#include "includes.h"
#include "winbindd.h"
-#define TIMEOUT_LEN 12
-#define IDMAP_CACHE_DATA_FMT "%12u/%s"
-#define IDMAP_READ_CACHE_DATA_FMT_TEMPLATE "%%12u/%%%us"
-
-struct idmap_cache_ctx {
- TDB_CONTEXT *tdb;
-};
-
-static int idmap_cache_destructor(struct idmap_cache_ctx *cache)
-{
- int ret = 0;
-
- if (cache && cache->tdb) {
- ret = tdb_close(cache->tdb);
- cache->tdb = NULL;
- }
-
- return ret;
-}
-
-struct idmap_cache_ctx *idmap_cache_init(TALLOC_CTX *memctx)
-{
- struct idmap_cache_ctx *cache;
- char* cache_fname = NULL;
-
- cache = talloc(memctx, struct idmap_cache_ctx);
- if ( ! cache) {
- DEBUG(0, ("Out of memory!\n"));
- return NULL;
- }
-
- cache_fname = lock_path("idmap_cache.tdb");
-
- DEBUG(10, ("Opening cache file at %s\n", cache_fname));
-
- cache->tdb = tdb_open_log(cache_fname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
-
- if (!cache->tdb) {
- DEBUG(5, ("Attempt to open %s has failed.\n", cache_fname));
- return NULL;
- }
-
- talloc_set_destructor(cache, idmap_cache_destructor);
-
- return cache;
-}
-
-static NTSTATUS idmap_cache_build_sidkey(TALLOC_CTX *ctx, char **sidkey,
- const struct id_map *id)
+bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
+ bool *expired)
{
fstring sidstr;
-
- *sidkey = talloc_asprintf(ctx, "IDMAP/SID/%s",
- sid_to_fstring(sidstr, id->sid));
- if ( ! *sidkey) {
- DEBUG(1, ("failed to build sidkey, OOM?\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS idmap_cache_build_idkey(TALLOC_CTX *ctx, char **idkey,
- const struct id_map *id)
-{
- *idkey = talloc_asprintf(ctx, "IDMAP/%s/%lu",
- (id->xid.type==ID_TYPE_UID)?"UID":"GID",
- (unsigned long)id->xid.id);
- if ( ! *idkey) {
- DEBUG(1, ("failed to build idkey, OOM?\n"));
- return NT_STATUS_NO_MEMORY;
+ char *key;
+ char *value;
+ char *endptr;
+ time_t timeout;
+ uid_t uid;
+ bool ret;
+
+ key = talloc_asprintf(talloc_tos(), "IDMAP/SID2UID/%s",
+ sid_to_fstring(sidstr, sid));
+ if (key == NULL) {
+ return false;
+ }
+ ret = gencache_get(key, &value, &timeout);
+ TALLOC_FREE(key);
+ if (!ret) {
+ return false;
+ }
+ uid = strtol(value, &endptr, 10);
+ ret = (*endptr == '\0');
+ SAFE_FREE(value);
+ if (ret) {
+ *puid = uid;
+ *expired = (timeout <= time(NULL));
}
-
- return NT_STATUS_OK;
+ return ret;
}
-NTSTATUS idmap_cache_set(struct idmap_cache_ctx *cache, const struct id_map *id)
+bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
{
- NTSTATUS ret;
- time_t timeout = time(NULL) + lp_idmap_cache_time();
- TDB_DATA databuf;
- char *sidkey;
- char *idkey;
- char *valstr;
+ char *key;
+ char *value;
+ time_t timeout;
+ bool ret = true;
- /* Don't cache lookups in the S-1-22-{1,2} domain */
- if ( (id->xid.type == ID_TYPE_UID) &&
- sid_check_is_in_unix_users(id->sid) )
- {
- return NT_STATUS_OK;
+ key = talloc_asprintf(talloc_tos(), "IDMAP/UID2SID/%d", (int)uid);
+ if (key == NULL) {
+ return false;
}
- if ( (id->xid.type == ID_TYPE_GID) &&
- sid_check_is_in_unix_groups(id->sid) )
- {
- return NT_STATUS_OK;
+ ret = gencache_get(key, &value, &timeout);
+ TALLOC_FREE(key);
+ if (!ret) {
+ return false;
}
-
-
- ret = idmap_cache_build_sidkey(cache, &sidkey, id);
- if (!NT_STATUS_IS_OK(ret)) return ret;
-
- /* use sidkey as the local memory ctx */
- ret = idmap_cache_build_idkey(sidkey, &idkey, id);
- if (!NT_STATUS_IS_OK(ret)) {
- goto done;
- }
-
- /* save SID -> ID */
-
- /* use sidkey as the local memory ctx */
- valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, idkey);
- if (!valstr) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
+ ZERO_STRUCTP(sid);
+ if (value[0] != '-') {
+ ret = string_to_sid(sid, value);
}
-
- databuf = string_term_tdb_data(valstr);
- DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
- " %s (%d seconds %s)\n", sidkey, valstr , ctime(&timeout),
- (int)(timeout - time(NULL)),
- timeout > time(NULL) ? "ahead" : "in the past"));
-
- if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
- DEBUG(3, ("Failed to store cache entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
+ SAFE_FREE(value);
+ if (ret) {
+ *expired = (timeout <= time(NULL));
}
-
- /* save ID -> SID */
-
- /* use sidkey as the local memory ctx */
- valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, sidkey);
- if (!valstr) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- databuf = string_term_tdb_data(valstr);
- DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
- " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
- (int)(timeout - time(NULL)),
- timeout > time(NULL) ? "ahead" : "in the past"));
-
- if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
- DEBUG(3, ("Failed to store cache entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-
-done:
- talloc_free(sidkey);
return ret;
}
-NTSTATUS idmap_cache_set_negative_sid(struct idmap_cache_ctx *cache, const struct id_map *id)
+void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid)
{
- NTSTATUS ret;
- time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
- TDB_DATA databuf;
- char *sidkey;
- char *valstr;
-
- ret = idmap_cache_build_sidkey(cache, &sidkey, id);
- if (!NT_STATUS_IS_OK(ret)) return ret;
-
- /* use sidkey as the local memory ctx */
- valstr = talloc_asprintf(sidkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
- if (!valstr) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- databuf = string_term_tdb_data(valstr);
- DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
- " %s (%d seconds %s)\n", sidkey, valstr, ctime(&timeout),
- (int)(timeout - time(NULL)),
- timeout > time(NULL) ? "ahead" : "in the past"));
-
- if (tdb_store_bystring(cache->tdb, sidkey, databuf, TDB_REPLACE) != 0) {
- DEBUG(3, ("Failed to store cache entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
+ time_t now = time(NULL);
+ time_t timeout;
+ fstring sidstr, key, value;
+
+ if (!is_null_sid(sid)) {
+ fstr_sprintf(key, "IDMAP/SID2UID/%s",
+ sid_to_fstring(sidstr, sid));
+ fstr_sprintf(value, "%d", (int)uid);
+ timeout = (uid == -1)
+ ? lp_idmap_negative_cache_time()
+ : lp_idmap_cache_time();
+ gencache_set(key, value, now + timeout);
+ }
+ if (uid != -1) {
+ fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
+ if (is_null_sid(sid)) {
+ /* negative uid mapping */
+ fstrcpy(value, "-");
+ timeout = lp_idmap_negative_cache_time();
+ }
+ else {
+ sid_to_fstring(value, sid);
+ timeout = lp_idmap_cache_time();
+ }
+ gencache_set(key, value, now + timeout);
}
-
-done:
- talloc_free(sidkey);
- return ret;
}
-NTSTATUS idmap_cache_set_negative_id(struct idmap_cache_ctx *cache, const struct id_map *id)
+bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
+ bool *expired)
{
- NTSTATUS ret;
- time_t timeout = time(NULL) + lp_idmap_negative_cache_time();
- TDB_DATA databuf;
- char *idkey;
- char *valstr;
-
- ret = idmap_cache_build_idkey(cache, &idkey, id);
- if (!NT_STATUS_IS_OK(ret)) return ret;
-
- /* use idkey as the local memory ctx */
- valstr = talloc_asprintf(idkey, IDMAP_CACHE_DATA_FMT, (int)timeout, "IDMAP/NEGATIVE");
- if (!valstr) {
- DEBUG(0, ("Out of memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- databuf = string_term_tdb_data(valstr);
- DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
- " %s (%d seconds %s)\n", idkey, valstr, ctime(&timeout),
- (int)(timeout - time(NULL)),
- timeout > time(NULL) ? "ahead" : "in the past"));
-
- if (tdb_store_bystring(cache->tdb, idkey, databuf, TDB_REPLACE) != 0) {
- DEBUG(3, ("Failed to store cache entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
+ fstring sidstr;
+ char *key;
+ char *value;
+ char *endptr;
+ time_t timeout;
+ gid_t gid;
+ bool ret;
+
+ key = talloc_asprintf(talloc_tos(), "IDMAP/SID2GID/%s",
+ sid_to_fstring(sidstr, sid));
+ if (key == NULL) {
+ return false;
+ }
+ ret = gencache_get(key, &value, &timeout);
+ TALLOC_FREE(key);
+ if (!ret) {
+ return false;
+ }
+ gid = strtol(value, &endptr, 10);
+ ret = (*endptr == '\0');
+ SAFE_FREE(value);
+ if (ret) {
+ *pgid = gid;
+ *expired = (timeout <= time(NULL));
}
-
-done:
- talloc_free(idkey);
return ret;
}
-static NTSTATUS idmap_cache_fill_map(struct id_map *id, const char *value)
+bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
{
- char *rem;
-
- /* see if it is a sid */
- if ( ! strncmp("IDMAP/SID/", value, 10)) {
-
- if ( ! string_to_sid(id->sid, &value[10])) {
- goto failed;
- }
-
- id->status = ID_MAPPED;
+ char *key;
+ char *value;
+ time_t timeout;
+ bool ret = true;
- return NT_STATUS_OK;
+ key = talloc_asprintf(talloc_tos(), "IDMAP/GID2SID/%d", (int)gid);
+ if (key == NULL) {
+ return false;
}
-
- /* not a SID see if it is an UID or a GID */
- if ( ! strncmp("IDMAP/UID/", value, 10)) {
-
- /* a uid */
- id->xid.type = ID_TYPE_UID;
-
- } else if ( ! strncmp("IDMAP/GID/", value, 10)) {
-
- /* a gid */
- id->xid.type = ID_TYPE_GID;
-
- } else {
-
- /* a completely bogus value bail out */
- goto failed;
- }
-
- id->xid.id = strtol(&value[10], &rem, 0);
- if (*rem != '\0') {
- goto failed;
- }
-
- id->status = ID_MAPPED;
-
- return NT_STATUS_OK;
-
-failed:
- DEBUG(1, ("invalid value: %s\n", value));
- id->status = ID_UNKNOWN;
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
-}
-
-/* search the cache for the SID an return a mapping if found *
- *
- * 4 cases are possible
- *
- * 1 map found
- * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
- * 2 map not found
- * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
- * 3 negative cache found
- * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
- * 4 map found but timer expired
- * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
- * is returned. In this case revalidation of the cache is needed.
- */
-
-NTSTATUS idmap_cache_map_sid(struct idmap_cache_ctx *cache, struct id_map *id)
-{
- NTSTATUS ret;
- TDB_DATA databuf;
- time_t t;
- char *sidkey;
- char *endptr;
- struct winbindd_domain *our_domain = find_our_domain();
- time_t now = time(NULL);
-
- /* make sure it is marked as not mapped by default */
- id->status = ID_UNKNOWN;
-
- ret = idmap_cache_build_sidkey(cache, &sidkey, id);
- if (!NT_STATUS_IS_OK(ret)) return ret;
-
- databuf = tdb_fetch_bystring(cache->tdb, sidkey);
-
- if (databuf.dptr == NULL) {
- DEBUG(10, ("Cache entry with key = %s couldn't be found\n", sidkey));
- ret = NT_STATUS_NONE_MAPPED;
- goto done;
+ ret = gencache_get(key, &value, &timeout);
+ TALLOC_FREE(key);
+ if (!ret) {
+ return false;
}
-
- t = strtol((const char *)databuf.dptr, &endptr, 10);
-
- if ((endptr == NULL) || (*endptr != '/')) {
- DEBUG(2, ("Invalid gencache data format: %s\n", (const char *)databuf.dptr));
- /* remove the entry */
- tdb_delete_bystring(cache->tdb, sidkey);
- ret = NT_STATUS_NONE_MAPPED;
- goto done;
+ ZERO_STRUCTP(sid);
+ if (value[0] != '-') {
+ ret = string_to_sid(sid, value);
}
-
- /* check it is not negative */
- if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
-
- DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
- "timeout = %s", t > now ? "valid" :
- "expired", sidkey, endptr+1, ctime(&t)));
-
- /* this call if successful will also mark the entry as mapped */
- ret = idmap_cache_fill_map(id, endptr+1);
- if ( ! NT_STATUS_IS_OK(ret)) {
- /* if not valid form delete the entry */
- tdb_delete_bystring(cache->tdb, sidkey);
- ret = NT_STATUS_NONE_MAPPED;
- goto done;
- }
-
- /* here ret == NT_STATUS_OK and id->status = ID_MAPPED */
-
- if (t <= now) {
- /* If we've been told to be offline - stay in
- that state... */
- if ( IS_DOMAIN_OFFLINE(our_domain) ) {
- DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
- goto done;
- }
-
- /* We're expired, set an error code
- for upper layer */
- ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
- }
-
- goto done;
+ SAFE_FREE(value);
+ if (ret) {
+ *expired = (timeout <= time(NULL));
}
-
- /* Was a negative cache hit */
-
- /* Ignore the negative cache when offline */
-
- if ( IS_DOMAIN_OFFLINE(our_domain) ) {
- DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
- goto done;
- }
-
-
- /* Check for valid or expired cache hits */
- if (t <= now) {
- /* We're expired. Return not mapped */
- ret = NT_STATUS_NONE_MAPPED;
- } else {
- /* this is not mapped as it was a negative cache hit */
- id->status = ID_UNMAPPED;
- ret = NT_STATUS_OK;
- }
-
-done:
- SAFE_FREE(databuf.dptr);
- talloc_free(sidkey);
return ret;
}
-/* search the cache for the ID an return a mapping if found *
- *
- * 4 cases are possible
- *
- * 1 map found
- * in this case id->status = ID_MAPPED and NT_STATUS_OK is returned
- * 2 map not found
- * in this case id->status = ID_UNKNOWN and NT_STATUS_NONE_MAPPED is returned
- * 3 negative cache found
- * in this case id->status = ID_UNMAPPED and NT_STATUS_OK is returned
- * 4 map found but timer expired
- * in this case id->status = ID_EXPIRED and NT_STATUS_SYNCHRONIZATION_REQUIRED
- * is returned. In this case revalidation of the cache is needed.
- */
-
-NTSTATUS idmap_cache_map_id(struct idmap_cache_ctx *cache, struct id_map *id)
+void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
{
- NTSTATUS ret;
- TDB_DATA databuf;
- time_t t;
- char *idkey;
- char *endptr;
- struct winbindd_domain *our_domain = find_our_domain();
- time_t now = time(NULL);
-
- /* make sure it is marked as unknown by default */
- id->status = ID_UNKNOWN;
-
- ret = idmap_cache_build_idkey(cache, &idkey, id);
- if (!NT_STATUS_IS_OK(ret)) return ret;
-
- databuf = tdb_fetch_bystring(cache->tdb, idkey);
-
- if (databuf.dptr == NULL) {
- DEBUG(10, ("Cache entry with key = %s couldn't be found\n", idkey));
- ret = NT_STATUS_NONE_MAPPED;
- goto done;
- }
-
- t = strtol((const char *)databuf.dptr, &endptr, 10);
-
- if ((endptr == NULL) || (*endptr != '/')) {
- DEBUG(2, ("Invalid gencache data format: %s\n", (const char *)databuf.dptr));
- /* remove the entry */
- tdb_delete_bystring(cache->tdb, idkey);
- ret = NT_STATUS_NONE_MAPPED;
- goto done;
- }
-
- /* check it is not negative */
- if (strcmp("IDMAP/NEGATIVE", endptr+1) != 0) {
-
- DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, "
- "timeout = %s", t > now ? "valid" :
- "expired", idkey, endptr+1, ctime(&t)));
-
- /* this call if successful will also mark the entry as mapped */
- ret = idmap_cache_fill_map(id, endptr+1);
- if ( ! NT_STATUS_IS_OK(ret)) {
- /* if not valid form delete the entry */
- tdb_delete_bystring(cache->tdb, idkey);
- ret = NT_STATUS_NONE_MAPPED;
- goto done;
+ time_t now = time(NULL);
+ time_t timeout;
+ fstring sidstr, key, value;
+
+ if (!is_null_sid(sid)) {
+ fstr_sprintf(key, "IDMAP/SID2GID/%s",
+ sid_to_fstring(sidstr, sid));
+ fstr_sprintf(value, "%d", (int)gid);
+ timeout = (gid == -1)
+ ? lp_idmap_negative_cache_time()
+ : lp_idmap_cache_time();
+ gencache_set(key, value, now + timeout);
+ }
+ if (gid != -1) {
+ fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
+ if (is_null_sid(sid)) {
+ /* negative gid mapping */
+ fstrcpy(value, "-");
+ timeout = lp_idmap_negative_cache_time();
}
-
- /* here ret == NT_STATUS_OK and id->mapped = ID_MAPPED */
-
- if (t <= now) {
- /* If we've been told to be offline - stay in
- that state... */
- if ( IS_DOMAIN_OFFLINE(our_domain) ) {
- DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
- goto done;
- }
-
- /* We're expired, set an error code
- for upper layer */
- ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
+ else {
+ sid_to_fstring(value, sid);
+ timeout = lp_idmap_cache_time();
}
-
- goto done;
- }
-
- /* Was a negative cache hit */
-
- /* Ignore the negative cache when offline */
-
- if ( IS_DOMAIN_OFFLINE(our_domain) ) {
- DEBUG(10,("idmap_cache_map_sid: idmap is offline\n"));
- ret = NT_STATUS_NONE_MAPPED;
-
- goto done;
+ gencache_set(key, value, now + timeout);
}
-
- /* Process the negative cache hit */
-
- if (t <= now) {
- /* We're expired. Return not mapped */
- ret = NT_STATUS_NONE_MAPPED;
- } else {
- /* this is not mapped is it was a negative cache hit */
- id->status = ID_UNMAPPED;
- ret = NT_STATUS_OK;
- }
-
-done:
- SAFE_FREE(databuf.dptr);
- talloc_free(idkey);
- return ret;
}
-
git.samba.org / samba.git / blobdiff