2 Unix SMB/Netbios implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 struct winbind_cache {
26 struct winbindd_methods *backend;
32 uint32 sequence_number;
37 static struct winbind_cache *wcache;
40 void wcache_flush_cache(void)
42 extern BOOL opt_nocache;
46 tdb_close(wcache->tdb);
49 if (opt_nocache) return;
51 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
52 TDB_NOLOCK, O_RDWR | O_CREAT | O_TRUNC, 0600);
55 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
59 /* get the winbind_cache structure */
60 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
62 extern struct winbindd_methods msrpc_methods;
63 struct winbind_cache *ret = wcache;
67 ret = smb_xmalloc(sizeof(*ret));
69 switch (lp_security()) {
72 extern struct winbindd_methods ads_methods;
73 ret->backend = &ads_methods;
78 ret->backend = &msrpc_methods;
88 free a centry structure
90 static void centry_free(struct cache_entry *centry)
93 SAFE_FREE(centry->data);
99 pull a uint32 from a cache entry
101 static uint32 centry_uint32(struct cache_entry *centry)
104 if (centry->len - centry->ofs < 4) {
105 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
106 centry->len - centry->ofs));
107 smb_panic("centry_uint32");
109 ret = IVAL(centry->data, centry->ofs);
115 pull a uint8 from a cache entry
117 static uint8 centry_uint8(struct cache_entry *centry)
120 if (centry->len - centry->ofs < 1) {
121 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
122 centry->len - centry->ofs));
123 smb_panic("centry_uint32");
125 ret = CVAL(centry->data, centry->ofs);
130 /* pull a string from a cache entry, using the supplied
133 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
138 len = centry_uint8(centry);
141 /* a deliberate NULL string */
145 if (centry->len - centry->ofs < len) {
146 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
147 len, centry->len - centry->ofs));
148 smb_panic("centry_string");
151 ret = talloc(mem_ctx, len+1);
153 smb_panic("centry_string out of memory\n");
155 memcpy(ret,centry->data + centry->ofs, len);
161 /* the server is considered down if it can't give us a sequence number */
162 static BOOL wcache_server_down(struct winbindd_domain *domain)
164 if (!wcache->tdb) return False;
165 return (domain->sequence_number == DOM_SEQUENCE_NONE);
170 refresh the domain sequence number. If force is True
171 then always refresh it, no matter how recently we fetched it
173 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
177 /* see if we have to refetch the domain sequence number */
178 if (!force && (time(NULL) - domain->last_seq_check < lp_winbind_cache_time())) {
182 status = wcache->backend->sequence_number(domain, &domain->sequence_number);
184 if (!NT_STATUS_IS_OK(status)) {
185 domain->sequence_number = DOM_SEQUENCE_NONE;
188 domain->last_seq_check = time(NULL);
192 decide if a cache entry has expired
194 static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *centry)
196 /* if the server is OK and our cache entry came from when it was down then
197 the entry is invalid */
198 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
199 centry->sequence_number == DOM_SEQUENCE_NONE) {
203 /* if the server is down or the cache entry is not older than the
204 current sequence number then it is OK */
205 if (wcache_server_down(domain) ||
206 centry->sequence_number >= domain->sequence_number) {
215 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
216 number and return status
218 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
219 struct winbindd_domain *domain,
220 const char *format, ...)
225 struct cache_entry *centry;
228 refresh_sequence_number(domain, False);
230 va_start(ap, format);
231 smb_xvasprintf(&kstr, format, ap);
235 key.dsize = strlen(kstr);
236 data = tdb_fetch(wcache->tdb, key);
243 centry = smb_xmalloc(sizeof(*centry));
244 centry->data = data.dptr;
245 centry->len = data.dsize;
248 if (centry->len < 8) {
249 /* huh? corrupt cache? */
254 centry->status = NT_STATUS(centry_uint32(centry));
255 centry->sequence_number = centry_uint32(centry);
257 if (centry_expired(domain, centry)) {
266 make sure we have at least len bytes available in a centry
268 static void centry_expand(struct cache_entry *centry, uint32 len)
271 if (centry->len - centry->ofs >= len) return;
273 p = realloc(centry->data, centry->len);
275 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
276 smb_panic("out of memory in centry_expand");
282 push a uint32 into a centry
284 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
286 centry_expand(centry, 4);
287 SIVAL(centry->data, centry->ofs, v);
292 push a uint8 into a centry
294 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
296 centry_expand(centry, 1);
297 SCVAL(centry->data, centry->ofs, v);
302 push a string into a centry
304 static void centry_put_string(struct cache_entry *centry, const char *s)
309 /* null strings are marked as len 0xFFFF */
310 centry_put_uint8(centry, 0xFF);
315 /* can't handle more than 254 char strings. Truncating is probably best */
316 if (len > 254) len = 254;
317 centry_put_uint8(centry, len);
318 centry_expand(centry, len);
319 memcpy(centry->data + centry->ofs, s, len);
324 start a centry for output. When finished, call centry_end()
326 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
328 struct cache_entry *centry;
330 if (!wcache->tdb) return NULL;
332 centry = smb_xmalloc(sizeof(*centry));
334 centry->len = 8192; /* reasonable default */
335 centry->data = smb_xmalloc(centry->len);
337 centry->sequence_number = domain->sequence_number;
338 centry_put_uint32(centry, NT_STATUS_V(status));
339 centry_put_uint32(centry, centry->sequence_number);
344 finish a centry and write it to the tdb
346 static void centry_end(struct cache_entry *centry, const char *format, ...)
352 va_start(ap, format);
353 smb_xvasprintf(&kstr, format, ap);
357 key.dsize = strlen(kstr);
358 data.dptr = centry->data;
359 data.dsize = centry->ofs;
361 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
365 /* form a name with the domain part stuck on the front */
366 static char *prepend_domain(struct winbindd_domain *domain, const char *name)
369 snprintf(s, sizeof(s), "%s%s%s", domain->name, lp_winbind_separator(), name);
373 /* form a sid from the domain plus rid */
374 static DOM_SID *form_sid(struct winbindd_domain *domain, uint32 rid)
377 sid_copy(&sid, &domain->sid);
378 sid_append_rid(&sid, rid);
382 static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS status,
383 const char *name, DOM_SID *sid, enum SID_NAME_USE type)
385 struct cache_entry *centry;
388 centry = centry_start(domain, status);
391 centry_expand(centry, len);
392 centry_put_uint32(centry, type);
393 sid_linearize(centry->data + centry->ofs, len, sid);
395 centry_end(centry, "NS/%s/%s", domain->name, name);
399 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
400 DOM_SID *sid, const char *name, enum SID_NAME_USE type, uint32 rid)
402 struct cache_entry *centry;
404 centry = centry_start(domain, status);
406 if (NT_STATUS_IS_OK(status)) {
407 centry_put_uint32(centry, type);
408 centry_put_string(centry, name);
410 centry_end(centry, "SN/%s/%d", domain->name, rid);
415 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
417 struct cache_entry *centry;
419 centry = centry_start(domain, status);
421 centry_put_string(centry, info->acct_name);
422 centry_put_string(centry, info->full_name);
423 centry_put_uint32(centry, info->user_rid);
424 centry_put_uint32(centry, info->group_rid);
425 centry_end(centry, "U/%s/%x", domain->name, info->user_rid);
430 /* Query display info. This is the basic user list fn */
431 static NTSTATUS query_user_list(struct winbindd_domain *domain,
433 uint32 *start_ndx, uint32 *num_entries,
434 WINBIND_USERINFO **info)
436 struct winbind_cache *cache = get_cache(domain);
437 struct cache_entry *centry = NULL;
441 if (!cache->tdb) goto do_query;
443 centry = wcache_fetch(cache, domain, "UL/%s/%d", domain->name, *start_ndx);
444 if (!centry) goto do_query;
446 *num_entries = centry_uint32(centry);
448 if (*num_entries == 0) goto do_cached;
450 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
451 if (! (*info)) smb_panic("query_user_list out of memory");
452 for (i=0; i<(*num_entries); i++) {
453 (*info)[i].acct_name = centry_string(centry, mem_ctx);
454 (*info)[i].full_name = centry_string(centry, mem_ctx);
455 (*info)[i].user_rid = centry_uint32(centry);
456 (*info)[i].group_rid = centry_uint32(centry);
460 status = centry->status;
465 if (wcache_server_down(domain)) {
467 return NT_STATUS_SERVER_DISABLED;
470 status = cache->backend->query_user_list(domain, mem_ctx, start_ndx, num_entries, info);
473 refresh_sequence_number(domain, True);
474 centry = centry_start(domain, status);
475 if (!centry) goto skip_save;
476 centry_put_uint32(centry, *num_entries);
477 for (i=0; i<(*num_entries); i++) {
478 centry_put_string(centry, (*info)[i].acct_name);
479 centry_put_string(centry, (*info)[i].full_name);
480 centry_put_uint32(centry, (*info)[i].user_rid);
481 centry_put_uint32(centry, (*info)[i].group_rid);
482 if (cache->backend->consistent) {
483 /* when the backend is consistent we can pre-prime some mappings */
484 wcache_save_name_to_sid(domain, NT_STATUS_OK,
485 prepend_domain(domain, (*info)[i].acct_name),
486 form_sid(domain, (*info)[i].user_rid),
488 wcache_save_sid_to_name(domain, NT_STATUS_OK,
489 form_sid(domain, (*info)[i].user_rid),
490 prepend_domain(domain, (*info)[i].acct_name),
491 SID_NAME_USER, (*info)[i].user_rid);
492 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
495 centry_end(centry, "UL/%s/%d", domain->name, *start_ndx);
502 /* list all domain groups */
503 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
505 uint32 *start_ndx, uint32 *num_entries,
506 struct acct_info **info)
508 struct winbind_cache *cache = get_cache(domain);
509 struct cache_entry *centry = NULL;
513 if (!cache->tdb) goto do_query;
515 centry = wcache_fetch(cache, domain, "GL/%s/%d", domain->name, *start_ndx);
516 if (!centry) goto do_query;
518 *num_entries = centry_uint32(centry);
520 if (*num_entries == 0) goto do_cached;
522 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
523 if (! (*info)) smb_panic("enum_dom_groups out of memory");
524 for (i=0; i<(*num_entries); i++) {
525 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
526 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
527 (*info)[i].rid = centry_uint32(centry);
531 status = centry->status;
536 if (wcache_server_down(domain)) {
538 return NT_STATUS_SERVER_DISABLED;
541 status = cache->backend->enum_dom_groups(domain, mem_ctx, start_ndx, num_entries, info);
544 refresh_sequence_number(domain, True);
545 centry = centry_start(domain, status);
546 if (!centry) goto skip_save;
547 centry_put_uint32(centry, *num_entries);
548 for (i=0; i<(*num_entries); i++) {
549 centry_put_string(centry, (*info)[i].acct_name);
550 centry_put_string(centry, (*info)[i].acct_desc);
551 centry_put_uint32(centry, (*info)[i].rid);
553 centry_end(centry, "GL/%s/%d", domain->name, *start_ndx);
561 /* convert a single name to a sid in a domain */
562 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
565 enum SID_NAME_USE *type)
567 struct winbind_cache *cache = get_cache(domain);
568 struct cache_entry *centry = NULL;
571 if (!cache->tdb) goto do_query;
573 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, name);
574 if (!centry) goto do_query;
575 *type = centry_uint32(centry);
576 sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid);
578 status = centry->status;
583 if (wcache_server_down(domain)) {
584 return NT_STATUS_SERVER_DISABLED;
586 status = cache->backend->name_to_sid(domain, name, sid, type);
589 wcache_save_name_to_sid(domain, status, name, sid, *type);
594 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
596 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
600 enum SID_NAME_USE *type)
602 struct winbind_cache *cache = get_cache(domain);
603 struct cache_entry *centry = NULL;
607 sid_peek_rid(sid, &rid);
609 if (!cache->tdb) goto do_query;
611 centry = wcache_fetch(cache, domain, "SN/%s/%d", domain->name, rid);
612 if (!centry) goto do_query;
613 if (NT_STATUS_IS_OK(centry->status)) {
614 *type = centry_uint32(centry);
615 *name = centry_string(centry, mem_ctx);
617 status = centry->status;
622 if (wcache_server_down(domain)) {
623 return NT_STATUS_SERVER_DISABLED;
625 status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type);
628 refresh_sequence_number(domain, True);
629 wcache_save_sid_to_name(domain, status, sid, *name, *type, rid);
635 /* Lookup user information from a rid */
636 static NTSTATUS query_user(struct winbindd_domain *domain,
639 WINBIND_USERINFO *info)
641 struct winbind_cache *cache = get_cache(domain);
642 struct cache_entry *centry = NULL;
645 if (!cache->tdb) goto do_query;
647 centry = wcache_fetch(cache, domain, "U/%s/%x", domain->name, user_rid);
648 if (!centry) goto do_query;
650 info->acct_name = centry_string(centry, mem_ctx);
651 info->full_name = centry_string(centry, mem_ctx);
652 info->user_rid = centry_uint32(centry);
653 info->group_rid = centry_uint32(centry);
654 status = centry->status;
659 if (wcache_server_down(domain)) {
660 return NT_STATUS_SERVER_DISABLED;
662 status = cache->backend->query_user(domain, mem_ctx, user_rid, info);
665 refresh_sequence_number(domain, True);
666 wcache_save_user(domain, status, info);
672 /* Lookup groups a user is a member of. */
673 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
676 uint32 *num_groups, uint32 **user_gids)
678 struct winbind_cache *cache = get_cache(domain);
679 struct cache_entry *centry = NULL;
683 if (!cache->tdb) goto do_query;
685 centry = wcache_fetch(cache, domain, "UG/%s/%x", domain->name, user_rid);
686 if (!centry) goto do_query;
688 *num_groups = centry_uint32(centry);
690 if (*num_groups == 0) goto do_cached;
692 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
693 if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
694 for (i=0; i<(*num_groups); i++) {
695 (*user_gids)[i] = centry_uint32(centry);
699 status = centry->status;
704 if (wcache_server_down(domain)) {
706 return NT_STATUS_SERVER_DISABLED;
708 status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_groups, user_gids);
711 refresh_sequence_number(domain, True);
712 centry = centry_start(domain, status);
713 if (!centry) goto skip_save;
714 centry_put_uint32(centry, *num_groups);
715 for (i=0; i<(*num_groups); i++) {
716 centry_put_uint32(centry, (*user_gids)[i]);
718 centry_end(centry, "UG/%s/%x", domain->name, user_rid);
726 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
728 uint32 group_rid, uint32 *num_names,
729 uint32 **rid_mem, char ***names,
732 struct winbind_cache *cache = get_cache(domain);
733 struct cache_entry *centry = NULL;
737 if (!cache->tdb) goto do_query;
739 centry = wcache_fetch(cache, domain, "GM/%s/%x", domain->name, group_rid);
740 if (!centry) goto do_query;
742 *num_names = centry_uint32(centry);
744 if (*num_names == 0) goto do_cached;
746 (*rid_mem) = talloc(mem_ctx, sizeof(**rid_mem) * (*num_names));
747 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
748 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
750 if (! (*rid_mem) || ! (*names) || ! (*name_types)) {
751 smb_panic("lookup_groupmem out of memory");
754 for (i=0; i<(*num_names); i++) {
755 (*rid_mem)[i] = centry_uint32(centry);
756 (*names)[i] = centry_string(centry, mem_ctx);
757 (*name_types)[i] = centry_uint32(centry);
761 status = centry->status;
766 if (wcache_server_down(domain)) {
768 return NT_STATUS_SERVER_DISABLED;
770 status = cache->backend->lookup_groupmem(domain, mem_ctx, group_rid, num_names,
771 rid_mem, names, name_types);
774 refresh_sequence_number(domain, True);
775 centry = centry_start(domain, status);
776 if (!centry) goto skip_save;
777 centry_put_uint32(centry, *num_names);
778 for (i=0; i<(*num_names); i++) {
779 centry_put_uint32(centry, (*rid_mem)[i]);
780 centry_put_string(centry, (*names)[i]);
781 centry_put_uint32(centry, (*name_types)[i]);
783 centry_end(centry, "GM/%s/%x", domain->name, group_rid);
790 /* find the sequence number for a domain */
791 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
793 refresh_sequence_number(domain, False);
795 *seq = domain->sequence_number;
800 /* enumerate trusted domains */
801 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
807 struct winbind_cache *cache = get_cache(domain);
809 /* we don't cache this call */
810 return cache->backend->trusted_domains(domain, mem_ctx, num_domains,
814 /* find the domain sid */
815 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
817 struct winbind_cache *cache = get_cache(domain);
819 /* we don't cache this call */
820 return cache->backend->domain_sid(domain, sid);
823 /* the ADS backend methods are exposed via this structure */
824 struct winbindd_methods cache_methods = {