2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003-2007
8 Copyright (C) Volker Lendecke 2005
9 Copyright (C) Guenther Deschner 2005
10 Copyright (C) Michael Adam 2007
12 This program is free software; you can redistribute it and/or modify
13 it under the terms of the GNU General Public License as published by
14 the Free Software Foundation; either version 3 of the License, or
15 (at your option) any later version.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 GNU General Public License for more details.
22 You should have received a copy of the GNU General Public License
23 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "system/filesys.h"
29 #include "tdb_validate.h"
30 #include "../libcli/auth/libcli_auth.h"
31 #include "../librpc/gen_ndr/ndr_winbind.h"
34 #include "../libcli/security/security.h"
35 #include "passdb/machine_sid.h"
37 #include "libsmb/samlogon_cache.h"
38 #include "lib/namemap_cache.h"
39 #include "lib/util/string_wrappers.h"
41 #include "lib/crypto/gnutls_helpers.h"
42 #include <gnutls/crypto.h>
45 #define DBGC_CLASS DBGC_WINBIND
47 #define WINBINDD_CACHE_VER1 1 /* initial db version */
48 #define WINBINDD_CACHE_VER2 2 /* second version with timeouts for NDR entries */
50 #define WINBINDD_CACHE_VERSION WINBINDD_CACHE_VER2
51 #define WINBINDD_CACHE_VERSION_KEYSTR "WINBINDD_CACHE_VERSION"
53 extern struct winbindd_methods reconnect_methods;
55 extern struct winbindd_methods reconnect_ads_methods;
57 extern struct winbindd_methods builtin_passdb_methods;
58 extern struct winbindd_methods sam_passdb_methods;
60 static void wcache_flush_cache(void);
62 static bool opt_nocache = False;
65 * JRA. KEEP THIS LIST UP TO DATE IF YOU ADD CACHE ENTRIES.
66 * Here are the list of entry types that are *not* stored
67 * as form struct cache_entry in the cache.
70 static const char *non_centry_keys[] = {
73 WINBINDD_CACHE_VERSION_KEYSTR,
77 bool winbindd_use_idmap_cache(void)
82 bool winbindd_use_cache(void)
87 void winbindd_set_use_cache(bool use_cache)
89 opt_nocache = !use_cache;
92 void winbindd_flush_caches(void)
94 /* We need to invalidate cached user list entries on a SIGHUP
95 otherwise cached access denied errors due to restrict anonymous
96 hang around until the sequence number changes. */
98 if (!wcache_invalidate_cache()) {
99 DBG_ERR("invalidating the cache failed; revalidate the cache\n");
100 if (!winbindd_cache_validate_and_initialize()) {
106 /************************************************************************
107 Is this key a non-centry type ?
108 ************************************************************************/
110 static bool is_non_centry_key(TDB_DATA kbuf)
114 if (kbuf.dptr == NULL || kbuf.dsize == 0) {
117 for (i = 0; non_centry_keys[i] != NULL; i++) {
118 size_t namelen = strlen(non_centry_keys[i]);
119 if (kbuf.dsize < namelen) {
122 if (strncmp(non_centry_keys[i], (const char *)kbuf.dptr, namelen) == 0) {
129 struct winbind_cache {
135 uint32_t sequence_number;
141 void (*smb_panic_fn)(const char *const why) = smb_panic;
143 static struct winbind_cache *wcache;
145 static char *wcache_path(void)
148 * Data needs to be kept persistent in state directory for
149 * running with "winbindd offline logon".
151 return state_path(talloc_tos(), "winbindd_cache.tdb");
154 static void winbindd_domain_init_backend(struct winbindd_domain *domain)
156 if (domain->backend != NULL) {
160 if (domain->internal) {
161 domain->backend = &builtin_passdb_methods;
164 if (dom_sid_equal(&domain->sid, &global_sid_Builtin)) {
165 domain->initialized = true;
168 if (strequal(domain->name, get_global_sam_name()) &&
169 sid_check_is_our_sam(&domain->sid))
171 domain->backend = &sam_passdb_methods;
174 if (!domain->initialized) {
175 /* We do not need a connection to an RW DC for cache operation */
176 init_dc_connection(domain, false);
180 if (domain->backend == NULL) {
181 struct winbindd_domain *our_domain = domain;
183 /* find our domain first so we can figure out if we
184 are joined to a kerberized domain */
186 if (!domain->primary) {
187 our_domain = find_our_domain();
190 if ((our_domain->active_directory || IS_DC)
191 && domain->active_directory
192 && !lp_winbind_rpc_only())
194 DBG_INFO("Setting ADS methods for domain %s\n",
196 domain->backend = &reconnect_ads_methods;
199 #endif /* HAVE_ADS */
201 if (domain->backend == NULL) {
202 DBG_INFO("Setting MS-RPC methods for domain %s\n", domain->name);
203 domain->backend = &reconnect_methods;
207 /* get the winbind_cache structure */
208 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
210 struct winbind_cache *ret = wcache;
212 winbindd_domain_init_backend(domain);
218 ret = SMB_XMALLOC_P(struct winbind_cache);
222 wcache_flush_cache();
228 free a centry structure
230 static void centry_free(struct cache_entry *centry)
234 SAFE_FREE(centry->data);
238 static bool centry_check_bytes(struct cache_entry *centry, size_t nbytes)
240 if (centry->len - centry->ofs < nbytes) {
241 DBG_ERR("centry corruption? needed %u bytes, have %d\n",
242 (unsigned int)nbytes,
243 centry->len - centry->ofs);
250 pull a uint64_t from a cache entry
252 static uint64_t centry_uint64_t(struct cache_entry *centry)
256 if (!centry_check_bytes(centry, 8)) {
257 smb_panic_fn("centry_uint64_t");
259 ret = BVAL(centry->data, centry->ofs);
265 pull a uint32_t from a cache entry
267 static uint32_t centry_uint32(struct cache_entry *centry)
271 if (!centry_check_bytes(centry, 4)) {
272 smb_panic_fn("centry_uint32");
274 ret = IVAL(centry->data, centry->ofs);
280 pull a uint16_t from a cache entry
282 static uint16_t centry_uint16(struct cache_entry *centry)
285 if (!centry_check_bytes(centry, 2)) {
286 smb_panic_fn("centry_uint16");
288 ret = SVAL(centry->data, centry->ofs);
294 pull a uint8_t from a cache entry
296 static uint8_t centry_uint8(struct cache_entry *centry)
299 if (!centry_check_bytes(centry, 1)) {
300 smb_panic_fn("centry_uint8");
302 ret = CVAL(centry->data, centry->ofs);
308 pull a NTTIME from a cache entry
310 static NTTIME centry_nttime(struct cache_entry *centry)
313 if (!centry_check_bytes(centry, 8)) {
314 smb_panic_fn("centry_nttime");
316 ret = IVAL(centry->data, centry->ofs);
318 ret += (uint64_t)IVAL(centry->data, centry->ofs) << 32;
324 pull a time_t from a cache entry. time_t stored portably as a 64-bit time.
326 static time_t centry_time(struct cache_entry *centry)
328 return (time_t)centry_nttime(centry);
331 /* pull a string from a cache entry, using the supplied
334 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
339 len = centry_uint8(centry);
342 /* a deliberate NULL string */
346 if (!centry_check_bytes(centry, (size_t)len)) {
347 smb_panic_fn("centry_string");
350 ret = talloc_array(mem_ctx, char, len+1);
352 smb_panic_fn("centry_string out of memory\n");
354 memcpy(ret,centry->data + centry->ofs, len);
360 /* pull a hash16 from a cache entry, using the supplied
363 static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
368 len = centry_uint8(centry);
371 DBG_ERR("centry corruption? hash len (%u) != 16\n",
376 if (!centry_check_bytes(centry, 16)) {
380 ret = talloc_array(mem_ctx, char, 16);
382 smb_panic_fn("centry_hash out of memory\n");
384 memcpy(ret,centry->data + centry->ofs, 16);
389 /* pull a sid from a cache entry, using the supplied
392 static bool centry_sid(struct cache_entry *centry, struct dom_sid *sid)
397 sid_string = centry_string(centry, talloc_tos());
398 if (sid_string == NULL) {
401 ret = string_to_sid(sid, sid_string);
402 TALLOC_FREE(sid_string);
408 pull a NTSTATUS from a cache entry
410 static NTSTATUS centry_ntstatus(struct cache_entry *centry)
414 status = NT_STATUS(centry_uint32(centry));
419 /* the server is considered down if it can't give us a sequence number */
420 static bool wcache_server_down(struct winbindd_domain *domain)
427 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
430 DBG_DEBUG("wcache_server_down: server for Domain %s down\n",
435 struct wcache_seqnum_state {
437 uint32_t *last_seq_check;
440 static int wcache_seqnum_parser(TDB_DATA key, TDB_DATA data,
443 struct wcache_seqnum_state *state = private_data;
445 if (data.dsize != 8) {
446 DBG_DEBUG("wcache_fetch_seqnum: invalid data size %d\n",
451 *state->seqnum = IVAL(data.dptr, 0);
452 *state->last_seq_check = IVAL(data.dptr, 4);
456 static bool wcache_fetch_seqnum(const char *domain_name, uint32_t *seqnum,
457 uint32_t *last_seq_check)
459 struct wcache_seqnum_state state = {
460 .seqnum = seqnum, .last_seq_check = last_seq_check
462 size_t len = strlen(domain_name);
464 TDB_DATA key = { .dptr = (uint8_t *)keystr, .dsize = sizeof(keystr) };
467 if (wcache->tdb == NULL) {
468 DBG_DEBUG("wcache_fetch_seqnum: tdb == NULL\n");
472 snprintf(keystr, sizeof(keystr), "SEQNUM/%s", domain_name);
474 ret = tdb_parse_record(wcache->tdb, key, wcache_seqnum_parser,
479 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
481 uint32_t last_check, time_diff;
483 if (!wcache_fetch_seqnum(domain->name, &domain->sequence_number,
485 return NT_STATUS_UNSUCCESSFUL;
487 domain->last_seq_check = last_check;
489 /* have we expired? */
491 time_diff = now - domain->last_seq_check;
492 if ((int)time_diff > lp_winbind_cache_time()) {
493 DBG_DEBUG("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
494 domain->name, domain->sequence_number,
495 (uint32_t)domain->last_seq_check);
496 return NT_STATUS_UNSUCCESSFUL;
499 DBG_DEBUG("fetch_cache_seqnum: success [%s][%u @ %u]\n",
500 domain->name, domain->sequence_number,
501 (uint32_t)domain->last_seq_check);
506 bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
507 time_t last_seq_check)
509 size_t len = strlen(domain_name);
511 TDB_DATA key = { .dptr = (uint8_t *)keystr, .dsize = sizeof(keystr) };
515 if (wcache->tdb == NULL) {
516 DBG_DEBUG("wcache_store_seqnum: wcache->tdb == NULL\n");
520 snprintf(keystr, sizeof(keystr), "SEQNUM/%s", domain_name);
522 SIVAL(buf, 0, seqnum);
523 SIVAL(buf, 4, last_seq_check);
525 ret = tdb_store(wcache->tdb, key, make_tdb_data(buf, sizeof(buf)),
528 DBG_DEBUG("tdb_store_bystring failed: %s\n",
529 tdb_errorstr(wcache->tdb));
533 DBG_DEBUG("wcache_store_seqnum: success [%s][%u @ %u]\n",
534 domain_name, seqnum, (unsigned)last_seq_check);
539 static bool store_cache_seqnum( struct winbindd_domain *domain )
541 return wcache_store_seqnum(domain->name, domain->sequence_number,
542 domain->last_seq_check);
546 refresh the domain sequence number on timeout.
549 static void refresh_sequence_number(struct winbindd_domain *domain)
553 time_t t = time(NULL);
554 unsigned cache_time = lp_winbind_cache_time();
556 if (is_domain_offline(domain)) {
562 time_diff = t - domain->last_seq_check;
564 /* see if we have to refetch the domain sequence number */
565 if ((time_diff < cache_time) &&
566 (domain->sequence_number != DOM_SEQUENCE_NONE) &&
567 NT_STATUS_IS_OK(domain->last_status)) {
568 DBG_DEBUG("refresh_sequence_number: %s time ok\n", domain->name);
572 /* try to get the sequence number from the tdb cache first */
573 /* this will update the timestamp as well */
575 status = fetch_cache_seqnum( domain, t );
576 if (NT_STATUS_IS_OK(status) &&
577 (domain->sequence_number != DOM_SEQUENCE_NONE) &&
578 NT_STATUS_IS_OK(domain->last_status)) {
582 /* just use the current time */
583 domain->last_status = NT_STATUS_OK;
584 domain->sequence_number = time(NULL);
585 domain->last_seq_check = time(NULL);
587 /* save the new sequence number in the cache */
588 store_cache_seqnum( domain );
591 DBG_DEBUG("refresh_sequence_number: %s seq number is now %d\n",
592 domain->name, domain->sequence_number);
598 decide if a cache entry has expired
600 static bool centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
602 /* If we've been told to be offline - stay in that state... */
603 if (lp_winbind_offline_logon() && get_global_winbindd_state_offline()) {
604 DBG_DEBUG("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
605 keystr, domain->name );
609 /* when the domain is offline return the cached entry.
610 * This deals with transient offline states... */
612 if (!domain->online) {
613 DBG_DEBUG("centry_expired: Key %s for domain %s valid as domain is offline.\n",
614 keystr, domain->name );
618 /* if the server is OK and our cache entry came from when it was down then
619 the entry is invalid */
620 if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
621 (centry->sequence_number == DOM_SEQUENCE_NONE)) {
622 DBG_DEBUG("centry_expired: Key %s for domain %s invalid sequence.\n",
623 keystr, domain->name );
627 /* if the server is down or the cache entry is not older than the
628 current sequence number or it did not timeout then it is OK */
629 if (wcache_server_down(domain)
630 || ((centry->sequence_number == domain->sequence_number)
631 && ((time_t)centry->timeout > time(NULL)))) {
632 DBG_DEBUG("centry_expired: Key %s for domain %s is good.\n",
633 keystr, domain->name );
637 DBG_DEBUG("centry_expired: Key %s for domain %s expired\n",
638 keystr, domain->name );
644 static struct cache_entry *wcache_fetch_raw(char *kstr)
647 struct cache_entry *centry;
650 key = string_tdb_data(kstr);
651 data = tdb_fetch(wcache->tdb, key);
657 centry = SMB_XMALLOC_P(struct cache_entry);
658 centry->data = (unsigned char *)data.dptr;
659 centry->len = data.dsize;
662 if (centry->len < 16) {
663 /* huh? corrupt cache? */
664 DBG_DEBUG("wcache_fetch_raw: Corrupt cache for key %s "
665 "(len < 16)?\n", kstr);
670 centry->status = centry_ntstatus(centry);
671 centry->sequence_number = centry_uint32(centry);
672 centry->timeout = centry_uint64_t(centry);
677 static bool is_my_own_sam_domain(struct winbindd_domain *domain)
679 if (strequal(domain->name, get_global_sam_name()) &&
680 sid_check_is_our_sam(&domain->sid)) {
687 static bool is_builtin_domain(struct winbindd_domain *domain)
689 if (strequal(domain->name, "BUILTIN") &&
690 sid_check_is_builtin(&domain->sid)) {
698 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
699 number and return status
701 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
702 struct winbindd_domain *domain,
703 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
704 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
705 struct winbindd_domain *domain,
706 const char *format, ...)
710 struct cache_entry *centry;
713 if (!winbindd_use_cache() ||
714 is_my_own_sam_domain(domain) ||
715 is_builtin_domain(domain)) {
719 refresh_sequence_number(domain);
721 va_start(ap, format);
722 ret = vasprintf(&kstr, format, ap);
729 centry = wcache_fetch_raw(kstr);
730 if (centry == NULL) {
735 if (centry_expired(domain, kstr, centry)) {
737 DBG_DEBUG("wcache_fetch: entry %s expired for domain %s\n",
738 kstr, domain->name );
745 DBG_DEBUG("wcache_fetch: returning entry %s for domain %s\n",
746 kstr, domain->name );
752 static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
753 static void wcache_delete(const char *format, ...)
760 va_start(ap, format);
761 ret = vasprintf(&kstr, format, ap);
768 key = string_tdb_data(kstr);
770 tdb_delete(wcache->tdb, key);
775 make sure we have at least len bytes available in a centry
777 static void centry_expand(struct cache_entry *centry, uint32_t len)
779 if (centry->len - centry->ofs >= len)
782 centry->data = SMB_REALLOC_ARRAY(centry->data, unsigned char,
785 DBG_ERR("out of memory: needed %d bytes in centry_expand\n", centry->len);
786 smb_panic_fn("out of memory in centry_expand");
791 push a uint64_t into a centry
793 static void centry_put_uint64_t(struct cache_entry *centry, uint64_t v)
795 centry_expand(centry, 8);
796 SBVAL(centry->data, centry->ofs, v);
801 push a uint32_t into a centry
803 static void centry_put_uint32(struct cache_entry *centry, uint32_t v)
805 centry_expand(centry, 4);
806 SIVAL(centry->data, centry->ofs, v);
811 push a uint16_t into a centry
813 static void centry_put_uint16(struct cache_entry *centry, uint16_t v)
815 centry_expand(centry, 2);
816 SSVAL(centry->data, centry->ofs, v);
821 push a uint8_t into a centry
823 static void centry_put_uint8(struct cache_entry *centry, uint8_t v)
825 centry_expand(centry, 1);
826 SCVAL(centry->data, centry->ofs, v);
831 push a string into a centry
833 static void centry_put_string(struct cache_entry *centry, const char *s)
838 /* null strings are marked as len 0xFFFF */
839 centry_put_uint8(centry, 0xFF);
844 /* can't handle more than 254 char strings. Truncating is probably best */
846 DBG_DEBUG("centry_put_string: truncating len (%d) to: 254\n", len);
849 centry_put_uint8(centry, len);
850 centry_expand(centry, len);
851 memcpy(centry->data + centry->ofs, s, len);
856 push a 16 byte hash into a centry - treat as 16 byte string.
858 static void centry_put_hash16(struct cache_entry *centry, const uint8_t val[16])
860 centry_put_uint8(centry, 16);
861 centry_expand(centry, 16);
862 memcpy(centry->data + centry->ofs, val, 16);
866 static void centry_put_sid(struct cache_entry *centry, const struct dom_sid *sid)
868 struct dom_sid_buf sid_string;
869 centry_put_string(centry, dom_sid_str_buf(sid, &sid_string));
874 put NTSTATUS into a centry
876 static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
878 uint32_t status_value = NT_STATUS_V(status);
879 centry_put_uint32(centry, status_value);
884 push a NTTIME into a centry
886 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
888 centry_expand(centry, 8);
889 SIVAL(centry->data, centry->ofs, nt & 0xFFFFFFFF);
891 SIVAL(centry->data, centry->ofs, nt >> 32);
896 push a time_t into a centry - use a 64 bit size.
897 NTTIME here is being used as a convenient 64-bit size.
899 static void centry_put_time(struct cache_entry *centry, time_t t)
901 NTTIME nt = (NTTIME)t;
902 centry_put_nttime(centry, nt);
906 start a centry for output. When finished, call centry_end()
908 static struct cache_entry *centry_start(struct winbindd_domain *domain,
911 struct cache_entry *centry;
916 centry = SMB_XMALLOC_P(struct cache_entry);
918 centry->len = 8192; /* reasonable default */
919 centry->data = SMB_XMALLOC_ARRAY(uint8_t, centry->len);
921 centry->sequence_number = domain->sequence_number;
922 centry->timeout = lp_winbind_cache_time() + time(NULL);
923 centry_put_ntstatus(centry, status);
924 centry_put_uint32(centry, centry->sequence_number);
925 centry_put_uint64_t(centry, centry->timeout);
930 finish a centry and write it to the tdb
932 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
933 static void centry_end(struct cache_entry *centry, const char *format, ...)
940 if (!winbindd_use_cache()) {
944 va_start(ap, format);
945 ret = vasprintf(&kstr, format, ap);
952 key = string_tdb_data(kstr);
953 data.dptr = centry->data;
954 data.dsize = centry->ofs;
956 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
960 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
961 NTSTATUS status, const char *domain_name,
962 const char *name, const struct dom_sid *sid,
963 enum lsa_SidType type)
967 ok = namemap_cache_set_name2sid(domain_name, name, sid, type,
968 time(NULL) + lp_winbind_cache_time());
970 DBG_DEBUG("namemap_cache_set_name2sid failed\n");
974 * Don't store the reverse mapping. The name came from user
975 * input, and we might not have the correct capitalization,
976 * which is important for nsswitch.
980 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
981 const struct dom_sid *sid, const char *domain_name, const char *name, enum lsa_SidType type)
985 ok = namemap_cache_set_sid2name(sid, domain_name, name, type,
986 time(NULL) + lp_winbind_cache_time());
988 DBG_DEBUG("namemap_cache_set_sid2name failed\n");
991 if (type != SID_NAME_UNKNOWN) {
992 ok = namemap_cache_set_name2sid(
993 domain_name, name, sid, type,
994 time(NULL) + lp_winbind_cache_time());
996 DBG_DEBUG("namemap_cache_set_name2sid failed\n");
1001 static void wcache_save_lockout_policy(struct winbindd_domain *domain,
1003 struct samr_DomInfo12 *lockout_policy)
1005 struct cache_entry *centry;
1007 centry = centry_start(domain, status);
1011 centry_put_nttime(centry, lockout_policy->lockout_duration);
1012 centry_put_nttime(centry, lockout_policy->lockout_window);
1013 centry_put_uint16(centry, lockout_policy->lockout_threshold);
1015 centry_end(centry, "LOC_POL/%s", domain->name);
1017 DBG_DEBUG("wcache_save_lockout_policy: %s\n", domain->name);
1019 centry_free(centry);
1024 static void wcache_save_password_policy(struct winbindd_domain *domain,
1026 struct samr_DomInfo1 *policy)
1028 struct cache_entry *centry;
1030 centry = centry_start(domain, status);
1034 centry_put_uint16(centry, policy->min_password_length);
1035 centry_put_uint16(centry, policy->password_history_length);
1036 centry_put_uint32(centry, policy->password_properties);
1037 centry_put_nttime(centry, policy->max_password_age);
1038 centry_put_nttime(centry, policy->min_password_age);
1040 centry_end(centry, "PWD_POL/%s", domain->name);
1042 DBG_DEBUG("wcache_save_password_policy: %s\n", domain->name);
1044 centry_free(centry);
1047 /***************************************************************************
1048 ***************************************************************************/
1050 static void wcache_save_username_alias(struct winbindd_domain *domain,
1052 const char *name, const char *alias)
1054 struct cache_entry *centry;
1057 if ( (centry = centry_start(domain, status)) == NULL )
1060 centry_put_string( centry, alias );
1062 fstrcpy(uname, name);
1063 (void)strupper_m(uname);
1064 centry_end(centry, "NSS/NA/%s", uname);
1066 DBG_DEBUG("wcache_save_username_alias: %s -> %s\n", name, alias );
1068 centry_free(centry);
1071 static void wcache_save_alias_username(struct winbindd_domain *domain,
1073 const char *alias, const char *name)
1075 struct cache_entry *centry;
1078 if ( (centry = centry_start(domain, status)) == NULL )
1081 centry_put_string( centry, name );
1083 fstrcpy(uname, alias);
1084 (void)strupper_m(uname);
1085 centry_end(centry, "NSS/AN/%s", uname);
1087 DBG_DEBUG("wcache_save_alias_username: %s -> %s\n", alias, name );
1089 centry_free(centry);
1092 /***************************************************************************
1093 ***************************************************************************/
1095 NTSTATUS resolve_username_to_alias( TALLOC_CTX *mem_ctx,
1096 struct winbindd_domain *domain,
1097 const char *name, char **alias )
1099 struct winbind_cache *cache = get_cache(domain);
1100 struct cache_entry *centry = NULL;
1104 if ( domain->internal )
1105 return NT_STATUS_NOT_SUPPORTED;
1110 upper_name = talloc_strdup_upper(mem_ctx, name);
1111 if (upper_name == NULL) {
1112 return NT_STATUS_NO_MEMORY;
1115 centry = wcache_fetch(cache, domain, "NSS/NA/%s", upper_name);
1117 talloc_free(upper_name);
1122 status = centry->status;
1124 if (!NT_STATUS_IS_OK(status)) {
1125 centry_free(centry);
1129 *alias = centry_string( centry, mem_ctx );
1131 centry_free(centry);
1133 DBG_DEBUG("resolve_username_to_alias: [Cached] - mapped %s to %s\n",
1134 name, *alias ? *alias : "(none)");
1136 return (*alias) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1140 /* If its not in cache and we are offline, then fail */
1142 if (is_domain_offline(domain)) {
1143 DBG_DEBUG("resolve_username_to_alias: rejecting query "
1144 "in offline mode\n");
1145 return NT_STATUS_NOT_FOUND;
1148 status = nss_map_to_alias( mem_ctx, domain->name, name, alias );
1150 if ( NT_STATUS_IS_OK( status ) ) {
1151 wcache_save_username_alias(domain, status, name, *alias);
1154 if ( NT_STATUS_EQUAL( status, NT_STATUS_NONE_MAPPED ) ) {
1155 wcache_save_username_alias(domain, status, name, "(NULL)");
1158 DBG_INFO("resolve_username_to_alias: backend query returned %s\n",
1161 if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1162 set_domain_offline( domain );
1168 /***************************************************************************
1169 ***************************************************************************/
1171 NTSTATUS resolve_alias_to_username( TALLOC_CTX *mem_ctx,
1172 struct winbindd_domain *domain,
1173 const char *alias, char **name )
1175 struct winbind_cache *cache = get_cache(domain);
1176 struct cache_entry *centry = NULL;
1180 if ( domain->internal )
1181 return NT_STATUS_NOT_SUPPORTED;
1186 upper_name = talloc_strdup(mem_ctx, alias);
1187 if (upper_name == NULL) {
1188 return NT_STATUS_NO_MEMORY;
1190 if (!strupper_m(upper_name)) {
1191 talloc_free(upper_name);
1192 return NT_STATUS_INVALID_PARAMETER;
1195 centry = wcache_fetch(cache, domain, "NSS/AN/%s", upper_name);
1197 talloc_free(upper_name);
1202 status = centry->status;
1204 if (!NT_STATUS_IS_OK(status)) {
1205 centry_free(centry);
1209 *name = centry_string( centry, mem_ctx );
1211 centry_free(centry);
1213 DBG_DEBUG("resolve_alias_to_username: [Cached] - mapped %s to %s\n",
1214 alias, *name ? *name : "(none)");
1216 return (*name) ? NT_STATUS_OK : NT_STATUS_OBJECT_NAME_NOT_FOUND;
1220 /* If its not in cache and we are offline, then fail */
1222 if (is_domain_offline(domain)) {
1223 DBG_DEBUG("resolve_alias_to_username: rejecting query "
1224 "in offline mode\n");
1225 return NT_STATUS_NOT_FOUND;
1228 /* an alias cannot contain a domain prefix or '@' */
1230 if (strchr(alias, '\\') || strchr(alias, '@')) {
1231 DBG_DEBUG("resolve_alias_to_username: skipping fully "
1232 "qualified name %s\n", alias);
1233 return NT_STATUS_OBJECT_NAME_INVALID;
1236 status = nss_map_from_alias( mem_ctx, domain->name, alias, name );
1238 if ( NT_STATUS_IS_OK( status ) ) {
1239 wcache_save_alias_username( domain, status, alias, *name );
1242 if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1243 wcache_save_alias_username(domain, status, alias, "(NULL)");
1246 DBG_INFO("resolve_alias_to_username: backend query returned %s\n",
1249 if ( NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ) {
1250 set_domain_offline( domain );
1256 NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const struct dom_sid *sid)
1258 struct winbind_cache *cache = get_cache(domain);
1260 struct dom_sid_buf tmp;
1265 return NT_STATUS_INTERNAL_DB_ERROR;
1268 if (is_null_sid(sid)) {
1269 return NT_STATUS_INVALID_SID;
1272 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1273 return NT_STATUS_INVALID_SID;
1276 fstr_sprintf(key_str, "CRED/%s", dom_sid_str_buf(sid, &tmp));
1278 ret = tdb_exists(cache->tdb, string_tdb_data(key_str));
1280 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1283 return NT_STATUS_OK;
1286 /* Lookup creds for a SID - copes with old (unsalted) creds as well
1287 as new salted ones. */
1289 NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
1290 TALLOC_CTX *mem_ctx,
1291 const struct dom_sid *sid,
1292 const uint8_t **cached_nt_pass,
1293 const uint8_t **cached_salt)
1295 struct winbind_cache *cache = get_cache(domain);
1296 struct cache_entry *centry = NULL;
1299 struct dom_sid_buf sidstr;
1302 return NT_STATUS_INTERNAL_DB_ERROR;
1305 if (is_null_sid(sid)) {
1306 return NT_STATUS_INVALID_SID;
1309 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1310 return NT_STATUS_INVALID_SID;
1313 /* Try and get a salted cred first. If we can't
1314 fall back to an unsalted cred. */
1316 centry = wcache_fetch(cache, domain, "CRED/%s",
1317 dom_sid_str_buf(sid, &sidstr));
1319 DBG_DEBUG("wcache_get_creds: entry for [CRED/%s] not found\n",
1320 dom_sid_str_buf(sid, &sidstr));
1321 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1325 * We don't use the time element at this moment,
1326 * but we have to consume it, so that we don't
1327 * need to change the disk format of the cache.
1329 (void)centry_time(centry);
1331 /* In the salted case this isn't actually the nt_hash itself,
1332 but the MD5 of the salt + nt_hash. Let the caller
1333 sort this out. It can tell as we only return the cached_salt
1334 if we are returning a salted cred. */
1336 *cached_nt_pass = (const uint8_t *)centry_hash16(centry, mem_ctx);
1337 if (*cached_nt_pass == NULL) {
1339 dom_sid_str_buf(sid, &sidstr);
1341 /* Bad (old) cred cache. Delete and pretend we
1343 DBG_WARNING("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
1345 wcache_delete("CRED/%s", sidstr.buf);
1346 centry_free(centry);
1347 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1350 /* We only have 17 bytes more data in the salted cred case. */
1351 if (centry->len - centry->ofs == 17) {
1352 *cached_salt = (const uint8_t *)centry_hash16(centry, mem_ctx);
1354 *cached_salt = NULL;
1357 dump_data_pw("cached_nt_pass", *cached_nt_pass, NT_HASH_LEN);
1359 dump_data_pw("cached_salt", *cached_salt, NT_HASH_LEN);
1362 status = centry->status;
1364 DBG_DEBUG("wcache_get_creds: [Cached] - cached creds for user %s status: %s\n",
1365 dom_sid_str_buf(sid, &sidstr),
1366 nt_errstr(status) );
1368 centry_free(centry);
1372 /* Store creds for a SID - only writes out new salted ones. */
1374 NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
1375 const struct dom_sid *sid,
1376 const uint8_t nt_pass[NT_HASH_LEN])
1378 struct cache_entry *centry;
1379 struct dom_sid_buf sid_str;
1381 uint8_t cred_salt[NT_HASH_LEN];
1382 uint8_t salted_hash[NT_HASH_LEN];
1383 gnutls_hash_hd_t hash_hnd = NULL;
1386 if (is_null_sid(sid)) {
1387 return NT_STATUS_INVALID_SID;
1390 if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
1391 return NT_STATUS_INVALID_SID;
1394 centry = centry_start(domain, NT_STATUS_OK);
1396 return NT_STATUS_INTERNAL_DB_ERROR;
1399 dump_data_pw("nt_pass", nt_pass, NT_HASH_LEN);
1401 centry_put_time(centry, time(NULL));
1403 /* Create a salt and then salt the hash. */
1404 generate_random_buffer(cred_salt, NT_HASH_LEN);
1406 rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
1408 centry_free(centry);
1409 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
1412 rc = gnutls_hash(hash_hnd, cred_salt, 16);
1414 gnutls_hash_deinit(hash_hnd, NULL);
1415 centry_free(centry);
1416 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
1418 rc = gnutls_hash(hash_hnd, nt_pass, 16);
1420 gnutls_hash_deinit(hash_hnd, NULL);
1421 centry_free(centry);
1422 return gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
1424 gnutls_hash_deinit(hash_hnd, salted_hash);
1426 centry_put_hash16(centry, salted_hash);
1427 centry_put_hash16(centry, cred_salt);
1428 centry_end(centry, "CRED/%s", dom_sid_str_buf(sid, &sid_str));
1430 DBG_DEBUG("wcache_save_creds: %s\n", sid_str.buf);
1432 centry_free(centry);
1434 return NT_STATUS_OK;
1438 /* Query display info. This is the basic user list fn */
1439 NTSTATUS wb_cache_query_user_list(struct winbindd_domain *domain,
1440 TALLOC_CTX *mem_ctx,
1443 struct winbind_cache *cache = get_cache(domain);
1444 struct cache_entry *centry = NULL;
1445 uint32_t num_rids = 0;
1446 uint32_t *rids = NULL;
1448 unsigned int i, retry;
1449 bool old_status = domain->online;
1456 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1461 num_rids = centry_uint32(centry);
1463 if (num_rids == 0) {
1467 rids = talloc_array(mem_ctx, uint32_t, num_rids);
1469 centry_free(centry);
1470 return NT_STATUS_NO_MEMORY;
1473 for (i=0; i<num_rids; i++) {
1474 rids[i] = centry_uint32(centry);
1478 status = centry->status;
1480 DBG_DEBUG("query_user_list: [Cached] - cached list for domain %s status: %s\n",
1481 domain->name, nt_errstr(status) );
1483 centry_free(centry);
1488 /* Put the query_user_list() in a retry loop. There appears to be
1489 * some bug either with Windows 2000 or Samba's handling of large
1490 * rpc replies. This manifests itself as sudden disconnection
1491 * at a random point in the enumeration of a large (60k) user list.
1492 * The retry loop simply tries the operation again. )-: It's not
1493 * pretty but an acceptable workaround until we work out what the
1494 * real problem is. */
1499 DBG_DEBUG("query_user_list: [Cached] - doing backend query for list for domain %s\n",
1503 status = domain->backend->query_user_list(domain, mem_ctx,
1505 num_rids = talloc_array_length(rids);
1507 if (!NT_STATUS_IS_OK(status)) {
1508 DBG_NOTICE("query_user_list: returned 0x%08x, "
1509 "retrying\n", NT_STATUS_V(status));
1511 reset_cm_connection_on_error(domain, NULL, status);
1512 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
1513 DBG_NOTICE("query_user_list: flushing "
1514 "connection cache\n");
1515 invalidate_cm_connection(domain);
1517 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1518 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1519 if (!domain->internal && old_status) {
1520 set_domain_offline(domain);
1522 /* store partial response. */
1525 * humm, what about the status used for cache?
1526 * Should it be NT_STATUS_OK?
1531 * domain is offline now, and there is no user entries,
1532 * try to fetch from cache again.
1534 if (cache->tdb && !domain->online && !domain->internal && old_status) {
1535 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
1536 /* partial response... */
1540 goto do_fetch_cache;
1547 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
1551 refresh_sequence_number(domain);
1552 if (!NT_STATUS_IS_OK(status)) {
1555 centry = centry_start(domain, status);
1558 centry_put_uint32(centry, num_rids);
1559 for (i=0; i<num_rids; i++) {
1560 centry_put_uint32(centry, rids[i]);
1562 centry_end(centry, "UL/%s", domain->name);
1563 centry_free(centry);
1571 /* list all domain groups */
1572 NTSTATUS wb_cache_enum_dom_groups(struct winbindd_domain *domain,
1573 TALLOC_CTX *mem_ctx,
1574 uint32_t *num_entries,
1575 struct wb_acct_info **info)
1577 struct winbind_cache *cache = get_cache(domain);
1578 struct cache_entry *centry = NULL;
1583 old_status = domain->online;
1587 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1592 *num_entries = centry_uint32(centry);
1594 if (*num_entries == 0)
1597 (*info) = talloc_array(mem_ctx, struct wb_acct_info, *num_entries);
1599 smb_panic_fn("enum_dom_groups out of memory");
1601 for (i=0; i<(*num_entries); i++) {
1602 (*info)[i].acct_name = centry_string(centry, (*info));
1603 (*info)[i].acct_desc = centry_string(centry, (*info));
1604 (*info)[i].rid = centry_uint32(centry);
1608 status = centry->status;
1610 DBG_DEBUG("enum_dom_groups: [Cached] - cached list for domain %s status: %s\n",
1611 domain->name, nt_errstr(status) );
1613 centry_free(centry);
1620 DBG_DEBUG("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1623 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1625 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1626 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1627 if (!domain->internal && old_status) {
1628 set_domain_offline(domain);
1632 !domain->internal &&
1634 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1636 goto do_fetch_cache;
1641 refresh_sequence_number(domain);
1642 if (!NT_STATUS_IS_OK(status)) {
1645 centry = centry_start(domain, status);
1648 centry_put_uint32(centry, *num_entries);
1649 for (i=0; i<(*num_entries); i++) {
1650 centry_put_string(centry, (*info)[i].acct_name);
1651 centry_put_string(centry, (*info)[i].acct_desc);
1652 centry_put_uint32(centry, (*info)[i].rid);
1654 centry_end(centry, "GL/%s/domain", domain->name);
1655 centry_free(centry);
1661 /* list all domain groups */
1662 NTSTATUS wb_cache_enum_local_groups(struct winbindd_domain *domain,
1663 TALLOC_CTX *mem_ctx,
1664 uint32_t *num_entries,
1665 struct wb_acct_info **info)
1667 struct winbind_cache *cache = get_cache(domain);
1668 struct cache_entry *centry = NULL;
1673 old_status = domain->online;
1677 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1682 *num_entries = centry_uint32(centry);
1684 if (*num_entries == 0)
1687 (*info) = talloc_array(mem_ctx, struct wb_acct_info, *num_entries);
1689 smb_panic_fn("enum_dom_groups out of memory");
1691 for (i=0; i<(*num_entries); i++) {
1692 (*info)[i].acct_name = centry_string(centry, (*info));
1693 (*info)[i].acct_desc = centry_string(centry, (*info));
1694 (*info)[i].rid = centry_uint32(centry);
1699 /* If we are returning cached data and the domain controller
1700 is down then we don't know whether the data is up to date
1701 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1704 if (wcache_server_down(domain)) {
1705 DBG_DEBUG("enum_local_groups: returning cached user list and server was down\n");
1706 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1708 status = centry->status;
1710 DBG_DEBUG("enum_local_groups: [Cached] - cached list for domain %s status: %s\n",
1711 domain->name, nt_errstr(status) );
1713 centry_free(centry);
1720 DBG_DEBUG("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1723 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1725 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1726 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1727 if (!domain->internal && old_status) {
1728 set_domain_offline(domain);
1731 !domain->internal &&
1734 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1736 goto do_fetch_cache;
1741 refresh_sequence_number(domain);
1742 if (!NT_STATUS_IS_OK(status)) {
1745 centry = centry_start(domain, status);
1748 centry_put_uint32(centry, *num_entries);
1749 for (i=0; i<(*num_entries); i++) {
1750 centry_put_string(centry, (*info)[i].acct_name);
1751 centry_put_string(centry, (*info)[i].acct_desc);
1752 centry_put_uint32(centry, (*info)[i].rid);
1754 centry_end(centry, "GL/%s/local", domain->name);
1755 centry_free(centry);
1761 struct wcache_name_to_sid_state {
1762 struct dom_sid *sid;
1763 enum lsa_SidType *type;
1768 static void wcache_name_to_sid_fn(const struct dom_sid *sid,
1769 enum lsa_SidType type,
1773 struct wcache_name_to_sid_state *state = private_data;
1776 *state->type = type;
1777 state->found = (!expired || state->offline);
1780 static NTSTATUS wcache_name_to_sid(struct winbindd_domain *domain,
1781 const char *domain_name,
1783 struct dom_sid *sid,
1784 enum lsa_SidType *type)
1786 struct wcache_name_to_sid_state state = {
1787 .sid = sid, .type = type, .found = false,
1788 .offline = is_domain_offline(domain),
1792 ok = namemap_cache_find_name(domain_name, name, wcache_name_to_sid_fn,
1795 DBG_DEBUG("namemap_cache_find_name failed\n");
1796 return NT_STATUS_NOT_FOUND;
1799 DBG_DEBUG("cache entry not found\n");
1800 return NT_STATUS_NOT_FOUND;
1802 if (*type == SID_NAME_UNKNOWN) {
1803 return NT_STATUS_NONE_MAPPED;
1806 return NT_STATUS_OK;
1809 /* convert a single name to a sid in a domain */
1810 NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
1811 TALLOC_CTX *mem_ctx,
1812 const char *domain_name,
1815 struct dom_sid *sid,
1816 enum lsa_SidType *type)
1820 const char *dom_name;
1822 old_status = domain->online;
1824 status = wcache_name_to_sid(domain, domain_name, name, sid, type);
1825 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
1831 DBG_DEBUG("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1834 winbindd_domain_init_backend(domain);
1835 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
1836 name, flags, &dom_name, sid, type);
1838 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1839 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1840 if (!domain->internal && old_status) {
1841 set_domain_offline(domain);
1843 if (!domain->internal &&
1846 NTSTATUS cache_status;
1847 cache_status = wcache_name_to_sid(domain, domain_name, name, sid, type);
1848 return cache_status;
1853 if (domain->online &&
1854 (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) {
1855 enum lsa_SidType save_type = *type;
1857 if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
1858 save_type = SID_NAME_UNKNOWN;
1861 wcache_save_name_to_sid(domain, status, domain_name, name, sid,
1864 /* Only save the reverse mapping if this was not a UPN */
1865 if (!strchr(name, '@')) {
1866 if (!strupper_m(discard_const_p(char, domain_name))) {
1867 return NT_STATUS_INVALID_PARAMETER;
1869 (void)strlower_m(discard_const_p(char, name));
1870 wcache_save_sid_to_name(domain, status, sid,
1871 dom_name, name, save_type);
1878 struct wcache_sid_to_name_state {
1879 TALLOC_CTX *mem_ctx;
1882 enum lsa_SidType *type;
1887 static void wcache_sid_to_name_fn(const char *domain,
1889 enum lsa_SidType type,
1893 struct wcache_sid_to_name_state *state = private_data;
1895 *state->domain_name = talloc_strdup(state->mem_ctx, domain);
1896 if (*state->domain_name == NULL) {
1899 *state->name = talloc_strdup(state->mem_ctx, name);
1900 if (*state->name == NULL) {
1903 *state->type = type;
1904 state->found = (!expired || state->offline);
1907 static NTSTATUS wcache_sid_to_name(struct winbindd_domain *domain,
1908 const struct dom_sid *sid,
1909 TALLOC_CTX *mem_ctx,
1912 enum lsa_SidType *type)
1914 struct wcache_sid_to_name_state state = {
1915 .mem_ctx = mem_ctx, .found = false,
1916 .domain_name = domain_name, .name = name, .type = type,
1917 .offline = is_domain_offline(domain)
1921 ok = namemap_cache_find_sid(sid, wcache_sid_to_name_fn, &state);
1923 DBG_DEBUG("namemap_cache_find_name failed\n");
1924 return NT_STATUS_NOT_FOUND;
1927 DBG_DEBUG("cache entry not found\n");
1928 return NT_STATUS_NOT_FOUND;
1930 if (*type == SID_NAME_UNKNOWN) {
1931 return NT_STATUS_NONE_MAPPED;
1934 return NT_STATUS_OK;
1937 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1939 NTSTATUS wb_cache_sid_to_name(struct winbindd_domain *domain,
1940 TALLOC_CTX *mem_ctx,
1941 const struct dom_sid *sid,
1944 enum lsa_SidType *type)
1949 old_status = domain->online;
1950 status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
1952 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
1957 *domain_name = NULL;
1959 DBG_DEBUG("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1962 winbindd_domain_init_backend(domain);
1964 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1966 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
1967 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
1968 if (!domain->internal && old_status) {
1969 set_domain_offline(domain);
1971 if (!domain->internal &&
1974 NTSTATUS cache_status;
1975 cache_status = wcache_sid_to_name(domain, sid, mem_ctx,
1976 domain_name, name, type);
1977 return cache_status;
1981 if (!NT_STATUS_IS_OK(status)) {
1984 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1986 /* We can't save the name to sid mapping here, as with sid history a
1987 * later name2sid would give the wrong sid. */
1992 NTSTATUS wb_cache_rids_to_names(struct winbindd_domain *domain,
1993 TALLOC_CTX *mem_ctx,
1994 const struct dom_sid *domain_sid,
1999 enum lsa_SidType **types)
2001 struct winbind_cache *cache = get_cache(domain);
2003 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
2008 old_status = domain->online;
2009 *domain_name = NULL;
2017 if (num_rids == 0) {
2018 return NT_STATUS_OK;
2021 *names = talloc_array(mem_ctx, char *, num_rids);
2022 *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids);
2024 if ((*names == NULL) || (*types == NULL)) {
2025 result = NT_STATUS_NO_MEMORY;
2029 have_mapped = have_unmapped = false;
2031 for (i=0; i<num_rids; i++) {
2034 enum lsa_SidType type;
2037 if (!sid_compose(&sid, domain_sid, rids[i])) {
2038 result = NT_STATUS_INTERNAL_ERROR;
2042 status = wcache_sid_to_name(domain, &sid, *names, &dom,
2045 (*types)[i] = SID_NAME_UNKNOWN;
2046 (*names)[i] = talloc_strdup(*names, "");
2048 if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2053 if (NT_STATUS_IS_OK(status)) {
2057 if (*domain_name == NULL) {
2065 } else if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
2066 have_unmapped = true;
2068 /* something's definitely wrong */
2075 return NT_STATUS_NONE_MAPPED;
2077 if (!have_unmapped) {
2078 return NT_STATUS_OK;
2080 return STATUS_SOME_UNMAPPED;
2084 TALLOC_FREE(*names);
2085 TALLOC_FREE(*types);
2087 result = domain->backend->rids_to_names(domain, mem_ctx, domain_sid,
2088 rids, num_rids, domain_name,
2091 if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) ||
2092 NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2093 if (!domain->internal && old_status) {
2094 set_domain_offline(domain);
2097 !domain->internal &&
2100 have_mapped = have_unmapped = false;
2102 *names = talloc_array(mem_ctx, char *, num_rids);
2103 if (*names == NULL) {
2104 result = NT_STATUS_NO_MEMORY;
2108 *types = talloc_array(mem_ctx, enum lsa_SidType,
2110 if (*types == NULL) {
2111 result = NT_STATUS_NO_MEMORY;
2115 for (i=0; i<num_rids; i++) {
2118 enum lsa_SidType type;
2121 if (!sid_compose(&sid, domain_sid, rids[i])) {
2122 result = NT_STATUS_INTERNAL_ERROR;
2126 status = wcache_sid_to_name(domain, &sid,
2130 (*types)[i] = SID_NAME_UNKNOWN;
2131 (*names)[i] = talloc_strdup(*names, "");
2133 if (NT_STATUS_IS_OK(status)) {
2137 if (*domain_name == NULL) {
2145 } else if (NT_STATUS_EQUAL(
2147 NT_STATUS_NONE_MAPPED)) {
2148 have_unmapped = true;
2150 /* something's definitely wrong */
2157 return NT_STATUS_NONE_MAPPED;
2159 if (!have_unmapped) {
2160 return NT_STATUS_OK;
2162 return STATUS_SOME_UNMAPPED;
2166 None of the queried rids has been found so save all negative entries
2168 if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED)) {
2169 for (i = 0; i < num_rids; i++) {
2171 const char *name = "";
2172 const enum lsa_SidType type = SID_NAME_UNKNOWN;
2173 NTSTATUS status = NT_STATUS_NONE_MAPPED;
2175 if (!sid_compose(&sid, domain_sid, rids[i])) {
2176 return NT_STATUS_INTERNAL_ERROR;
2179 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
2187 Some or all of the queried rids have been found.
2189 if (!NT_STATUS_IS_OK(result) &&
2190 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
2194 refresh_sequence_number(domain);
2196 for (i=0; i<num_rids; i++) {
2200 if (!sid_compose(&sid, domain_sid, rids[i])) {
2201 result = NT_STATUS_INTERNAL_ERROR;
2205 status = (*types)[i] == SID_NAME_UNKNOWN ?
2206 NT_STATUS_NONE_MAPPED : NT_STATUS_OK;
2208 wcache_save_sid_to_name(domain, status, &sid, *domain_name,
2209 (*names)[i], (*types)[i]);
2215 TALLOC_FREE(*names);
2216 TALLOC_FREE(*types);
2220 static NTSTATUS wcache_query_user(struct winbindd_domain *domain,
2221 TALLOC_CTX *mem_ctx,
2222 const struct dom_sid *user_sid,
2223 struct wbint_userinfo *info)
2225 struct winbind_cache *cache = get_cache(domain);
2226 struct cache_entry *centry = NULL;
2228 struct dom_sid_buf sid_string;
2230 if (cache->tdb == NULL) {
2231 return NT_STATUS_NOT_FOUND;
2234 centry = wcache_fetch(
2235 cache, domain, "U/%s", dom_sid_str_buf(user_sid, &sid_string));
2236 if (centry == NULL) {
2237 return NT_STATUS_NOT_FOUND;
2240 /* if status is not ok then this is a negative hit
2241 and the rest of the data doesn't matter */
2242 status = centry->status;
2243 if (NT_STATUS_IS_OK(status)) {
2244 info->domain_name = centry_string(centry, mem_ctx);
2245 info->acct_name = centry_string(centry, mem_ctx);
2246 info->full_name = centry_string(centry, mem_ctx);
2247 info->homedir = centry_string(centry, mem_ctx);
2248 info->shell = centry_string(centry, mem_ctx);
2249 info->uid = centry_uint32(centry);
2250 info->primary_gid = centry_uint32(centry);
2251 info->primary_group_name = centry_string(centry, mem_ctx);
2252 centry_sid(centry, &info->user_sid);
2253 centry_sid(centry, &info->group_sid);
2256 DBG_DEBUG("query_user: [Cached] - cached info for domain %s status: "
2257 "%s\n", domain->name, nt_errstr(status) );
2259 centry_free(centry);
2265 * @brief Query a fullname from the username cache (for further gecos processing)
2267 * @param domain A pointer to the winbindd_domain struct.
2268 * @param mem_ctx The talloc context.
2269 * @param user_sid The user sid.
2270 * @param full_name A pointer to the full_name string.
2272 * @return NTSTATUS code
2274 NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
2275 TALLOC_CTX *mem_ctx,
2276 const struct dom_sid *user_sid,
2277 const char **full_name)
2280 struct wbint_userinfo info;
2282 status = wcache_query_user(domain, mem_ctx, user_sid, &info);
2283 if (!NT_STATUS_IS_OK(status)) {
2287 if (info.full_name != NULL) {
2288 *full_name = talloc_strdup(mem_ctx, info.full_name);
2289 if (*full_name == NULL) {
2290 return NT_STATUS_NO_MEMORY;
2294 return NT_STATUS_OK;
2297 static NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
2298 TALLOC_CTX *mem_ctx,
2299 const struct dom_sid *user_sid,
2300 uint32_t *pnum_sids,
2301 struct dom_sid **psids)
2303 struct winbind_cache *cache = get_cache(domain);
2304 struct cache_entry *centry = NULL;
2306 uint32_t i, num_sids;
2307 struct dom_sid *sids;
2308 struct dom_sid_buf sid_string;
2310 if (cache->tdb == NULL) {
2311 return NT_STATUS_NOT_FOUND;
2314 centry = wcache_fetch(
2318 dom_sid_str_buf(user_sid, &sid_string));
2319 if (centry == NULL) {
2320 return NT_STATUS_NOT_FOUND;
2323 num_sids = centry_uint32(centry);
2324 sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
2326 centry_free(centry);
2327 return NT_STATUS_NO_MEMORY;
2330 for (i=0; i<num_sids; i++) {
2331 centry_sid(centry, &sids[i]);
2334 status = centry->status;
2336 DBG_DEBUG("lookup_usergroups: [Cached] - cached info for domain %s "
2337 "status: %s\n", domain->name, nt_errstr(status));
2339 centry_free(centry);
2341 *pnum_sids = num_sids;
2346 /* Lookup groups a user is a member of. */
2347 NTSTATUS wb_cache_lookup_usergroups(struct winbindd_domain *domain,
2348 TALLOC_CTX *mem_ctx,
2349 const struct dom_sid *user_sid,
2350 uint32_t *num_groups,
2351 struct dom_sid **user_gids)
2353 struct cache_entry *centry = NULL;
2356 struct dom_sid_buf sid_string;
2359 old_status = domain->online;
2360 status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
2361 num_groups, user_gids);
2362 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2367 (*user_gids) = NULL;
2369 DBG_DEBUG("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
2372 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
2374 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2375 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2376 if (!domain->internal && old_status) {
2377 set_domain_offline(domain);
2379 if (!domain->internal &&
2382 NTSTATUS cache_status;
2383 cache_status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
2384 num_groups, user_gids);
2385 return cache_status;
2388 if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
2392 refresh_sequence_number(domain);
2393 if (!NT_STATUS_IS_OK(status)) {
2396 centry = centry_start(domain, status);
2400 centry_put_uint32(centry, *num_groups);
2401 for (i=0; i<(*num_groups); i++) {
2402 centry_put_sid(centry, &(*user_gids)[i]);
2405 centry_end(centry, "UG/%s", dom_sid_str_buf(user_sid, &sid_string));
2406 centry_free(centry);
2412 static char *wcache_make_sidlist(TALLOC_CTX *mem_ctx, uint32_t num_sids,
2413 const struct dom_sid *sids)
2418 sidlist = talloc_strdup(mem_ctx, "");
2419 if (sidlist == NULL) {
2422 for (i=0; i<num_sids; i++) {
2423 struct dom_sid_buf tmp;
2424 sidlist = talloc_asprintf_append_buffer(
2427 dom_sid_str_buf(&sids[i], &tmp));
2428 if (sidlist == NULL) {
2435 static NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
2436 TALLOC_CTX *mem_ctx,
2438 const struct dom_sid *sids,
2439 uint32_t *pnum_aliases,
2440 uint32_t **paliases)
2442 struct winbind_cache *cache = get_cache(domain);
2443 struct cache_entry *centry = NULL;
2444 uint32_t i, num_aliases;
2449 if (cache->tdb == NULL) {
2450 return NT_STATUS_NOT_FOUND;
2453 if (num_sids == 0) {
2456 return NT_STATUS_OK;
2459 /* We need to cache indexed by the whole list of SIDs, the aliases
2460 * resulting might come from any of the SIDs. */
2462 sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
2463 if (sidlist == NULL) {
2464 return NT_STATUS_NO_MEMORY;
2467 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
2468 TALLOC_FREE(sidlist);
2469 if (centry == NULL) {
2470 return NT_STATUS_NOT_FOUND;
2473 num_aliases = centry_uint32(centry);
2474 aliases = talloc_array(mem_ctx, uint32_t, num_aliases);
2475 if (aliases == NULL) {
2476 centry_free(centry);
2477 return NT_STATUS_NO_MEMORY;
2480 for (i=0; i<num_aliases; i++) {
2481 aliases[i] = centry_uint32(centry);
2484 status = centry->status;
2486 DBG_DEBUG("lookup_useraliases: [Cached] - cached info for domain: %s "
2487 "status %s\n", domain->name, nt_errstr(status));
2489 centry_free(centry);
2491 *pnum_aliases = num_aliases;
2492 *paliases = aliases;
2497 NTSTATUS wb_cache_lookup_useraliases(struct winbindd_domain *domain,
2498 TALLOC_CTX *mem_ctx,
2500 const struct dom_sid *sids,
2501 uint32_t *num_aliases,
2502 uint32_t **alias_rids)
2504 struct cache_entry *centry = NULL;
2510 old_status = domain->online;
2511 status = wcache_lookup_useraliases(domain, mem_ctx, num_sids, sids,
2512 num_aliases, alias_rids);
2513 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2518 (*alias_rids) = NULL;
2520 DBG_DEBUG("lookup_usergroups: [Cached] - doing backend query for info "
2521 "for domain %s\n", domain->name );
2523 sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
2524 if (sidlist == NULL) {
2525 return NT_STATUS_NO_MEMORY;
2528 status = domain->backend->lookup_useraliases(domain, mem_ctx,
2530 num_aliases, alias_rids);
2532 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2533 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2534 if (!domain->internal && old_status) {
2535 set_domain_offline(domain);
2537 if (!domain->internal &&
2540 NTSTATUS cache_status;
2541 cache_status = wcache_lookup_useraliases(domain, mem_ctx, num_sids,
2542 sids, num_aliases, alias_rids);
2543 return cache_status;
2547 refresh_sequence_number(domain);
2548 if (!NT_STATUS_IS_OK(status)) {
2551 centry = centry_start(domain, status);
2554 centry_put_uint32(centry, *num_aliases);
2555 for (i=0; i<(*num_aliases); i++)
2556 centry_put_uint32(centry, (*alias_rids)[i]);
2557 centry_end(centry, "UA%s", sidlist);
2558 centry_free(centry);
2564 static NTSTATUS wcache_lookup_aliasmem(struct winbindd_domain *domain,
2565 TALLOC_CTX *mem_ctx,
2566 const struct dom_sid *group_sid,
2567 uint32_t *num_names,
2568 struct dom_sid **sid_mem)
2570 struct winbind_cache *cache = get_cache(domain);
2571 struct cache_entry *centry = NULL;
2574 struct dom_sid_buf sid_string;
2576 if (cache->tdb == NULL) {
2577 return NT_STATUS_NOT_FOUND;
2580 centry = wcache_fetch(cache,
2583 dom_sid_str_buf(group_sid, &sid_string));
2584 if (centry == NULL) {
2585 return NT_STATUS_NOT_FOUND;
2590 *num_names = centry_uint32(centry);
2591 if (*num_names == 0) {
2592 centry_free(centry);
2593 return NT_STATUS_OK;
2596 *sid_mem = talloc_array(mem_ctx, struct dom_sid, *num_names);
2597 if (*sid_mem == NULL) {
2598 TALLOC_FREE(*sid_mem);
2599 centry_free(centry);
2600 return NT_STATUS_NO_MEMORY;
2603 for (i = 0; i < (*num_names); i++) {
2604 centry_sid(centry, &(*sid_mem)[i]);
2607 status = centry->status;
2609 D_DEBUG("[Cached] - cached info for domain %s "
2614 centry_free(centry);
2618 NTSTATUS wb_cache_lookup_aliasmem(struct winbindd_domain *domain,
2619 TALLOC_CTX *mem_ctx,
2620 const struct dom_sid *group_sid,
2621 enum lsa_SidType type,
2623 struct dom_sid **sid_mem)
2625 struct cache_entry *centry = NULL;
2628 struct dom_sid_buf sid_string;
2631 old_status = domain->online;
2632 status = wcache_lookup_aliasmem(domain,
2637 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2644 D_DEBUG("[Cached] - doing backend query for info for domain %s\n",
2647 status = domain->backend->lookup_aliasmem(domain,
2654 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2655 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2656 if (!domain->internal && old_status) {
2657 set_domain_offline(domain);
2659 if (!domain->internal && !domain->online && old_status) {
2660 NTSTATUS cache_status;
2661 cache_status = wcache_lookup_aliasmem(domain,
2666 return cache_status;
2670 refresh_sequence_number(domain);
2671 if (!NT_STATUS_IS_OK(status)) {
2674 centry = centry_start(domain, status);
2677 centry_put_uint32(centry, *num_sids);
2678 for (i = 0; i < (*num_sids); i++) {
2679 centry_put_sid(centry, &(*sid_mem)[i]);
2681 centry_end(centry, "AM/%s", dom_sid_str_buf(group_sid, &sid_string));
2682 centry_free(centry);
2688 static NTSTATUS wcache_lookup_groupmem(struct winbindd_domain *domain,
2689 TALLOC_CTX *mem_ctx,
2690 const struct dom_sid *group_sid,
2691 uint32_t *num_names,
2692 struct dom_sid **sid_mem, char ***names,
2693 uint32_t **name_types)
2695 struct winbind_cache *cache = get_cache(domain);
2696 struct cache_entry *centry = NULL;
2699 struct dom_sid_buf sid_string;
2701 if (cache->tdb == NULL) {
2702 return NT_STATUS_NOT_FOUND;
2705 centry = wcache_fetch(
2709 dom_sid_str_buf(group_sid, &sid_string));
2710 if (centry == NULL) {
2711 return NT_STATUS_NOT_FOUND;
2718 *num_names = centry_uint32(centry);
2719 if (*num_names == 0) {
2720 centry_free(centry);
2721 return NT_STATUS_OK;
2724 *sid_mem = talloc_array(mem_ctx, struct dom_sid, *num_names);
2725 *names = talloc_array(mem_ctx, char *, *num_names);
2726 *name_types = talloc_array(mem_ctx, uint32_t, *num_names);
2728 if ((*sid_mem == NULL) || (*names == NULL) || (*name_types == NULL)) {
2729 TALLOC_FREE(*sid_mem);
2730 TALLOC_FREE(*names);
2731 TALLOC_FREE(*name_types);
2732 centry_free(centry);
2733 return NT_STATUS_NO_MEMORY;
2736 for (i=0; i<(*num_names); i++) {
2737 centry_sid(centry, &(*sid_mem)[i]);
2738 (*names)[i] = centry_string(centry, mem_ctx);
2739 (*name_types)[i] = centry_uint32(centry);
2742 status = centry->status;
2744 DBG_DEBUG("lookup_groupmem: [Cached] - cached info for domain %s "
2745 "status: %s\n", domain->name, nt_errstr(status));
2747 centry_free(centry);
2751 NTSTATUS wb_cache_lookup_groupmem(struct winbindd_domain *domain,
2752 TALLOC_CTX *mem_ctx,
2753 const struct dom_sid *group_sid,
2754 enum lsa_SidType type,
2755 uint32_t *num_names,
2756 struct dom_sid **sid_mem,
2758 uint32_t **name_types)
2760 struct cache_entry *centry = NULL;
2763 struct dom_sid_buf sid_string;
2766 old_status = domain->online;
2767 status = wcache_lookup_groupmem(domain, mem_ctx, group_sid, num_names,
2768 sid_mem, names, name_types);
2769 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
2776 (*name_types) = NULL;
2778 DBG_DEBUG("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
2781 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid,
2783 sid_mem, names, name_types);
2785 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2786 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2787 if (!domain->internal && old_status) {
2788 set_domain_offline(domain);
2790 if (!domain->internal &&
2793 NTSTATUS cache_status;
2794 cache_status = wcache_lookup_groupmem(domain, mem_ctx, group_sid,
2795 num_names, sid_mem, names,
2797 return cache_status;
2801 refresh_sequence_number(domain);
2802 if (!NT_STATUS_IS_OK(status)) {
2805 centry = centry_start(domain, status);
2808 centry_put_uint32(centry, *num_names);
2809 for (i=0; i<(*num_names); i++) {
2810 centry_put_sid(centry, &(*sid_mem)[i]);
2811 centry_put_string(centry, (*names)[i]);
2812 centry_put_uint32(centry, (*name_types)[i]);
2816 dom_sid_str_buf(group_sid, &sid_string));
2817 centry_free(centry);
2823 /* find the sequence number for a domain */
2824 NTSTATUS wb_cache_sequence_number(struct winbindd_domain *domain,
2827 refresh_sequence_number(domain);
2829 *seq = domain->sequence_number;
2831 return NT_STATUS_OK;
2834 /* enumerate trusted domains
2835 * (we need to have the list of trustdoms in the cache when we go offline) -
2837 NTSTATUS wb_cache_trusted_domains(struct winbindd_domain *domain,
2838 TALLOC_CTX *mem_ctx,
2839 struct netr_DomainTrustList *trusts)
2842 struct winbind_cache *cache;
2843 struct winbindd_tdc_domain *dom_list = NULL;
2844 size_t num_domains = 0;
2845 bool retval = false;
2849 old_status = domain->online;
2851 trusts->array = NULL;
2853 cache = get_cache(domain);
2854 if (!cache || !cache->tdb) {
2858 if (domain->online) {
2862 retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
2863 if (!retval || !num_domains || !dom_list) {
2864 TALLOC_FREE(dom_list);
2869 trusts->array = talloc_zero_array(mem_ctx, struct netr_DomainTrust, num_domains);
2870 if (!trusts->array) {
2871 TALLOC_FREE(dom_list);
2872 return NT_STATUS_NO_MEMORY;
2875 for (i = 0; i < num_domains; i++) {
2876 struct netr_DomainTrust *trust;
2877 struct dom_sid *sid;
2878 struct winbindd_domain *dom;
2880 dom = find_domain_from_name_noinit(dom_list[i].domain_name);
2881 if (dom && dom->internal) {
2885 trust = &trusts->array[trusts->count];
2886 trust->netbios_name = talloc_strdup(trusts->array, dom_list[i].domain_name);
2887 trust->dns_name = talloc_strdup(trusts->array, dom_list[i].dns_name);
2888 sid = talloc(trusts->array, struct dom_sid);
2889 if (!trust->netbios_name || !trust->dns_name ||
2891 TALLOC_FREE(dom_list);
2892 TALLOC_FREE(trusts->array);
2893 return NT_STATUS_NO_MEMORY;
2896 trust->trust_flags = dom_list[i].trust_flags;
2897 trust->trust_attributes = dom_list[i].trust_attribs;
2898 trust->trust_type = dom_list[i].trust_type;
2899 sid_copy(sid, &dom_list[i].sid);
2904 TALLOC_FREE(dom_list);
2905 return NT_STATUS_OK;
2908 DBG_DEBUG("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
2911 status = domain->backend->trusted_domains(domain, mem_ctx, trusts);
2913 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2914 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2915 if (!domain->internal && old_status) {
2916 set_domain_offline(domain);
2918 if (!domain->internal &&
2921 retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
2922 if (retval && num_domains && dom_list) {
2923 TALLOC_FREE(trusts->array);
2925 goto do_fetch_cache;
2929 /* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
2930 * so that the generic centry handling still applies correctly -
2933 if (!NT_STATUS_IS_ERR(status)) {
2934 status = NT_STATUS_OK;
2939 /* get lockout policy */
2940 NTSTATUS wb_cache_lockout_policy(struct winbindd_domain *domain,
2941 TALLOC_CTX *mem_ctx,
2942 struct samr_DomInfo12 *policy)
2944 struct winbind_cache *cache = get_cache(domain);
2945 struct cache_entry *centry = NULL;
2949 old_status = domain->online;
2953 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
2959 policy->lockout_duration = centry_nttime(centry);
2960 policy->lockout_window = centry_nttime(centry);
2961 policy->lockout_threshold = centry_uint16(centry);
2963 status = centry->status;
2965 DBG_DEBUG("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
2966 domain->name, nt_errstr(status) );
2968 centry_free(centry);
2972 ZERO_STRUCTP(policy);
2974 DBG_DEBUG("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
2977 status = domain->backend->lockout_policy(domain, mem_ctx, policy);
2979 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
2980 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
2981 if (!domain->internal && old_status) {
2982 set_domain_offline(domain);
2985 !domain->internal &&
2988 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
2990 goto do_fetch_cache;
2995 refresh_sequence_number(domain);
2996 if (!NT_STATUS_IS_OK(status)) {
2999 wcache_save_lockout_policy(domain, status, policy);
3004 /* get password policy */
3005 NTSTATUS wb_cache_password_policy(struct winbindd_domain *domain,
3006 TALLOC_CTX *mem_ctx,
3007 struct samr_DomInfo1 *policy)
3009 struct winbind_cache *cache = get_cache(domain);
3010 struct cache_entry *centry = NULL;
3014 old_status = domain->online;
3018 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
3024 policy->min_password_length = centry_uint16(centry);
3025 policy->password_history_length = centry_uint16(centry);
3026 policy->password_properties = centry_uint32(centry);
3027 policy->max_password_age = centry_nttime(centry);
3028 policy->min_password_age = centry_nttime(centry);
3030 status = centry->status;
3032 DBG_DEBUG("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
3033 domain->name, nt_errstr(status) );
3035 centry_free(centry);
3039 ZERO_STRUCTP(policy);
3041 DBG_DEBUG("password_policy: [Cached] - doing backend query for info for domain %s\n",
3044 status = domain->backend->password_policy(domain, mem_ctx, policy);
3046 if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
3047 NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
3048 if (!domain->internal && old_status) {
3049 set_domain_offline(domain);
3052 !domain->internal &&
3055 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
3057 goto do_fetch_cache;
3062 refresh_sequence_number(domain);
3063 if (!NT_STATUS_IS_OK(status)) {
3066 wcache_save_password_policy(domain, status, policy);
3072 /* Invalidate cached user and group lists coherently */
3074 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
3077 if (strncmp((const char *)kbuf.dptr, "UL/", 3) == 0 ||
3078 strncmp((const char *)kbuf.dptr, "GL/", 3) == 0)
3079 tdb_delete(the_tdb, kbuf);
3084 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
3086 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
3087 const struct dom_sid *sid)
3090 struct dom_sid_buf sid_string;
3091 struct winbind_cache *cache;
3093 /* don't clear cached U/SID and UG/SID entries when we want to logon
3096 if (lp_winbind_offline_logon()) {
3103 cache = get_cache(domain);
3109 /* Clear U/SID cache entry */
3110 fstr_sprintf(key_str, "U/%s", dom_sid_str_buf(sid, &sid_string));
3111 DBG_DEBUG("wcache_invalidate_samlogon: clearing %s\n", key_str);
3112 tdb_delete(cache->tdb, string_tdb_data(key_str));
3114 /* Clear UG/SID cache entry */
3115 fstr_sprintf(key_str, "UG/%s", dom_sid_str_buf(sid, &sid_string));
3116 DBG_DEBUG("wcache_invalidate_samlogon: clearing %s\n", key_str);
3117 tdb_delete(cache->tdb, string_tdb_data(key_str));
3119 /* Samba/winbindd never needs this. */
3120 netsamlogon_clear_cached_user(sid);
3123 bool wcache_invalidate_cache(void)
3125 struct winbindd_domain *domain;
3127 for (domain = domain_list(); domain; domain = domain->next) {
3128 struct winbind_cache *cache = get_cache(domain);
3130 DBG_DEBUG("wcache_invalidate_cache: invalidating cache "
3131 "entries for %s\n", domain->name);
3134 tdb_traverse(cache->tdb, traverse_fn, NULL);
3143 bool wcache_invalidate_cache_noinit(void)
3145 struct winbindd_domain *domain;
3147 for (domain = domain_list(); domain; domain = domain->next) {
3148 struct winbind_cache *cache;
3150 /* Skip uninitialized domains. */
3151 if (!domain->initialized && !domain->internal) {
3155 cache = get_cache(domain);
3157 DBG_DEBUG("wcache_invalidate_cache: invalidating cache "
3158 "entries for %s\n", domain->name);
3161 tdb_traverse(cache->tdb, traverse_fn, NULL);
3163 * Flushing cache has nothing to with domains.
3164 * return here if we successfully flushed once.
3165 * To avoid unnecessary traversing the cache.
3176 static bool init_wcache(void)
3180 if (wcache == NULL) {
3181 wcache = SMB_XMALLOC_P(struct winbind_cache);
3182 ZERO_STRUCTP(wcache);
3185 if (wcache->tdb != NULL)
3188 db_path = wcache_path();
3189 if (db_path == NULL) {
3193 /* when working offline we must not clear the cache on restart */
3194 wcache->tdb = tdb_open_log(db_path,
3195 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
3196 TDB_INCOMPATIBLE_HASH |
3197 (lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)),
3198 O_RDWR|O_CREAT, 0600);
3199 TALLOC_FREE(db_path);
3200 if (wcache->tdb == NULL) {
3201 DBG_ERR("Failed to open winbindd_cache.tdb!\n");
3208 /************************************************************************
3209 This is called by the parent to initialize the cache file.
3210 We don't need sophisticated locking here as we know we're the
3212 ************************************************************************/
3214 bool initialize_winbindd_cache(void)
3216 bool cache_bad = false;
3220 if (!init_wcache()) {
3221 DBG_ERR("initialize_winbindd_cache: init_wcache failed.\n");
3225 /* Check version number. */
3226 ok = tdb_fetch_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers);
3228 DBG_DEBUG("Failed to get cache version\n");
3231 if (vers != WINBINDD_CACHE_VERSION) {
3232 DBG_DEBUG("Invalid cache version %u != %u\n",
3234 WINBINDD_CACHE_VERSION);
3241 DBG_NOTICE("initialize_winbindd_cache: clearing cache "
3242 "and re-creating with version number %d\n",
3243 WINBINDD_CACHE_VERSION);
3245 tdb_close(wcache->tdb);
3248 db_path = wcache_path();
3249 if (db_path == NULL) {
3253 if (unlink(db_path) == -1) {
3254 DBG_ERR("initialize_winbindd_cache: unlink %s failed %s\n",
3257 TALLOC_FREE(db_path);
3260 TALLOC_FREE(db_path);
3261 if (!init_wcache()) {
3262 DBG_ERR("initialize_winbindd_cache: re-initialization "
3263 "init_wcache failed.\n");
3267 /* Write the version. */
3268 if (!tdb_store_uint32(wcache->tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION)) {
3269 DBG_ERR("initialize_winbindd_cache: version number store failed %s\n",
3270 tdb_errorstr(wcache->tdb) );
3275 tdb_close(wcache->tdb);
3280 void close_winbindd_cache(void)
3286 tdb_close(wcache->tdb);
3291 bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
3292 char **domain_name, char **name,
3293 enum lsa_SidType *type)
3295 struct winbindd_domain *domain;
3298 domain = find_lookup_domain_from_sid(sid);
3299 if (domain == NULL) {
3302 status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
3304 return NT_STATUS_IS_OK(status);
3307 bool lookup_cached_name(const char *namespace,
3308 const char *domain_name,
3310 struct dom_sid *sid,
3311 enum lsa_SidType *type)
3313 struct winbindd_domain *domain;
3315 bool original_online_state;
3317 domain = find_lookup_domain_from_name(namespace);
3318 if (domain == NULL) {
3322 /* If we are doing a cached logon, temporarily set the domain
3323 offline so the cache won't expire the entry */
3325 original_online_state = domain->online;
3326 domain->online = false;
3327 status = wcache_name_to_sid(domain, domain_name, name, sid, type);
3328 domain->online = original_online_state;
3330 return NT_STATUS_IS_OK(status);
3334 * Cache a name to sid without checking the sequence number.
3335 * Used when caching from a trusted PAC.
3338 void cache_name2sid_trusted(struct winbindd_domain *domain,
3339 const char *domain_name,
3341 enum lsa_SidType type,
3342 const struct dom_sid *sid)
3345 * Ensure we store the mapping with the
3346 * existing sequence number from the cache.
3349 (void)fetch_cache_seqnum(domain, time(NULL));
3350 wcache_save_name_to_sid(domain,
3358 void cache_name2sid(struct winbindd_domain *domain,
3359 const char *domain_name, const char *name,
3360 enum lsa_SidType type, const struct dom_sid *sid)
3362 refresh_sequence_number(domain);
3363 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
3368 * The original idea that this cache only contains centries has
3369 * been blurred - now other stuff gets put in here. Ensure we
3370 * ignore these things on cleanup.
3373 static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
3374 TDB_DATA dbuf, void *state)
3376 struct cache_entry *centry;
3378 if (is_non_centry_key(kbuf)) {
3382 centry = wcache_fetch_raw((char *)kbuf.dptr);
3387 if (!NT_STATUS_IS_OK(centry->status)) {
3388 DBG_DEBUG("deleting centry %s\n", (const char *)kbuf.dptr);
3389 tdb_delete(the_tdb, kbuf);
3392 centry_free(centry);
3396 /* flush the cache */
3397 static void wcache_flush_cache(void)
3404 tdb_close(wcache->tdb);
3407 if (!winbindd_use_cache()) {
3411 db_path = wcache_path();
3412 if (db_path == NULL) {
3416 /* when working offline we must not clear the cache on restart */
3417 wcache->tdb = tdb_open_log(db_path,
3418 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
3419 TDB_INCOMPATIBLE_HASH |
3420 (lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)),
3421 O_RDWR|O_CREAT, 0600);
3422 TALLOC_FREE(db_path);
3424 DBG_ERR("Failed to open winbindd_cache.tdb!\n");
3428 tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
3430 DBG_DEBUG("wcache_flush_cache success\n");
3433 /* Count cached creds */
3435 static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
3438 int *cred_count = (int*)state;
3440 if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
3446 NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
3448 struct winbind_cache *cache = get_cache(domain);
3453 return NT_STATUS_INTERNAL_DB_ERROR;
3456 tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
3458 return NT_STATUS_OK;
3462 struct cred_list *prev, *next;
3467 static struct cred_list *wcache_cred_list;
3469 static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
3472 struct cred_list *cred;
3474 if (strncmp((const char *)kbuf.dptr, "CRED/", 5) == 0) {
3476 cred = SMB_MALLOC_P(struct cred_list);
3478 DBG_ERR("traverse_fn_remove_first_creds: failed to malloc new entry for list\n");
3484 /* save a copy of the key */
3486 fstrcpy(cred->name, (const char *)kbuf.dptr);
3487 DLIST_ADD(wcache_cred_list, cred);
3493 NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const struct dom_sid *sid)
3495 struct winbind_cache *cache = get_cache(domain);
3498 struct cred_list *cred, *next, *oldest = NULL;
3501 return NT_STATUS_INTERNAL_DB_ERROR;
3504 /* we possibly already have an entry */
3505 if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
3508 struct dom_sid_buf tmp;
3510 DBG_DEBUG("we already have an entry, deleting that\n");
3512 fstr_sprintf(key_str, "CRED/%s", dom_sid_str_buf(sid, &tmp));
3514 tdb_delete(cache->tdb, string_tdb_data(key_str));
3516 return NT_STATUS_OK;
3519 ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
3521 return NT_STATUS_OK;
3522 } else if ((ret < 0) || (wcache_cred_list == NULL)) {
3523 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
3526 ZERO_STRUCTP(oldest);
3528 for (cred = wcache_cred_list; cred; cred = cred->next) {
3533 data = tdb_fetch(cache->tdb, string_tdb_data(cred->name));
3535 DBG_DEBUG("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
3537 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
3541 t = IVAL(data.dptr, 0);
3542 SAFE_FREE(data.dptr);
3545 oldest = SMB_MALLOC_P(struct cred_list);
3546 if (oldest == NULL) {
3547 status = NT_STATUS_NO_MEMORY;
3551 fstrcpy(oldest->name, cred->name);
3552 oldest->created = t;
3556 if (t < oldest->created) {
3557 fstrcpy(oldest->name, cred->name);
3558 oldest->created = t;
3562 if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
3563 status = NT_STATUS_OK;
3565 status = NT_STATUS_UNSUCCESSFUL;
3568 for (cred = wcache_cred_list; cred; cred = next) {
3570 DLIST_REMOVE(wcache_cred_list, cred);
3578 /* Change the global online/offline state. */
3579 bool set_global_winbindd_state_offline(void)
3582 uint8_t buf[4] = {0};
3585 .dsize = sizeof(buf)
3589 DBG_NOTICE("Offline requested\n");
3591 if (wcache == NULL || wcache->tdb == NULL) {
3592 DBG_NOTICE("Winbind cache doesn't exist yet\n");
3596 if (!lp_winbind_offline_logon()) {
3597 DBG_DEBUG("Rejecting request to set winbind offline, "
3598 "offline logons are disabled in smb.conf\n");
3602 ok = get_global_winbindd_state_offline();
3607 PUSH_LE_U32(buf, 0, time(NULL));
3609 rc = tdb_store_bystring(wcache->tdb,
3621 void set_global_winbindd_state_online(void)
3623 DBG_DEBUG("set_global_winbindd_state_online: online requested.\n");
3625 if (!lp_winbind_offline_logon()) {
3626 DBG_DEBUG("Rejecting request to set winbind online, "
3627 "offline logons are disabled in smb.conf.\n");
3635 /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
3636 tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
3639 bool get_global_winbindd_state_offline(void)
3643 data = tdb_fetch_bystring(wcache->tdb, "WINBINDD_OFFLINE");
3644 if (data.dptr == NULL || data.dsize != 4) {
3645 DBG_DEBUG("Offline state not set.\n");
3646 SAFE_FREE(data.dptr);
3653 /***********************************************************************
3654 Validate functions for all possible cache tdb keys.
3655 ***********************************************************************/
3657 static struct cache_entry *create_centry_validate(const char *kstr, TDB_DATA data,
3658 struct tdb_validation_status *state)
3660 struct cache_entry *centry;
3662 centry = SMB_XMALLOC_P(struct cache_entry);
3663 centry->data = (unsigned char *)smb_memdup(data.dptr, data.dsize);
3664 if (!centry->data) {
3668 centry->len = data.dsize;
3671 if (centry->len < 16) {
3672 /* huh? corrupt cache? */
3673 DBG_ERR("create_centry_validate: Corrupt cache for key %s "
3674 "(len < 16) ?\n", kstr);
3675 centry_free(centry);
3676 state->bad_entry = true;
3677 state->success = false;
3681 centry->status = NT_STATUS(centry_uint32(centry));
3682 centry->sequence_number = centry_uint32(centry);
3683 centry->timeout = centry_uint64_t(centry);
3687 static int validate_seqnum(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3688 struct tdb_validation_status *state)
3690 if (dbuf.dsize != 8) {
3691 DBG_ERR("validate_seqnum: Corrupt cache for key %s (len %u != 8) ?\n",
3692 keystr, (unsigned int)dbuf.dsize );
3693 state->bad_entry = true;
3699 static int validate_u(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3700 struct tdb_validation_status *state)
3702 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3709 (void)centry_string(centry, mem_ctx);
3710 (void)centry_string(centry, mem_ctx);
3711 (void)centry_string(centry, mem_ctx);
3712 (void)centry_string(centry, mem_ctx);
3713 (void)centry_string(centry, mem_ctx);
3714 (void)centry_uint32(centry);
3715 (void)centry_uint32(centry);
3716 (void)centry_string(centry, mem_ctx);
3717 (void)centry_sid(centry, &sid);
3718 (void)centry_sid(centry, &sid);
3720 centry_free(centry);
3722 if (!(state->success)) {
3725 DBG_DEBUG("validate_u: %s ok\n", keystr);
3729 static int validate_loc_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3730 struct tdb_validation_status *state)
3732 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3738 (void)centry_nttime(centry);
3739 (void)centry_nttime(centry);
3740 (void)centry_uint16(centry);
3742 centry_free(centry);
3744 if (!(state->success)) {
3747 DBG_DEBUG("validate_loc_pol: %s ok\n", keystr);
3751 static int validate_pwd_pol(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3752 struct tdb_validation_status *state)
3754 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3760 (void)centry_uint16(centry);
3761 (void)centry_uint16(centry);
3762 (void)centry_uint32(centry);
3763 (void)centry_nttime(centry);
3764 (void)centry_nttime(centry);
3766 centry_free(centry);
3768 if (!(state->success)) {
3771 DBG_DEBUG("validate_pwd_pol: %s ok\n", keystr);
3775 static int validate_cred(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3776 struct tdb_validation_status *state)
3778 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3784 (void)centry_time(centry);
3785 (void)centry_hash16(centry, mem_ctx);
3787 /* We only have 17 bytes more data in the salted cred case. */
3788 if (centry->len - centry->ofs == 17) {
3789 (void)centry_hash16(centry, mem_ctx);
3792 centry_free(centry);
3794 if (!(state->success)) {
3797 DBG_DEBUG("validate_cred: %s ok\n", keystr);
3801 static int validate_ul(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3802 struct tdb_validation_status *state)
3804 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3805 int32_t num_entries, i;
3811 num_entries = (int32_t)centry_uint32(centry);
3813 for (i=0; i< num_entries; i++) {
3814 (void)centry_uint32(centry);
3817 centry_free(centry);
3819 if (!(state->success)) {
3822 DBG_DEBUG("validate_ul: %s ok\n", keystr);
3826 static int validate_gl(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3827 struct tdb_validation_status *state)
3829 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3830 int32_t num_entries, i;
3836 num_entries = centry_uint32(centry);
3838 for (i=0; i< num_entries; i++) {
3839 (void)centry_string(centry, mem_ctx);
3840 (void)centry_string(centry, mem_ctx);
3841 (void)centry_uint32(centry);
3844 centry_free(centry);
3846 if (!(state->success)) {
3849 DBG_DEBUG("validate_gl: %s ok\n", keystr);
3853 static int validate_ug(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3854 struct tdb_validation_status *state)
3856 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3857 int32_t num_groups, i;
3863 num_groups = centry_uint32(centry);
3865 for (i=0; i< num_groups; i++) {
3867 centry_sid(centry, &sid);
3870 centry_free(centry);
3872 if (!(state->success)) {
3875 DBG_DEBUG("validate_ug: %s ok\n", keystr);
3879 static int validate_ua(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3880 struct tdb_validation_status *state)
3882 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3883 int32_t num_aliases, i;
3889 num_aliases = centry_uint32(centry);
3891 for (i=0; i < num_aliases; i++) {
3892 (void)centry_uint32(centry);
3895 centry_free(centry);
3897 if (!(state->success)) {
3900 DBG_DEBUG("validate_ua: %s ok\n", keystr);
3904 static int validate_gm(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3905 struct tdb_validation_status *state)
3907 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3908 int32_t num_names, i;
3914 num_names = centry_uint32(centry);
3916 for (i=0; i< num_names; i++) {
3918 centry_sid(centry, &sid);
3919 (void)centry_string(centry, mem_ctx);
3920 (void)centry_uint32(centry);
3923 centry_free(centry);
3925 if (!(state->success)) {
3928 DBG_DEBUG("validate_gm: %s ok\n", keystr);
3932 static int validate_dr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3933 struct tdb_validation_status *state)
3935 /* Can't say anything about this other than must be nonzero. */
3936 if (dbuf.dsize == 0) {
3937 DBG_ERR("validate_dr: Corrupt cache for key %s (len == 0) ?\n",
3939 state->bad_entry = true;
3940 state->success = false;
3944 DBG_DEBUG("validate_dr: %s ok\n", keystr);
3948 static int validate_de(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
3949 struct tdb_validation_status *state)
3951 /* Can't say anything about this other than must be nonzero. */
3952 if (dbuf.dsize == 0) {
3953 DBG_ERR("validate_de: Corrupt cache for key %s (len == 0) ?\n",
3955 state->bad_entry = true;
3956 state->success = false;
3960 DBG_DEBUG("validate_de: %s ok\n", keystr);
3964 static int validate_nss_an(TALLOC_CTX *mem_ctx, const char *keystr,
3966 struct tdb_validation_status *state)
3968 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3974 (void)centry_string( centry, mem_ctx );
3976 centry_free(centry);
3978 if (!(state->success)) {
3981 DBG_DEBUG("validate_pwinfo: %s ok\n", keystr);
3985 static int validate_nss_na(TALLOC_CTX *mem_ctx, const char *keystr,
3987 struct tdb_validation_status *state)
3989 struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
3995 (void)centry_string( centry, mem_ctx );
3997 centry_free(centry);
3999 if (!(state->success)) {
4002 DBG_DEBUG("%s ok\n", keystr);
4006 static int validate_trustdomcache(TALLOC_CTX *mem_ctx, const char *keystr,
4008 struct tdb_validation_status *state)
4010 if (dbuf.dsize == 0) {
4011 DBG_ERR("validate_trustdomcache: Corrupt cache for "
4012 "key %s (len ==0) ?\n", keystr);
4013 state->bad_entry = true;
4014 state->success = false;
4018 DBG_DEBUG("validate_trustdomcache: %s ok\n"
4019 " Don't trust me, I am a DUMMY!\n",
4024 static int validate_offline(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
4025 struct tdb_validation_status *state)
4027 if (dbuf.dsize != 4) {
4028 DBG_ERR("validate_offline: Corrupt cache for key %s (len %u != 4) ?\n",
4029 keystr, (unsigned int)dbuf.dsize );
4030 state->bad_entry = true;
4031 state->success = false;
4034 DBG_DEBUG("validate_offline: %s ok\n", keystr);
4038 static int validate_ndr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
4039 struct tdb_validation_status *state)
4042 * Ignore validation for now. The proper way to do this is with a
4043 * checksum. Just pure parsing does not really catch much.
4048 static int validate_cache_version(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
4049 struct tdb_validation_status *state)
4051 if (dbuf.dsize != 4) {
4052 DBG_ERR("validate_cache_version: Corrupt cache for "
4053 "key %s (len %u != 4) ?\n",
4054 keystr, (unsigned int)dbuf.dsize);
4055 state->bad_entry = true;
4056 state->success = false;
4060 DBG_DEBUG("validate_cache_version: %s ok\n", keystr);
4064 /***********************************************************************
4065 A list of all possible cache tdb keys with associated validation
4067 ***********************************************************************/
4069 struct key_val_struct {
4070 const char *keyname;
4071 int (*validate_data_fn)(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf, struct tdb_validation_status* state);
4073 {"SEQNUM/", validate_seqnum},
4075 {"LOC_POL/", validate_loc_pol},
4076 {"PWD_POL/", validate_pwd_pol},
4077 {"CRED/", validate_cred},
4078 {"UL/", validate_ul},
4079 {"GL/", validate_gl},
4080 {"UG/", validate_ug},
4081 {"UA", validate_ua},
4082 {"GM/", validate_gm},
4083 {"DR/", validate_dr},
4084 {"DE/", validate_de},
4085 {"TRUSTDOMCACHE/", validate_trustdomcache},
4086 {"NSS/NA/", validate_nss_na},
4087 {"NSS/AN/", validate_nss_an},
4088 {"WINBINDD_OFFLINE", validate_offline},
4089 {"NDR/", validate_ndr},
4090 {WINBINDD_CACHE_VERSION_KEYSTR, validate_cache_version},
4094 /***********************************************************************
4095 Function to look at every entry in the tdb and validate it as far as
4097 ***********************************************************************/
4099 static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
4102 unsigned int max_key_len = 1024;
4103 struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
4105 /* Paranoia check. */
4106 if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0 ||
4107 strncmp("NDR/", (const char *)kbuf.dptr, 4) == 0) {
4108 max_key_len = 1024 * 1024;
4110 if (kbuf.dsize > max_key_len) {
4111 DBG_ERR("cache_traverse_validate_fn: key length too large: "
4113 (unsigned int)kbuf.dsize, (unsigned int)max_key_len);
4117 for (i = 0; key_val[i].keyname; i++) {
4118 size_t namelen = strlen(key_val[i].keyname);
4119 if (kbuf.dsize >= namelen && (
4120 strncmp(key_val[i].keyname, (const char *)kbuf.dptr, namelen)) == 0) {
4121 TALLOC_CTX *mem_ctx;
4125 keystr = SMB_MALLOC_ARRAY(char, kbuf.dsize+1);
4129 memcpy(keystr, kbuf.dptr, kbuf.dsize);
4130 keystr[kbuf.dsize] = '\0';
4132 mem_ctx = talloc_init("validate_ctx");
4138 ret = key_val[i].validate_data_fn(mem_ctx, keystr, dbuf,
4142 talloc_destroy(mem_ctx);
4147 DBG_ERR("cache_traverse_validate_fn: unknown cache entry\nkey :\n");
4148 dump_data(0, (uint8_t *)kbuf.dptr, kbuf.dsize);
4149 DBG_ERR("data :\n");
4150 dump_data(0, (uint8_t *)dbuf.dptr, dbuf.dsize);
4151 v_state->unknown_key = true;
4152 v_state->success = false;
4153 return 1; /* terminate. */
4156 static void validate_panic(const char *const why)
4158 DBG_ERR("validating cache: would panic %s\n"
4159 "exiting instead (cache validation mode)\n", why );
4163 static int wbcache_update_centry_fn(TDB_CONTEXT *tdb,
4171 if (is_non_centry_key(key)) {
4175 if (data.dptr == NULL || data.dsize == 0) {
4176 if (tdb_delete(tdb, key) < 0) {
4177 DBG_ERR("tdb_delete for [%s] failed!\n",
4183 /* add timeout to blob (uint64_t) */
4184 blob.dsize = data.dsize + 8;
4186 blob.dptr = SMB_XMALLOC_ARRAY(uint8_t, blob.dsize);
4187 if (blob.dptr == NULL) {
4190 memset(blob.dptr, 0, blob.dsize);
4192 /* copy status and seqnum */
4193 memcpy(blob.dptr, data.dptr, 8);
4196 ctimeout = lp_winbind_cache_time() + time(NULL);
4197 SBVAL(blob.dptr, 8, ctimeout);
4200 memcpy(blob.dptr + 16, data.dptr + 8, data.dsize - 8);
4202 if (tdb_store(tdb, key, blob, TDB_REPLACE) < 0) {
4203 DBG_ERR("tdb_store to update [%s] failed!\n",
4205 SAFE_FREE(blob.dptr);
4209 SAFE_FREE(blob.dptr);
4213 static bool wbcache_upgrade_v1_to_v2(TDB_CONTEXT *tdb)
4217 DBG_NOTICE("Upgrade to version 2 of the winbindd_cache.tdb\n");
4219 rc = tdb_traverse(tdb, wbcache_update_centry_fn, NULL);
4227 /***********************************************************************
4228 Try and validate every entry in the winbindd cache. If we fail here,
4229 delete the cache tdb and return non-zero.
4230 ***********************************************************************/
4232 int winbindd_validate_cache(void)
4235 char *tdb_path = NULL;
4236 TDB_CONTEXT *tdb = NULL;
4240 DBG_DEBUG("winbindd_validate_cache: replacing panic function\n");
4241 smb_panic_fn = validate_panic;
4243 tdb_path = wcache_path();
4244 if (tdb_path == NULL) {
4248 tdb = tdb_open_log(tdb_path,
4249 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
4250 TDB_INCOMPATIBLE_HASH |
4251 ( lp_winbind_offline_logon()
4253 : TDB_DEFAULT | TDB_CLEAR_IF_FIRST ),
4257 DBG_ERR("winbindd_validate_cache: "
4258 "error opening/initializing tdb\n");
4262 /* Version check and upgrade code. */
4263 if (!tdb_fetch_uint32(tdb, WINBINDD_CACHE_VERSION_KEYSTR, &vers_id)) {
4264 DBG_DEBUG("Fresh database\n");
4265 tdb_store_uint32(tdb, WINBINDD_CACHE_VERSION_KEYSTR, WINBINDD_CACHE_VERSION);
4266 vers_id = WINBINDD_CACHE_VERSION;
4269 if (vers_id != WINBINDD_CACHE_VERSION) {
4270 if (vers_id == WINBINDD_CACHE_VER1) {
4271 ok = wbcache_upgrade_v1_to_v2(tdb);
4273 DBG_DEBUG("winbindd_validate_cache: upgrade to version 2 failed.\n");
4278 tdb_store_uint32(tdb,
4279 WINBINDD_CACHE_VERSION_KEYSTR,
4280 WINBINDD_CACHE_VERSION);
4281 vers_id = WINBINDD_CACHE_VER2;
4287 ret = tdb_validate_and_backup(tdb_path, cache_traverse_validate_fn);
4290 DBG_DEBUG("winbindd_validate_cache: validation not successful.\n"
4291 "removing tdb %s.\n", tdb_path);
4296 TALLOC_FREE(tdb_path);
4297 DBG_DEBUG("winbindd_validate_cache: restoring panic function\n");
4298 smb_panic_fn = smb_panic;
4302 /***********************************************************************
4303 Try and validate every entry in the winbindd cache.
4304 ***********************************************************************/
4306 int winbindd_validate_cache_nobackup(void)
4311 DBG_DEBUG("winbindd_validate_cache: replacing panic function\n");
4312 smb_panic_fn = validate_panic;
4314 tdb_path = wcache_path();
4315 if (tdb_path == NULL) {
4316 goto err_panic_restore;
4319 if (wcache == NULL || wcache->tdb == NULL) {
4320 ret = tdb_validate_open(tdb_path, cache_traverse_validate_fn);
4322 ret = tdb_validate(wcache->tdb, cache_traverse_validate_fn);
4326 DBG_DEBUG("winbindd_validate_cache_nobackup: validation not "
4330 TALLOC_FREE(tdb_path);
4332 DBG_DEBUG("winbindd_validate_cache_nobackup: restoring panic "
4334 smb_panic_fn = smb_panic;
4338 bool winbindd_cache_validate_and_initialize(void)
4340 close_winbindd_cache();
4342 if (lp_winbind_offline_logon()) {
4343 if (winbindd_validate_cache() < 0) {
4344 DBG_ERR("winbindd cache tdb corrupt and no backup "
4345 "could be restored.\n");
4349 return initialize_winbindd_cache();
4352 /*********************************************************************
4353 ********************************************************************/
4355 static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom,
4356 struct winbindd_tdc_domain **domains,
4357 size_t *num_domains )
4359 struct winbindd_tdc_domain *list = NULL;
4361 bool set_only = false;
4363 /* don't allow duplicates */
4368 for ( i=0; i< (*num_domains); i++ ) {
4369 if ( strequal( new_dom->name, list[i].domain_name ) ) {
4370 DBG_DEBUG("add_wbdomain_to_tdc_array: Found existing record for %s\n",
4381 list = talloc_array( NULL, struct winbindd_tdc_domain, 1 );
4384 list = talloc_realloc( *domains, *domains,
4385 struct winbindd_tdc_domain,
4390 ZERO_STRUCT( list[idx] );
4396 list[idx].domain_name = talloc_strdup(list, new_dom->name);
4397 if (list[idx].domain_name == NULL) {
4400 if (new_dom->alt_name != NULL) {
4401 list[idx].dns_name = talloc_strdup(list, new_dom->alt_name);
4402 if (list[idx].dns_name == NULL) {
4407 if ( !is_null_sid( &new_dom->sid ) ) {
4408 sid_copy( &list[idx].sid, &new_dom->sid );
4410 sid_copy(&list[idx].sid, &global_sid_NULL);
4413 if ( new_dom->domain_flags != 0x0 )
4414 list[idx].trust_flags = new_dom->domain_flags;
4416 if ( new_dom->domain_type != 0x0 )
4417 list[idx].trust_type = new_dom->domain_type;
4419 if ( new_dom->domain_trust_attribs != 0x0 )
4420 list[idx].trust_attribs = new_dom->domain_trust_attribs;
4424 *num_domains = idx + 1;
4430 /*********************************************************************
4431 ********************************************************************/
4433 static TDB_DATA make_tdc_key( const char *domain_name )
4435 char *keystr = NULL;
4436 TDB_DATA key = { NULL, 0 };
4438 if ( !domain_name ) {
4439 DBG_INFO("make_tdc_key: Keyname workgroup is NULL!\n");
4443 if (asprintf( &keystr, "TRUSTDOMCACHE/%s", domain_name ) == -1) {
4446 key = string_term_tdb_data(keystr);
4451 /*********************************************************************
4452 ********************************************************************/
4454 static int pack_tdc_domains( struct winbindd_tdc_domain *domains,
4456 unsigned char **buf )
4458 unsigned char *buffer = NULL;
4463 DBG_DEBUG("pack_tdc_domains: Packing %d trusted domains\n",
4471 /* Store the number of array items first */
4472 len += tdb_pack( buffer ? buffer+len : NULL,
4473 buffer ? buflen-len : 0, "d",
4476 /* now pack each domain trust record */
4477 for ( i=0; i<num_domains; i++ ) {
4479 struct dom_sid_buf tmp;
4482 DBG_DEBUG("pack_tdc_domains: Packing domain %s (%s)\n",
4483 domains[i].domain_name,
4484 domains[i].dns_name ? domains[i].dns_name : "UNKNOWN" );
4487 len += tdb_pack( buffer ? buffer+len : NULL,
4488 buffer ? buflen-len : 0, "fffddd",
4489 domains[i].domain_name,
4490 domains[i].dns_name ? domains[i].dns_name : "",
4491 dom_sid_str_buf(&domains[i].sid, &tmp),
4492 domains[i].trust_flags,
4493 domains[i].trust_attribs,
4494 domains[i].trust_type );
4497 if ( buflen < len ) {
4499 if ( (buffer = SMB_MALLOC_ARRAY(unsigned char, len)) == NULL ) {
4500 DBG_ERR("pack_tdc_domains: failed to alloc buffer!\n");
4514 /*********************************************************************
4515 ********************************************************************/
4517 static size_t unpack_tdc_domains( unsigned char *buf, int buflen,
4518 struct winbindd_tdc_domain **domains )
4520 fstring domain_name, dns_name, sid_string;
4521 uint32_t type, attribs, flags;
4525 struct winbindd_tdc_domain *list = NULL;
4527 /* get the number of domains */
4528 len += tdb_unpack( buf+len, buflen-len, "d", &num_domains);
4530 DBG_INFO("unpack_tdc_domains: Failed to unpack domain array\n");
4534 list = talloc_array( NULL, struct winbindd_tdc_domain, num_domains );
4536 DBG_ERR("unpack_tdc_domains: Failed to talloc() domain list!\n");
4540 for ( i=0; i<num_domains; i++ ) {
4543 this_len = tdb_unpack( buf+len, buflen-len, "fffddd",
4551 if ( this_len == -1 ) {
4552 DBG_INFO("unpack_tdc_domains: Failed to unpack domain array\n");
4553 TALLOC_FREE( list );
4558 DBG_DEBUG("unpack_tdc_domains: Unpacking domain %s (%s) "
4559 "SID %s, flags = 0x%x, attribs = 0x%x, type = 0x%x\n",
4560 domain_name, dns_name, sid_string,
4561 flags, attribs, type);
4563 list[i].domain_name = talloc_strdup( list, domain_name );
4564 list[i].dns_name = NULL;
4565 if (dns_name[0] != '\0') {
4566 list[i].dns_name = talloc_strdup(list, dns_name);
4568 if ( !string_to_sid( &(list[i].sid), sid_string ) ) {
4569 DBG_DEBUG("unpack_tdc_domains: no SID for domain %s\n",
4572 list[i].trust_flags = flags;
4573 list[i].trust_attribs = attribs;
4574 list[i].trust_type = type;
4582 /*********************************************************************
4583 ********************************************************************/
4585 static bool wcache_tdc_store_list( struct winbindd_tdc_domain *domains, size_t num_domains )
4587 TDB_DATA key = make_tdc_key( lp_workgroup() );
4588 TDB_DATA data = { NULL, 0 };
4594 /* See if we were asked to delete the cache entry */
4597 ret = tdb_delete( wcache->tdb, key );
4601 data.dsize = pack_tdc_domains( domains, num_domains, &data.dptr );
4608 ret = tdb_store( wcache->tdb, key, data, 0 );
4611 SAFE_FREE( data.dptr );
4612 SAFE_FREE( key.dptr );
4614 return ( ret == 0 );
4617 /*********************************************************************
4618 ********************************************************************/
4620 bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_domains )
4622 TDB_DATA key = make_tdc_key( lp_workgroup() );
4623 TDB_DATA data = { NULL, 0 };
4631 data = tdb_fetch( wcache->tdb, key );
4633 SAFE_FREE( key.dptr );
4638 *num_domains = unpack_tdc_domains( data.dptr, data.dsize, domains );
4640 SAFE_FREE( data.dptr );
4648 /*********************************************************************
4649 ********************************************************************/
4651 bool wcache_tdc_add_domain( struct winbindd_domain *domain )
4653 struct winbindd_tdc_domain *dom_list = NULL;
4654 size_t num_domains = 0;
4656 struct dom_sid_buf buf;
4658 DBG_DEBUG("wcache_tdc_add_domain: Adding domain %s (%s), SID %s, "
4659 "flags = 0x%x, attributes = 0x%x, type = 0x%x\n",
4660 domain->name, domain->alt_name,
4661 dom_sid_str_buf(&domain->sid, &buf),
4662 domain->domain_flags,
4663 domain->domain_trust_attribs,
4664 domain->domain_type);
4666 if ( !init_wcache() ) {
4670 /* fetch the list */
4672 wcache_tdc_fetch_list( &dom_list, &num_domains );
4674 /* add the new domain */
4676 if ( !add_wbdomain_to_tdc_array( domain, &dom_list, &num_domains ) ) {
4680 /* pack the domain */
4682 if ( !wcache_tdc_store_list( dom_list, num_domains ) ) {
4690 TALLOC_FREE( dom_list );
4695 static struct winbindd_tdc_domain *wcache_tdc_dup_domain(
4696 TALLOC_CTX *mem_ctx, const struct winbindd_tdc_domain *src)
4698 struct winbindd_tdc_domain *dst;
4700 dst = talloc(mem_ctx, struct winbindd_tdc_domain);
4704 dst->domain_name = talloc_strdup(dst, src->domain_name);
4705 if (dst->domain_name == NULL) {
4709 dst->dns_name = NULL;
4710 if (src->dns_name != NULL) {
4711 dst->dns_name = talloc_strdup(dst, src->dns_name);
4712 if (dst->dns_name == NULL) {
4717 sid_copy(&dst->sid, &src->sid);
4718 dst->trust_flags = src->trust_flags;
4719 dst->trust_type = src->trust_type;
4720 dst->trust_attribs = src->trust_attribs;
4727 /*********************************************************************
4728 ********************************************************************/
4730 struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name )
4732 struct winbindd_tdc_domain *dom_list = NULL;
4733 size_t num_domains = 0;
4735 struct winbindd_tdc_domain *d = NULL;
4737 DBG_DEBUG("wcache_tdc_fetch_domain: Searching for domain %s\n", name);
4739 if ( !init_wcache() ) {
4743 /* fetch the list */
4745 wcache_tdc_fetch_list( &dom_list, &num_domains );
4747 for ( i=0; i<num_domains; i++ ) {
4748 if ( strequal(name, dom_list[i].domain_name) ||
4749 strequal(name, dom_list[i].dns_name) )
4751 DBG_DEBUG("wcache_tdc_fetch_domain: Found domain %s\n",
4754 d = wcache_tdc_dup_domain(ctx, &dom_list[i]);
4759 TALLOC_FREE( dom_list );
4764 /*********************************************************************
4765 ********************************************************************/
4767 void wcache_tdc_clear( void )
4769 if ( !init_wcache() )
4772 wcache_tdc_store_list( NULL, 0 );
4777 static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, const char *domain_name,
4778 uint32_t opnum, const DATA_BLOB *req,
4784 key = talloc_asprintf(mem_ctx, "NDR/%s/%d/", domain_name, (int)opnum);
4788 keylen = talloc_get_size(key) - 1;
4790 key = talloc_realloc(mem_ctx, key, char, keylen + req->length);
4794 memcpy(key + keylen, req->data, req->length);
4796 pkey->dptr = (uint8_t *)key;
4797 pkey->dsize = talloc_get_size(key);
4801 static bool wcache_opnum_cacheable(uint32_t opnum)
4804 case NDR_WBINT_LOOKUPSID:
4805 case NDR_WBINT_LOOKUPSIDS:
4806 case NDR_WBINT_LOOKUPNAME:
4807 case NDR_WBINT_SIDS2UNIXIDS:
4808 case NDR_WBINT_UNIXIDS2SIDS:
4809 case NDR_WBINT_GETNSSINFO:
4810 case NDR_WBINT_LOOKUPUSERALIASES:
4811 case NDR_WBINT_LOOKUPUSERGROUPS:
4812 case NDR_WBINT_LOOKUPGROUPMEMBERS:
4813 case NDR_WBINT_QUERYGROUPLIST:
4814 case NDR_WBINT_QUERYUSERRIDLIST:
4815 case NDR_WBINT_DSGETDCNAME:
4816 case NDR_WBINT_LOOKUPRIDS:
4822 bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
4823 uint32_t opnum, const DATA_BLOB *req, DATA_BLOB *resp)
4828 if (!wcache_opnum_cacheable(opnum) ||
4829 is_my_own_sam_domain(domain) ||
4830 is_builtin_domain(domain)) {
4834 if (wcache->tdb == NULL) {
4838 if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
4841 data = tdb_fetch(wcache->tdb, key);
4842 TALLOC_FREE(key.dptr);
4844 if (data.dptr == NULL) {
4847 if (data.dsize < 12) {
4851 if (is_domain_online(domain)) {
4852 uint32_t entry_seqnum, dom_seqnum, last_check;
4853 uint64_t entry_timeout;
4855 if (!wcache_fetch_seqnum(domain->name, &dom_seqnum,
4859 entry_seqnum = IVAL(data.dptr, 0);
4860 if (entry_seqnum != dom_seqnum) {
4861 DBG_DEBUG("Entry has wrong sequence number: %d\n",
4865 entry_timeout = BVAL(data.dptr, 4);
4866 if (time(NULL) > (time_t)entry_timeout) {
4867 DBG_DEBUG("Entry has timed out\n");
4872 resp->data = (uint8_t *)talloc_memdup(mem_ctx, data.dptr + 12,
4874 if (resp->data == NULL) {
4875 DBG_DEBUG("talloc failed\n");
4878 resp->length = data.dsize - 12;
4882 SAFE_FREE(data.dptr);
4886 void wcache_store_ndr(struct winbindd_domain *domain, uint32_t opnum,
4887 const DATA_BLOB *req, const DATA_BLOB *resp)
4890 uint32_t dom_seqnum, last_check;
4893 if (!wcache_opnum_cacheable(opnum) ||
4894 is_my_own_sam_domain(domain) ||
4895 is_builtin_domain(domain)) {
4899 if (wcache->tdb == NULL) {
4903 if (!wcache_fetch_seqnum(domain->name, &dom_seqnum, &last_check)) {
4904 DBG_DEBUG("could not fetch seqnum for domain %s\n",
4909 if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
4913 timeout = time(NULL) + lp_winbind_cache_time();
4915 data.dsize = resp->length + 12;
4916 data.dptr = talloc_array(key.dptr, uint8_t, data.dsize);
4917 if (data.dptr == NULL) {
4921 SIVAL(data.dptr, 0, dom_seqnum);
4922 SBVAL(data.dptr, 4, timeout);
4923 memcpy(data.dptr + 12, resp->data, resp->length);
4925 tdb_store(wcache->tdb, key, data, 0);
4928 TALLOC_FREE(key.dptr);