2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define DBGC_CLASS DBGC_WINBIND
31 struct winbind_cache {
37 uint32 sequence_number;
42 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
44 static struct winbind_cache *wcache;
47 void wcache_flush_cache(void)
49 extern BOOL opt_nocache;
54 tdb_close(wcache->tdb);
60 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
61 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
64 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
66 DEBUG(10,("wcache_flush_cache success\n"));
69 void winbindd_check_cache_size(time_t t)
71 static time_t last_check_time;
74 if (last_check_time == (time_t)0)
77 if (t - last_check_time < 60 && t - last_check_time > 0)
80 if (wcache == NULL || wcache->tdb == NULL) {
81 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
85 if (fstat(wcache->tdb->fd, &st) == -1) {
86 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
90 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
91 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
92 (unsigned long)st.st_size,
93 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
98 /* get the winbind_cache structure */
99 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
101 struct winbind_cache *ret = wcache;
103 if (!domain->backend) {
104 extern struct winbindd_methods msrpc_methods;
105 switch (lp_security()) {
108 extern struct winbindd_methods ads_methods;
109 /* always obey the lp_security parameter for our domain */
110 if (domain->primary) {
111 domain->backend = &ads_methods;
115 /* only use ADS for native modes at the momment.
116 The problem is the correct detection of mixed
117 mode domains from NT4 BDC's --jerry */
119 if ( domain->native_mode ) {
120 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n",
122 domain->backend = &ads_methods;
130 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n",
132 domain->backend = &msrpc_methods;
139 ret = smb_xmalloc(sizeof(*ret));
143 wcache_flush_cache();
149 free a centry structure
151 static void centry_free(struct cache_entry *centry)
155 SAFE_FREE(centry->data);
160 pull a uint32 from a cache entry
162 static uint32 centry_uint32(struct cache_entry *centry)
165 if (centry->len - centry->ofs < 4) {
166 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
167 centry->len - centry->ofs));
168 smb_panic("centry_uint32");
170 ret = IVAL(centry->data, centry->ofs);
176 pull a uint8 from a cache entry
178 static uint8 centry_uint8(struct cache_entry *centry)
181 if (centry->len - centry->ofs < 1) {
182 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
183 centry->len - centry->ofs));
184 smb_panic("centry_uint32");
186 ret = CVAL(centry->data, centry->ofs);
191 /* pull a string from a cache entry, using the supplied
194 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
199 len = centry_uint8(centry);
202 /* a deliberate NULL string */
206 if (centry->len - centry->ofs < len) {
207 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
208 len, centry->len - centry->ofs));
209 smb_panic("centry_string");
212 ret = talloc(mem_ctx, len+1);
214 smb_panic("centry_string out of memory\n");
216 memcpy(ret,centry->data + centry->ofs, len);
222 /* pull a string from a cache entry, using the supplied
225 static DOM_SID *centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
230 sid = talloc(mem_ctx, sizeof(*sid));
234 sid_string = centry_string(centry, mem_ctx);
235 if (!string_to_sid(sid, sid_string)) {
241 /* the server is considered down if it can't give us a sequence number */
242 static BOOL wcache_server_down(struct winbindd_domain *domain)
249 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
252 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
257 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
264 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
265 return NT_STATUS_UNSUCCESSFUL;
268 fstr_sprintf( key, "SEQNUM/%s", domain->name );
270 data = tdb_fetch_bystring( wcache->tdb, key );
271 if ( !data.dptr || data.dsize!=8 ) {
272 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
273 return NT_STATUS_UNSUCCESSFUL;
276 domain->sequence_number = IVAL(data.dptr, 0);
277 domain->last_seq_check = IVAL(data.dptr, 4);
279 /* have we expired? */
281 time_diff = now - domain->last_seq_check;
282 if ( time_diff > lp_winbind_cache_time() ) {
283 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
284 domain->name, domain->sequence_number,
285 (uint32)domain->last_seq_check));
286 return NT_STATUS_UNSUCCESSFUL;
289 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
290 domain->name, domain->sequence_number,
291 (uint32)domain->last_seq_check));
296 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
303 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
304 return NT_STATUS_UNSUCCESSFUL;
307 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
309 key.dsize = strlen(key_str)+1;
311 SIVAL(buf, 0, domain->sequence_number);
312 SIVAL(buf, 4, domain->last_seq_check);
316 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
317 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
318 return NT_STATUS_UNSUCCESSFUL;
321 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
322 domain->name, domain->sequence_number,
323 (uint32)domain->last_seq_check));
329 refresh the domain sequence number. If force is True
330 then always refresh it, no matter how recently we fetched it
333 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
337 time_t t = time(NULL);
338 unsigned cache_time = lp_winbind_cache_time();
342 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
343 /* trying to reconnect is expensive, don't do it too often */
344 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
349 time_diff = t - domain->last_seq_check;
351 /* see if we have to refetch the domain sequence number */
352 if (!force && (time_diff < cache_time)) {
353 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
357 /* try to get the sequence number from the tdb cache first */
358 /* this will update the timestamp as well */
360 status = fetch_cache_seqnum( domain, t );
361 if ( NT_STATUS_IS_OK(status) )
364 status = domain->backend->sequence_number(domain, &domain->sequence_number);
366 if (!NT_STATUS_IS_OK(status)) {
367 domain->sequence_number = DOM_SEQUENCE_NONE;
370 domain->last_status = status;
371 domain->last_seq_check = time(NULL);
373 /* save the new sequence number ni the cache */
374 store_cache_seqnum( domain );
377 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
378 domain->name, domain->sequence_number));
384 decide if a cache entry has expired
386 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
388 /* if the server is OK and our cache entry came from when it was down then
389 the entry is invalid */
390 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
391 centry->sequence_number == DOM_SEQUENCE_NONE) {
392 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
393 keystr, domain->name ));
397 /* if the server is down or the cache entry is not older than the
398 current sequence number then it is OK */
399 if (wcache_server_down(domain) ||
400 centry->sequence_number == domain->sequence_number) {
401 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
402 keystr, domain->name ));
406 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
407 keystr, domain->name ));
414 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
415 number and return status
417 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
418 struct winbindd_domain *domain,
419 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
420 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
421 struct winbindd_domain *domain,
422 const char *format, ...)
427 struct cache_entry *centry;
430 refresh_sequence_number(domain, False);
432 va_start(ap, format);
433 smb_xvasprintf(&kstr, format, ap);
437 key.dsize = strlen(kstr);
438 data = tdb_fetch(wcache->tdb, key);
445 centry = smb_xmalloc(sizeof(*centry));
446 centry->data = (unsigned char *)data.dptr;
447 centry->len = data.dsize;
450 if (centry->len < 8) {
451 /* huh? corrupt cache? */
452 DEBUG(10,("wcache_fetch: Corrupt cache for key %s domain %s (len < 8) ?\n",
453 kstr, domain->name ));
459 centry->status = NT_STATUS(centry_uint32(centry));
460 centry->sequence_number = centry_uint32(centry);
462 if (centry_expired(domain, kstr, centry)) {
463 extern BOOL opt_dual_daemon;
465 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
466 kstr, domain->name ));
468 if (opt_dual_daemon) {
469 extern BOOL background_process;
470 background_process = True;
471 DEBUG(10,("wcache_fetch: background processing expired entry %s for domain %s\n",
472 kstr, domain->name ));
480 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
481 kstr, domain->name ));
488 make sure we have at least len bytes available in a centry
490 static void centry_expand(struct cache_entry *centry, uint32 len)
493 if (centry->len - centry->ofs >= len)
496 p = realloc(centry->data, centry->len);
498 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
499 smb_panic("out of memory in centry_expand");
505 push a uint32 into a centry
507 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
509 centry_expand(centry, 4);
510 SIVAL(centry->data, centry->ofs, v);
515 push a uint8 into a centry
517 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
519 centry_expand(centry, 1);
520 SCVAL(centry->data, centry->ofs, v);
525 push a string into a centry
527 static void centry_put_string(struct cache_entry *centry, const char *s)
532 /* null strings are marked as len 0xFFFF */
533 centry_put_uint8(centry, 0xFF);
538 /* can't handle more than 254 char strings. Truncating is probably best */
541 centry_put_uint8(centry, len);
542 centry_expand(centry, len);
543 memcpy(centry->data + centry->ofs, s, len);
547 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
550 centry_put_string(centry, sid_to_string(sid_string, sid));
554 start a centry for output. When finished, call centry_end()
556 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
558 struct cache_entry *centry;
563 centry = smb_xmalloc(sizeof(*centry));
565 centry->len = 8192; /* reasonable default */
566 centry->data = smb_xmalloc(centry->len);
568 centry->sequence_number = domain->sequence_number;
569 centry_put_uint32(centry, NT_STATUS_V(status));
570 centry_put_uint32(centry, centry->sequence_number);
575 finish a centry and write it to the tdb
577 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
578 static void centry_end(struct cache_entry *centry, const char *format, ...)
584 va_start(ap, format);
585 smb_xvasprintf(&kstr, format, ap);
589 key.dsize = strlen(kstr);
590 data.dptr = (char *)centry->data;
591 data.dsize = centry->ofs;
593 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
597 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
598 NTSTATUS status, const char *domain_name,
599 const char *name, const DOM_SID *sid,
600 enum SID_NAME_USE type)
602 struct cache_entry *centry;
606 centry = centry_start(domain, status);
609 centry_put_uint32(centry, type);
610 centry_put_sid(centry, sid);
611 fstrcpy(uname, name);
613 centry_end(centry, "NS/%s/%s", domain_name, uname);
614 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname, sid_string));
618 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
619 const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
621 struct cache_entry *centry;
624 centry = centry_start(domain, status);
627 if (NT_STATUS_IS_OK(status)) {
628 centry_put_uint32(centry, type);
629 centry_put_string(centry, domain_name);
630 centry_put_string(centry, name);
632 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
633 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
638 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
640 struct cache_entry *centry;
643 centry = centry_start(domain, status);
646 centry_put_string(centry, info->acct_name);
647 centry_put_string(centry, info->full_name);
648 centry_put_sid(centry, info->user_sid);
649 centry_put_sid(centry, info->group_sid);
650 centry_end(centry, "U/%s", sid_to_string(sid_string, info->user_sid));
651 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
656 /* Query display info. This is the basic user list fn */
657 static NTSTATUS query_user_list(struct winbindd_domain *domain,
660 WINBIND_USERINFO **info)
662 struct winbind_cache *cache = get_cache(domain);
663 struct cache_entry *centry = NULL;
665 unsigned int i, retry;
670 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
674 *num_entries = centry_uint32(centry);
676 if (*num_entries == 0)
679 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
681 smb_panic("query_user_list out of memory");
682 for (i=0; i<(*num_entries); i++) {
683 (*info)[i].acct_name = centry_string(centry, mem_ctx);
684 (*info)[i].full_name = centry_string(centry, mem_ctx);
685 (*info)[i].user_sid = centry_sid(centry, mem_ctx);
686 (*info)[i].group_sid = centry_sid(centry, mem_ctx);
690 status = centry->status;
692 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
693 domain->name, get_friendly_nt_error_msg(status) ));
702 /* Return status value returned by seq number check */
704 if (!NT_STATUS_IS_OK(domain->last_status))
705 return domain->last_status;
707 /* Put the query_user_list() in a retry loop. There appears to be
708 * some bug either with Windows 2000 or Samba's handling of large
709 * rpc replies. This manifests itself as sudden disconnection
710 * at a random point in the enumeration of a large (60k) user list.
711 * The retry loop simply tries the operation again. )-: It's not
712 * pretty but an acceptable workaround until we work out what the
713 * real problem is. */
718 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
721 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
722 if (!NT_STATUS_IS_OK(status))
723 DEBUG(3, ("query_user_list: returned 0x%08x, retrying\n", NT_STATUS_V(status)));
724 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL)) {
725 DEBUG(3, ("query_user_list: flushing connection cache\n"));
729 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
733 refresh_sequence_number(domain, False);
734 centry = centry_start(domain, status);
737 centry_put_uint32(centry, *num_entries);
738 for (i=0; i<(*num_entries); i++) {
739 centry_put_string(centry, (*info)[i].acct_name);
740 centry_put_string(centry, (*info)[i].full_name);
741 centry_put_sid(centry, (*info)[i].user_sid);
742 centry_put_sid(centry, (*info)[i].group_sid);
743 if (domain->backend->consistent) {
744 /* when the backend is consistent we can pre-prime some mappings */
745 wcache_save_name_to_sid(domain, NT_STATUS_OK,
746 (*info)[i].acct_name,
750 wcache_save_sid_to_name(domain, NT_STATUS_OK,
753 (*info)[i].acct_name,
755 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
758 centry_end(centry, "UL/%s", domain->name);
765 /* list all domain groups */
766 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
769 struct acct_info **info)
771 struct winbind_cache *cache = get_cache(domain);
772 struct cache_entry *centry = NULL;
779 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
783 *num_entries = centry_uint32(centry);
785 if (*num_entries == 0)
788 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
790 smb_panic("enum_dom_groups out of memory");
791 for (i=0; i<(*num_entries); i++) {
792 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
793 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
794 (*info)[i].rid = centry_uint32(centry);
798 status = centry->status;
800 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
801 domain->name, get_friendly_nt_error_msg(status) ));
810 /* Return status value returned by seq number check */
812 if (!NT_STATUS_IS_OK(domain->last_status))
813 return domain->last_status;
815 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
818 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
821 refresh_sequence_number(domain, False);
822 centry = centry_start(domain, status);
825 centry_put_uint32(centry, *num_entries);
826 for (i=0; i<(*num_entries); i++) {
827 centry_put_string(centry, (*info)[i].acct_name);
828 centry_put_string(centry, (*info)[i].acct_desc);
829 centry_put_uint32(centry, (*info)[i].rid);
831 centry_end(centry, "GL/%s/domain", domain->name);
838 /* list all domain groups */
839 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
842 struct acct_info **info)
844 struct winbind_cache *cache = get_cache(domain);
845 struct cache_entry *centry = NULL;
852 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
856 *num_entries = centry_uint32(centry);
858 if (*num_entries == 0)
861 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
863 smb_panic("enum_dom_groups out of memory");
864 for (i=0; i<(*num_entries); i++) {
865 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
866 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
867 (*info)[i].rid = centry_uint32(centry);
872 /* If we are returning cached data and the domain controller
873 is down then we don't know whether the data is up to date
874 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
877 if (wcache_server_down(domain)) {
878 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
879 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
881 status = centry->status;
883 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
884 domain->name, get_friendly_nt_error_msg(status) ));
893 /* Return status value returned by seq number check */
895 if (!NT_STATUS_IS_OK(domain->last_status))
896 return domain->last_status;
898 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
901 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
904 refresh_sequence_number(domain, False);
905 centry = centry_start(domain, status);
908 centry_put_uint32(centry, *num_entries);
909 for (i=0; i<(*num_entries); i++) {
910 centry_put_string(centry, (*info)[i].acct_name);
911 centry_put_string(centry, (*info)[i].acct_desc);
912 centry_put_uint32(centry, (*info)[i].rid);
914 centry_end(centry, "GL/%s/local", domain->name);
921 /* convert a single name to a sid in a domain */
922 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
924 const char *domain_name,
927 enum SID_NAME_USE *type)
929 struct winbind_cache *cache = get_cache(domain);
930 struct cache_entry *centry = NULL;
938 fstrcpy(uname, name);
940 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
943 *type = (enum SID_NAME_USE)centry_uint32(centry);
944 sid2 = centry_sid(centry, mem_ctx);
951 status = centry->status;
953 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
954 domain->name, get_friendly_nt_error_msg(status) ));
962 /* If the seq number check indicated that there is a problem
963 * with this DC, then return that status... except for
964 * access_denied. This is special because the dc may be in
965 * "restrict anonymous = 1" mode, in which case it will deny
966 * most unauthenticated operations, but *will* allow the LSA
967 * name-to-sid that we try as a fallback. */
969 if (!(NT_STATUS_IS_OK(domain->last_status)
970 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
971 return domain->last_status;
973 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
976 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
979 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
981 /* We can't save the sid to name mapping as we don't know the
982 correct case of the name without looking it up */
987 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
989 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
994 enum SID_NAME_USE *type)
996 struct winbind_cache *cache = get_cache(domain);
997 struct cache_entry *centry = NULL;
1004 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1007 if (NT_STATUS_IS_OK(centry->status)) {
1008 *type = (enum SID_NAME_USE)centry_uint32(centry);
1009 *domain_name = centry_string(centry, mem_ctx);
1010 *name = centry_string(centry, mem_ctx);
1012 status = centry->status;
1014 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1015 domain->name, get_friendly_nt_error_msg(status) ));
1017 centry_free(centry);
1022 *domain_name = NULL;
1024 /* If the seq number check indicated that there is a problem
1025 * with this DC, then return that status... except for
1026 * access_denied. This is special because the dc may be in
1027 * "restrict anonymous = 1" mode, in which case it will deny
1028 * most unauthenticated operations, but *will* allow the LSA
1029 * sid-to-name that we try as a fallback. */
1031 if (!(NT_STATUS_IS_OK(domain->last_status)
1032 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1033 return domain->last_status;
1035 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1038 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1041 refresh_sequence_number(domain, False);
1042 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1043 wcache_save_name_to_sid(domain, status, *domain_name, *name, sid, *type);
1049 /* Lookup user information from a rid */
1050 static NTSTATUS query_user(struct winbindd_domain *domain,
1051 TALLOC_CTX *mem_ctx,
1052 const DOM_SID *user_sid,
1053 WINBIND_USERINFO *info)
1055 struct winbind_cache *cache = get_cache(domain);
1056 struct cache_entry *centry = NULL;
1062 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1064 /* If we have an access denied cache entry and a cached info3 in the
1065 samlogon cache then do a query. This will force the rpc back end
1066 to return the info3 data. */
1068 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1069 netsamlogon_cache_have(user_sid)) {
1070 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1071 domain->last_status = NT_STATUS_OK;
1072 centry_free(centry);
1079 info->acct_name = centry_string(centry, mem_ctx);
1080 info->full_name = centry_string(centry, mem_ctx);
1081 info->user_sid = centry_sid(centry, mem_ctx);
1082 info->group_sid = centry_sid(centry, mem_ctx);
1083 status = centry->status;
1085 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1086 domain->name, get_friendly_nt_error_msg(status) ));
1088 centry_free(centry);
1094 /* Return status value returned by seq number check */
1096 if (!NT_STATUS_IS_OK(domain->last_status))
1097 return domain->last_status;
1099 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1102 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1105 refresh_sequence_number(domain, False);
1106 wcache_save_user(domain, status, info);
1112 /* Lookup groups a user is a member of. */
1113 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1114 TALLOC_CTX *mem_ctx,
1115 const DOM_SID *user_sid,
1116 uint32 *num_groups, DOM_SID ***user_gids)
1118 struct winbind_cache *cache = get_cache(domain);
1119 struct cache_entry *centry = NULL;
1127 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1129 /* If we have an access denied cache entry and a cached info3 in the
1130 samlogon cache then do a query. This will force the rpc back end
1131 to return the info3 data. */
1133 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1134 netsamlogon_cache_have(user_sid)) {
1135 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1136 domain->last_status = NT_STATUS_OK;
1137 centry_free(centry);
1144 *num_groups = centry_uint32(centry);
1146 if (*num_groups == 0)
1149 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
1151 smb_panic("lookup_usergroups out of memory");
1152 for (i=0; i<(*num_groups); i++) {
1153 (*user_gids)[i] = centry_sid(centry, mem_ctx);
1157 status = centry->status;
1159 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1160 domain->name, get_friendly_nt_error_msg(status) ));
1162 centry_free(centry);
1167 (*user_gids) = NULL;
1169 /* Return status value returned by seq number check */
1171 if (!NT_STATUS_IS_OK(domain->last_status))
1172 return domain->last_status;
1174 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1177 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1180 refresh_sequence_number(domain, False);
1181 centry = centry_start(domain, status);
1184 centry_put_uint32(centry, *num_groups);
1185 for (i=0; i<(*num_groups); i++) {
1186 centry_put_sid(centry, (*user_gids)[i]);
1188 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1189 centry_free(centry);
1196 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1197 TALLOC_CTX *mem_ctx,
1198 const DOM_SID *group_sid, uint32 *num_names,
1199 DOM_SID ***sid_mem, char ***names,
1200 uint32 **name_types)
1202 struct winbind_cache *cache = get_cache(domain);
1203 struct cache_entry *centry = NULL;
1211 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1215 *num_names = centry_uint32(centry);
1217 if (*num_names == 0)
1220 (*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
1221 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
1222 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
1224 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1225 smb_panic("lookup_groupmem out of memory");
1228 for (i=0; i<(*num_names); i++) {
1229 (*sid_mem)[i] = centry_sid(centry, mem_ctx);
1230 (*names)[i] = centry_string(centry, mem_ctx);
1231 (*name_types)[i] = centry_uint32(centry);
1235 status = centry->status;
1237 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1238 domain->name, get_friendly_nt_error_msg(status) ));
1240 centry_free(centry);
1247 (*name_types) = NULL;
1249 /* Return status value returned by seq number check */
1251 if (!NT_STATUS_IS_OK(domain->last_status))
1252 return domain->last_status;
1254 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1257 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1258 sid_mem, names, name_types);
1261 refresh_sequence_number(domain, False);
1262 centry = centry_start(domain, status);
1265 centry_put_uint32(centry, *num_names);
1266 for (i=0; i<(*num_names); i++) {
1267 centry_put_sid(centry, (*sid_mem)[i]);
1268 centry_put_string(centry, (*names)[i]);
1269 centry_put_uint32(centry, (*name_types)[i]);
1271 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1272 centry_free(centry);
1278 /* find the sequence number for a domain */
1279 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1281 refresh_sequence_number(domain, False);
1283 *seq = domain->sequence_number;
1285 return NT_STATUS_OK;
1288 /* enumerate trusted domains */
1289 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1290 TALLOC_CTX *mem_ctx,
1291 uint32 *num_domains,
1298 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1301 /* we don't cache this call */
1302 return domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1303 names, alt_names, dom_sids);
1306 /* find the domain sid */
1307 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
1311 DEBUG(10,("domain_sid: [Cached] - doing backend query for info for domain %s\n",
1314 /* we don't cache this call */
1315 return domain->backend->domain_sid(domain, sid);
1318 /* find the alternate names for the domain, if any */
1319 static NTSTATUS alternate_name(struct winbindd_domain *domain)
1323 DEBUG(10,("alternate_name: [Cached] - doing backend query for info for domain %s\n",
1326 /* we don't cache this call */
1327 return domain->backend->alternate_name(domain);
1330 /* Invalidate cached user and group lists coherently */
1332 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1335 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1336 strncmp(kbuf.dptr, "GL/", 3) == 0)
1337 tdb_delete(the_tdb, kbuf);
1342 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1344 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1345 NET_USER_INFO_3 *info3)
1347 struct winbind_cache *cache;
1352 cache = get_cache(domain);
1353 netsamlogon_clear_cached_user(cache->tdb, info3);
1356 void wcache_invalidate_cache(void)
1358 struct winbindd_domain *domain;
1360 for (domain = domain_list(); domain; domain = domain->next) {
1361 struct winbind_cache *cache = get_cache(domain);
1363 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1364 "entries for %s\n", domain->name));
1366 tdb_traverse(cache->tdb, traverse_fn, NULL);
1370 /* the ADS backend methods are exposed via this structure */
1371 struct winbindd_methods cache_methods = {