#include "winbindd.h"
#include "tdb_validate.h"
#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_wbint.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
return ret;
}
-static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
+static bool wcache_fetch_seqnum(const char *domain_name, uint32_t *seqnum,
+ uint32_t *last_seq_check)
{
+ char *key;
TDB_DATA data;
- fstring key;
- uint32 time_diff;
- if (!wcache->tdb) {
- DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ if (wcache->tdb == NULL) {
+ DEBUG(10,("wcache_fetch_seqnum: tdb == NULL\n"));
+ return false;
}
- fstr_sprintf( key, "SEQNUM/%s", domain->name );
-
- data = tdb_fetch_bystring( wcache->tdb, key );
- if ( !data.dptr || data.dsize!=8 ) {
- DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
- return NT_STATUS_UNSUCCESSFUL;
+ key = talloc_asprintf(talloc_tos(), "SEQNUM/%s", domain_name);
+ if (key == NULL) {
+ DEBUG(10, ("talloc failed\n"));
+ return false;
}
- domain->sequence_number = IVAL(data.dptr, 0);
- domain->last_seq_check = IVAL(data.dptr, 4);
+ data = tdb_fetch_bystring(wcache->tdb, key);
+ TALLOC_FREE(key);
+ if (data.dptr == NULL) {
+ DEBUG(10, ("wcache_fetch_seqnum: %s not found\n",
+ domain_name));
+ return false;
+ }
+ if (data.dsize != 8) {
+ DEBUG(10, ("wcache_fetch_seqnum: invalid data size %d\n",
+ (int)data.dsize));
+ SAFE_FREE(data.dptr);
+ return false;
+ }
+
+ *seqnum = IVAL(data.dptr, 0);
+ *last_seq_check = IVAL(data.dptr, 4);
SAFE_FREE(data.dptr);
+ return true;
+}
+
+static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
+{
+ uint32 last_check, time_diff;
+
+ if (!wcache_fetch_seqnum(domain->name, &domain->sequence_number,
+ &last_check)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ domain->last_seq_check = last_check;
+
/* have we expired? */
time_diff = now - domain->last_seq_check;
return NT_STATUS_OK;
}
-static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
+bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
+ time_t last_seq_check)
{
- TDB_DATA data;
- fstring key_str;
- uint8 buf[8];
+ char *key_str;
+ uint8_t buf[8];
+ int ret;
- if (!wcache->tdb) {
- DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ if (wcache->tdb == NULL) {
+ DEBUG(10, ("wcache_store_seqnum: wcache->tdb == NULL\n"));
+ return false;
}
- fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
+ key_str = talloc_asprintf(talloc_tos(), "SEQNUM/%s", domain_name);
+ if (key_str == NULL) {
+ DEBUG(10, ("talloc_asprintf failed\n"));
+ return false;
+ }
- SIVAL(buf, 0, domain->sequence_number);
- SIVAL(buf, 4, domain->last_seq_check);
- data.dptr = buf;
- data.dsize = 8;
+ SIVAL(buf, 0, seqnum);
+ SIVAL(buf, 4, last_seq_check);
- if ( tdb_store_bystring( wcache->tdb, key_str, data, TDB_REPLACE) == -1 ) {
- DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
- return NT_STATUS_UNSUCCESSFUL;
+ ret = tdb_store_bystring(wcache->tdb, key_str,
+ make_tdb_data(buf, sizeof(buf)), TDB_REPLACE);
+ TALLOC_FREE(key_str);
+ if (ret == -1) {
+ DEBUG(10, ("tdb_store_bystring failed: %s\n",
+ tdb_errorstr(wcache->tdb)));
+ TALLOC_FREE(key_str);
+ return false;
}
- DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n",
- domain->name, domain->sequence_number,
- (uint32)domain->last_seq_check));
+ DEBUG(10, ("wcache_store_seqnum: success [%s][%u @ %u]\n",
+ domain_name, seqnum, (unsigned)last_seq_check));
- return NT_STATUS_OK;
+ return true;
+}
+
+static bool store_cache_seqnum( struct winbindd_domain *domain )
+{
+ return wcache_store_seqnum(domain->name, domain->sequence_number,
+ domain->last_seq_check);
}
/*
time_t t = time(NULL);
unsigned cache_time = lp_winbind_cache_time();
- if ( IS_DOMAIN_OFFLINE(domain) ) {
+ if (is_domain_offline(domain)) {
return;
}
}
-static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
+static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status,
+ struct wbint_userinfo *info)
{
struct cache_entry *centry;
fstring sid_string;
static NTSTATUS query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- WINBIND_USERINFO **info)
+ struct wbint_userinfo **info)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i, retry;
+ bool old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
*num_entries = centry_uint32(centry);
if (*num_entries == 0)
goto do_cached;
- (*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
+ (*info) = TALLOC_ARRAY(mem_ctx, struct wbint_userinfo, *num_entries);
if (! (*info)) {
smb_panic_fn("query_user_list out of memory");
}
"connection cache\n"));
invalidate_cm_connection(&domain->conn);
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ /* store partial response. */
+ if (*num_entries > 0) {
+ /*
+ * humm, what about the status used for cache?
+ * Should it be NT_STATUS_OK?
+ */
+ break;
+ }
+ /*
+ * domain is offline now, and there is no user entries,
+ * try to fetch from cache again.
+ */
+ if (cache->tdb && !domain->online && !domain->internal && old_status) {
+ centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
+ /* partial response... */
+ if (!centry) {
+ goto skip_save;
+ } else {
+ goto do_fetch_cache;
+ }
+ } else {
+ goto skip_save;
+ }
+ }
} while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
(retry++ < 5));
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
*num_entries = centry_uint32(centry);
if (*num_entries == 0)
status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->online &&
+ !domain->internal &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
*num_entries = centry_uint32(centry);
if (*num_entries == 0)
status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
return status;
}
-/* convert a single name to a sid in a domain */
-static NTSTATUS name_to_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- enum winbindd_cmd orig_cmd,
+NTSTATUS wcache_name_to_sid(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
- DOM_SID *sid,
+ struct dom_sid *sid,
enum lsa_SidType *type)
{
struct winbind_cache *cache = get_cache(domain);
- struct cache_entry *centry = NULL;
+ struct cache_entry *centry;
NTSTATUS status;
- fstring uname;
+ char *uname;
- if (!cache->tdb)
- goto do_query;
+ if (cache->tdb == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ uname = talloc_strdup_upper(talloc_tos(), name);
+ if (uname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- fstrcpy(uname, name);
- strupper_m(uname);
centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
- if (!centry)
- goto do_query;
+ TALLOC_FREE(uname);
+ if (centry == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
status = centry->status;
if (NT_STATUS_IS_OK(status)) {
centry_sid(centry, sid);
}
- DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status: %s\n",
- domain->name, nt_errstr(status) ));
+ DEBUG(10,("name_to_sid: [Cached] - cached name for domain %s status: "
+ "%s\n", domain->name, nt_errstr(status) ));
centry_free(centry);
return status;
+}
+
+/* convert a single name to a sid in a domain */
+static NTSTATUS name_to_sid(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ const char *name,
+ uint32_t flags,
+ DOM_SID *sid,
+ enum lsa_SidType *type)
+{
+ NTSTATUS status;
+ bool old_status;
+
+ old_status = domain->online;
+
+ status = wcache_name_to_sid(domain, domain_name, name, sid, type);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
-do_query:
ZERO_STRUCTP(sid);
/* If the seq number check indicated that there is a problem
DEBUG(10,("name_to_sid: [Cached] - doing backend query for name for domain %s\n",
domain->name ));
- status = domain->backend->name_to_sid(domain, mem_ctx, orig_cmd,
- domain_name, name, sid, type);
+ status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
+ name, flags, sid, type);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_name_to_sid(domain, domain_name, name, sid, type);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
return status;
}
-/* convert a sid to a user or group name. The sid is guaranteed to be in the domain
- given */
-static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+NTSTATUS wcache_sid_to_name(struct winbindd_domain *domain,
+ const struct dom_sid *sid,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
char **domain_name,
char **name,
enum lsa_SidType *type)
{
struct winbind_cache *cache = get_cache(domain);
- struct cache_entry *centry = NULL;
+ struct cache_entry *centry;
+ char *sid_string;
NTSTATUS status;
- fstring sid_string;
- if (!cache->tdb)
- goto do_query;
+ if (cache->tdb == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
- centry = wcache_fetch(cache, domain, "SN/%s",
- sid_to_fstring(sid_string, sid));
- if (!centry)
- goto do_query;
+ sid_string = sid_string_tos(sid);
+ if (sid_string == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- status = centry->status;
- if (NT_STATUS_IS_OK(status)) {
+ centry = wcache_fetch(cache, domain, "SN/%s", sid_string);
+ TALLOC_FREE(sid_string);
+ if (centry == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ if (NT_STATUS_IS_OK(centry->status)) {
*type = (enum lsa_SidType)centry_uint32(centry);
*domain_name = centry_string(centry, mem_ctx);
*name = centry_string(centry, mem_ctx);
}
- DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: %s\n",
- domain->name, nt_errstr(status) ));
-
+ status = centry->status;
centry_free(centry);
+
+ DEBUG(10,("sid_to_name: [Cached] - cached name for domain %s status: "
+ "%s\n", domain->name, nt_errstr(status) ));
+
return status;
+}
+
+/* convert a sid to a user or group name. The sid is guaranteed to be in the domain
+ given */
+static NTSTATUS sid_to_name(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *sid,
+ char **domain_name,
+ char **name,
+ enum lsa_SidType *type)
+{
+ NTSTATUS status;
+ bool old_status;
+
+ old_status = domain->online;
+ status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
+ type);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
-do_query:
*name = NULL;
*domain_name = NULL;
status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_sid_to_name(domain, sid, mem_ctx,
+ domain_name, name, type);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
/* We can't save the name to sid mapping here, as with sid history a
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
bool have_mapped;
bool have_unmapped;
+ bool old_status;
+ old_status = domain->online;
*domain_name = NULL;
*names = NULL;
*types = NULL;
rids, num_rids, domain_name,
names, types);
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ have_mapped = have_unmapped = false;
+
+ for (i=0; i<num_rids; i++) {
+ DOM_SID sid;
+ struct cache_entry *centry;
+ fstring tmp;
+
+ if (!sid_compose(&sid, domain_sid, rids[i])) {
+ result = NT_STATUS_INTERNAL_ERROR;
+ goto error;
+ }
+
+ centry = wcache_fetch(cache, domain, "SN/%s",
+ sid_to_fstring(tmp, &sid));
+ if (!centry) {
+ (*types)[i] = SID_NAME_UNKNOWN;
+ (*names)[i] = talloc_strdup(*names, "");
+ continue;
+ }
+
+ (*types)[i] = SID_NAME_UNKNOWN;
+ (*names)[i] = talloc_strdup(*names, "");
+
+ if (NT_STATUS_IS_OK(centry->status)) {
+ char *dom;
+ have_mapped = true;
+ (*types)[i] = (enum lsa_SidType)centry_uint32(centry);
+
+ dom = centry_string(centry, mem_ctx);
+ if (*domain_name == NULL) {
+ *domain_name = dom;
+ } else {
+ talloc_free(dom);
+ }
+
+ (*names)[i] = centry_string(centry, *names);
+
+ } else if (NT_STATUS_EQUAL(centry->status, NT_STATUS_NONE_MAPPED)) {
+ have_unmapped = true;
+
+ } else {
+ /* something's definitely wrong */
+ result = centry->status;
+ goto error;
+ }
+
+ centry_free(centry);
+ }
+
+ if (!have_mapped) {
+ return NT_STATUS_NONE_MAPPED;
+ }
+ if (!have_unmapped) {
+ return NT_STATUS_OK;
+ }
+ return STATUS_SOME_UNMAPPED;
+ }
+ }
/*
None of the queried rids has been found so save all negative entries
*/
return result;
}
-/* Lookup user information from a rid */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- WINBIND_USERINFO *info)
+NTSTATUS wcache_query_user(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *user_sid,
+ struct wbint_userinfo *info)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
- fstring tmp;
+ char *sid_string;
- if (!cache->tdb)
- goto do_query;
+ if (cache->tdb == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
- centry = wcache_fetch(cache, domain, "U/%s",
- sid_to_fstring(tmp, user_sid));
+ sid_string = sid_string_tos(user_sid);
+ if (sid_string == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- /* If we have an access denied cache entry and a cached info3 in the
- samlogon cache then do a query. This will force the rpc back end
- to return the info3 data. */
+ centry = wcache_fetch(cache, domain, "U/%s", sid_string);
+ TALLOC_FREE(sid_string);
+ if (centry == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ /*
+ * If we have an access denied cache entry and a cached info3
+ * in the samlogon cache then do a query. This will force the
+ * rpc back end to return the info3 data.
+ */
- if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
+ if (NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED) &&
netsamlogon_cache_have(user_sid)) {
- DEBUG(10, ("query_user: cached access denied and have cached info3\n"));
+ DEBUG(10, ("query_user: cached access denied and have cached "
+ "info3\n"));
domain->last_status = NT_STATUS_OK;
centry_free(centry);
- goto do_query;
+ return NT_STATUS_NOT_FOUND;
}
- if (!centry)
- goto do_query;
-
/* if status is not ok then this is a negative hit
and the rest of the data doesn't matter */
status = centry->status;
centry_sid(centry, &info->group_sid);
}
- DEBUG(10,("query_user: [Cached] - cached info for domain %s status: %s\n",
- domain->name, nt_errstr(status) ));
+ DEBUG(10,("query_user: [Cached] - cached info for domain %s status: "
+ "%s\n", domain->name, nt_errstr(status) ));
centry_free(centry);
return status;
+}
+
+/* Lookup user information from a rid */
+static NTSTATUS query_user(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *user_sid,
+ struct wbint_userinfo *info)
+{
+ NTSTATUS status;
+ bool old_status;
+
+ old_status = domain->online;
+ status = wcache_query_user(domain, mem_ctx, user_sid, info);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
-do_query:
ZERO_STRUCTP(info);
/* Return status value returned by seq number check */
status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_query_user(domain, mem_ctx, user_sid, info);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
wcache_save_user(domain, status, info);
return status;
}
-
-/* Lookup groups a user is a member of. */
-static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
+NTSTATUS wcache_lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID **user_gids)
+ const struct dom_sid *user_sid,
+ uint32_t *pnum_sids,
+ struct dom_sid **psids)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
- unsigned int i;
+ uint32_t i, num_sids;
+ struct dom_sid *sids;
fstring sid_string;
- if (!cache->tdb)
- goto do_query;
+ if (cache->tdb == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
centry = wcache_fetch(cache, domain, "UG/%s",
sid_to_fstring(sid_string, user_sid));
+ if (centry == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
/* If we have an access denied cache entry and a cached info3 in the
samlogon cache then do a query. This will force the rpc back end
to return the info3 data. */
- if (NT_STATUS_V(domain->last_status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED) &&
- netsamlogon_cache_have(user_sid)) {
- DEBUG(10, ("lookup_usergroups: cached access denied and have cached info3\n"));
+ if (NT_STATUS_EQUAL(domain->last_status, NT_STATUS_ACCESS_DENIED)
+ && netsamlogon_cache_have(user_sid)) {
+ DEBUG(10, ("lookup_usergroups: cached access denied and have "
+ "cached info3\n"));
domain->last_status = NT_STATUS_OK;
centry_free(centry);
- goto do_query;
+ return NT_STATUS_NOT_FOUND;
}
- if (!centry)
- goto do_query;
-
- *num_groups = centry_uint32(centry);
-
- if (*num_groups == 0)
- goto do_cached;
-
- (*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
- if (! (*user_gids)) {
- smb_panic_fn("lookup_usergroups out of memory");
+ num_sids = centry_uint32(centry);
+ sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
+ if (sids == NULL) {
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<(*num_groups); i++) {
- centry_sid(centry, &(*user_gids)[i]);
+
+ for (i=0; i<num_sids; i++) {
+ centry_sid(centry, &sids[i]);
}
-do_cached:
status = centry->status;
- DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s status: %s\n",
- domain->name, nt_errstr(status) ));
+ DEBUG(10,("lookup_usergroups: [Cached] - cached info for domain %s "
+ "status: %s\n", domain->name, nt_errstr(status)));
centry_free(centry);
+
+ *pnum_sids = num_sids;
+ *psids = sids;
return status;
+}
+
+/* Lookup groups a user is a member of. */
+static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *user_sid,
+ uint32 *num_groups, DOM_SID **user_gids)
+{
+ struct cache_entry *centry = NULL;
+ NTSTATUS status;
+ unsigned int i;
+ fstring sid_string;
+ bool old_status;
+
+ old_status = domain->online;
+ status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
+ num_groups, user_gids);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
-do_query:
(*num_groups) = 0;
(*user_gids) = NULL;
status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
+ num_groups, user_gids);
+ return cache_status;
+ }
+ }
if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
goto skip_save;
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
return status;
}
-static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 num_sids, const DOM_SID *sids,
- uint32 *num_aliases, uint32 **alias_rids)
+static char *wcache_make_sidlist(TALLOC_CTX *mem_ctx, uint32_t num_sids,
+ const struct dom_sid *sids)
+{
+ uint32_t i;
+ char *sidlist;
+
+ sidlist = talloc_strdup(mem_ctx, "");
+ if (sidlist == NULL) {
+ return NULL;
+ }
+ for (i=0; i<num_sids; i++) {
+ fstring tmp;
+ sidlist = talloc_asprintf_append_buffer(
+ sidlist, "/%s", sid_to_fstring(tmp, &sids[i]));
+ if (sidlist == NULL) {
+ return NULL;
+ }
+ }
+ return sidlist;
+}
+
+NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx, uint32_t num_sids,
+ const struct dom_sid *sids,
+ uint32_t *pnum_aliases, uint32_t **paliases)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
+ uint32_t num_aliases;
+ uint32_t *aliases;
NTSTATUS status;
- char *sidlist = talloc_strdup(mem_ctx, "");
+ char *sidlist;
int i;
- if (!cache->tdb)
- goto do_query;
+ if (cache->tdb == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
if (num_sids == 0) {
- *num_aliases = 0;
- *alias_rids = NULL;
+ *pnum_aliases = 0;
+ *paliases = NULL;
return NT_STATUS_OK;
}
/* We need to cache indexed by the whole list of SIDs, the aliases
* resulting might come from any of the SIDs. */
- for (i=0; i<num_sids; i++) {
- fstring tmp;
- sidlist = talloc_asprintf(mem_ctx, "%s/%s", sidlist,
- sid_to_fstring(tmp, &sids[i]));
- if (sidlist == NULL)
- return NT_STATUS_NO_MEMORY;
+ sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
+ if (sidlist == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
centry = wcache_fetch(cache, domain, "UA%s", sidlist);
+ TALLOC_FREE(sidlist);
+ if (centry == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
- if (!centry)
- goto do_query;
-
- *num_aliases = centry_uint32(centry);
- *alias_rids = NULL;
-
- if (*num_aliases) {
- (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases);
-
- if ((*alias_rids) == NULL) {
- centry_free(centry);
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- (*alias_rids) = NULL;
+ num_aliases = centry_uint32(centry);
+ aliases = talloc_array(mem_ctx, uint32_t, num_aliases);
+ if (aliases == NULL) {
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<(*num_aliases); i++)
- (*alias_rids)[i] = centry_uint32(centry);
+ for (i=0; i<num_aliases; i++) {
+ aliases[i] = centry_uint32(centry);
+ }
status = centry->status;
"status %s\n", domain->name, nt_errstr(status)));
centry_free(centry);
+
+ *pnum_aliases = num_aliases;
+ *paliases = aliases;
+
return status;
+}
+
+static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 num_sids, const DOM_SID *sids,
+ uint32 *num_aliases, uint32 **alias_rids)
+{
+ struct cache_entry *centry = NULL;
+ NTSTATUS status;
+ char *sidlist;
+ int i;
+ bool old_status;
+
+ old_status = domain->online;
+ status = wcache_lookup_useraliases(domain, mem_ctx, num_sids, sids,
+ num_aliases, alias_rids);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
- do_query:
(*num_aliases) = 0;
(*alias_rids) = NULL;
DEBUG(10,("lookup_usergroups: [Cached] - doing backend query for info "
"for domain %s\n", domain->name ));
+ sidlist = wcache_make_sidlist(talloc_tos(), num_sids, sids);
+ if (sidlist == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
status = domain->backend->lookup_useraliases(domain, mem_ctx,
num_sids, sids,
num_aliases, alias_rids);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_lookup_useraliases(domain, mem_ctx, num_sids,
+ sids, num_aliases, alias_rids);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
return status;
}
-
-static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
+NTSTATUS wcache_lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
- uint32 **name_types)
+ const struct dom_sid *group_sid,
+ uint32_t *num_names,
+ struct dom_sid **sid_mem, char ***names,
+ uint32_t **name_types)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
- fstring sid_string;
+ char *sid_string;
- if (!cache->tdb)
- goto do_query;
+ if (cache->tdb == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
- centry = wcache_fetch(cache, domain, "GM/%s",
- sid_to_fstring(sid_string, group_sid));
- if (!centry)
- goto do_query;
+ sid_string = sid_string_tos(group_sid);
+ if (sid_string == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- *num_names = centry_uint32(centry);
+ centry = wcache_fetch(cache, domain, "GM/%s", sid_string);
+ TALLOC_FREE(sid_string);
+ if (centry == NULL) {
+ return NT_STATUS_NOT_FOUND;
+ }
- if (*num_names == 0)
- goto do_cached;
+ *sid_mem = NULL;
+ *names = NULL;
+ *name_types = NULL;
+
+ *num_names = centry_uint32(centry);
+ if (*num_names == 0) {
+ centry_free(centry);
+ return NT_STATUS_OK;
+ }
- (*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_names);
- (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
- (*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
+ *sid_mem = talloc_array(mem_ctx, DOM_SID, *num_names);
+ *names = talloc_array(mem_ctx, char *, *num_names);
+ *name_types = talloc_array(mem_ctx, uint32, *num_names);
- if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
- smb_panic_fn("lookup_groupmem out of memory");
+ if ((*sid_mem == NULL) || (*names == NULL) || (*name_types == NULL)) {
+ TALLOC_FREE(*sid_mem);
+ TALLOC_FREE(*names);
+ TALLOC_FREE(*name_types);
+ centry_free(centry);
+ return NT_STATUS_NO_MEMORY;
}
for (i=0; i<(*num_names); i++) {
(*name_types)[i] = centry_uint32(centry);
}
-do_cached:
status = centry->status;
- DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s status: %s\n",
- domain->name, nt_errstr(status)));
+ DEBUG(10,("lookup_groupmem: [Cached] - cached info for domain %s "
+ "status: %s\n", domain->name, nt_errstr(status)));
+
+ centry_free(centry);
+ return status;
+}
+
+static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
+ DOM_SID **sid_mem, char ***names,
+ uint32 **name_types)
+{
+ struct cache_entry *centry = NULL;
+ NTSTATUS status;
+ unsigned int i;
+ fstring sid_string;
+ bool old_status;
- centry_free(centry);
- return status;
+ old_status = domain->online;
+ status = wcache_lookup_groupmem(domain, mem_ctx, group_sid, num_names,
+ sid_mem, names, name_types);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
-do_query:
(*num_names) = 0;
(*sid_mem) = NULL;
(*names) = NULL;
DEBUG(10,("lookup_groupmem: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid, num_names,
+ status = domain->backend->lookup_groupmem(domain, mem_ctx, group_sid,
+ type, num_names,
sid_mem, names, name_types);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_lookup_groupmem(domain, mem_ctx, group_sid,
+ num_names, sid_mem, names,
+ name_types);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
* Guenther */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
- struct winbind_cache *cache = get_cache(domain);
- struct cache_entry *centry = NULL;
NTSTATUS status;
+ struct winbind_cache *cache;
+ struct winbindd_tdc_domain *dom_list = NULL;
+ size_t num_domains = 0;
+ bool retval = false;
int i;
+ bool old_status;
- if (!cache->tdb)
- goto do_query;
-
- centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
+ old_status = domain->online;
+ trusts->count = 0;
+ trusts->array = NULL;
- if (!centry) {
- goto do_query;
+ cache = get_cache(domain);
+ if (!cache || !cache->tdb) {
+ goto do_query;
}
- *num_domains = centry_uint32(centry);
+ if (domain->online) {
+ goto do_query;
+ }
- if (*num_domains) {
- (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
- (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
- (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
+ retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
+ if (!retval || !num_domains || !dom_list) {
+ TALLOC_FREE(dom_list);
+ goto do_query;
+ }
- if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
- smb_panic_fn("trusted_domains out of memory");
- }
- } else {
- (*names) = NULL;
- (*alt_names) = NULL;
- (*dom_sids) = NULL;
+do_fetch_cache:
+ trusts->array = TALLOC_ZERO_ARRAY(mem_ctx, struct netr_DomainTrust, num_domains);
+ if (!trusts->array) {
+ TALLOC_FREE(dom_list);
+ return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<(*num_domains); i++) {
- (*names)[i] = centry_string(centry, mem_ctx);
- (*alt_names)[i] = centry_string(centry, mem_ctx);
- if (!centry_sid(centry, &(*dom_sids)[i])) {
- sid_copy(&(*dom_sids)[i], &global_sid_NULL);
+ for (i = 0; i < num_domains; i++) {
+ struct netr_DomainTrust *trust;
+ struct dom_sid *sid;
+ struct winbindd_domain *dom;
+
+ dom = find_domain_from_name_noinit(dom_list[i].domain_name);
+ if (dom && dom->internal) {
+ continue;
}
- }
- status = centry->status;
+ trust = &trusts->array[trusts->count];
+ trust->netbios_name = talloc_strdup(trusts->array, dom_list[i].domain_name);
+ trust->dns_name = talloc_strdup(trusts->array, dom_list[i].dns_name);
+ sid = talloc(trusts->array, struct dom_sid);
+ if (!trust->netbios_name || !trust->dns_name ||
+ !sid) {
+ TALLOC_FREE(dom_list);
+ TALLOC_FREE(trusts->array);
+ return NT_STATUS_NO_MEMORY;
+ }
- DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
- domain->name, *num_domains, nt_errstr(status) ));
+ trust->trust_flags = dom_list[i].trust_flags;
+ trust->trust_attributes = dom_list[i].trust_attribs;
+ trust->trust_type = dom_list[i].trust_type;
+ sid_copy(sid, &dom_list[i].sid);
+ trust->sid = sid;
+ trusts->count++;
+ }
- centry_free(centry);
- return status;
+ TALLOC_FREE(dom_list);
+ return NT_STATUS_OK;
do_query:
- (*num_domains) = 0;
- (*dom_sids) = NULL;
- (*names) = NULL;
- (*alt_names) = NULL;
-
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
- names, alt_names, dom_sids);
+ status = domain->backend->trusted_domains(domain, mem_ctx, trusts);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
+ if (retval && num_domains && dom_list) {
+ TALLOC_FREE(trusts->array);
+ trusts->count = 0;
+ goto do_fetch_cache;
+ }
+ }
+ }
/* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
* so that the generic centry handling still applies correctly -
* Guenther*/
if (!NT_STATUS_IS_ERR(status)) {
status = NT_STATUS_OK;
}
-
-
-#if 0 /* Disabled as we want the trust dom list to be managed by
- the main parent and always to make the query. --jerry */
-
- /* and save it */
- refresh_sequence_number(domain, false);
-
- centry = centry_start(domain, status);
- if (!centry)
- goto skip_save;
-
- centry_put_uint32(centry, *num_domains);
-
- for (i=0; i<(*num_domains); i++) {
- centry_put_string(centry, (*names)[i]);
- centry_put_string(centry, (*alt_names)[i]);
- centry_put_sid(centry, &(*dom_sids)[i]);
- }
-
- centry_end(centry, "TRUSTDOMS/%s", domain->name);
-
- centry_free(centry);
-
-skip_save:
-#endif
-
return status;
}
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
policy->lockout_duration = centry_nttime(centry);
policy->lockout_window = centry_nttime(centry);
policy->lockout_threshold = centry_uint16(centry);
status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
wcache_save_lockout_policy(domain, status, policy);
return status;
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
policy->min_password_length = centry_uint16(centry);
policy->password_history_length = centry_uint16(centry);
policy->password_properties = centry_uint32(centry);
status = domain->backend->password_policy(domain, mem_ctx, policy);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
- if (NT_STATUS_IS_OK(status)) {
- wcache_save_password_policy(domain, status, policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
+ wcache_save_password_policy(domain, status, policy);
return status;
}
return;
}
- sid_copy(&sid, info3->base.domain_sid);
- sid_append_rid(&sid, info3->base.rid);
+ sid_compose(&sid, info3->base.domain_sid, info3->base.rid);
/* Clear U/SID cache entry */
fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
return true;
}
+bool wcache_invalidate_cache_noinit(void)
+{
+ struct winbindd_domain *domain;
+
+ for (domain = domain_list(); domain; domain = domain->next) {
+ struct winbind_cache *cache;
+
+ /* Skip uninitialized domains. */
+ if (!domain->initialized && !domain->internal) {
+ continue;
+ }
+
+ cache = get_cache(domain);
+
+ DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
+ "entries for %s\n", domain->name));
+ if (cache) {
+ if (cache->tdb) {
+ tdb_traverse(cache->tdb, traverse_fn, NULL);
+ } else {
+ return false;
+ }
+ }
+ }
+ return true;
+}
+
bool init_wcache(void)
{
if (wcache == NULL) {
enum lsa_SidType *type)
{
struct winbindd_domain *domain;
- struct winbind_cache *cache;
- struct cache_entry *centry = NULL;
NTSTATUS status;
- fstring tmp;
domain = find_lookup_domain_from_sid(sid);
if (domain == NULL) {
return false;
}
-
- cache = get_cache(domain);
-
- if (cache->tdb == NULL) {
- return false;
- }
-
- centry = wcache_fetch(cache, domain, "SN/%s",
- sid_to_fstring(tmp, sid));
- if (centry == NULL) {
- return false;
- }
-
- if (NT_STATUS_IS_OK(centry->status)) {
- *type = (enum lsa_SidType)centry_uint32(centry);
- *domain_name = centry_string(centry, mem_ctx);
- *name = centry_string(centry, mem_ctx);
- }
-
- status = centry->status;
- centry_free(centry);
+ status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
+ type);
return NT_STATUS_IS_OK(status);
}
enum lsa_SidType *type)
{
struct winbindd_domain *domain;
- struct winbind_cache *cache;
- struct cache_entry *centry = NULL;
NTSTATUS status;
- fstring uname;
- bool original_online_state;
+ bool original_online_state;
domain = find_lookup_domain_from_name(domain_name);
if (domain == NULL) {
return false;
}
- cache = get_cache(domain);
-
- if (cache->tdb == NULL) {
- return false;
- }
-
- fstrcpy(uname, name);
- strupper_m(uname);
-
/* If we are doing a cached logon, temporarily set the domain
offline so the cache won't expire the entry */
original_online_state = domain->online;
domain->online = false;
- centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname);
+ status = wcache_name_to_sid(domain, domain_name, name, sid, type);
domain->online = original_online_state;
- if (centry == NULL) {
- return false;
- }
-
- if (NT_STATUS_IS_OK(centry->status)) {
- *type = (enum lsa_SidType)centry_uint32(centry);
- centry_sid(centry, sid);
- }
-
- status = centry->status;
- centry_free(centry);
-
return NT_STATUS_IS_OK(status);
}
return 0;
}
-static int validate_trustdoms(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
- struct tdb_validation_status *state)
-{
- struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
- int32 num_domains, i;
-
- if (!centry) {
- return 1;
- }
-
- num_domains = centry_uint32(centry);
-
- for (i=0; i< num_domains; i++) {
- DOM_SID sid;
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_sid(centry, &sid);
- }
-
- centry_free(centry);
-
- if (!(state->success)) {
- return 1;
- }
- DEBUG(10,("validate_trustdoms: %s ok\n", keystr));
- return 0;
-}
-
static int validate_trustdomcache(TALLOC_CTX *mem_ctx, const char *keystr,
TDB_DATA dbuf,
struct tdb_validation_status *state)
return 0;
}
+static int validate_ndr(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
+ struct tdb_validation_status *state)
+{
+ /*
+ * Ignore validation for now. The proper way to do this is with a
+ * checksum. Just pure parsing does not really catch much.
+ */
+ return 0;
+}
+
static int validate_cache_version(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
struct tdb_validation_status *state)
{
{"DR/", validate_dr},
{"DE/", validate_de},
{"NSS/PWINFO/", validate_pwinfo},
- {"TRUSTDOMS/", validate_trustdoms},
{"TRUSTDOMCACHE/", validate_trustdomcache},
{"NSS/NA/", validate_nss_na},
{"NSS/AN/", validate_nss_an},
{"WINBINDD_OFFLINE", validate_offline},
+ {"NDR/", validate_ndr},
{WINBINDD_CACHE_VERSION_KEYSTR, validate_cache_version},
{NULL, NULL}
};
const DOM_SID *user_sid,
TALLOC_CTX *ctx,
ADS_STRUCT *ads, LDAPMessage *msg,
- char **homedir, char **shell, char **gecos,
- gid_t *p_gid)
+ const char **homedir, const char **shell,
+ const char **gecos, gid_t *p_gid)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
password_policy,
trusted_domains
};
+
+static bool wcache_ndr_key(TALLOC_CTX *mem_ctx, char *domain_name,
+ uint32_t opnum, const DATA_BLOB *req,
+ TDB_DATA *pkey)
+{
+ char *key;
+ size_t keylen;
+
+ key = talloc_asprintf(mem_ctx, "NDR/%s/%d/", domain_name, (int)opnum);
+ if (key == NULL) {
+ return false;
+ }
+ keylen = talloc_get_size(key) - 1;
+
+ key = talloc_realloc(mem_ctx, key, char, keylen + req->length);
+ if (key == NULL) {
+ return false;
+ }
+ memcpy(key + keylen, req->data, req->length);
+
+ pkey->dptr = (uint8_t *)key;
+ pkey->dsize = talloc_get_size(key);
+ return true;
+}
+
+static bool wcache_opnum_cacheable(uint32_t opnum)
+{
+ switch (opnum) {
+ case NDR_WBINT_PING:
+ case NDR_WBINT_QUERYSEQUENCENUMBER:
+ case NDR_WBINT_ALLOCATEUID:
+ case NDR_WBINT_ALLOCATEGID:
+ case NDR_WBINT_CHECKMACHINEACCOUNT:
+ case NDR_WBINT_CHANGEMACHINEACCOUNT:
+ case NDR_WBINT_PINGDC:
+ return false;
+ }
+ return true;
+}
+
+bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
+ uint32_t opnum, const DATA_BLOB *req, DATA_BLOB *resp)
+{
+ TDB_DATA key, data;
+ bool ret = false;
+
+ if (!wcache_opnum_cacheable(opnum)) {
+ return false;
+ }
+
+ if (wcache->tdb == NULL) {
+ return false;
+ }
+
+ if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
+ return false;
+ }
+ data = tdb_fetch(wcache->tdb, key);
+ TALLOC_FREE(key.dptr);
+
+ if (data.dptr == NULL) {
+ return false;
+ }
+ if (data.dsize < 4) {
+ goto fail;
+ }
+
+ if (!is_domain_offline(domain)) {
+ uint32_t entry_seqnum, dom_seqnum, last_check;
+
+ if (!wcache_fetch_seqnum(domain->name, &dom_seqnum,
+ &last_check)) {
+ goto fail;
+ }
+ entry_seqnum = IVAL(data.dptr, 0);
+ if (entry_seqnum != dom_seqnum) {
+ DEBUG(10, ("Entry has wrong sequence number: %d\n",
+ (int)entry_seqnum));
+ goto fail;
+ }
+ }
+
+ resp->data = (uint8_t *)talloc_memdup(mem_ctx, data.dptr + 4,
+ data.dsize - 4);
+ if (resp->data == NULL) {
+ DEBUG(10, ("talloc failed\n"));
+ goto fail;
+ }
+ resp->length = data.dsize - 4;
+
+ ret = true;
+fail:
+ SAFE_FREE(data.dptr);
+ return ret;
+}
+
+void wcache_store_ndr(struct winbindd_domain *domain, uint32_t opnum,
+ const DATA_BLOB *req, const DATA_BLOB *resp)
+{
+ TDB_DATA key, data;
+ uint32_t dom_seqnum, last_check;
+
+ if (!wcache_opnum_cacheable(opnum)) {
+ return;
+ }
+
+ if (wcache->tdb == NULL) {
+ return;
+ }
+
+ if (!wcache_fetch_seqnum(domain->name, &dom_seqnum, &last_check)) {
+ DEBUG(10, ("could not fetch seqnum for domain %s\n",
+ domain->name));
+ return;
+ }
+
+ if (!wcache_ndr_key(talloc_tos(), domain->name, opnum, req, &key)) {
+ return;
+ }
+
+ data.dsize = resp->length + 4;
+ data.dptr = talloc_array(key.dptr, uint8_t, data.dsize);
+ if (data.dptr == NULL) {
+ goto done;
+ }
+
+ SIVAL(data.dptr, 0, dom_seqnum);
+ memcpy(data.dptr+4, resp->data, resp->length);
+
+ tdb_store(wcache->tdb, key, data, 0);
+
+done:
+ TALLOC_FREE(key.dptr);
+ return;
+}