2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
8 Copyright (C) Volker Lendecke 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
30 #define DBGC_CLASS DBGC_WINBIND
32 struct winbind_cache {
38 uint32 sequence_number;
43 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
45 static struct winbind_cache *wcache;
48 void wcache_flush_cache(void)
50 extern BOOL opt_nocache;
55 tdb_close(wcache->tdb);
61 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
62 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
65 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
67 DEBUG(10,("wcache_flush_cache success\n"));
70 void winbindd_check_cache_size(time_t t)
72 static time_t last_check_time;
75 if (last_check_time == (time_t)0)
78 if (t - last_check_time < 60 && t - last_check_time > 0)
81 if (wcache == NULL || wcache->tdb == NULL) {
82 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
86 if (fstat(wcache->tdb->fd, &st) == -1) {
87 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
91 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
92 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
93 (unsigned long)st.st_size,
94 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
99 /* get the winbind_cache structure */
100 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
102 struct winbind_cache *ret = wcache;
104 if (!domain->backend) {
105 extern struct winbindd_methods reconnect_methods;
106 switch (lp_security()) {
109 extern struct winbindd_methods ads_methods;
110 /* always obey the lp_security parameter for our domain */
111 if (domain->primary) {
112 domain->backend = &ads_methods;
116 /* only use ADS for native modes at the momment.
117 The problem is the correct detection of mixed
118 mode domains from NT4 BDC's --jerry */
120 if ( domain->native_mode ) {
121 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n",
123 domain->backend = &ads_methods;
131 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n",
133 domain->backend = &reconnect_methods;
140 ret = SMB_XMALLOC_P(struct winbind_cache);
144 wcache_flush_cache();
150 free a centry structure
152 static void centry_free(struct cache_entry *centry)
156 SAFE_FREE(centry->data);
161 pull a uint32 from a cache entry
163 static uint32 centry_uint32(struct cache_entry *centry)
166 if (centry->len - centry->ofs < 4) {
167 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
168 centry->len - centry->ofs));
169 smb_panic("centry_uint32");
171 ret = IVAL(centry->data, centry->ofs);
177 pull a uint8 from a cache entry
179 static uint8 centry_uint8(struct cache_entry *centry)
182 if (centry->len - centry->ofs < 1) {
183 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
184 centry->len - centry->ofs));
185 smb_panic("centry_uint32");
187 ret = CVAL(centry->data, centry->ofs);
192 /* pull a string from a cache entry, using the supplied
195 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
200 len = centry_uint8(centry);
203 /* a deliberate NULL string */
207 if (centry->len - centry->ofs < len) {
208 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
209 len, centry->len - centry->ofs));
210 smb_panic("centry_string");
214 ret = TALLOC(mem_ctx, len+1);
216 ret = SMB_MALLOC(len+1);
218 smb_panic("centry_string out of memory\n");
220 memcpy(ret,centry->data + centry->ofs, len);
226 /* pull a string from a cache entry, using the supplied
229 static BOOL centry_sid(struct cache_entry *centry, DOM_SID *sid)
232 sid_string = centry_string(centry, NULL);
233 if (!string_to_sid(sid, sid_string)) {
236 SAFE_FREE(sid_string);
240 /* the server is considered down if it can't give us a sequence number */
241 static BOOL wcache_server_down(struct winbindd_domain *domain)
248 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
251 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
256 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
263 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
264 return NT_STATUS_UNSUCCESSFUL;
267 fstr_sprintf( key, "SEQNUM/%s", domain->name );
269 data = tdb_fetch_bystring( wcache->tdb, key );
270 if ( !data.dptr || data.dsize!=8 ) {
271 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
272 return NT_STATUS_UNSUCCESSFUL;
275 domain->sequence_number = IVAL(data.dptr, 0);
276 domain->last_seq_check = IVAL(data.dptr, 4);
278 SAFE_FREE(data.dptr);
280 /* have we expired? */
282 time_diff = now - domain->last_seq_check;
283 if ( time_diff > lp_winbind_cache_time() ) {
284 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
285 domain->name, domain->sequence_number,
286 (uint32)domain->last_seq_check));
287 return NT_STATUS_UNSUCCESSFUL;
290 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
291 domain->name, domain->sequence_number,
292 (uint32)domain->last_seq_check));
297 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
304 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
305 return NT_STATUS_UNSUCCESSFUL;
308 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
310 key.dsize = strlen(key_str)+1;
312 SIVAL(buf, 0, domain->sequence_number);
313 SIVAL(buf, 4, domain->last_seq_check);
317 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
318 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
319 return NT_STATUS_UNSUCCESSFUL;
322 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
323 domain->name, domain->sequence_number,
324 (uint32)domain->last_seq_check));
330 refresh the domain sequence number. If force is True
331 then always refresh it, no matter how recently we fetched it
334 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
338 time_t t = time(NULL);
339 unsigned cache_time = lp_winbind_cache_time();
343 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
344 /* trying to reconnect is expensive, don't do it too often */
345 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
350 time_diff = t - domain->last_seq_check;
352 /* see if we have to refetch the domain sequence number */
353 if (!force && (time_diff < cache_time)) {
354 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
358 /* try to get the sequence number from the tdb cache first */
359 /* this will update the timestamp as well */
361 status = fetch_cache_seqnum( domain, t );
362 if ( NT_STATUS_IS_OK(status) )
365 /* important! make sure that we know if this is a native
366 mode domain or not */
368 if ( !domain->initialized )
369 set_dc_type_and_flags( domain );
371 status = domain->backend->sequence_number(domain, &domain->sequence_number);
373 if (!NT_STATUS_IS_OK(status)) {
374 domain->sequence_number = DOM_SEQUENCE_NONE;
377 domain->last_status = status;
378 domain->last_seq_check = time(NULL);
380 /* save the new sequence number ni the cache */
381 store_cache_seqnum( domain );
384 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
385 domain->name, domain->sequence_number));
391 decide if a cache entry has expired
393 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
395 /* if the server is OK and our cache entry came from when it was down then
396 the entry is invalid */
397 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
398 centry->sequence_number == DOM_SEQUENCE_NONE) {
399 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
400 keystr, domain->name ));
404 /* if the server is down or the cache entry is not older than the
405 current sequence number then it is OK */
406 if (wcache_server_down(domain) ||
407 centry->sequence_number == domain->sequence_number) {
408 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
409 keystr, domain->name ));
413 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
414 keystr, domain->name ));
421 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
422 number and return status
424 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
425 struct winbindd_domain *domain,
426 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
427 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
428 struct winbindd_domain *domain,
429 const char *format, ...)
434 struct cache_entry *centry;
437 refresh_sequence_number(domain, False);
439 va_start(ap, format);
440 smb_xvasprintf(&kstr, format, ap);
444 key.dsize = strlen(kstr);
445 data = tdb_fetch(wcache->tdb, key);
452 centry = SMB_XMALLOC_P(struct cache_entry);
453 centry->data = (unsigned char *)data.dptr;
454 centry->len = data.dsize;
457 if (centry->len < 8) {
458 /* huh? corrupt cache? */
459 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
460 kstr, domain->name ));
466 centry->status = NT_STATUS(centry_uint32(centry));
467 centry->sequence_number = centry_uint32(centry);
469 if (centry_expired(domain, kstr, centry)) {
470 extern BOOL opt_dual_daemon;
472 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
473 kstr, domain->name ));
475 if (opt_dual_daemon) {
476 extern BOOL background_process;
477 background_process = True;
478 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
479 kstr, domain->name ));
487 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
488 kstr, domain->name ));
495 make sure we have at least len bytes available in a centry
497 static void centry_expand(struct cache_entry *centry, uint32 len)
500 if (centry->len - centry->ofs >= len)
503 p = SMB_REALLOC(centry->data, centry->len);
505 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
506 smb_panic("out of memory in centry_expand");
512 push a uint32 into a centry
514 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
516 centry_expand(centry, 4);
517 SIVAL(centry->data, centry->ofs, v);
522 push a uint8 into a centry
524 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
526 centry_expand(centry, 1);
527 SCVAL(centry->data, centry->ofs, v);
532 push a string into a centry
534 static void centry_put_string(struct cache_entry *centry, const char *s)
539 /* null strings are marked as len 0xFFFF */
540 centry_put_uint8(centry, 0xFF);
545 /* can't handle more than 254 char strings. Truncating is probably best */
548 centry_put_uint8(centry, len);
549 centry_expand(centry, len);
550 memcpy(centry->data + centry->ofs, s, len);
554 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
557 centry_put_string(centry, sid_to_string(sid_string, sid));
561 start a centry for output. When finished, call centry_end()
563 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
565 struct cache_entry *centry;
570 centry = SMB_XMALLOC_P(struct cache_entry);
572 centry->len = 8192; /* reasonable default */
573 centry->data = SMB_XMALLOC_ARRAY(char, centry->len);
575 centry->sequence_number = domain->sequence_number;
576 centry_put_uint32(centry, NT_STATUS_V(status));
577 centry_put_uint32(centry, centry->sequence_number);
582 finish a centry and write it to the tdb
584 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
585 static void centry_end(struct cache_entry *centry, const char *format, ...)
591 va_start(ap, format);
592 smb_xvasprintf(&kstr, format, ap);
596 key.dsize = strlen(kstr);
597 data.dptr = (char *)centry->data;
598 data.dsize = centry->ofs;
600 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
604 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
605 NTSTATUS status, const char *domain_name,
606 const char *name, const DOM_SID *sid,
607 enum SID_NAME_USE type)
609 struct cache_entry *centry;
612 centry = centry_start(domain, status);
615 centry_put_uint32(centry, type);
616 centry_put_sid(centry, sid);
617 fstrcpy(uname, name);
619 centry_end(centry, "NS/%s/%s", domain_name, uname);
620 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname,
621 sid_string_static(sid)));
625 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
626 const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
628 struct cache_entry *centry;
631 centry = centry_start(domain, status);
634 if (NT_STATUS_IS_OK(status)) {
635 centry_put_uint32(centry, type);
636 centry_put_string(centry, domain_name);
637 centry_put_string(centry, name);
639 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
640 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
645 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
647 struct cache_entry *centry;
650 centry = centry_start(domain, status);
653 centry_put_string(centry, info->acct_name);
654 centry_put_string(centry, info->full_name);
655 centry_put_string(centry, info->homedir);
656 centry_put_string(centry, info->shell);
657 centry_put_sid(centry, &info->user_sid);
658 centry_put_sid(centry, &info->group_sid);
659 centry_end(centry, "U/%s", sid_to_string(sid_string, &info->user_sid));
660 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
665 /* Query display info. This is the basic user list fn */
666 static NTSTATUS query_user_list(struct winbindd_domain *domain,
669 WINBIND_USERINFO **info)
671 struct winbind_cache *cache = get_cache(domain);
672 struct cache_entry *centry = NULL;
674 unsigned int i, retry;
679 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
683 *num_entries = centry_uint32(centry);
685 if (*num_entries == 0)
688 (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
690 smb_panic("query_user_list out of memory");
691 for (i=0; i<(*num_entries); i++) {
692 (*info)[i].acct_name = centry_string(centry, mem_ctx);
693 (*info)[i].full_name = centry_string(centry, mem_ctx);
694 (*info)[i].homedir = centry_string(centry, mem_ctx);
695 (*info)[i].shell = centry_string(centry, mem_ctx);
696 centry_sid(centry, &(*info)[i].user_sid);
697 centry_sid(centry, &(*info)[i].group_sid);
701 status = centry->status;
703 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
704 domain->name, get_friendly_nt_error_msg(status) ));
713 /* Return status value returned by seq number check */
715 if (!NT_STATUS_IS_OK(domain->last_status))
716 return domain->last_status;
718 /* Put the query_user_list() in a retry loop. There appears to be
719 * some bug either with Windows 2000 or Samba's handling of large
720 * rpc replies. This manifests itself as sudden disconnection
721 * at a random point in the enumeration of a large (60k) user list.
722 * The retry loop simply tries the operation again. )-: It's not
723 * pretty but an acceptable workaround until we work out what the
724 * real problem is. */
729 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
732 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
733 if (!NT_STATUS_IS_OK(status))
734 DEBUG(3, ("query_user_list: returned 0x%08x, "
735 "retrying\n", NT_STATUS_V(status)));
736 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
737 DEBUG(3, ("query_user_list: flushing "
738 "connection cache\n"));
739 invalidate_cm_connection(&domain->conn);
742 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
746 refresh_sequence_number(domain, False);
747 centry = centry_start(domain, status);
750 centry_put_uint32(centry, *num_entries);
751 for (i=0; i<(*num_entries); i++) {
752 centry_put_string(centry, (*info)[i].acct_name);
753 centry_put_string(centry, (*info)[i].full_name);
754 centry_put_string(centry, (*info)[i].homedir);
755 centry_put_string(centry, (*info)[i].shell);
756 centry_put_sid(centry, &(*info)[i].user_sid);
757 centry_put_sid(centry, &(*info)[i].group_sid);
758 if (domain->backend->consistent) {
759 /* when the backend is consistent we can pre-prime some mappings */
760 wcache_save_name_to_sid(domain, NT_STATUS_OK,
762 (*info)[i].acct_name,
763 &(*info)[i].user_sid,
765 wcache_save_sid_to_name(domain, NT_STATUS_OK,
766 &(*info)[i].user_sid,
768 (*info)[i].acct_name,
770 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
773 centry_end(centry, "UL/%s", domain->name);
780 /* list all domain groups */
781 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
784 struct acct_info **info)
786 struct winbind_cache *cache = get_cache(domain);
787 struct cache_entry *centry = NULL;
794 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
798 *num_entries = centry_uint32(centry);
800 if (*num_entries == 0)
803 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
805 smb_panic("enum_dom_groups out of memory");
806 for (i=0; i<(*num_entries); i++) {
807 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
808 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
809 (*info)[i].rid = centry_uint32(centry);
813 status = centry->status;
815 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
816 domain->name, get_friendly_nt_error_msg(status) ));
825 /* Return status value returned by seq number check */
827 if (!NT_STATUS_IS_OK(domain->last_status))
828 return domain->last_status;
830 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
833 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
836 refresh_sequence_number(domain, False);
837 centry = centry_start(domain, status);
840 centry_put_uint32(centry, *num_entries);
841 for (i=0; i<(*num_entries); i++) {
842 centry_put_string(centry, (*info)[i].acct_name);
843 centry_put_string(centry, (*info)[i].acct_desc);
844 centry_put_uint32(centry, (*info)[i].rid);
846 centry_end(centry, "GL/%s/domain", domain->name);
853 /* list all domain groups */
854 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
857 struct acct_info **info)
859 struct winbind_cache *cache = get_cache(domain);
860 struct cache_entry *centry = NULL;
867 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
871 *num_entries = centry_uint32(centry);
873 if (*num_entries == 0)
876 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
878 smb_panic("enum_dom_groups out of memory");
879 for (i=0; i<(*num_entries); i++) {
880 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
881 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
882 (*info)[i].rid = centry_uint32(centry);
887 /* If we are returning cached data and the domain controller
888 is down then we don't know whether the data is up to date
889 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
892 if (wcache_server_down(domain)) {
893 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
894 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
896 status = centry->status;
898 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
899 domain->name, get_friendly_nt_error_msg(status) ));
908 /* Return status value returned by seq number check */
910 if (!NT_STATUS_IS_OK(domain->last_status))
911 return domain->last_status;
913 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
916 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
919 refresh_sequence_number(domain, False);
920 centry = centry_start(domain, status);
923 centry_put_uint32(centry, *num_entries);
924 for (i=0; i<(*num_entries); i++) {
925 centry_put_string(centry, (*info)[i].acct_name);
926 centry_put_string(centry, (*info)[i].acct_desc);
927 centry_put_uint32(centry, (*info)[i].rid);
929 centry_end(centry, "GL/%s/local", domain->name);
936 /* convert a single name to a sid in a domain */
937 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
939 const char *domain_name,
942 enum SID_NAME_USE *type)
944 struct winbind_cache *cache = get_cache(domain);
945 struct cache_entry *centry = NULL;
952 fstrcpy(uname, name);
954 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
957 *type = (enum SID_NAME_USE)centry_uint32(centry);
958 centry_sid(centry, sid);
959 status = centry->status;
961 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
962 domain->name, get_friendly_nt_error_msg(status) ));
970 /* If the seq number check indicated that there is a problem
971 * with this DC, then return that status... except for
972 * access_denied. This is special because the dc may be in
973 * "restrict anonymous = 1" mode, in which case it will deny
974 * most unauthenticated operations, but *will* allow the LSA
975 * name-to-sid that we try as a fallback. */
977 if (!(NT_STATUS_IS_OK(domain->last_status)
978 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
979 return domain->last_status;
981 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
984 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
987 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
989 /* We can't save the sid to name mapping as we don't know the
990 correct case of the name without looking it up */
995 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
997 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1002 enum SID_NAME_USE *type)
1004 struct winbind_cache *cache = get_cache(domain);
1005 struct cache_entry *centry = NULL;
1012 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1015 if (NT_STATUS_IS_OK(centry->status)) {
1016 *type = (enum SID_NAME_USE)centry_uint32(centry);
1017 *domain_name = centry_string(centry, mem_ctx);
1018 *name = centry_string(centry, mem_ctx);
1020 status = centry->status;
1022 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1023 domain->name, get_friendly_nt_error_msg(status) ));
1025 centry_free(centry);
1030 *domain_name = NULL;
1032 /* If the seq number check indicated that there is a problem
1033 * with this DC, then return that status... except for
1034 * access_denied. This is special because the dc may be in
1035 * "restrict anonymous = 1" mode, in which case it will deny
1036 * most unauthenticated operations, but *will* allow the LSA
1037 * sid-to-name that we try as a fallback. */
1039 if (!(NT_STATUS_IS_OK(domain->last_status)
1040 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1041 return domain->last_status;
1043 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1046 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1049 refresh_sequence_number(domain, False);
1050 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1052 /* We can't save the name to sid mapping here, as with sid history a
1053 * later name2sid would give the wrong sid. */
1059 /* Lookup user information from a rid */
1060 static NTSTATUS query_user(struct winbindd_domain *domain,
1061 TALLOC_CTX *mem_ctx,
1062 const DOM_SID *user_sid,
1063 WINBIND_USERINFO *info)
1065 struct winbind_cache *cache = get_cache(domain);
1066 struct cache_entry *centry = NULL;
1072 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1074 /* If we have an access denied cache entry and a cached info3 in the
1075 samlogon cache then do a query. This will force the rpc back end
1076 to return the info3 data. */
1078 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1079 netsamlogon_cache_have(user_sid)) {
1080 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1081 domain->last_status = NT_STATUS_OK;
1082 centry_free(centry);
1089 info->acct_name = centry_string(centry, mem_ctx);
1090 info->full_name = centry_string(centry, mem_ctx);
1091 info->homedir = centry_string(centry, mem_ctx);
1092 info->shell = centry_string(centry, mem_ctx);
1093 centry_sid(centry, &info->user_sid);
1094 centry_sid(centry, &info->group_sid);
1095 status = centry->status;
1097 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1098 domain->name, get_friendly_nt_error_msg(status) ));
1100 centry_free(centry);
1106 /* Return status value returned by seq number check */
1108 if (!NT_STATUS_IS_OK(domain->last_status))
1109 return domain->last_status;
1111 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1114 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1117 refresh_sequence_number(domain, False);
1118 wcache_save_user(domain, status, info);
1124 /* Lookup groups a user is a member of. */
1125 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1126 TALLOC_CTX *mem_ctx,
1127 const DOM_SID *user_sid,
1128 uint32 *num_groups, DOM_SID **user_gids)
1130 struct winbind_cache *cache = get_cache(domain);
1131 struct cache_entry *centry = NULL;
1139 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1141 /* If we have an access denied cache entry and a cached info3 in the
1142 samlogon cache then do a query. This will force the rpc back end
1143 to return the info3 data. */
1145 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1146 netsamlogon_cache_have(user_sid)) {
1147 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1148 domain->last_status = NT_STATUS_OK;
1149 centry_free(centry);
1156 *num_groups = centry_uint32(centry);
1158 if (*num_groups == 0)
1161 (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
1163 smb_panic("lookup_usergroups out of memory");
1164 for (i=0; i<(*num_groups); i++) {
1165 centry_sid(centry, &(*user_gids)[i]);
1169 status = centry->status;
1171 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1172 domain->name, get_friendly_nt_error_msg(status) ));
1174 centry_free(centry);
1179 (*user_gids) = NULL;
1181 /* Return status value returned by seq number check */
1183 if (!NT_STATUS_IS_OK(domain->last_status))
1184 return domain->last_status;
1186 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1189 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1192 refresh_sequence_number(domain, False);
1193 centry = centry_start(domain, status);
1196 centry_put_uint32(centry, *num_groups);
1197 for (i=0; i<(*num_groups); i++) {
1198 centry_put_sid(centry, &(*user_gids)[i]);
1200 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1201 centry_free(centry);
1207 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
1208 TALLOC_CTX *mem_ctx,
1209 uint32 num_sids, const DOM_SID *sids,
1210 uint32 *num_aliases, uint32 **alias_rids)
1212 struct winbind_cache *cache = get_cache(domain);
1213 struct cache_entry *centry = NULL;
1215 char *sidlist = talloc_strdup(mem_ctx, "");
1221 if (num_sids == 0) {
1224 return NT_STATUS_OK;
1227 /* We need to cache indexed by the whole list of SIDs, the aliases
1228 * resulting might come from any of the SIDs. */
1230 for (i=0; i<num_sids; i++) {
1231 sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
1232 sid_string_static(&sids[i]));
1233 if (sidlist == NULL)
1234 return NT_STATUS_NO_MEMORY;
1237 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
1242 *num_aliases = centry_uint32(centry);
1245 (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
1247 if ((*num_aliases != 0) && ((*alias_rids) == NULL))
1248 return NT_STATUS_NO_MEMORY;
1250 for (i=0; i<(*num_aliases); i++)
1251 (*alias_rids)[i] = centry_uint32(centry);
1253 status = centry->status;
1255 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain %s "
1256 "status %s\n", domain->name,
1257 get_friendly_nt_error_msg(status)));
1259 centry_free(centry);
1264 (*alias_rids) = NULL;
1266 if (!NT_STATUS_IS_OK(domain->last_status))
1267 return domain->last_status;
1269 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
1270 "for domain %s\n", domain->name ));
1272 status = domain->backend->lookup_useraliases(domain, mem_ctx,
1274 num_aliases, alias_rids);
1277 refresh_sequence_number(domain, False);
1278 centry = centry_start(domain, status);
1281 centry_put_uint32(centry, *num_aliases);
1282 for (i=0; i<(*num_aliases); i++)
1283 centry_put_uint32(centry, (*alias_rids)[i]);
1284 centry_end(centry, "UA%s", sidlist);
1285 centry_free(centry);
1292 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1293 TALLOC_CTX *mem_ctx,
1294 const DOM_SID *group_sid, uint32 *num_names,
1295 DOM_SID **sid_mem, char ***names,
1296 uint32 **name_types)
1298 struct winbind_cache *cache = get_cache(domain);
1299 struct cache_entry *centry = NULL;
1307 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1311 *num_names = centry_uint32(centry);
1313 if (*num_names == 0)
1316 (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_names);
1317 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
1318 (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
1320 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1321 smb_panic("lookup_groupmem out of memory");
1324 for (i=0; i<(*num_names); i++) {
1325 centry_sid(centry, &(*sid_mem)[i]);
1326 (*names)[i] = centry_string(centry, mem_ctx);
1327 (*name_types)[i] = centry_uint32(centry);
1331 status = centry->status;
1333 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1334 domain->name, get_friendly_nt_error_msg(status) ));
1336 centry_free(centry);
1343 (*name_types) = NULL;
1345 /* Return status value returned by seq number check */
1347 if (!NT_STATUS_IS_OK(domain->last_status))
1348 return domain->last_status;
1350 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1353 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1354 sid_mem, names, name_types);
1357 refresh_sequence_number(domain, False);
1358 centry = centry_start(domain, status);
1361 centry_put_uint32(centry, *num_names);
1362 for (i=0; i<(*num_names); i++) {
1363 centry_put_sid(centry, &(*sid_mem)[i]);
1364 centry_put_string(centry, (*names)[i]);
1365 centry_put_uint32(centry, (*name_types)[i]);
1367 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1368 centry_free(centry);
1374 /* find the sequence number for a domain */
1375 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1377 refresh_sequence_number(domain, False);
1379 *seq = domain->sequence_number;
1381 return NT_STATUS_OK;
1384 /* enumerate trusted domains */
1385 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1386 TALLOC_CTX *mem_ctx,
1387 uint32 *num_domains,
1394 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1397 /* we don't cache this call */
1398 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1399 names, alt_names, dom_sids);
1402 /* find the alternate names for the domain, if any */
1403 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1407 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1410 /* we don't cache this call */
1411 return domain->backend->alternate_name(domain);
1414 /* Invalidate cached user and group lists coherently */
1416 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1419 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1420 strncmp(kbuf.dptr, "GL/", 3) == 0)
1421 tdb_delete(the_tdb, kbuf);
1426 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1428 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1429 NET_USER_INFO_3 *info3)
1431 struct winbind_cache *cache;
1436 cache = get_cache(domain);
1437 netsamlogon_clear_cached_user(cache->tdb, info3);
1440 void wcache_invalidate_cache(void)
1442 struct winbindd_domain *domain;
1444 for (domain = domain_list(); domain; domain = domain->next) {
1445 struct winbind_cache *cache = get_cache(domain);
1447 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1448 "entries for %s\n", domain->name));
1450 tdb_traverse(cache->tdb, traverse_fn, NULL);
1454 /* the ADS backend methods are exposed via this structure */
1455 struct winbindd_methods cache_methods = {
1471 static BOOL init_wcache(void)
1473 if (wcache == NULL) {
1474 wcache = SMB_XMALLOC_P(struct winbind_cache);
1475 ZERO_STRUCTP(wcache);
1478 if (wcache->tdb != NULL)
1481 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
1482 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
1484 if (wcache->tdb == NULL) {
1485 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
1492 void cache_store_response(pid_t pid, struct winbindd_response *response)
1499 DEBUG(10, ("Storing response for pid %d, len %d\n",
1500 pid, response->length));
1502 fstr_sprintf(key_str, "DR/%d", pid);
1503 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
1504 make_tdb_data((void *)response, sizeof(*response)),
1508 if (response->length == sizeof(*response))
1511 /* There's extra data */
1513 DEBUG(10, ("Storing extra data: len=%d\n",
1514 response->length - sizeof(*response)));
1516 fstr_sprintf(key_str, "DE/%d", pid);
1517 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
1518 make_tdb_data(response->extra_data,
1519 response->length - sizeof(*response)),
1523 /* We could not store the extra data, make sure the tdb does not
1524 * contain a main record with wrong dangling extra data */
1526 fstr_sprintf(key_str, "DR/%d", pid);
1527 tdb_delete(wcache->tdb, string_tdb_data(key_str));
1532 BOOL cache_retrieve_response(pid_t pid, struct winbindd_response * response)
1540 DEBUG(10, ("Retrieving response for pid %d\n", pid));
1542 fstr_sprintf(key_str, "DR/%d", pid);
1543 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
1545 if (data.dptr == NULL)
1548 if (data.dsize != sizeof(*response))
1551 memcpy(response, data.dptr, data.dsize);
1552 SAFE_FREE(data.dptr);
1554 if (response->length == sizeof(*response)) {
1555 response->extra_data = NULL;
1559 /* There's extra data */
1561 DEBUG(10, ("Retrieving extra data length=%d\n",
1562 response->length - sizeof(*response)));
1564 fstr_sprintf(key_str, "DE/%d", pid);
1565 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
1567 if (data.dptr == NULL) {
1568 DEBUG(0, ("Did not find extra data\n"));
1572 if (data.dsize != (response->length - sizeof(*response))) {
1573 DEBUG(0, ("Invalid extra data length: %d\n", data.dsize));
1574 SAFE_FREE(data.dptr);
1578 response->extra_data = data.dptr;
1582 char *cache_store_request_data(TALLOC_CTX *mem_ctx, char *request_string)
1589 for (i=0; i<2; i++) {
1590 char *key = talloc_strdup(mem_ctx, generate_random_str(16));
1593 DEBUG(10, ("Storing request key %s\n", key));
1594 if (tdb_store_bystring(wcache->tdb, key,
1595 string_tdb_data(request_string),
1602 char *cache_retrieve_request_data(TALLOC_CTX *mem_ctx, char *key)
1605 char *result = NULL;
1610 DEBUG(10, ("Retrieving key %s\n", key));
1612 data = tdb_fetch_bystring(wcache->tdb, key);
1613 if (data.dptr == NULL)
1616 if (strnlen(data.dptr, data.dsize) != (data.dsize)) {
1617 DEBUG(0, ("Received invalid request string\n"));
1620 result = TALLOC_ARRAY(mem_ctx, char, data.dsize+1);
1621 if (result != NULL) {
1622 memcpy(result, data.dptr, data.dsize);
1623 result[data.dsize] = '\0';
1625 if (tdb_delete_bystring(wcache->tdb, key) != 0) {
1626 DEBUG(0, ("Could not delete key %s\n", key));
1630 SAFE_FREE(data.dptr);