2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
7 Copyright (C) Gerald Carter 2003
8 Copyright (C) Volker Lendecke 2005
9 Copyright (C) Guenther Deschner 2005
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
30 #define DBGC_CLASS DBGC_WINBIND
32 /* Global online/offline state - False when online. winbindd starts up online
33 and sets this to true if the first query fails and there's an entry in
34 the cache tdb telling us to stay offline. */
36 static BOOL global_winbindd_offline_state;
38 struct winbind_cache {
44 uint32 sequence_number;
49 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
51 static struct winbind_cache *wcache;
53 void winbindd_check_cache_size(time_t t)
55 static time_t last_check_time;
58 if (last_check_time == (time_t)0)
61 if (t - last_check_time < 60 && t - last_check_time > 0)
64 if (wcache == NULL || wcache->tdb == NULL) {
65 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
69 if (fstat(wcache->tdb->fd, &st) == -1) {
70 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
74 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
75 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
76 (unsigned long)st.st_size,
77 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
82 /* get the winbind_cache structure */
83 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
85 struct winbind_cache *ret = wcache;
86 struct winbindd_domain *our_domain = domain;
88 /* we have to know what type of domain we are dealing with first */
90 if ( !domain->initialized )
91 set_dc_type_and_flags( domain );
94 OK. listen up becasue I'm only going to say this once.
95 We have the following scenarios to consider
96 (a) trusted AD domains on a Samba DC,
97 (b) trusted AD domains and we are joined to a non-kerberos domain
98 (c) trusted AD domains and we are joined to a kerberos (AD) domain
100 For (a) we can always contact the trusted domain using krb5
101 since we have the domain trust account password
103 For (b) we can only use RPC since we have no way of
104 getting a krb5 ticket in our own domain
106 For (c) we can always use krb5 since we have a kerberos trust
111 if (!domain->backend) {
112 extern struct winbindd_methods reconnect_methods;
114 extern struct winbindd_methods ads_methods;
116 /* find our domain first so we can figure out if we
117 are joined to a kerberized domain */
119 if ( !domain->primary )
120 our_domain = find_our_domain();
122 if ( (our_domain->active_directory || IS_DC) && domain->active_directory ) {
123 DEBUG(5,("get_cache: Setting ADS methods for domain %s\n", domain->name));
124 domain->backend = &ads_methods;
126 #endif /* HAVE_ADS */
127 DEBUG(5,("get_cache: Setting MS-RPC methods for domain %s\n", domain->name));
128 domain->backend = &reconnect_methods;
131 #endif /* HAVE_ADS */
137 ret = SMB_XMALLOC_P(struct winbind_cache);
141 wcache_flush_cache();
147 free a centry structure
149 static void centry_free(struct cache_entry *centry)
153 SAFE_FREE(centry->data);
158 pull a uint32 from a cache entry
160 static uint32 centry_uint32(struct cache_entry *centry)
163 if (centry->len - centry->ofs < 4) {
164 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
165 centry->len - centry->ofs));
166 smb_panic("centry_uint32");
168 ret = IVAL(centry->data, centry->ofs);
174 pull a uint16 from a cache entry
176 static uint16 centry_uint16(struct cache_entry *centry)
179 if (centry->len - centry->ofs < 2) {
180 DEBUG(0,("centry corruption? needed 2 bytes, have %d\n",
181 centry->len - centry->ofs));
182 smb_panic("centry_uint16");
184 ret = CVAL(centry->data, centry->ofs);
190 pull a uint8 from a cache entry
192 static uint8 centry_uint8(struct cache_entry *centry)
195 if (centry->len - centry->ofs < 1) {
196 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
197 centry->len - centry->ofs));
198 smb_panic("centry_uint32");
200 ret = CVAL(centry->data, centry->ofs);
206 pull a NTTIME from a cache entry
208 static NTTIME centry_nttime(struct cache_entry *centry)
211 if (centry->len - centry->ofs < 8) {
212 DEBUG(0,("centry corruption? needed 8 bytes, have %d\n",
213 centry->len - centry->ofs));
214 smb_panic("centry_nttime");
216 ret.low = IVAL(centry->data, centry->ofs);
218 ret.high = IVAL(centry->data, centry->ofs);
224 pull a time_t from a cache entry
226 static time_t centry_time(struct cache_entry *centry)
229 if (centry->len - centry->ofs < sizeof(time_t)) {
230 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
231 sizeof(time_t), centry->len - centry->ofs));
232 smb_panic("centry_time");
234 ret = IVAL(centry->data, centry->ofs); /* FIXME: correct ? */
235 centry->ofs += sizeof(time_t);
239 /* pull a string from a cache entry, using the supplied
242 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
247 len = centry_uint8(centry);
250 /* a deliberate NULL string */
254 if (centry->len - centry->ofs < len) {
255 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
256 len, centry->len - centry->ofs));
257 smb_panic("centry_string");
261 ret = TALLOC(mem_ctx, len+1);
263 ret = SMB_MALLOC(len+1);
265 smb_panic("centry_string out of memory\n");
267 memcpy(ret,centry->data + centry->ofs, len);
273 /* pull a string from a cache entry, using the supplied
276 static BOOL centry_sid(struct cache_entry *centry, DOM_SID *sid)
279 sid_string = centry_string(centry, NULL);
280 if (!string_to_sid(sid, sid_string)) {
283 SAFE_FREE(sid_string);
287 /* the server is considered down if it can't give us a sequence number */
288 static BOOL wcache_server_down(struct winbindd_domain *domain)
295 ret = (domain->sequence_number == DOM_SEQUENCE_NONE);
298 DEBUG(10,("wcache_server_down: server for Domain %s down\n",
303 static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
310 DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
311 return NT_STATUS_UNSUCCESSFUL;
314 fstr_sprintf( key, "SEQNUM/%s", domain->name );
316 data = tdb_fetch_bystring( wcache->tdb, key );
317 if ( !data.dptr || data.dsize!=8 ) {
318 DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
319 return NT_STATUS_UNSUCCESSFUL;
322 domain->sequence_number = IVAL(data.dptr, 0);
323 domain->last_seq_check = IVAL(data.dptr, 4);
325 SAFE_FREE(data.dptr);
327 /* have we expired? */
329 time_diff = now - domain->last_seq_check;
330 if ( time_diff > lp_winbind_cache_time() ) {
331 DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
332 domain->name, domain->sequence_number,
333 (uint32)domain->last_seq_check));
334 return NT_STATUS_UNSUCCESSFUL;
337 DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n",
338 domain->name, domain->sequence_number,
339 (uint32)domain->last_seq_check));
344 static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
351 DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
352 return NT_STATUS_UNSUCCESSFUL;
355 fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
357 key.dsize = strlen(key_str)+1;
359 SIVAL(buf, 0, domain->sequence_number);
360 SIVAL(buf, 4, domain->last_seq_check);
364 if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
365 DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
366 return NT_STATUS_UNSUCCESSFUL;
369 DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
370 domain->name, domain->sequence_number,
371 (uint32)domain->last_seq_check));
377 refresh the domain sequence number. If force is True
378 then always refresh it, no matter how recently we fetched it
381 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
385 time_t t = time(NULL);
386 unsigned cache_time = lp_winbind_cache_time();
390 #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */
391 /* trying to reconnect is expensive, don't do it too often */
392 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
397 time_diff = t - domain->last_seq_check;
399 /* see if we have to refetch the domain sequence number */
400 if (!force && (time_diff < cache_time)) {
401 DEBUG(10, ("refresh_sequence_number: %s time ok\n", domain->name));
405 /* try to get the sequence number from the tdb cache first */
406 /* this will update the timestamp as well */
408 status = fetch_cache_seqnum( domain, t );
409 if ( NT_STATUS_IS_OK(status) )
412 /* important! make sure that we know if this is a native
413 mode domain or not */
415 status = domain->backend->sequence_number(domain, &domain->sequence_number);
417 if (!NT_STATUS_IS_OK(status)) {
418 domain->sequence_number = DOM_SEQUENCE_NONE;
421 domain->last_status = status;
422 domain->last_seq_check = time(NULL);
424 /* save the new sequence number ni the cache */
425 store_cache_seqnum( domain );
428 DEBUG(10, ("refresh_sequence_number: %s seq number is now %d\n",
429 domain->name, domain->sequence_number));
435 decide if a cache entry has expired
437 static BOOL centry_expired(struct winbindd_domain *domain, const char *keystr, struct cache_entry *centry)
439 /* If we've been told to be offline - stay in that state... */
440 if (lp_winbind_offline_logon() && global_winbindd_offline_state) {
441 DEBUG(10,("centry_expired: Key %s for domain %s valid as winbindd is globally offline.\n",
442 keystr, domain->name ));
446 /* when the domain is offline and we havent checked in the last 30
447 * seconds if it has become online again, return the cached entry.
448 * This deals with transient offline states... */
450 if (!domain->online &&
451 !NT_STATUS_IS_OK(check_negative_conn_cache(domain->name, domain->dcname))) {
452 DEBUG(10,("centry_expired: Key %s for domain %s valid as domain is offline.\n",
453 keystr, domain->name ));
457 /* if the server is OK and our cache entry came from when it was down then
458 the entry is invalid */
459 if ((domain->sequence_number != DOM_SEQUENCE_NONE) &&
460 (centry->sequence_number == DOM_SEQUENCE_NONE)) {
461 DEBUG(10,("centry_expired: Key %s for domain %s invalid sequence.\n",
462 keystr, domain->name ));
466 /* if the server is down or the cache entry is not older than the
467 current sequence number then it is OK */
468 if (wcache_server_down(domain) ||
469 centry->sequence_number == domain->sequence_number) {
470 DEBUG(10,("centry_expired: Key %s for domain %s is good.\n",
471 keystr, domain->name ));
475 DEBUG(10,("centry_expired: Key %s for domain %s expired\n",
476 keystr, domain->name ));
482 static struct cache_entry *wcache_fetch_raw(char *kstr)
485 struct cache_entry *centry;
489 key.dsize = strlen(kstr);
490 data = tdb_fetch(wcache->tdb, key);
496 centry = SMB_XMALLOC_P(struct cache_entry);
497 centry->data = (unsigned char *)data.dptr;
498 centry->len = data.dsize;
501 if (centry->len < 8) {
502 /* huh? corrupt cache? */
503 DEBUG(10,("wcache_fetch_raw: Corrupt cache for key %s (len < 8) ?\n", kstr));
508 centry->status = NT_STATUS(centry_uint32(centry));
509 centry->sequence_number = centry_uint32(centry);
515 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
516 number and return status
518 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
519 struct winbindd_domain *domain,
520 const char *format, ...) PRINTF_ATTRIBUTE(3,4);
521 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
522 struct winbindd_domain *domain,
523 const char *format, ...)
527 struct cache_entry *centry;
529 refresh_sequence_number(domain, False);
531 va_start(ap, format);
532 smb_xvasprintf(&kstr, format, ap);
535 centry = wcache_fetch_raw(kstr);
536 if (centry == NULL) {
541 if (centry_expired(domain, kstr, centry)) {
543 DEBUG(10,("wcache_fetch: entry %s expired for domain %s\n",
544 kstr, domain->name ));
551 DEBUG(10,("wcache_fetch: returning entry %s for domain %s\n",
552 kstr, domain->name ));
559 make sure we have at least len bytes available in a centry
561 static void centry_expand(struct cache_entry *centry, uint32 len)
563 if (centry->len - centry->ofs >= len)
566 centry->data = SMB_REALLOC(centry->data, centry->len);
568 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
569 smb_panic("out of memory in centry_expand");
574 push a uint32 into a centry
576 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
578 centry_expand(centry, 4);
579 SIVAL(centry->data, centry->ofs, v);
584 push a uint16 into a centry
586 static void centry_put_uint16(struct cache_entry *centry, uint16 v)
588 centry_expand(centry, 2);
589 SIVAL(centry->data, centry->ofs, v);
594 push a uint8 into a centry
596 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
598 centry_expand(centry, 1);
599 SCVAL(centry->data, centry->ofs, v);
604 push a string into a centry
606 static void centry_put_string(struct cache_entry *centry, const char *s)
611 /* null strings are marked as len 0xFFFF */
612 centry_put_uint8(centry, 0xFF);
617 /* can't handle more than 254 char strings. Truncating is probably best */
619 DEBUG(10,("centry_put_string: truncating len (%d) to: 254\n", len));
622 centry_put_uint8(centry, len);
623 centry_expand(centry, len);
624 memcpy(centry->data + centry->ofs, s, len);
628 static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
631 centry_put_string(centry, sid_to_string(sid_string, sid));
635 push a NTTIME into a centry
637 static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
639 centry_expand(centry, 8);
640 SIVAL(centry->data, centry->ofs, nt.low);
642 SIVAL(centry->data, centry->ofs, nt.high);
647 push a time_t into a centry
649 static void centry_put_time(struct cache_entry *centry, time_t t)
651 centry_expand(centry, sizeof(time_t));
652 SIVAL(centry->data, centry->ofs, t); /* FIXME: is this correct ?? */
653 centry->ofs += sizeof(time_t);
657 start a centry for output. When finished, call centry_end()
659 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
661 struct cache_entry *centry;
666 centry = SMB_XMALLOC_P(struct cache_entry);
668 centry->len = 8192; /* reasonable default */
669 centry->data = SMB_XMALLOC_ARRAY(uint8, centry->len);
671 centry->sequence_number = domain->sequence_number;
672 centry_put_uint32(centry, NT_STATUS_V(status));
673 centry_put_uint32(centry, centry->sequence_number);
678 finish a centry and write it to the tdb
680 static void centry_end(struct cache_entry *centry, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
681 static void centry_end(struct cache_entry *centry, const char *format, ...)
687 va_start(ap, format);
688 smb_xvasprintf(&kstr, format, ap);
692 key.dsize = strlen(kstr);
693 data.dptr = (char *)centry->data;
694 data.dsize = centry->ofs;
696 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
700 static void wcache_save_name_to_sid(struct winbindd_domain *domain,
701 NTSTATUS status, const char *domain_name,
702 const char *name, const DOM_SID *sid,
703 enum SID_NAME_USE type)
705 struct cache_entry *centry;
708 centry = centry_start(domain, status);
711 centry_put_uint32(centry, type);
712 centry_put_sid(centry, sid);
713 fstrcpy(uname, name);
715 centry_end(centry, "NS/%s/%s", domain_name, uname);
716 DEBUG(10,("wcache_save_name_to_sid: %s -> %s\n", uname,
717 sid_string_static(sid)));
721 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
722 const DOM_SID *sid, const char *domain_name, const char *name, enum SID_NAME_USE type)
724 struct cache_entry *centry;
727 centry = centry_start(domain, status);
730 if (NT_STATUS_IS_OK(status)) {
731 centry_put_uint32(centry, type);
732 centry_put_string(centry, domain_name);
733 centry_put_string(centry, name);
735 centry_end(centry, "SN/%s", sid_to_string(sid_string, sid));
736 DEBUG(10,("wcache_save_sid_to_name: %s -> %s\n", sid_string, name));
741 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
743 struct cache_entry *centry;
746 centry = centry_start(domain, status);
749 centry_put_string(centry, info->acct_name);
750 centry_put_string(centry, info->full_name);
751 centry_put_string(centry, info->homedir);
752 centry_put_string(centry, info->shell);
753 centry_put_sid(centry, &info->user_sid);
754 centry_put_sid(centry, &info->group_sid);
755 centry_end(centry, "U/%s", sid_to_string(sid_string, &info->user_sid));
756 DEBUG(10,("wcache_save_user: %s (acct_name %s)\n", sid_string, info->acct_name));
760 static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
762 struct cache_entry *centry;
764 centry = centry_start(domain, status);
768 centry_put_nttime(centry, lockout_policy->duration);
769 centry_put_nttime(centry, lockout_policy->reset_count);
770 centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
772 centry_end(centry, "LOC_POL/%s", domain->name);
774 DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
779 static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *password_policy)
781 struct cache_entry *centry;
783 centry = centry_start(domain, status);
787 centry_put_uint16(centry, password_policy->min_length_password);
788 centry_put_uint16(centry, password_policy->password_history);
789 centry_put_uint32(centry, password_policy->password_properties);
790 centry_put_nttime(centry, password_policy->expire);
791 centry_put_nttime(centry, password_policy->min_passwordage);
793 centry_end(centry, "PWD_POL/%s", domain->name);
795 DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
800 NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID *sid)
802 struct winbind_cache *cache = get_cache(domain);
807 return NT_STATUS_INTERNAL_DB_ERROR;
810 fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
812 data = tdb_fetch(cache->tdb, make_tdb_data(key_str, strlen(key_str)));
814 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
820 /* Lookup creds for a SID */
821 NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
824 const uint8 **cached_nt_pass)
826 struct winbind_cache *cache = get_cache(domain);
827 struct cache_entry *centry = NULL;
832 return NT_STATUS_INTERNAL_DB_ERROR;
835 centry = wcache_fetch(cache, domain, "CRED/%s", sid_string_static(sid));
838 DEBUG(10,("wcache_get_creds: entry for [CRED/%s] not found\n",
839 sid_string_static(sid)));
840 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
843 t = centry_time(centry);
844 *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx);
846 dump_data(10, (const char *)cached_nt_pass, NT_HASH_LEN);
847 status = centry->status;
849 DEBUG(10,("wcache_get_creds: [Cached] - cached creds for user %s status %s\n",
850 sid_string_static(sid), get_friendly_nt_error_msg(status) ));
856 NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
859 const uint8 nt_pass[NT_HASH_LEN])
861 struct cache_entry *centry;
863 NTSTATUS status = NT_STATUS_OK; /* ??? */
865 centry = centry_start(domain, status);
867 return NT_STATUS_INTERNAL_DB_ERROR;
870 dump_data(100, (const char *)nt_pass, NT_HASH_LEN);
872 centry_put_time(centry, time(NULL));
873 centry_put_string(centry, (const char *)nt_pass);
874 centry_end(centry, "CRED/%s", sid_to_string(sid_string, sid));
876 DEBUG(10,("wcache_save_creds: %s\n", sid_string));
884 /* Query display info. This is the basic user list fn */
885 static NTSTATUS query_user_list(struct winbindd_domain *domain,
888 WINBIND_USERINFO **info)
890 struct winbind_cache *cache = get_cache(domain);
891 struct cache_entry *centry = NULL;
893 unsigned int i, retry;
898 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
902 *num_entries = centry_uint32(centry);
904 if (*num_entries == 0)
907 (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
909 smb_panic("query_user_list out of memory");
910 for (i=0; i<(*num_entries); i++) {
911 (*info)[i].acct_name = centry_string(centry, mem_ctx);
912 (*info)[i].full_name = centry_string(centry, mem_ctx);
913 (*info)[i].homedir = centry_string(centry, mem_ctx);
914 (*info)[i].shell = centry_string(centry, mem_ctx);
915 centry_sid(centry, &(*info)[i].user_sid);
916 centry_sid(centry, &(*info)[i].group_sid);
920 status = centry->status;
922 DEBUG(10,("query_user_list: [Cached] - cached list for domain %s status %s\n",
923 domain->name, get_friendly_nt_error_msg(status) ));
932 /* Return status value returned by seq number check */
934 if (!NT_STATUS_IS_OK(domain->last_status))
935 return domain->last_status;
937 /* Put the query_user_list() in a retry loop. There appears to be
938 * some bug either with Windows 2000 or Samba's handling of large
939 * rpc replies. This manifests itself as sudden disconnection
940 * at a random point in the enumeration of a large (60k) user list.
941 * The retry loop simply tries the operation again. )-: It's not
942 * pretty but an acceptable workaround until we work out what the
943 * real problem is. */
948 DEBUG(10,("query_user_list: [Cached] - doing backend query for list for domain %s\n",
951 status = domain->backend->query_user_list(domain, mem_ctx, num_entries, info);
952 if (!NT_STATUS_IS_OK(status))
953 DEBUG(3, ("query_user_list: returned 0x%08x, "
954 "retrying\n", NT_STATUS_V(status)));
955 if (NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL)) {
956 DEBUG(3, ("query_user_list: flushing "
957 "connection cache\n"));
958 invalidate_cm_connection(&domain->conn);
961 } while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
965 refresh_sequence_number(domain, False);
966 centry = centry_start(domain, status);
969 centry_put_uint32(centry, *num_entries);
970 for (i=0; i<(*num_entries); i++) {
971 centry_put_string(centry, (*info)[i].acct_name);
972 centry_put_string(centry, (*info)[i].full_name);
973 centry_put_string(centry, (*info)[i].homedir);
974 centry_put_string(centry, (*info)[i].shell);
975 centry_put_sid(centry, &(*info)[i].user_sid);
976 centry_put_sid(centry, &(*info)[i].group_sid);
977 if (domain->backend->consistent) {
978 /* when the backend is consistent we can pre-prime some mappings */
979 wcache_save_name_to_sid(domain, NT_STATUS_OK,
981 (*info)[i].acct_name,
982 &(*info)[i].user_sid,
984 wcache_save_sid_to_name(domain, NT_STATUS_OK,
985 &(*info)[i].user_sid,
987 (*info)[i].acct_name,
989 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
992 centry_end(centry, "UL/%s", domain->name);
999 /* list all domain groups */
1000 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
1001 TALLOC_CTX *mem_ctx,
1002 uint32 *num_entries,
1003 struct acct_info **info)
1005 struct winbind_cache *cache = get_cache(domain);
1006 struct cache_entry *centry = NULL;
1013 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
1017 *num_entries = centry_uint32(centry);
1019 if (*num_entries == 0)
1022 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1024 smb_panic("enum_dom_groups out of memory");
1025 for (i=0; i<(*num_entries); i++) {
1026 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1027 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1028 (*info)[i].rid = centry_uint32(centry);
1032 status = centry->status;
1034 DEBUG(10,("enum_dom_groups: [Cached] - cached list for domain %s status %s\n",
1035 domain->name, get_friendly_nt_error_msg(status) ));
1037 centry_free(centry);
1044 /* Return status value returned by seq number check */
1046 if (!NT_STATUS_IS_OK(domain->last_status))
1047 return domain->last_status;
1049 DEBUG(10,("enum_dom_groups: [Cached] - doing backend query for list for domain %s\n",
1052 status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
1055 refresh_sequence_number(domain, False);
1056 centry = centry_start(domain, status);
1059 centry_put_uint32(centry, *num_entries);
1060 for (i=0; i<(*num_entries); i++) {
1061 centry_put_string(centry, (*info)[i].acct_name);
1062 centry_put_string(centry, (*info)[i].acct_desc);
1063 centry_put_uint32(centry, (*info)[i].rid);
1065 centry_end(centry, "GL/%s/domain", domain->name);
1066 centry_free(centry);
1072 /* list all domain groups */
1073 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
1074 TALLOC_CTX *mem_ctx,
1075 uint32 *num_entries,
1076 struct acct_info **info)
1078 struct winbind_cache *cache = get_cache(domain);
1079 struct cache_entry *centry = NULL;
1086 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
1090 *num_entries = centry_uint32(centry);
1092 if (*num_entries == 0)
1095 (*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
1097 smb_panic("enum_dom_groups out of memory");
1098 for (i=0; i<(*num_entries); i++) {
1099 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
1100 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
1101 (*info)[i].rid = centry_uint32(centry);
1106 /* If we are returning cached data and the domain controller
1107 is down then we don't know whether the data is up to date
1108 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
1111 if (wcache_server_down(domain)) {
1112 DEBUG(10, ("enum_local_groups: returning cached user list and server was down\n"));
1113 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
1115 status = centry->status;
1117 DEBUG(10,("enum_local_groups: [Cached] - cached list for domain %s status %s\n",
1118 domain->name, get_friendly_nt_error_msg(status) ));
1120 centry_free(centry);
1127 /* Return status value returned by seq number check */
1129 if (!NT_STATUS_IS_OK(domain->last_status))
1130 return domain->last_status;
1132 DEBUG(10,("enum_local_groups: [Cached] - doing backend query for list for domain %s\n",
1135 status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
1138 refresh_sequence_number(domain, False);
1139 centry = centry_start(domain, status);
1142 centry_put_uint32(centry, *num_entries);
1143 for (i=0; i<(*num_entries); i++) {
1144 centry_put_string(centry, (*info)[i].acct_name);
1145 centry_put_string(centry, (*info)[i].acct_desc);
1146 centry_put_uint32(centry, (*info)[i].rid);
1148 centry_end(centry, "GL/%s/local", domain->name);
1149 centry_free(centry);
1155 /* convert a single name to a sid in a domain */
1156 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
1157 TALLOC_CTX *mem_ctx,
1158 const char *domain_name,
1161 enum SID_NAME_USE *type)
1163 struct winbind_cache *cache = get_cache(domain);
1164 struct cache_entry *centry = NULL;
1171 fstrcpy(uname, name);
1173 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
1176 *type = (enum SID_NAME_USE)centry_uint32(centry);
1177 status = centry->status;
1178 if (NT_STATUS_IS_OK(status)) {
1179 centry_sid(centry, sid);
1182 DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status %s\n",
1183 domain->name, get_friendly_nt_error_msg(status) ));
1185 centry_free(centry);
1191 /* If the seq number check indicated that there is a problem
1192 * with this DC, then return that status... except for
1193 * access_denied. This is special because the dc may be in
1194 * "restrict anonymous = 1" mode, in which case it will deny
1195 * most unauthenticated operations, but *will* allow the LSA
1196 * name-to-sid that we try as a fallback. */
1198 if (!(NT_STATUS_IS_OK(domain->last_status)
1199 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1200 return domain->last_status;
1202 DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
1205 status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type);
1208 if (domain->online || !is_null_sid(sid)) {
1209 wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type);
1212 if (NT_STATUS_IS_OK(status)) {
1213 strupper_m(CONST_DISCARD(char *,domain_name));
1214 strlower_m(CONST_DISCARD(char *,name));
1215 wcache_save_sid_to_name(domain, status, sid, domain_name, name, *type);
1221 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
1223 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
1224 TALLOC_CTX *mem_ctx,
1228 enum SID_NAME_USE *type)
1230 struct winbind_cache *cache = get_cache(domain);
1231 struct cache_entry *centry = NULL;
1238 centry = wcache_fetch(cache, domain, "SN/%s", sid_to_string(sid_string, sid));
1241 if (NT_STATUS_IS_OK(centry->status)) {
1242 *type = (enum SID_NAME_USE)centry_uint32(centry);
1243 *domain_name = centry_string(centry, mem_ctx);
1244 *name = centry_string(centry, mem_ctx);
1246 status = centry->status;
1248 DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status %s\n",
1249 domain->name, get_friendly_nt_error_msg(status) ));
1251 centry_free(centry);
1256 *domain_name = NULL;
1258 /* If the seq number check indicated that there is a problem
1259 * with this DC, then return that status... except for
1260 * access_denied. This is special because the dc may be in
1261 * "restrict anonymous = 1" mode, in which case it will deny
1262 * most unauthenticated operations, but *will* allow the LSA
1263 * sid-to-name that we try as a fallback. */
1265 if (!(NT_STATUS_IS_OK(domain->last_status)
1266 || NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)))
1267 return domain->last_status;
1269 DEBUG(10,("sid_to_name: [Cached] - doing backend query for name for domain %s\n",
1272 status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
1275 refresh_sequence_number(domain, False);
1276 wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
1278 /* We can't save the name to sid mapping here, as with sid history a
1279 * later name2sid would give the wrong sid. */
1284 /* Lookup user information from a rid */
1285 static NTSTATUS query_user(struct winbindd_domain *domain,
1286 TALLOC_CTX *mem_ctx,
1287 const DOM_SID *user_sid,
1288 WINBIND_USERINFO *info)
1290 struct winbind_cache *cache = get_cache(domain);
1291 struct cache_entry *centry = NULL;
1297 centry = wcache_fetch(cache, domain, "U/%s", sid_string_static(user_sid));
1299 /* If we have an access denied cache entry and a cached info3 in the
1300 samlogon cache then do a query. This will force the rpc back end
1301 to return the info3 data. */
1303 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1304 netsamlogon_cache_have(user_sid)) {
1305 DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
1306 domain->last_status = NT_STATUS_OK;
1307 centry_free(centry);
1314 info->acct_name = centry_string(centry, mem_ctx);
1315 info->full_name = centry_string(centry, mem_ctx);
1316 info->homedir = centry_string(centry, mem_ctx);
1317 info->shell = centry_string(centry, mem_ctx);
1318 centry_sid(centry, &info->user_sid);
1319 centry_sid(centry, &info->group_sid);
1320 status = centry->status;
1322 DEBUG(10,("query_user: [Cached] - cached info for domain %s status %s\n",
1323 domain->name, get_friendly_nt_error_msg(status) ));
1325 centry_free(centry);
1331 /* Return status value returned by seq number check */
1333 if (!NT_STATUS_IS_OK(domain->last_status))
1334 return domain->last_status;
1336 DEBUG(10,("sid_to_name: [Cached] - doing backend query for info for domain %s\n",
1339 status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
1342 refresh_sequence_number(domain, False);
1343 wcache_save_user(domain, status, info);
1349 /* Lookup groups a user is a member of. */
1350 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
1351 TALLOC_CTX *mem_ctx,
1352 const DOM_SID *user_sid,
1353 uint32 *num_groups, DOM_SID **user_gids)
1355 struct winbind_cache *cache = get_cache(domain);
1356 struct cache_entry *centry = NULL;
1364 centry = wcache_fetch(cache, domain, "UG/%s", sid_to_string(sid_string, user_sid));
1366 /* If we have an access denied cache entry and a cached info3 in the
1367 samlogon cache then do a query. This will force the rpc back end
1368 to return the info3 data. */
1370 if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
1371 netsamlogon_cache_have(user_sid)) {
1372 DEBUG(10, ("lookup_usergroups: cached access denied and have cached info3\n"));
1373 domain->last_status = NT_STATUS_OK;
1374 centry_free(centry);
1381 *num_groups = centry_uint32(centry);
1383 if (*num_groups == 0)
1386 (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
1388 smb_panic("lookup_usergroups out of memory");
1389 for (i=0; i<(*num_groups); i++) {
1390 centry_sid(centry, &(*user_gids)[i]);
1394 status = centry->status;
1396 DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status %s\n",
1397 domain->name, get_friendly_nt_error_msg(status) ));
1399 centry_free(centry);
1404 (*user_gids) = NULL;
1406 /* Return status value returned by seq number check */
1408 if (!NT_STATUS_IS_OK(domain->last_status))
1409 return domain->last_status;
1411 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info for domain %s\n",
1414 status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
1417 refresh_sequence_number(domain, False);
1418 centry = centry_start(domain, status);
1421 centry_put_uint32(centry, *num_groups);
1422 for (i=0; i<(*num_groups); i++) {
1423 centry_put_sid(centry, &(*user_gids)[i]);
1425 centry_end(centry, "UG/%s", sid_to_string(sid_string, user_sid));
1426 centry_free(centry);
1432 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
1433 TALLOC_CTX *mem_ctx,
1434 uint32 num_sids, const DOM_SID *sids,
1435 uint32 *num_aliases, uint32 **alias_rids)
1437 struct winbind_cache *cache = get_cache(domain);
1438 struct cache_entry *centry = NULL;
1440 char *sidlist = talloc_strdup(mem_ctx, "");
1446 if (num_sids == 0) {
1449 return NT_STATUS_OK;
1452 /* We need to cache indexed by the whole list of SIDs, the aliases
1453 * resulting might come from any of the SIDs. */
1455 for (i=0; i<num_sids; i++) {
1456 sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
1457 sid_string_static(&sids[i]));
1458 if (sidlist == NULL)
1459 return NT_STATUS_NO_MEMORY;
1462 centry = wcache_fetch(cache, domain, "UA%s", sidlist);
1467 *num_aliases = centry_uint32(centry);
1470 (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
1472 if ((*num_aliases != 0) && ((*alias_rids) == NULL))
1473 return NT_STATUS_NO_MEMORY;
1475 for (i=0; i<(*num_aliases); i++)
1476 (*alias_rids)[i] = centry_uint32(centry);
1478 status = centry->status;
1480 DEBUG(10,("lookup_useraliases: [Cached] - cached info for domain %s "
1481 "status %s\n", domain->name,
1482 get_friendly_nt_error_msg(status)));
1484 centry_free(centry);
1489 (*alias_rids) = NULL;
1491 if (!NT_STATUS_IS_OK(domain->last_status))
1492 return domain->last_status;
1494 DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
1495 "for domain %s\n", domain->name ));
1497 status = domain->backend->lookup_useraliases(domain, mem_ctx,
1499 num_aliases, alias_rids);
1502 refresh_sequence_number(domain, False);
1503 centry = centry_start(domain, status);
1506 centry_put_uint32(centry, *num_aliases);
1507 for (i=0; i<(*num_aliases); i++)
1508 centry_put_uint32(centry, (*alias_rids)[i]);
1509 centry_end(centry, "UA%s", sidlist);
1510 centry_free(centry);
1517 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
1518 TALLOC_CTX *mem_ctx,
1519 const DOM_SID *group_sid, uint32 *num_names,
1520 DOM_SID **sid_mem, char ***names,
1521 uint32 **name_types)
1523 struct winbind_cache *cache = get_cache(domain);
1524 struct cache_entry *centry = NULL;
1532 centry = wcache_fetch(cache, domain, "GM/%s", sid_to_string(sid_string, group_sid));
1536 *num_names = centry_uint32(centry);
1538 if (*num_names == 0)
1541 (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_names);
1542 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
1543 (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
1545 if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1546 smb_panic("lookup_groupmem out of memory");
1549 for (i=0; i<(*num_names); i++) {
1550 centry_sid(centry, &(*sid_mem)[i]);
1551 (*names)[i] = centry_string(centry, mem_ctx);
1552 (*name_types)[i] = centry_uint32(centry);
1556 status = centry->status;
1558 DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status %s\n",
1559 domain->name, get_friendly_nt_error_msg(status) ));
1561 centry_free(centry);
1568 (*name_types) = NULL;
1570 /* Return status value returned by seq number check */
1572 if (!NT_STATUS_IS_OK(domain->last_status))
1573 return domain->last_status;
1575 DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
1578 status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
1579 sid_mem, names, name_types);
1582 refresh_sequence_number(domain, False);
1583 centry = centry_start(domain, status);
1586 centry_put_uint32(centry, *num_names);
1587 for (i=0; i<(*num_names); i++) {
1588 centry_put_sid(centry, &(*sid_mem)[i]);
1589 centry_put_string(centry, (*names)[i]);
1590 centry_put_uint32(centry, (*name_types)[i]);
1592 centry_end(centry, "GM/%s", sid_to_string(sid_string, group_sid));
1593 centry_free(centry);
1599 /* find the sequence number for a domain */
1600 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
1602 refresh_sequence_number(domain, False);
1604 *seq = domain->sequence_number;
1606 return NT_STATUS_OK;
1609 /* enumerate trusted domains
1610 * (we need to have the list of trustdoms in the cache when we go offline) -
1612 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
1613 TALLOC_CTX *mem_ctx,
1614 uint32 *num_domains,
1619 struct winbind_cache *cache = get_cache(domain);
1620 struct cache_entry *centry = NULL;
1627 centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
1633 *num_domains = centry_uint32(centry);
1635 (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
1636 (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
1637 (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
1639 if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
1640 smb_panic("trusted_domains out of memory");
1643 for (i=0; i<(*num_domains); i++) {
1644 (*names)[i] = centry_string(centry, mem_ctx);
1645 (*alt_names)[i] = centry_string(centry, mem_ctx);
1646 centry_sid(centry, &(*dom_sids)[i]);
1649 status = centry->status;
1651 DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status %s\n",
1652 domain->name, *num_domains, get_friendly_nt_error_msg(status) ));
1654 centry_free(centry);
1661 (*alt_names) = NULL;
1663 /* Return status value returned by seq number check */
1665 if (!NT_STATUS_IS_OK(domain->last_status))
1666 return domain->last_status;
1668 DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
1671 status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
1672 names, alt_names, dom_sids);
1675 refresh_sequence_number(domain, False);
1677 centry = centry_start(domain, status);
1681 centry_put_uint32(centry, *num_domains);
1683 for (i=0; i<(*num_domains); i++) {
1684 centry_put_string(centry, (*names)[i]);
1685 centry_put_string(centry, (*alt_names)[i]);
1686 centry_put_sid(centry, &(*dom_sids)[i]);
1689 centry_end(centry, "TRUSTDOMS/%s", domain->name);
1691 centry_free(centry);
1697 /* get lockout policy */
1698 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
1699 TALLOC_CTX *mem_ctx,
1700 SAM_UNK_INFO_12 *lockout_policy){
1701 struct winbind_cache *cache = get_cache(domain);
1702 struct cache_entry *centry = NULL;
1708 centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
1713 lockout_policy->duration = centry_nttime(centry);
1714 lockout_policy->reset_count = centry_nttime(centry);
1715 lockout_policy->bad_attempt_lockout = centry_uint16(centry);
1717 status = centry->status;
1719 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status %s\n",
1720 domain->name, get_friendly_nt_error_msg(status) ));
1722 centry_free(centry);
1726 ZERO_STRUCTP(lockout_policy);
1728 /* Return status value returned by seq number check */
1730 if (!NT_STATUS_IS_OK(domain->last_status))
1731 return domain->last_status;
1733 DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
1736 status = domain->backend->lockout_policy(domain, mem_ctx, lockout_policy);
1739 refresh_sequence_number(domain, False);
1740 wcache_save_lockout_policy(domain, status, lockout_policy);
1745 /* get password policy */
1746 static NTSTATUS password_policy(struct winbindd_domain *domain,
1747 TALLOC_CTX *mem_ctx,
1748 SAM_UNK_INFO_1 *password_policy)
1750 struct winbind_cache *cache = get_cache(domain);
1751 struct cache_entry *centry = NULL;
1757 centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
1762 password_policy->min_length_password = centry_uint16(centry);
1763 password_policy->password_history = centry_uint16(centry);
1764 password_policy->password_properties = centry_uint32(centry);
1765 password_policy->expire = centry_nttime(centry);
1766 password_policy->min_passwordage = centry_nttime(centry);
1768 status = centry->status;
1770 DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status %s\n",
1771 domain->name, get_friendly_nt_error_msg(status) ));
1773 centry_free(centry);
1777 ZERO_STRUCTP(password_policy);
1779 /* Return status value returned by seq number check */
1781 if (!NT_STATUS_IS_OK(domain->last_status))
1782 return domain->last_status;
1784 DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
1787 status = domain->backend->password_policy(domain, mem_ctx, password_policy);
1790 refresh_sequence_number(domain, False);
1791 wcache_save_password_policy(domain, status, password_policy);
1797 /* Invalidate cached user and group lists coherently */
1799 static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
1802 if (strncmp(kbuf.dptr, "UL/", 3) == 0 ||
1803 strncmp(kbuf.dptr, "GL/", 3) == 0)
1804 tdb_delete(the_tdb, kbuf);
1809 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
1811 void wcache_invalidate_samlogon(struct winbindd_domain *domain,
1812 NET_USER_INFO_3 *info3)
1814 struct winbind_cache *cache;
1819 cache = get_cache(domain);
1820 netsamlogon_clear_cached_user(cache->tdb, info3);
1823 void wcache_invalidate_cache(void)
1825 struct winbindd_domain *domain;
1827 for (domain = domain_list(); domain; domain = domain->next) {
1828 struct winbind_cache *cache = get_cache(domain);
1830 DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
1831 "entries for %s\n", domain->name));
1833 tdb_traverse(cache->tdb, traverse_fn, NULL);
1837 static BOOL init_wcache(void)
1839 if (wcache == NULL) {
1840 wcache = SMB_XMALLOC_P(struct winbind_cache);
1841 ZERO_STRUCTP(wcache);
1844 if (wcache->tdb != NULL)
1847 /* when working offline we must not clear the cache on restart */
1848 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
1849 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
1850 TDB_DEFAULT /*TDB_CLEAR_IF_FIRST*/, O_RDWR|O_CREAT, 0600);
1852 if (wcache->tdb == NULL) {
1853 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
1860 void cache_store_response(pid_t pid, struct winbindd_response *response)
1867 DEBUG(10, ("Storing response for pid %d, len %d\n",
1868 pid, response->length));
1870 fstr_sprintf(key_str, "DR/%d", pid);
1871 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
1872 make_tdb_data((void *)response, sizeof(*response)),
1876 if (response->length == sizeof(*response))
1879 /* There's extra data */
1881 DEBUG(10, ("Storing extra data: len=%d\n",
1882 (int)(response->length - sizeof(*response))));
1884 fstr_sprintf(key_str, "DE/%d", pid);
1885 if (tdb_store(wcache->tdb, string_tdb_data(key_str),
1886 make_tdb_data(response->extra_data,
1887 response->length - sizeof(*response)),
1891 /* We could not store the extra data, make sure the tdb does not
1892 * contain a main record with wrong dangling extra data */
1894 fstr_sprintf(key_str, "DR/%d", pid);
1895 tdb_delete(wcache->tdb, string_tdb_data(key_str));
1900 BOOL cache_retrieve_response(pid_t pid, struct winbindd_response * response)
1908 DEBUG(10, ("Retrieving response for pid %d\n", pid));
1910 fstr_sprintf(key_str, "DR/%d", pid);
1911 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
1913 if (data.dptr == NULL)
1916 if (data.dsize != sizeof(*response))
1919 memcpy(response, data.dptr, data.dsize);
1920 SAFE_FREE(data.dptr);
1922 if (response->length == sizeof(*response)) {
1923 response->extra_data = NULL;
1927 /* There's extra data */
1929 DEBUG(10, ("Retrieving extra data length=%d\n",
1930 (int)(response->length - sizeof(*response))));
1932 fstr_sprintf(key_str, "DE/%d", pid);
1933 data = tdb_fetch(wcache->tdb, string_tdb_data(key_str));
1935 if (data.dptr == NULL) {
1936 DEBUG(0, ("Did not find extra data\n"));
1940 if (data.dsize != (response->length - sizeof(*response))) {
1941 DEBUG(0, ("Invalid extra data length: %d\n", (int)data.dsize));
1942 SAFE_FREE(data.dptr);
1946 dump_data(11, data.dptr, data.dsize);
1948 response->extra_data = data.dptr;
1952 void cache_cleanup_response(pid_t pid)
1959 fstr_sprintf(key_str, "DR/%d", pid);
1960 tdb_delete(wcache->tdb, string_tdb_data(key_str));
1962 fstr_sprintf(key_str, "DE/%d", pid);
1963 tdb_delete(wcache->tdb, string_tdb_data(key_str));
1969 BOOL lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
1970 const char **domain_name, const char **name,
1971 enum SID_NAME_USE *type)
1973 struct winbindd_domain *domain;
1974 struct winbind_cache *cache;
1975 struct cache_entry *centry = NULL;
1978 domain = find_lookup_domain_from_sid(sid);
1979 if (domain == NULL) {
1983 cache = get_cache(domain);
1985 if (cache->tdb == NULL) {
1989 centry = wcache_fetch(cache, domain, "SN/%s", sid_string_static(sid));
1990 if (centry == NULL) {
1994 if (NT_STATUS_IS_OK(centry->status)) {
1995 *type = (enum SID_NAME_USE)centry_uint32(centry);
1996 *domain_name = centry_string(centry, mem_ctx);
1997 *name = centry_string(centry, mem_ctx);
2000 status = centry->status;
2001 centry_free(centry);
2002 return NT_STATUS_IS_OK(status);
2005 BOOL lookup_cached_name(TALLOC_CTX *mem_ctx,
2006 const char *domain_name,
2009 enum SID_NAME_USE *type)
2011 struct winbindd_domain *domain;
2012 struct winbind_cache *cache;
2013 struct cache_entry *centry = NULL;
2017 domain = find_lookup_domain_from_name(domain_name);
2018 if (domain == NULL) {
2022 cache = get_cache(domain);
2024 if (cache->tdb == NULL) {
2028 fstrcpy(uname, name);
2031 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
2032 if (centry == NULL) {
2036 if (NT_STATUS_IS_OK(centry->status)) {
2037 *type = (enum SID_NAME_USE)centry_uint32(centry);
2038 centry_sid(centry, sid);
2041 status = centry->status;
2042 centry_free(centry);
2044 return NT_STATUS_IS_OK(status);
2047 void cache_name2sid(struct winbindd_domain *domain,
2048 const char *domain_name, const char *name,
2049 enum SID_NAME_USE type, const DOM_SID *sid)
2051 wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
2055 /* delete all centries that don't have NT_STATUS_OK set */
2056 static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
2057 TDB_DATA dbuf, void *state)
2059 struct cache_entry *centry;
2062 if (!snprintf(buf, kbuf.dsize + 1, "%s", kbuf.dptr)) {
2066 centry = wcache_fetch_raw(buf);
2071 if (!NT_STATUS_IS_OK(centry->status)) {
2072 DEBUG(10,("deleting centry %s\n", buf));
2073 tdb_delete(the_tdb, kbuf);
2076 centry_free(centry);
2080 /* flush the cache */
2081 void wcache_flush_cache(void)
2083 extern BOOL opt_nocache;
2088 tdb_close(wcache->tdb);
2094 /* when working offline we must not clear the cache on restart */
2095 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
2096 WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
2097 TDB_DEFAULT /* TDB_CLEAR_IF_FIRST */, O_RDWR|O_CREAT, 0600);
2100 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
2103 tdb_traverse(wcache->tdb, traverse_fn_cleanup, NULL);
2105 DEBUG(10,("wcache_flush_cache success\n"));
2108 /* Count cached creds */
2110 static int traverse_fn_cached_creds(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2113 int *cred_count = (int*)state;
2115 if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
2121 NTSTATUS wcache_count_cached_creds(struct winbindd_domain *domain, int *count)
2123 struct winbind_cache *cache = get_cache(domain);
2128 return NT_STATUS_INTERNAL_DB_ERROR;
2131 tdb_traverse(cache->tdb, traverse_fn_cached_creds, (void *)count);
2133 return NT_STATUS_OK;
2137 struct cred_list *prev, *next;
2142 static struct cred_list *wcache_cred_list;
2144 static int traverse_fn_get_credlist(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
2147 struct cred_list *cred;
2149 if (strncmp(kbuf.dptr, "CRED/", 5) == 0) {
2151 cred = SMB_MALLOC_P(struct cred_list);
2153 DEBUG(0,("traverse_fn_remove_first_creds: failed to malloc new entry for list\n"));
2159 /* save a copy of the key */
2161 fstrcpy(cred->name, kbuf.dptr);
2162 DLIST_ADD(wcache_cred_list, cred);
2168 NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const DOM_SID *sid)
2170 struct winbind_cache *cache = get_cache(domain);
2173 struct cred_list *cred, *oldest = NULL;
2176 return NT_STATUS_INTERNAL_DB_ERROR;
2179 /* we possibly already have an entry */
2180 if (sid && NT_STATUS_IS_OK(wcache_cached_creds_exist(domain, sid))) {
2184 DEBUG(11,("we already have an entry, deleting that\n"));
2186 fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
2188 tdb_delete(cache->tdb, string_tdb_data(key_str));
2190 return NT_STATUS_OK;
2193 ret = tdb_traverse(cache->tdb, traverse_fn_get_credlist, NULL);
2195 return NT_STATUS_OK;
2196 } else if (ret == -1) {
2197 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2200 ZERO_STRUCTP(oldest);
2202 for (cred = wcache_cred_list; cred; cred = cred->next) {
2207 data = tdb_fetch(cache->tdb, make_tdb_data(cred->name, strlen(cred->name)));
2209 DEBUG(10,("wcache_remove_oldest_cached_creds: entry for [%s] not found\n",
2211 status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
2215 t = IVAL(data.dptr, 0);
2216 SAFE_FREE(data.dptr);
2219 oldest = SMB_MALLOC_P(struct cred_list);
2220 if (oldest == NULL) {
2221 status = NT_STATUS_NO_MEMORY;
2225 fstrcpy(oldest->name, cred->name);
2226 oldest->created = t;
2230 if (t < oldest->created) {
2231 fstrcpy(oldest->name, cred->name);
2232 oldest->created = t;
2236 if (tdb_delete(cache->tdb, string_tdb_data(oldest->name)) == 0) {
2237 status = NT_STATUS_OK;
2239 status = NT_STATUS_UNSUCCESSFUL;
2242 SAFE_FREE(wcache_cred_list);
2248 /* Change the global online/offline state. */
2249 BOOL set_global_winbindd_state_offline(void)
2254 DEBUG(10,("set_global_winbindd_state_offline: offline requested.\n"));
2256 /* Only go offline if someone has created
2257 the key "WINBINDD_OFFLINE" in the cache tdb. */
2259 if (wcache == NULL || wcache->tdb == NULL) {
2260 DEBUG(10,("set_global_winbindd_state_offline: wcache not open yet.\n"));
2264 if (!lp_winbind_offline_logon()) {
2265 DEBUG(10,("set_global_winbindd_state_offline: rejecting.\n"));
2269 if (global_winbindd_offline_state) {
2270 /* Already offline. */
2274 wcache->tdb->ecode = 0;
2276 data = tdb_fetch_bystring( wcache->tdb, "WINBINDD_OFFLINE" );
2278 /* As this is a key with no data we don't need to free, we
2279 check for existence by looking at tdb_err. */
2281 err = tdb_error(wcache->tdb);
2283 if (err == TDB_ERR_NOEXIST) {
2284 DEBUG(10,("set_global_winbindd_state_offline: offline state not set.\n"));
2287 DEBUG(10,("set_global_winbindd_state_offline: offline state set.\n"));
2288 global_winbindd_offline_state = True;
2293 void set_global_winbindd_state_online(void)
2295 DEBUG(10,("set_global_winbindd_state_online: online requested.\n"));
2297 if (!lp_winbind_offline_logon()) {
2298 DEBUG(10,("set_global_winbindd_state_online: rejecting.\n"));
2302 if (!global_winbindd_offline_state) {
2303 /* Already online. */
2306 global_winbindd_offline_state = False;
2312 /* Ensure there is no key "WINBINDD_OFFLINE" in the cache tdb. */
2313 tdb_delete_bystring(wcache->tdb, "WINBINDD_OFFLINE");
2316 /* the cache backend methods are exposed via this structure */
2317 struct winbindd_methods cache_methods = {
git.samba.org / abartlet / samba.git / .git / blob