2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DBGC_CLASS DBGC_WINBIND
28 struct winbind_cache {
29 struct winbindd_methods *backend;
35 uint32 sequence_number;
40 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
42 static struct winbind_cache *wcache;
45 void wcache_flush_cache(void)
47 extern BOOL opt_nocache;
51 tdb_close(wcache->tdb);
54 if (opt_nocache) return;
56 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
57 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
60 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
64 void winbindd_check_cache_size(time_t t)
66 static time_t last_check_time;
69 if (last_check_time == (time_t)0)
72 if (t - last_check_time < 60 && t - last_check_time > 0)
75 if (wcache == NULL || wcache->tdb == NULL) {
76 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
80 if (fstat(wcache->tdb->fd, &st) == -1) {
81 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
85 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
86 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
87 (unsigned long)st.st_size,
88 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
93 /* get the winbind_cache structure */
94 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
96 extern struct winbindd_methods msrpc_methods;
97 struct winbind_cache *ret = wcache;
101 ret = smb_xmalloc(sizeof(*ret));
103 switch (lp_security()) {
106 extern struct winbindd_methods ads_methods;
107 ret->backend = &ads_methods;
112 ret->backend = &msrpc_methods;
116 wcache_flush_cache();
122 free a centry structure
124 static void centry_free(struct cache_entry *centry)
127 SAFE_FREE(centry->data);
133 pull a uint32 from a cache entry
135 static uint32 centry_uint32(struct cache_entry *centry)
138 if (centry->len - centry->ofs < 4) {
139 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
140 centry->len - centry->ofs));
141 smb_panic("centry_uint32");
143 ret = IVAL(centry->data, centry->ofs);
149 pull a uint8 from a cache entry
151 static uint8 centry_uint8(struct cache_entry *centry)
154 if (centry->len - centry->ofs < 1) {
155 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
156 centry->len - centry->ofs));
157 smb_panic("centry_uint32");
159 ret = CVAL(centry->data, centry->ofs);
164 /* pull a string from a cache entry, using the supplied
167 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
172 len = centry_uint8(centry);
175 /* a deliberate NULL string */
179 if (centry->len - centry->ofs < len) {
180 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
181 len, centry->len - centry->ofs));
182 smb_panic("centry_string");
185 ret = talloc(mem_ctx, len+1);
187 smb_panic("centry_string out of memory\n");
189 memcpy(ret,centry->data + centry->ofs, len);
195 /* pull a string from a cache entry, using the supplied
198 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
202 sid = talloc(mem_ctx, sizeof(*sid));
203 if (!sid) return NULL;
205 sid_string = centry_string(centry, mem_ctx);
206 if (!string_to_sid(sid, sid_string)) {
212 /* the server is considered down if it can't give us a sequence number */
213 static BOOL wcache_server_down(struct winbindd_domain *domain)
215 if (!wcache->tdb) return False;
216 return (domain->sequence_number == DOM_SEQUENCE_NONE);
221 refresh the domain sequence number. If force is True
222 then always refresh it, no matter how recently we fetched it
224 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
228 unsigned cache_time = lp_winbind_cache_time();
230 /* trying to reconnect is expensive, don't do it too often */
231 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
235 time_diff = time(NULL) - domain->last_seq_check;
237 /* see if we have to refetch the domain sequence number */
238 if (!force && (time_diff < cache_time)) {
242 status = wcache->backend->sequence_number(domain, &domain->sequence_number);
244 if (!NT_STATUS_IS_OK(status)) {
245 domain->sequence_number = DOM_SEQUENCE_NONE;
248 domain->last_seq_check = time(NULL);
252 decide if a cache entry has expired
254 static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *centry)
256 /* if the server is OK and our cache entry came from when it was down then
257 the entry is invalid */
258 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
259 centry->sequence_number == DOM_SEQUENCE_NONE) {
263 /* if the server is down or the cache entry is not older than the
264 current sequence number then it is OK */
265 if (wcache_server_down(domain) ||
266 centry->sequence_number == domain->sequence_number) {
275 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
276 number and return status
278 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
279 struct winbindd_domain *domain,
280 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
281 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
282 struct winbindd_domain *domain,
283 const char *format, ...)
288 struct cache_entry *centry;
291 refresh_sequence_number(domain, False);
293 va_start(ap, format);
294 smb_xvasprintf(&kstr, format, ap);
298 key.dsize = strlen(kstr);
299 data = tdb_fetch(wcache->tdb, key);
306 centry = smb_xmalloc(sizeof(*centry));
307 centry->data = data.dptr;
308 centry->len = data.dsize;
311 if (centry->len < 8) {
312 /* huh? corrupt cache? */
317 centry->status = NT_STATUS(centry_uint32(centry));
318 centry->sequence_number = centry_uint32(centry);
320 if (centry_expired(domain, centry)) {
321 extern BOOL opt_dual_daemon;
323 if (opt_dual_daemon) {
324 extern BOOL background_process;
325 background_process = True;
336 make sure we have at least len bytes available in a centry
338 static void centry_expand(struct cache_entry *centry, uint32 len)
341 if (centry->len - centry->ofs >= len) return;
343 p = realloc(centry->data, centry->len);
345 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
346 smb_panic("out of memory in centry_expand");
352 push a uint32 into a centry
354 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
356 centry_expand(centry, 4);
357 SIVAL(centry->data, centry->ofs, v);
362 push a uint8 into a centry
364 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
366 centry_expand(centry, 1);
367 SCVAL(centry->data, centry->ofs, v);
372 push a string into a centry
374 static void centry_put_string(struct cache_entry *centry, const char *s)
379 /* null strings are marked as len 0xFFFF */
380 centry_put_uint8(centry, 0xFF);
385 /* can't handle more than 254 char strings. Truncating is probably best */
386 if (len > 254) len = 254;
387 centry_put_uint8(centry, len);
388 centry_expand(centry, len);
389 memcpy(centry->data + centry->ofs, s, len);
393 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
396 centry_put_string(centry, sid_to_string(sid_string, sid));
400 start a centry for output. When finished, call centry_end()
402 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
404 struct cache_entry *centry;
406 if (!wcache->tdb) return NULL;
408 centry = smb_xmalloc(sizeof(*centry));
410 centry->len = 8192; /* reasonable default */
411 centry->data = smb_xmalloc(centry->len);
413 centry->sequence_number = domain->sequence_number;
414 centry_put_uint32(centry, NT_STATUS_V(status));
415 centry_put_uint32(centry, centry->sequence_number);
420 finish a centry and write it to the tdb
422 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
423 static void centry_end(struct cache_entry *centry, const char *format, ...)
429 va_start(ap, format);
430 smb_xvasprintf(&kstr, format, ap);
434 key.dsize = strlen(kstr);
435 data.dptr = centry->data;
436 data.dsize = centry->ofs;
438 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
442 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
444 const char *name, DOM_SID *sid,
445 enum SID_NAME_USE type)
447 struct cache_entry *centry;
451 centry = centry_start(domain, status);
453 centry_put_sid(centry, sid);
454 fstrcpy(uname, name);
456 centry_end(centry, "NS/%s", sid_to_string(sid_string, sid));
460 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
461 DOM_SID *sid, const char *name, enum SID_NAME_USE type)
463 struct cache_entry *centry;
466 centry = centry_start(domain, status);
468 if (NT_STATUS_IS_OK(status)) {
469 centry_put_uint32(centry, type);
470 centry_put_string(centry, name);
472 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
477 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
479 struct cache_entry *centry;
482 centry = centry_start(domain, status);
484 centry_put_string(centry, info->acct_name);
485 centry_put_string(centry, info->full_name);
486 centry_put_sid(centry, info->user_sid);
487 centry_put_sid(centry, info->group_sid);
488 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
493 /* Query display info. This is the basic user list fn */
494 static NTSTATUS query_user_list(struct winbindd_domain *domain,
497 WINBIND_USERINFO **info)
499 struct winbind_cache *cache = get_cache(domain);
500 struct cache_entry *centry = NULL;
504 if (!cache->tdb) goto do_query;
506 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
507 if (!centry) goto do_query;
509 *num_entries = centry_uint32(centry);
511 if (*num_entries == 0) goto do_cached;
513 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
514 if (! (*info)) smb_panic("query_user_list out of memory");
515 for (i=0; i<(*num_entries); i++) {
516 (*info)[i].acct_name = centry_string(centry, mem_ctx);
517 (*info)[i].full_name = centry_string(centry, mem_ctx);
518 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
519 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
523 status = centry->status;
531 if (wcache_server_down(domain)) {
532 return NT_STATUS_SERVER_DISABLED;
535 status = cache->backend->query_user_list(domain, mem_ctx, num_entries, info);
538 refresh_sequence_number(domain, True);
539 centry = centry_start(domain, status);
540 if (!centry) goto skip_save;
541 centry_put_uint32(centry, *num_entries);
542 for (i=0; i<(*num_entries); i++) {
543 centry_put_string(centry, (*info)[i].acct_name);
544 centry_put_string(centry, (*info)[i].full_name);
545 centry_put_sid(centry, (*info)[i].user_sid);
546 centry_put_sid(centry, (*info)[i].group_sid);
547 if (cache->backend->consistent) {
548 /* when the backend is consistent we can pre-prime some mappings */
549 wcache_save_name_to_sid(domain, NT_STATUS_OK,
550 (*info)[i].acct_name,
553 wcache_save_sid_to_name(domain, NT_STATUS_OK,
555 (*info)[i].acct_name,
557 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
560 centry_end(centry, "UL/%s", domain->name);
567 /* list all domain groups */
568 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
571 struct acct_info **info)
573 struct winbind_cache *cache = get_cache(domain);
574 struct cache_entry *centry = NULL;
578 if (!cache->tdb) goto do_query;
580 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
581 if (!centry) goto do_query;
583 *num_entries = centry_uint32(centry);
585 if (*num_entries == 0) goto do_cached;
587 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
588 if (! (*info)) smb_panic("enum_dom_groups out of memory");
589 for (i=0; i<(*num_entries); i++) {
590 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
591 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
592 (*info)[i].rid = centry_uint32(centry);
596 status = centry->status;
604 if (wcache_server_down(domain)) {
605 return NT_STATUS_SERVER_DISABLED;
608 status = cache->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
611 refresh_sequence_number(domain, True);
612 centry = centry_start(domain, status);
613 if (!centry) goto skip_save;
614 centry_put_uint32(centry, *num_entries);
615 for (i=0; i<(*num_entries); i++) {
616 centry_put_string(centry, (*info)[i].acct_name);
617 centry_put_string(centry, (*info)[i].acct_desc);
618 centry_put_uint32(centry, (*info)[i].rid);
620 centry_end(centry, "GL/%s/domain", domain->name);
627 /* list all domain groups */
628 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
631 struct acct_info **info)
633 struct winbind_cache *cache = get_cache(domain);
634 struct cache_entry *centry = NULL;
638 if (!cache->tdb) goto do_query;
640 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
641 if (!centry) goto do_query;
643 *num_entries = centry_uint32(centry);
645 if (*num_entries == 0) goto do_cached;
647 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
648 if (! (*info)) smb_panic("enum_dom_groups out of memory");
649 for (i=0; i<(*num_entries); i++) {
650 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
651 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
652 (*info)[i].rid = centry_uint32(centry);
657 /* If we are returning cached data and the domain controller
658 is down then we don't know whether the data is up to date
659 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
662 if (wcache_server_down(domain)) {
663 DEBUG(10, ("query_user_list: returning cached user list and server was down\n"));
664 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
666 status = centry->status;
675 if (wcache_server_down(domain)) {
676 return NT_STATUS_SERVER_DISABLED;
679 status = cache->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
682 refresh_sequence_number(domain, True);
683 centry = centry_start(domain, status);
684 if (!centry) goto skip_save;
685 centry_put_uint32(centry, *num_entries);
686 for (i=0; i<(*num_entries); i++) {
687 centry_put_string(centry, (*info)[i].acct_name);
688 centry_put_string(centry, (*info)[i].acct_desc);
689 centry_put_uint32(centry, (*info)[i].rid);
691 centry_end(centry, "GL/%s/local", domain->name);
698 /* convert a single name to a sid in a domain */
699 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
703 enum SID_NAME_USE *type)
705 struct winbind_cache *cache = get_cache(domain);
706 struct cache_entry *centry = NULL;
711 if (!cache->tdb) goto do_query;
713 fstrcpy(uname, name);
715 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
716 if (!centry) goto do_query;
717 *type = centry_uint32(centry);
718 sid2 = centry_sid(centry, mem_ctx);
725 status = centry->status;
732 if (wcache_server_down(domain)) {
733 return NT_STATUS_SERVER_DISABLED;
735 status = cache->backend->name_to_sid(domain, mem_ctx, name, sid, type);
738 wcache_save_name_to_sid(domain, status, name, sid, *type);
740 /* We can't save the sid to name mapping as we don't know the
741 correct case of the name without looking it up */
746 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
748 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
752 enum SID_NAME_USE *type)
754 struct winbind_cache *cache = get_cache(domain);
755 struct cache_entry *centry = NULL;
759 if (!cache->tdb) goto do_query;
761 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
762 if (!centry) goto do_query;
763 if (NT_STATUS_IS_OK(centry->status)) {
764 *type = centry_uint32(centry);
765 *name = centry_string(centry, mem_ctx);
767 status = centry->status;
774 if (wcache_server_down(domain)) {
775 return NT_STATUS_SERVER_DISABLED;
777 status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type);
780 refresh_sequence_number(domain, True);
781 wcache_save_sid_to_name(domain, status, sid, *name, *type);
782 wcache_save_name_to_sid(domain, status, *name, sid, *type);
788 /* Lookup user information from a rid */
789 static NTSTATUS query_user(struct winbindd_domain *domain,
792 WINBIND_USERINFO *info)
794 struct winbind_cache *cache = get_cache(domain);
795 struct cache_entry *centry = NULL;
799 if (!cache->tdb) goto do_query;
801 centry = wcache_fetch(cache, domain, "U/%s", sid_to_string(sid_string, user_sid));
802 if (!centry) goto do_query;
804 info->acct_name = centry_string(centry, mem_ctx);
805 info->full_name = centry_string(centry, mem_ctx);
806 info->user_sid = centry_sid(centry, mem_ctx);
807 info->group_sid = centry_sid(centry, mem_ctx);
808 status = centry->status;
815 if (wcache_server_down(domain)) {
816 return NT_STATUS_SERVER_DISABLED;
819 status = cache->backend->query_user(domain, mem_ctx, user_sid, info);
822 refresh_sequence_number(domain, True);
823 wcache_save_user(domain, status, info);
829 /* Lookup groups a user is a member of. */
830 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
833 uint32 *num_groups, DOM_SID ***user_gids)
835 struct winbind_cache *cache = get_cache(domain);
836 struct cache_entry *centry = NULL;
841 if (!cache->tdb) goto do_query;
843 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
844 if (!centry) goto do_query;
846 *num_groups = centry_uint32(centry);
848 if (*num_groups == 0) goto do_cached;
850 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
851 if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
852 for (i=0; i<(*num_groups); i++) {
853 (*user_gids)[i] = centry_sid(centry, mem_ctx);
857 status = centry->status;
865 if (wcache_server_down(domain)) {
866 return NT_STATUS_SERVER_DISABLED;
868 status = cache->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
871 refresh_sequence_number(domain, True);
872 centry = centry_start(domain, status);
873 if (!centry) goto skip_save;
874 centry_put_uint32(centry, *num_groups);
875 for (i=0; i<(*num_groups); i++) {
876 centry_put_sid(centry, (*user_gids)[i]);
878 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
886 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
888 DOM_SID *group_sid, uint32 *num_names,
889 DOM_SID ***sid_mem, char ***names,
892 struct winbind_cache *cache = get_cache(domain);
893 struct cache_entry *centry = NULL;
898 if (!cache->tdb) goto do_query;
900 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
901 if (!centry) goto do_query;
903 *num_names = centry_uint32(centry);
905 if (*num_names == 0) goto do_cached;
907 (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
908 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
909 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
911 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
912 smb_panic("lookup_groupmem out of memory");
915 for (i=0; i<(*num_names); i++) {
916 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
917 (*names)[i] = centry_string(centry, mem_ctx);
918 (*name_types)[i] = centry_uint32(centry);
922 status = centry->status;
930 (*name_types) = NULL;
933 if (wcache_server_down(domain)) {
934 return NT_STATUS_SERVER_DISABLED;
936 status = cache->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
937 sid_mem, names, name_types);
940 refresh_sequence_number(domain, True);
941 centry = centry_start(domain, status);
942 if (!centry) goto skip_save;
943 centry_put_uint32(centry, *num_names);
944 for (i=0; i<(*num_names); i++) {
945 centry_put_sid(centry, (*sid_mem)[i]);
946 centry_put_string(centry, (*names)[i]);
947 centry_put_uint32(centry, (*name_types)[i]);
949 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
956 /* find the sequence number for a domain */
957 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
959 refresh_sequence_number(domain, False);
961 *seq = domain->sequence_number;
966 /* enumerate trusted domains */
967 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
974 struct winbind_cache *cache = get_cache(domain);
976 /* we don't cache this call */
977 return cache->backend->trusted_domains(domain, mem_ctx, num_domains,
978 names, alt_names, dom_sids);
981 /* find the domain sid */
982 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
984 struct winbind_cache *cache = get_cache(domain);
986 /* we don't cache this call */
987 return cache->backend->domain_sid(domain, sid);
990 /* find the alternate names for the domain, if any */
991 static NTSTATUS alternate_name(struct winbindd_domain *domain)
993 struct winbind_cache *cache = get_cache(domain);
995 /* we don't cache this call */
996 return cache->backend->alternate_name(domain);
999 /* the ADS backend methods are exposed via this structure */
1000 struct winbindd_methods cache_methods = {