2 Unix SMB/CIFS implementation.
5 Copyright (C) Volker Lendecke 2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
21 #include "idmap_cache.h"
22 #include "../libcli/security/security.h"
23 #include "../librpc/gen_ndr/idmap.h"
24 #include "lib/gencache.h"
27 * Find a sid2xid mapping
28 * @param[in] sid the sid to map
29 * @param[out] id where to put the result
30 * @param[out] expired is the cache entry expired?
31 * @retval Was anything in the cache at all?
33 * If id->id == -1 this was a negative mapping.
36 bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
39 struct dom_sid_buf sidstr;
47 key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
48 dom_sid_str_buf(sid, &sidstr));
52 ret = gencache_get(key, talloc_tos(), &value, &timeout);
57 DEBUG(10, ("Parsing value for key [%s]: value=[%s]\n", key, value));
59 if (value[0] == '\0') {
60 DEBUG(0, ("Failed to parse value for key [%s]: "
61 "value is empty\n", key));
66 tmp_id.id = strtol(value, &endptr, 10);
68 if ((value == endptr) && (tmp_id.id == 0)) {
69 DEBUG(0, ("Failed to parse value for key [%s]: value[%s] does "
70 "not start with a number\n", key, value));
75 DEBUG(10, ("Parsing value for key [%s]: id=[%llu], endptr=[%s]\n",
76 key, (unsigned long long)tmp_id.id, endptr));
78 ret = (*endptr == ':');
82 tmp_id.type = ID_TYPE_UID;
86 tmp_id.type = ID_TYPE_GID;
90 tmp_id.type = ID_TYPE_BOTH;
94 tmp_id.type = ID_TYPE_NOT_SPECIFIED;
98 DEBUG(0, ("FAILED to parse value for key [%s] "
99 "(id=[%llu], endptr=[%s]): "
100 "no type character after colon\n",
101 key, (unsigned long long)tmp_id.id, endptr));
105 DEBUG(0, ("FAILED to parse value for key [%s] "
106 "(id=[%llu], endptr=[%s]): "
107 "illegal type character '%c'\n",
108 key, (unsigned long long)tmp_id.id, endptr,
113 if (endptr[2] != '\0') {
114 DEBUG(0, ("FAILED to parse value for key [%s] "
115 "(id=[%llu], endptr=[%s]): "
116 "more than 1 type character after colon\n",
117 key, (unsigned long long)tmp_id.id, endptr));
123 *expired = (timeout <= time(NULL));
125 DEBUG(0, ("FAILED to parse value for key [%s] (value=[%s]): "
126 "colon missing after id=[%llu]\n",
127 key, value, (unsigned long long)tmp_id.id));
137 * Find a sid2uid mapping
138 * @param[in] sid the sid to map
139 * @param[out] puid where to put the result
140 * @param[out] expired is the cache entry expired?
141 * @retval Was anything in the cache at all?
143 * If *puid == -1 this was a negative mapping.
146 bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
151 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
156 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
165 * Find a sid2gid mapping
166 * @param[in] sid the sid to map
167 * @param[out] pgid where to put the result
168 * @param[out] expired is the cache entry expired?
169 * @retval Was anything in the cache at all?
171 * If *pgid == -1 this was a negative mapping.
174 bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
179 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
184 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
192 struct idmap_cache_xid2sid_state {
198 static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
202 struct idmap_cache_xid2sid_state *state =
203 (struct idmap_cache_xid2sid_state *)private_data;
206 if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
208 * Not a string, can't be a valid mapping
214 value = (char *)blob.data;
216 if ((value[0] == '-') && (value[1] == '\0')) {
218 * Return NULL SID, see comment to uid2sid
220 *state->sid = (struct dom_sid) {0};
223 state->ret = string_to_sid(state->sid, value);
226 *state->expired = gencache_timeout_expired(timeout);
231 * Find a xid2sid mapping
232 * @param[in] id the unix id to map
233 * @param[out] sid where to put the result
234 * @param[out] expired is the cache entry expired?
235 * @retval Was anything in the cache at all?
237 * If "is_null_sid(sid)", this was a negative mapping.
239 bool idmap_cache_find_xid2sid(
240 const struct unixid *id, struct dom_sid *sid, bool *expired)
242 struct idmap_cache_xid2sid_state state = {
243 .sid = sid, .expired = expired
259 fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
261 gencache_parse(key, idmap_cache_xid2sid_parser, &state);
267 * Store a mapping in the idmap cache
268 * @param[in] sid the sid to map
269 * @param[in] unix_id the unix_id to map
271 * If both parameters are valid values, then a positive mapping in both
272 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
273 * negative mapping of xid, we want to cache that for this xid we could not
274 * find anything. Likewise if "xid==-1", then we want to cache that we did not
275 * find a mapping for the sid passed here.
278 void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
280 time_t now = time(NULL);
284 if (!is_null_sid(sid)) {
285 struct dom_sid_buf sidstr;
286 fstr_sprintf(key, "IDMAP/SID2XID/%s",
287 dom_sid_str_buf(sid, &sidstr));
288 switch (unix_id->type) {
290 fstr_sprintf(value, "%d:U", (int)unix_id->id);
293 fstr_sprintf(value, "%d:G", (int)unix_id->id);
296 fstr_sprintf(value, "%d:B", (int)unix_id->id);
298 case ID_TYPE_NOT_SPECIFIED:
299 fstr_sprintf(value, "%d:N", (int)unix_id->id);
304 timeout = (unix_id->id == -1)
305 ? lp_idmap_negative_cache_time()
306 : lp_idmap_cache_time();
307 gencache_set(key, value, now + timeout);
309 if (unix_id->id != -1) {
310 if (is_null_sid(sid)) {
311 /* negative xid mapping */
313 timeout = lp_idmap_negative_cache_time();
316 sid_to_fstring(value, sid);
317 timeout = lp_idmap_cache_time();
319 switch (unix_id->type) {
321 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
322 gencache_set(key, value, now + timeout);
323 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
324 gencache_set(key, value, now + timeout);
328 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
332 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
338 gencache_set(key, value, now + timeout);
342 static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
343 return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
346 static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
348 snprintf(str, sizeof(str), "%d", id);
349 return key_xid2sid_str(mem_ctx, t, str);
352 static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, const char* id) {
353 return talloc_asprintf(mem_ctx, "IDMAP/SID2XID/%s", id);
356 static bool idmap_cache_del_xid(char t, int xid)
358 TALLOC_CTX* mem_ctx = talloc_stackframe();
359 const char* key = key_xid2sid(mem_ctx, t, xid);
360 char* sid_str = NULL;
364 if (!gencache_get(key, mem_ctx, &sid_str, &timeout)) {
365 DEBUG(3, ("no entry: %s\n", key));
370 if (sid_str[0] != '-') {
371 const char* sid_key = key_sid2xid_str(mem_ctx, sid_str);
372 if (!gencache_del(sid_key)) {
373 DEBUG(2, ("failed to delete: %s\n", sid_key));
376 DEBUG(5, ("delete: %s\n", sid_key));
381 if (!gencache_del(key)) {
382 DEBUG(1, ("failed to delete: %s\n", key));
385 DEBUG(5, ("delete: %s\n", key));
389 talloc_free(mem_ctx);
393 bool idmap_cache_del_uid(uid_t uid) {
394 return idmap_cache_del_xid('U', uid);
397 bool idmap_cache_del_gid(gid_t gid) {
398 return idmap_cache_del_xid('G', gid);
401 bool idmap_cache_del_sid(const struct dom_sid *sid)
403 TALLOC_CTX* mem_ctx = talloc_stackframe();
407 struct dom_sid_buf sidbuf;
410 if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
418 idmap_cache_del_xid('U', id.id);
419 idmap_cache_del_xid('G', id.id);
422 idmap_cache_del_xid('U', id.id);
425 idmap_cache_del_xid('G', id.id);
432 sid_key = key_sid2xid_str(mem_ctx, dom_sid_str_buf(sid, &sidbuf));
433 if (sid_key == NULL) {
436 /* If the mapping was symmetric, then this should fail */
437 gencache_del(sid_key);
439 talloc_free(mem_ctx);