; + NTSTATUS status; + + /* winbindd_*_recv functions expect a talloc-allocated response */ + response = talloc_zero(s, struct winbindd_response); + if (response == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + status = winbindd_setgrent_recv(req, response); + TALLOC_FREE(req); + TALLOC_FREE(response); + + if (NT_STATUS_IS_ERR(status)) { + DBG_ERR("winbindd_setgrent failed: %s\n", nt_errstr(status)); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + + ZERO_STRUCTP(s->fake_req); + s->fake_req->cmd = WINBINDD_GETGRENT; + s->fake_req->data.num_entries = 500; + + req = winbindd_getgrent_send(s, s->ev_ctx, s->fake_cli, s->fake_req); + if (req == NULL) { + DBG_ERR("No memory\n"); + varlink_call_reply_error( + s->call, + WB_VL_REPLY_ERROR_SERVICE_NOT_AVAILABLE, + NULL); + goto out; + } + tevent_req_set_callback(req, group_enum_getgrent_done, s); + return; +out: + TALLOC_FREE(s); +} + +NTSTATUS wb_vl_group_enumerate(TALLOC_CTX *mem_ctx, + struct tevent_context *ev_ctx, + VarlinkCall *call, + uint64_t flags, + const char *service) +{ + struct group_enum_state *s = NULL; + struct tevent_req *req = NULL; + NTSTATUS status; + + /* Check if enumeration enabled */ + if (!lp_winbind_enum_groups()) { + varlink_call_reply_error( + call, + WB_VL_REPLY_ERROR_ENUMERATION_NOT_SUPPORTED, + NULL); + return NT_STATUS_OK; + } + + /* Check more flag is set */ + if (!(flags & VARLINK_CALL_MORE)) { + DBG_WARNING("Enum request without more flag set\n"); + return NT_STATUS_INVALID_PARAMETER; + } + + s = talloc_zero(mem_ctx, struct group_enum_state); + if (s == NULL) { + DBG_ERR("No memory\n"); + return NT_STATUS_NO_MEMORY; + } + talloc_set_destructor(s, group_enum_state_destructor); + + s->fake_cli = talloc_zero(s, struct winbindd_cli_state); + if (s->fake_cli == NULL) { + DBG_ERR("No memory\n"); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + s->fake_req = talloc_zero(s, struct winbindd_request); + if (s->fake_req == NULL) { + DBG_ERR("No memory\n"); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + s->ev_ctx = ev_ctx; + s->call = varlink_call_ref(call); + + status = wb_vl_fake_cli_state(call, service, s->fake_cli); + if (NT_STATUS_IS_ERR(status)) { + DBG_ERR("Failed to create fake winbindd_cli_state: %s\n", + nt_errstr(status)); + goto fail; + } + + s->fake_req->cmd = WINBINDD_SETGRENT; + req = winbindd_setgrent_send(s, s->ev_ctx, s->fake_cli, s->fake_req); + if (req == NULL) { + DBG_ERR("No memory\n"); + status = NT_STATUS_NO_MEMORY; + goto fail; + } + tevent_req_set_callback(req, group_enum_setgrent_done, s); + + return NT_STATUS_OK; +fail: + TALLOC_FREE(s); + return status; +} diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build index d2f2b808497..4282d122736 100644 --- a/source3/winbindd/wscript_build +++ b/source3/winbindd/wscript_build @@ -175,6 +175,7 @@ bld.SAMBA3_SUBSYSTEM('VARLINK', source=''' winbindd_varlink.c winbindd_varlink_getuserrecord.c + winbindd_varlink_getgrouprecord.c ''', deps='talloc tevent varlink', enabled=bld.env.with_systemd_userdb)