2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 struct winbind_cache {
37 uint32 sequence_number;
42 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
44 static struct winbind_cache *wcache;
47 void wcache_flush_cache(void)
49 extern BOOL opt_nocache;
54 tdb_close(wcache->tdb);
60 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
61 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
64 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
66 DEBUG(10,("wcache_flush_cache success\n"));
69 void winbindd_check_cache_size(time_t t)
71 static time_t last_check_time;
74 if (last_check_time == (time_t)0)
77 if (t - last_check_time < 60 && t - last_check_time > 0)
80 if (wcache == NULL || wcache->tdb == NULL) {
81 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
85 if (fstat(wcache->tdb->fd, &st) == -1) {
86 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
90 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
91 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
92 (unsigned long)st.st_size,
93 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
98 /* get the winbind_cache structure */
99 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
101 struct winbind_cache *ret = wcache;
103 if (!domain->backend) {
104 extern struct winbindd_methods msrpc_methods;
105 switch (lp_security()) {
108 extern struct winbindd_methods ads_methods;
109 /* always obey the lp_security parameter for our domain */
110 if (domain->primary) {
111 domain->backend = &ads_methods;
115 /* only use ADS for native modes at the momment.
116 The problem is the correct detection of mixed
117 mode domains from NT4 BDC's --jerry */
119 if ( domain->native_mode ) {
120 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n",
122 domain->backend = &ads_methods;
130 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n",
132 domain->backend = &msrpc_methods;
139 ret = smb_xmalloc(sizeof(*ret));
143 wcache_flush_cache();
149 free a centry structure
151 static void centry_free(struct cache_entry *centry)
155 SAFE_FREE(centry->data);
160 pull a uint32 from a cache entry
162 static uint32 centry_uint32(struct cache_entry *centry)
165 if (centry->len - centry->ofs < 4) {
166 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
167 centry->len - centry->ofs));
168 smb_panic("centry_uint32");
170 ret = IVAL(centry->data, centry->ofs);
176 pull a uint8 from a cache entry
178 static uint8 centry_uint8(struct cache_entry *centry)
181 if (centry->len - centry->ofs < 1) {
182 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
183 centry->len - centry->ofs));
184 smb_panic("centry_uint32");
186 ret = CVAL(centry->data, centry->ofs);
191 /* pull a string from a cache entry, using the supplied
194 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
199 len = centry_uint8(centry);
202 /* a deliberate NULL string */
206 if (centry->len - centry->ofs < len) {
207 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
208 len, centry->len - centry->ofs));
209 smb_panic("centry_string");
212 ret = talloc(mem_ctx, len+1);
214 smb_panic("centry_string out of memory\n");
216 memcpy(ret,centry->data + centry->ofs, len);
222 /* pull a string from a cache entry, using the supplied
225 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
230 sid = talloc(mem_ctx, sizeof(*sid));
234 sid_string = centry_string(centry, mem_ctx);
235 if (!string_to_sid(sid, sid_string)) {
241 /* the server is considered down if it can't give us a sequence number */
242 static BOOL wcache_server_down(struct winbindd_domain *domain)
249 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
252 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
257 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
264 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
265 return NT_STATUS_UNSUCCESSFUL;
268 fstr_sprintf( key, "SEQNUM/%s", domain->name );
270 data = tdb_fetch_bystring( wcache->tdb, key );
271 if ( !data.dptr || data.dsize!=8 ) {
272 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
273 return NT_STATUS_UNSUCCESSFUL;
276 domain->sequence_number = IVAL(data.dptr, 0);
277 domain->last_seq_check = IVAL(data.dptr, 4);
279 /* have we expired? */
281 time_diff = now - domain->last_seq_check;
282 if ( time_diff > lp_winbind_cache_time() ) {
283 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
284 domain->name, domain->sequence_number,
285 (uint32)domain->last_seq_check));
286 return NT_STATUS_UNSUCCESSFUL;
289 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
290 domain->name, domain->sequence_number,
291 (uint32)domain->last_seq_check));
296 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
303 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
304 return NT_STATUS_UNSUCCESSFUL;
307 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
309 key.dsize = strlen(key_str)+1;
311 SIVAL(buf, 0, domain->sequence_number);
312 SIVAL(buf, 4, domain->last_seq_check);
316 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
317 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
318 return NT_STATUS_UNSUCCESSFUL;
321 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
322 domain->name, domain->sequence_number,
323 (uint32)domain->last_seq_check));
329 refresh the domain sequence number. If force is True
330 then always refresh it, no matter how recently we fetched it
333 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
337 time_t t = time(NULL);
338 unsigned cache_time = lp_winbind_cache_time();
342 /* trying to reconnect is expensive, don't do it too often */
343 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
347 time_diff = t - domain->last_seq_check;
349 /* see if we have to refetch the domain sequence number */
350 if (!force && (time_diff < cache_time)) {
351 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
355 /* try to get the sequence number from the tdb cache first */
356 /* this will update the timestamp as well */
358 status = fetch_cache_seqnum( domain, t );
359 if ( NT_STATUS_IS_OK(status) )
362 status = domain->backend->sequence_number(domain, &domain->sequence_number);
364 if (!NT_STATUS_IS_OK(status)) {
365 domain->sequence_number = DOM_SEQUENCE_NONE;
368 domain->last_status = status;
369 domain->last_seq_check = time(NULL);
371 /* save the new sequence number ni the cache */
372 store_cache_seqnum( domain );
375 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
376 domain->name, domain->sequence_number));
382 decide if a cache entry has expired
384 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
386 /* if the server is OK and our cache entry came from when it was down then
387 the entry is invalid */
388 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
389 centry->sequence_number == DOM_SEQUENCE_NONE) {
390 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
391 keystr, domain->name ));
395 /* if the server is down or the cache entry is not older than the
396 current sequence number then it is OK */
397 if (wcache_server_down(domain) ||
398 centry->sequence_number == domain->sequence_number) {
399 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
400 keystr, domain->name ));
404 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
405 keystr, domain->name ));
412 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
413 number and return status
415 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
416 struct winbindd_domain *domain,
417 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
418 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
419 struct winbindd_domain *domain,
420 const char *format, ...)
425 struct cache_entry *centry;
428 refresh_sequence_number(domain, False);
430 va_start(ap, format);
431 smb_xvasprintf(&kstr, format, ap);
435 key.dsize = strlen(kstr);
436 data = tdb_fetch(wcache->tdb, key);
443 centry = smb_xmalloc(sizeof(*centry));
444 centry->data = (unsigned char *)data.dptr;
445 centry->len = data.dsize;
448 if (centry->len < 8) {
449 /* huh? corrupt cache? */
450 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
451 kstr, domain->name ));
457 centry->status = NT_STATUS(centry_uint32(centry));
458 centry->sequence_number = centry_uint32(centry);
460 if (centry_expired(domain, kstr, centry)) {
461 extern BOOL opt_dual_daemon;
463 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
464 kstr, domain->name ));
466 if (opt_dual_daemon) {
467 extern BOOL background_process;
468 background_process = True;
469 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
470 kstr, domain->name ));
478 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
479 kstr, domain->name ));
486 make sure we have at least len bytes available in a centry
488 static void centry_expand(struct cache_entry *centry, uint32 len)
491 if (centry->len - centry->ofs >= len)
494 p = realloc(centry->data, centry->len);
496 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
497 smb_panic("out of memory in centry_expand");
503 push a uint32 into a centry
505 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
507 centry_expand(centry, 4);
508 SIVAL(centry->data, centry->ofs, v);
513 push a uint8 into a centry
515 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
517 centry_expand(centry, 1);
518 SCVAL(centry->data, centry->ofs, v);
523 push a string into a centry
525 static void centry_put_string(struct cache_entry *centry, const char *s)
530 /* null strings are marked as len 0xFFFF */
531 centry_put_uint8(centry, 0xFF);
536 /* can't handle more than 254 char strings. Truncating is probably best */
539 centry_put_uint8(centry, len);
540 centry_expand(centry, len);
541 memcpy(centry->data + centry->ofs, s, len);
545 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
548 centry_put_string(centry, sid_to_string(sid_string, sid));
552 start a centry for output. When finished, call centry_end()
554 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
556 struct cache_entry *centry;
561 centry = smb_xmalloc(sizeof(*centry));
563 centry->len = 8192; /* reasonable default */
564 centry->data = smb_xmalloc(centry->len);
566 centry->sequence_number = domain->sequence_number;
567 centry_put_uint32(centry, NT_STATUS_V(status));
568 centry_put_uint32(centry, centry->sequence_number);
573 finish a centry and write it to the tdb
575 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
576 static void centry_end(struct cache_entry *centry, const char *format, ...)
582 va_start(ap, format);
583 smb_xvasprintf(&kstr, format, ap);
587 key.dsize = strlen(kstr);
588 data.dptr = (char *)centry->data;
589 data.dsize = centry->ofs;
591 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
595 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
597 const char *name, const DOM_SID *sid,
598 enum SID_NAME_USE type)
600 struct cache_entry *centry;
604 centry = centry_start(domain, status);
607 centry_put_sid(centry, sid);
608 fstrcpy(uname, name);
610 centry_end(centry, "NS/%s", sid_to_string(sid_string, sid));
611 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname, sid_string));
615 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
616 const DOM_SID *sid, const char *name, enum SID_NAME_USE type)
618 struct cache_entry *centry;
621 centry = centry_start(domain, status);
624 if (NT_STATUS_IS_OK(status)) {
625 centry_put_uint32(centry, type);
626 centry_put_string(centry, name);
628 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
629 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
634 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
636 struct cache_entry *centry;
639 centry = centry_start(domain, status);
642 centry_put_string(centry, info->acct_name);
643 centry_put_string(centry, info->full_name);
644 centry_put_sid(centry, info->user_sid);
645 centry_put_sid(centry, info->group_sid);
646 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
647 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
652 /* Query display info. This is the basic user list fn */
653 static NTSTATUS query_user_list(struct winbindd_domain *domain,
656 WINBIND_USERINFO **info)
658 struct winbind_cache *cache = get_cache(domain);
659 struct cache_entry *centry = NULL;
661 unsigned int i, retry;
666 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
670 *num_entries = centry_uint32(centry);
672 if (*num_entries == 0)
675 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
677 smb_panic("query_user_list out of memory");
678 for (i=0; i<(*num_entries); i++) {
679 (*info)[i].acct_name = centry_string(centry, mem_ctx);
680 (*info)[i].full_name = centry_string(centry, mem_ctx);
681 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
682 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
686 status = centry->status;
688 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
689 domain->name, get_friendly_nt_error_msg(status) ));
698 /* Return status value returned by seq number check */
700 if (!NT_STATUS_IS_OK(domain->last_status))
701 return domain->last_status;
703 /* Put the query_user_list() in a retry loop. There appears to be
704 * some bug either with Windows 2000 or Samba's handling of large
705 * rpc replies. This manifests itself as sudden disconnection
706 * at a random point in the enumeration of a large (60k) user list.
707 * The retry loop simply tries the operation again. )-: It's not
708 * pretty but an acceptable workaround until we work out what the
709 * real problem is. */
714 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
717 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
718 if (!NT_STATUS_IS_OK(status))
719 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status)));
720 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL)) {
721 DEBUG(3, ("query_user_list: flushing connection cache\n"));
725 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
729 refresh_sequence_number(domain, False);
730 centry = centry_start(domain, status);
733 centry_put_uint32(centry, *num_entries);
734 for (i=0; i<(*num_entries); i++) {
735 centry_put_string(centry, (*info)[i].acct_name);
736 centry_put_string(centry, (*info)[i].full_name);
737 centry_put_sid(centry, (*info)[i].user_sid);
738 centry_put_sid(centry, (*info)[i].group_sid);
739 if (domain->backend->consistent) {
740 /* when the backend is consistent we can pre-prime some mappings */
741 wcache_save_name_to_sid(domain, NT_STATUS_OK,
742 (*info)[i].acct_name,
745 wcache_save_sid_to_name(domain, NT_STATUS_OK,
747 (*info)[i].acct_name,
749 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
752 centry_end(centry, "UL/%s", domain->name);
759 /* list all domain groups */
760 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
763 struct acct_info **info)
765 struct winbind_cache *cache = get_cache(domain);
766 struct cache_entry *centry = NULL;
773 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
777 *num_entries = centry_uint32(centry);
779 if (*num_entries == 0)
782 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
784 smb_panic("enum_dom_groups out of memory");
785 for (i=0; i<(*num_entries); i++) {
786 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
787 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
788 (*info)[i].rid = centry_uint32(centry);
792 status = centry->status;
794 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
795 domain->name, get_friendly_nt_error_msg(status) ));
804 /* Return status value returned by seq number check */
806 if (!NT_STATUS_IS_OK(domain->last_status))
807 return domain->last_status;
809 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
812 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
815 refresh_sequence_number(domain, False);
816 centry = centry_start(domain, status);
819 centry_put_uint32(centry, *num_entries);
820 for (i=0; i<(*num_entries); i++) {
821 centry_put_string(centry, (*info)[i].acct_name);
822 centry_put_string(centry, (*info)[i].acct_desc);
823 centry_put_uint32(centry, (*info)[i].rid);
825 centry_end(centry, "GL/%s/domain", domain->name);
832 /* list all domain groups */
833 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
836 struct acct_info **info)
838 struct winbind_cache *cache = get_cache(domain);
839 struct cache_entry *centry = NULL;
846 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
850 *num_entries = centry_uint32(centry);
852 if (*num_entries == 0)
855 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
857 smb_panic("enum_dom_groups out of memory");
858 for (i=0; i<(*num_entries); i++) {
859 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
860 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
861 (*info)[i].rid = centry_uint32(centry);
866 /* If we are returning cached data and the domain controller
867 is down then we don't know whether the data is up to date
868 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
871 if (wcache_server_down(domain)) {
872 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
873 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
875 status = centry->status;
877 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
878 domain->name, get_friendly_nt_error_msg(status) ));
887 /* Return status value returned by seq number check */
889 if (!NT_STATUS_IS_OK(domain->last_status))
890 return domain->last_status;
892 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
895 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
898 refresh_sequence_number(domain, False);
899 centry = centry_start(domain, status);
902 centry_put_uint32(centry, *num_entries);
903 for (i=0; i<(*num_entries); i++) {
904 centry_put_string(centry, (*info)[i].acct_name);
905 centry_put_string(centry, (*info)[i].acct_desc);
906 centry_put_uint32(centry, (*info)[i].rid);
908 centry_end(centry, "GL/%s/local", domain->name);
915 /* convert a single name to a sid in a domain */
916 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
920 enum SID_NAME_USE *type)
922 struct winbind_cache *cache = get_cache(domain);
923 struct cache_entry *centry = NULL;
931 fstrcpy(uname, name);
933 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
936 *type = (enum SID_NAME_USE)centry_uint32(centry);
937 sid2 = centry_sid(centry, mem_ctx);
944 status = centry->status;
946 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
947 domain->name, get_friendly_nt_error_msg(status) ));
955 /* If the seq number check indicated that there is a problem
956 * with this DC, then return that status... except for
957 * access_denied. This is special because the dc may be in
958 * "restrict anonymous = 1" mode, in which case it will deny
959 * most unauthenticated operations, but *will* allow the LSA
960 * name-to-sid that we try as a fallback. */
962 if (!(NT_STATUS_IS_OK(domain->last_status)
963 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
964 return domain->last_status;
966 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
969 status = domain->backend->name_to_sid(domain, mem_ctx, name, sid, type);
972 wcache_save_name_to_sid(domain, status, name, sid, *type);
974 /* We can't save the sid to name mapping as we don't know the
975 correct case of the name without looking it up */
980 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
982 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
986 enum SID_NAME_USE *type)
988 struct winbind_cache *cache = get_cache(domain);
989 struct cache_entry *centry = NULL;
996 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
999 if (NT_STATUS_IS_OK(centry->status)) {
1000 *type = (enum SID_NAME_USE)centry_uint32(centry);
1001 *name = centry_string(centry, mem_ctx);
1003 status = centry->status;
1005 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1006 domain->name, get_friendly_nt_error_msg(status) ));
1008 centry_free(centry);
1014 /* If the seq number check indicated that there is a problem
1015 * with this DC, then return that status... except for
1016 * access_denied. This is special because the dc may be in
1017 * "restrict anonymous = 1" mode, in which case it will deny
1018 * most unauthenticated operations, but *will* allow the LSA
1019 * sid-to-name that we try as a fallback. */
1021 if (!(NT_STATUS_IS_OK(domain->last_status)
1022 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1023 return domain->last_status;
1025 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1028 status = domain->backend->sid_to_name(domain, mem_ctx, sid, name, type);
1031 refresh_sequence_number(domain, False);
1032 wcache_save_sid_to_name(domain, status, sid, *name, *type);
1033 wcache_save_name_to_sid(domain, status, *name, sid, *type);
1039 /* Lookup user information from a rid */
1040 static NTSTATUS query_user(struct winbindd_domain *domain,
1041 TALLOC_CTX *mem_ctx,
1042 const DOM_SID *user_sid,
1043 WINBIND_USERINFO *info)
1045 struct winbind_cache *cache = get_cache(domain);
1046 struct cache_entry *centry = NULL;
1052 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1054 /* If we have an access denied cache entry and a cached info3 in the
1055 samlogon cache then do a query. This will force the rpc back end
1056 to return the info3 data. */
1058 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1059 netsamlogon_cache_have(user_sid)) {
1060 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1061 domain->last_status = NT_STATUS_OK;
1062 centry_free(centry);
1069 info->acct_name = centry_string(centry, mem_ctx);
1070 info->full_name = centry_string(centry, mem_ctx);
1071 info->user_sid = centry_sid(centry, mem_ctx);
1072 info->group_sid = centry_sid(centry, mem_ctx);
1073 status = centry->status;
1075 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1076 domain->name, get_friendly_nt_error_msg(status) ));
1078 centry_free(centry);
1084 /* Return status value returned by seq number check */
1086 if (!NT_STATUS_IS_OK(domain->last_status))
1087 return domain->last_status;
1089 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1092 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1095 refresh_sequence_number(domain, False);
1096 wcache_save_user(domain, status, info);
1102 /* Lookup groups a user is a member of. */
1103 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1104 TALLOC_CTX *mem_ctx,
1105 const DOM_SID *user_sid,
1106 uint32 *num_groups, DOM_SID ***user_gids)
1108 struct winbind_cache *cache = get_cache(domain);
1109 struct cache_entry *centry = NULL;
1117 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1119 /* If we have an access denied cache entry and a cached info3 in the
1120 samlogon cache then do a query. This will force the rpc back end
1121 to return the info3 data. */
1123 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1124 netsamlogon_cache_have(user_sid)) {
1125 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1126 domain->last_status = NT_STATUS_OK;
1127 centry_free(centry);
1134 *num_groups = centry_uint32(centry);
1136 if (*num_groups == 0)
1139 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
1141 smb_panic("lookup_usergroups out of memory");
1142 for (i=0; i<(*num_groups); i++) {
1143 (*user_gids)[i] = centry_sid(centry, mem_ctx);
1147 status = centry->status;
1149 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1150 domain->name, get_friendly_nt_error_msg(status) ));
1152 centry_free(centry);
1157 (*user_gids) = NULL;
1159 /* Return status value returned by seq number check */
1161 if (!NT_STATUS_IS_OK(domain->last_status))
1162 return domain->last_status;
1164 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1167 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1170 refresh_sequence_number(domain, False);
1171 centry = centry_start(domain, status);
1174 centry_put_uint32(centry, *num_groups);
1175 for (i=0; i<(*num_groups); i++) {
1176 centry_put_sid(centry, (*user_gids)[i]);
1178 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1179 centry_free(centry);
1186 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1187 TALLOC_CTX *mem_ctx,
1188 const DOM_SID *group_sid, uint32 *num_names,
1189 DOM_SID ***sid_mem, char ***names,
1190 uint32 **name_types)
1192 struct winbind_cache *cache = get_cache(domain);
1193 struct cache_entry *centry = NULL;
1201 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1205 *num_names = centry_uint32(centry);
1207 if (*num_names == 0)
1210 (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
1211 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
1212 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
1214 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1215 smb_panic("lookup_groupmem out of memory");
1218 for (i=0; i<(*num_names); i++) {
1219 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
1220 (*names)[i] = centry_string(centry, mem_ctx);
1221 (*name_types)[i] = centry_uint32(centry);
1225 status = centry->status;
1227 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1228 domain->name, get_friendly_nt_error_msg(status) ));
1230 centry_free(centry);
1237 (*name_types) = NULL;
1239 /* Return status value returned by seq number check */
1241 if (!NT_STATUS_IS_OK(domain->last_status))
1242 return domain->last_status;
1244 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1247 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1248 sid_mem, names, name_types);
1251 refresh_sequence_number(domain, False);
1252 centry = centry_start(domain, status);
1255 centry_put_uint32(centry, *num_names);
1256 for (i=0; i<(*num_names); i++) {
1257 centry_put_sid(centry, (*sid_mem)[i]);
1258 centry_put_string(centry, (*names)[i]);
1259 centry_put_uint32(centry, (*name_types)[i]);
1261 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1262 centry_free(centry);
1268 /* find the sequence number for a domain */
1269 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1271 refresh_sequence_number(domain, False);
1273 *seq = domain->sequence_number;
1275 return NT_STATUS_OK;
1278 /* enumerate trusted domains */
1279 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1280 TALLOC_CTX *mem_ctx,
1281 uint32 *num_domains,
1288 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1291 /* we don't cache this call */
1292 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1293 names, alt_names, dom_sids);
1296 /* find the domain sid */
1297 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
1301 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1304 /* we don't cache this call */
1305 return domain->backend->domain_sid(domain, sid);
1308 /* find the alternate names for the domain, if any */
1309 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1313 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1316 /* we don't cache this call */
1317 return domain->backend->alternate_name(domain);
1320 /* Invalidate cached user and group lists coherently */
1322 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1325 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1326 strncmp(kbuf.dptr, "GL/", 3) == 0)
1327 tdb_delete(the_tdb, kbuf);
1332 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1334 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1335 NET_USER_INFO_3 *info3)
1337 struct winbind_cache *cache;
1342 cache = get_cache(domain);
1343 netsamlogon_clear_cached_user(cache->tdb, info3);
1346 void wcache_invalidate_cache(void)
1348 struct winbindd_domain *domain;
1350 for (domain = domain_list(); domain; domain = domain->next) {
1351 struct winbind_cache *cache = get_cache(domain);
1353 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1354 "entries for %s\n", domain->name));
1356 tdb_traverse(cache->tdb, traverse_fn, NULL);
1360 /* the ADS backend methods are exposed via this structure */
1361 struct winbindd_methods cache_methods = {
git.samba.org / amitay / samba.git / blob