time_t t = time(NULL);
unsigned cache_time = lp_winbind_cache_time();
- if ( IS_DOMAIN_OFFLINE(domain) ) {
+ if (is_domain_offline(domain)) {
return;
}
centry->ofs += 16;
}
-static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid)
+static void centry_put_sid(struct cache_entry *centry, const struct dom_sid *sid)
{
fstring sid_string;
centry_put_string(centry, sid_to_fstring(sid_string, sid));
static void wcache_save_name_to_sid(struct winbindd_domain *domain,
NTSTATUS status, const char *domain_name,
- const char *name, const DOM_SID *sid,
+ const char *name, const struct dom_sid *sid,
enum lsa_SidType type)
{
struct cache_entry *centry;
}
static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
- const DOM_SID *sid, const char *domain_name, const char *name, enum lsa_SidType type)
+ const struct dom_sid *sid, const char *domain_name, const char *name, enum lsa_SidType type)
{
struct cache_entry *centry;
fstring sid_string;
return status;
}
-NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID *sid)
+NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const struct dom_sid *sid)
{
struct winbind_cache *cache = get_cache(domain);
TDB_DATA data;
NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
const uint8 **cached_nt_pass,
const uint8 **cached_salt)
{
NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
const uint8 nt_pass[NT_HASH_LEN])
{
struct cache_entry *centry;
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i, retry;
+ bool old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
*num_entries = centry_uint32(centry);
if (*num_entries == 0)
"connection cache\n"));
invalidate_cm_connection(&domain->conn);
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ /* store partial response. */
+ if (*num_entries > 0) {
+ /*
+ * humm, what about the status used for cache?
+ * Should it be NT_STATUS_OK?
+ */
+ break;
+ }
+ /*
+ * domain is offline now, and there is no user entries,
+ * try to fetch from cache again.
+ */
+ if (cache->tdb && !domain->online && !domain->internal && old_status) {
+ centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
+ /* partial response... */
+ if (!centry) {
+ goto skip_save;
+ } else {
+ goto do_fetch_cache;
+ }
+ } else {
+ goto skip_save;
+ }
+ }
} while (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) &&
(retry++ < 5));
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
*num_entries = centry_uint32(centry);
if (*num_entries == 0)
status = domain->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->online &&
+ !domain->internal &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
*num_entries = centry_uint32(centry);
if (*num_entries == 0)
status = domain->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
const char *domain_name,
const char *name,
uint32_t flags,
- DOM_SID *sid,
+ struct dom_sid *sid,
enum lsa_SidType *type)
{
NTSTATUS status;
+ bool old_status;
+
+ old_status = domain->online;
status = wcache_name_to_sid(domain, domain_name, name, sid, type);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
status = domain->backend->name_to_sid(domain, mem_ctx, domain_name,
name, flags, sid, type);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_name_to_sid(domain, domain_name, name, sid, type);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
given */
static NTSTATUS sid_to_name(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
char **domain_name,
char **name,
enum lsa_SidType *type)
{
NTSTATUS status;
+ bool old_status;
+ old_status = domain->online;
status = wcache_sid_to_name(domain, sid, mem_ctx, domain_name, name,
type);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
status = domain->backend->sid_to_name(domain, mem_ctx, sid, domain_name, name, type);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_sid_to_name(domain, sid, mem_ctx,
+ domain_name, name, type);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
wcache_save_sid_to_name(domain, status, sid, *domain_name, *name, *type);
/* We can't save the name to sid mapping here, as with sid history a
static NTSTATUS rids_to_names(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
+ const struct dom_sid *domain_sid,
uint32 *rids,
size_t num_rids,
char **domain_name,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
bool have_mapped;
bool have_unmapped;
+ bool old_status;
+ old_status = domain->online;
*domain_name = NULL;
*names = NULL;
*types = NULL;
have_mapped = have_unmapped = false;
for (i=0; i<num_rids; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
struct cache_entry *centry;
fstring tmp;
rids, num_rids, domain_name,
names, types);
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ have_mapped = have_unmapped = false;
+
+ for (i=0; i<num_rids; i++) {
+ struct dom_sid sid;
+ struct cache_entry *centry;
+ fstring tmp;
+
+ if (!sid_compose(&sid, domain_sid, rids[i])) {
+ result = NT_STATUS_INTERNAL_ERROR;
+ goto error;
+ }
+
+ centry = wcache_fetch(cache, domain, "SN/%s",
+ sid_to_fstring(tmp, &sid));
+ if (!centry) {
+ (*types)[i] = SID_NAME_UNKNOWN;
+ (*names)[i] = talloc_strdup(*names, "");
+ continue;
+ }
+
+ (*types)[i] = SID_NAME_UNKNOWN;
+ (*names)[i] = talloc_strdup(*names, "");
+
+ if (NT_STATUS_IS_OK(centry->status)) {
+ char *dom;
+ have_mapped = true;
+ (*types)[i] = (enum lsa_SidType)centry_uint32(centry);
+
+ dom = centry_string(centry, mem_ctx);
+ if (*domain_name == NULL) {
+ *domain_name = dom;
+ } else {
+ talloc_free(dom);
+ }
+
+ (*names)[i] = centry_string(centry, *names);
+
+ } else if (NT_STATUS_EQUAL(centry->status, NT_STATUS_NONE_MAPPED)) {
+ have_unmapped = true;
+
+ } else {
+ /* something's definitely wrong */
+ result = centry->status;
+ goto error;
+ }
+
+ centry_free(centry);
+ }
+
+ if (!have_mapped) {
+ return NT_STATUS_NONE_MAPPED;
+ }
+ if (!have_unmapped) {
+ return NT_STATUS_OK;
+ }
+ return STATUS_SOME_UNMAPPED;
+ }
+ }
/*
None of the queried rids has been found so save all negative entries
*/
if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED)) {
for (i = 0; i < num_rids; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
const char *name = "";
const enum lsa_SidType type = SID_NAME_UNKNOWN;
NTSTATUS status = NT_STATUS_NONE_MAPPED;
refresh_sequence_number(domain, false);
for (i=0; i<num_rids; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
NTSTATUS status;
if (!sid_compose(&sid, domain_sid, rids[i])) {
/* Lookup user information from a rid */
static NTSTATUS query_user(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ const struct dom_sid *user_sid,
struct wbint_userinfo *info)
{
NTSTATUS status;
+ bool old_status;
+ old_status = domain->online;
status = wcache_query_user(domain, mem_ctx, user_sid, info);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
return status;
status = domain->backend->query_user(domain, mem_ctx, user_sid, info);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_query_user(domain, mem_ctx, user_sid, info);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
wcache_save_user(domain, status, info);
return status;
num_sids = centry_uint32(centry);
sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
if (sids == NULL) {
+ centry_free(centry);
return NT_STATUS_NO_MEMORY;
}
/* Lookup groups a user is a member of. */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID **user_gids)
+ const struct dom_sid *user_sid,
+ uint32 *num_groups, struct dom_sid **user_gids)
{
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
fstring sid_string;
+ bool old_status;
+ old_status = domain->online;
status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
num_groups, user_gids);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
status = domain->backend->lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_lookup_usergroups(domain, mem_ctx, user_sid,
+ num_groups, user_gids);
+ return cache_status;
+ }
+ }
if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) )
goto skip_save;
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 num_sids, const DOM_SID *sids,
+ uint32 num_sids, const struct dom_sid *sids,
uint32 *num_aliases, uint32 **alias_rids)
{
struct cache_entry *centry = NULL;
NTSTATUS status;
char *sidlist;
int i;
+ bool old_status;
+ old_status = domain->online;
status = wcache_lookup_useraliases(domain, mem_ctx, num_sids, sids,
num_aliases, alias_rids);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
num_sids, sids,
num_aliases, alias_rids);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_lookup_useraliases(domain, mem_ctx, num_sids,
+ sids, num_aliases, alias_rids);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
return NT_STATUS_OK;
}
- *sid_mem = talloc_array(mem_ctx, DOM_SID, *num_names);
+ *sid_mem = talloc_array(mem_ctx, struct dom_sid, *num_names);
*names = talloc_array(mem_ctx, char *, *num_names);
*name_types = talloc_array(mem_ctx, uint32, *num_names);
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid,
+ const struct dom_sid *group_sid,
enum lsa_SidType type,
uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
+ struct dom_sid **sid_mem, char ***names,
uint32 **name_types)
{
struct cache_entry *centry = NULL;
NTSTATUS status;
unsigned int i;
fstring sid_string;
+ bool old_status;
+ old_status = domain->online;
status = wcache_lookup_groupmem(domain, mem_ctx, group_sid, num_names,
sid_mem, names, name_types);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
type, num_names,
sid_mem, names, name_types);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ NTSTATUS cache_status;
+ cache_status = wcache_lookup_groupmem(domain, mem_ctx, group_sid,
+ num_names, sid_mem, names,
+ name_types);
+ return cache_status;
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
centry = centry_start(domain, status);
if (!centry)
goto skip_save;
* Guenther */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
- struct winbind_cache *cache = get_cache(domain);
- struct cache_entry *centry = NULL;
NTSTATUS status;
+ struct winbind_cache *cache;
+ struct winbindd_tdc_domain *dom_list = NULL;
+ size_t num_domains = 0;
+ bool retval = false;
int i;
+ bool old_status;
- if (!cache->tdb)
- goto do_query;
+ old_status = domain->online;
+ trusts->count = 0;
+ trusts->array = NULL;
- centry = wcache_fetch(cache, domain, "TRUSTDOMS/%s", domain->name);
-
- if (!centry) {
- goto do_query;
+ cache = get_cache(domain);
+ if (!cache || !cache->tdb) {
+ goto do_query;
}
- *num_domains = centry_uint32(centry);
+ if (domain->online) {
+ goto do_query;
+ }
- if (*num_domains) {
- (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
- (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
- (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
+ retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
+ if (!retval || !num_domains || !dom_list) {
+ TALLOC_FREE(dom_list);
+ goto do_query;
+ }
- if (! (*dom_sids) || ! (*names) || ! (*alt_names)) {
- smb_panic_fn("trusted_domains out of memory");
- }
- } else {
- (*names) = NULL;
- (*alt_names) = NULL;
- (*dom_sids) = NULL;
+do_fetch_cache:
+ trusts->array = TALLOC_ZERO_ARRAY(mem_ctx, struct netr_DomainTrust, num_domains);
+ if (!trusts->array) {
+ TALLOC_FREE(dom_list);
+ return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<(*num_domains); i++) {
- (*names)[i] = centry_string(centry, mem_ctx);
- (*alt_names)[i] = centry_string(centry, mem_ctx);
- if (!centry_sid(centry, &(*dom_sids)[i])) {
- sid_copy(&(*dom_sids)[i], &global_sid_NULL);
+ for (i = 0; i < num_domains; i++) {
+ struct netr_DomainTrust *trust;
+ struct dom_sid *sid;
+ struct winbindd_domain *dom;
+
+ dom = find_domain_from_name_noinit(dom_list[i].domain_name);
+ if (dom && dom->internal) {
+ continue;
}
- }
- status = centry->status;
+ trust = &trusts->array[trusts->count];
+ trust->netbios_name = talloc_strdup(trusts->array, dom_list[i].domain_name);
+ trust->dns_name = talloc_strdup(trusts->array, dom_list[i].dns_name);
+ sid = talloc(trusts->array, struct dom_sid);
+ if (!trust->netbios_name || !trust->dns_name ||
+ !sid) {
+ TALLOC_FREE(dom_list);
+ TALLOC_FREE(trusts->array);
+ return NT_STATUS_NO_MEMORY;
+ }
- DEBUG(10,("trusted_domains: [Cached] - cached info for domain %s (%d trusts) status: %s\n",
- domain->name, *num_domains, nt_errstr(status) ));
+ trust->trust_flags = dom_list[i].trust_flags;
+ trust->trust_attributes = dom_list[i].trust_attribs;
+ trust->trust_type = dom_list[i].trust_type;
+ sid_copy(sid, &dom_list[i].sid);
+ trust->sid = sid;
+ trusts->count++;
+ }
- centry_free(centry);
- return status;
+ TALLOC_FREE(dom_list);
+ return NT_STATUS_OK;
do_query:
- (*num_domains) = 0;
- (*dom_sids) = NULL;
- (*names) = NULL;
- (*alt_names) = NULL;
-
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
- names, alt_names, dom_sids);
+ status = domain->backend->trusted_domains(domain, mem_ctx, trusts);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (!domain->internal &&
+ !domain->online &&
+ old_status) {
+ retval = wcache_tdc_fetch_list(&dom_list, &num_domains);
+ if (retval && num_domains && dom_list) {
+ TALLOC_FREE(trusts->array);
+ trusts->count = 0;
+ goto do_fetch_cache;
+ }
+ }
+ }
/* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
* so that the generic centry handling still applies correctly -
* Guenther*/
if (!NT_STATUS_IS_ERR(status)) {
status = NT_STATUS_OK;
}
-
-
-#if 0 /* Disabled as we want the trust dom list to be managed by
- the main parent and always to make the query. --jerry */
-
- /* and save it */
- refresh_sequence_number(domain, false);
-
- centry = centry_start(domain, status);
- if (!centry)
- goto skip_save;
-
- centry_put_uint32(centry, *num_domains);
-
- for (i=0; i<(*num_domains); i++) {
- centry_put_string(centry, (*names)[i]);
- centry_put_string(centry, (*alt_names)[i]);
- centry_put_sid(centry, &(*dom_sids)[i]);
- }
-
- centry_end(centry, "TRUSTDOMS/%s", domain->name);
-
- centry_free(centry);
-
-skip_save:
-#endif
-
return status;
}
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
policy->lockout_duration = centry_nttime(centry);
policy->lockout_window = centry_nttime(centry);
policy->lockout_threshold = centry_uint16(centry);
status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
wcache_save_lockout_policy(domain, status, policy);
return status;
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
+ bool old_status;
+ old_status = domain->online;
if (!cache->tdb)
goto do_query;
if (!centry)
goto do_query;
+do_fetch_cache:
policy->min_password_length = centry_uint16(centry);
policy->password_history_length = centry_uint16(centry);
policy->password_properties = centry_uint32(centry);
status = domain->backend->password_policy(domain, mem_ctx, policy);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ if (!domain->internal && old_status) {
+ set_domain_offline(domain);
+ }
+ if (cache->tdb &&
+ !domain->internal &&
+ !domain->online &&
+ old_status) {
+ centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
+ if (centry) {
+ goto do_fetch_cache;
+ }
+ }
+ }
/* and save it */
refresh_sequence_number(domain, false);
- if (NT_STATUS_IS_OK(status)) {
- wcache_save_password_policy(domain, status, policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
+ wcache_save_password_policy(domain, status, policy);
return status;
}
void wcache_invalidate_samlogon(struct winbindd_domain *domain,
struct netr_SamInfo3 *info3)
{
- DOM_SID sid;
+ struct dom_sid sid;
fstring key_str, sid_string;
struct winbind_cache *cache;
return;
}
- sid_copy(&sid, info3->base.domain_sid);
- sid_append_rid(&sid, info3->base.rid);
+ sid_compose(&sid, info3->base.domain_sid, info3->base.rid);
/* Clear U/SID cache entry */
fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
return true;
}
+bool wcache_invalidate_cache_noinit(void)
+{
+ struct winbindd_domain *domain;
+
+ for (domain = domain_list(); domain; domain = domain->next) {
+ struct winbind_cache *cache;
+
+ /* Skip uninitialized domains. */
+ if (!domain->initialized && !domain->internal) {
+ continue;
+ }
+
+ cache = get_cache(domain);
+
+ DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
+ "entries for %s\n", domain->name));
+ if (cache) {
+ if (cache->tdb) {
+ tdb_traverse(cache->tdb, traverse_fn, NULL);
+ /*
+ * Flushing cache has nothing to with domains.
+ * return here if we successfully flushed once.
+ * To avoid unnecessary traversing the cache.
+ */
+ return true;
+ } else {
+ return false;
+ }
+ }
+ }
+ return true;
+}
+
bool init_wcache(void)
{
if (wcache == NULL) {
}
}
-bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
char **domain_name, char **name,
enum lsa_SidType *type)
{
bool lookup_cached_name(TALLOC_CTX *mem_ctx,
const char *domain_name,
const char *name,
- DOM_SID *sid,
+ struct dom_sid *sid,
enum lsa_SidType *type)
{
struct winbindd_domain *domain;
void cache_name2sid(struct winbindd_domain *domain,
const char *domain_name, const char *name,
- enum lsa_SidType type, const DOM_SID *sid)
+ enum lsa_SidType type, const struct dom_sid *sid)
{
refresh_sequence_number(domain, false);
wcache_save_name_to_sid(domain, NT_STATUS_OK, domain_name, name,
return 0;
}
-NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const DOM_SID *sid)
+NTSTATUS wcache_remove_oldest_cached_creds(struct winbindd_domain *domain, const struct dom_sid *sid)
{
struct winbind_cache *cache = get_cache(domain);
NTSTATUS status;
(void)centry_uint32(centry);
if (NT_STATUS_IS_OK(centry->status)) {
- DOM_SID sid;
+ struct dom_sid sid;
(void)centry_sid(centry, &sid);
}
struct tdb_validation_status *state)
{
struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
- DOM_SID sid;
+ struct dom_sid sid;
if (!centry) {
return 1;
num_entries = (int32)centry_uint32(centry);
for (i=0; i< num_entries; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
(void)centry_string(centry, mem_ctx);
(void)centry_string(centry, mem_ctx);
(void)centry_string(centry, mem_ctx);
num_groups = centry_uint32(centry);
for (i=0; i< num_groups; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
centry_sid(centry, &sid);
}
num_names = centry_uint32(centry);
for (i=0; i< num_names; i++) {
- DOM_SID sid;
+ struct dom_sid sid;
centry_sid(centry, &sid);
(void)centry_string(centry, mem_ctx);
(void)centry_uint32(centry);
return 0;
}
-static int validate_trustdoms(TALLOC_CTX *mem_ctx, const char *keystr, TDB_DATA dbuf,
- struct tdb_validation_status *state)
-{
- struct cache_entry *centry = create_centry_validate(keystr, dbuf, state);
- int32 num_domains, i;
-
- if (!centry) {
- return 1;
- }
-
- num_domains = centry_uint32(centry);
-
- for (i=0; i< num_domains; i++) {
- DOM_SID sid;
- (void)centry_string(centry, mem_ctx);
- (void)centry_string(centry, mem_ctx);
- (void)centry_sid(centry, &sid);
- }
-
- centry_free(centry);
-
- if (!(state->success)) {
- return 1;
- }
- DEBUG(10,("validate_trustdoms: %s ok\n", keystr));
- return 0;
-}
-
static int validate_trustdomcache(TALLOC_CTX *mem_ctx, const char *keystr,
TDB_DATA dbuf,
struct tdb_validation_status *state)
{"DR/", validate_dr},
{"DE/", validate_de},
{"NSS/PWINFO/", validate_pwinfo},
- {"TRUSTDOMS/", validate_trustdoms},
{"TRUSTDOMCACHE/", validate_trustdomcache},
{"NSS/NA/", validate_nss_na},
{"NSS/AN/", validate_nss_an},
static void wcache_save_user_pwinfo(struct winbindd_domain *domain,
NTSTATUS status,
- const DOM_SID *user_sid,
+ const struct dom_sid *user_sid,
const char *homedir,
const char *shell,
const char *gecos,
}
NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
- const DOM_SID *user_sid,
+ const struct dom_sid *user_sid,
TALLOC_CTX *ctx,
ADS_STRUCT *ads, LDAPMessage *msg,
const char **homedir, const char **shell,
case NDR_WBINT_QUERYSEQUENCENUMBER:
case NDR_WBINT_ALLOCATEUID:
case NDR_WBINT_ALLOCATEGID:
+ case NDR_WBINT_CHECKMACHINEACCOUNT:
+ case NDR_WBINT_CHANGEMACHINEACCOUNT:
+ case NDR_WBINT_PINGDC:
return false;
}
return true;
goto fail;
}
- if (IS_DOMAIN_ONLINE(domain)) {
+ if (!is_domain_offline(domain)) {
uint32_t entry_seqnum, dom_seqnum, last_check;
if (!wcache_fetch_seqnum(domain->name, &dom_seqnum,