2 Unix SMB/CIFS implementation.
5 Copyright (C) Volker Lendecke 2008
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.*/
21 #include "idmap_cache.h"
22 #include "../libcli/security/security.h"
23 #include "../librpc/gen_ndr/idmap.h"
24 #include "lib/gencache.h"
27 * Find a sid2xid mapping
28 * @param[in] sid the sid to map
29 * @param[out] id where to put the result
30 * @param[out] expired is the cache entry expired?
31 * @retval Was anything in the cache at all?
33 * If id->id == -1 this was a negative mapping.
36 bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
39 struct dom_sid_buf sidstr;
47 key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
48 dom_sid_str_buf(sid, &sidstr));
52 ret = gencache_get(key, talloc_tos(), &value, &timeout);
57 DEBUG(10, ("Parsing value for key [%s]: value=[%s]\n", key, value));
59 if (value[0] == '\0') {
60 DEBUG(0, ("Failed to parse value for key [%s]: "
61 "value is empty\n", key));
66 tmp_id.id = strtol(value, &endptr, 10);
68 if ((value == endptr) && (tmp_id.id == 0)) {
69 DEBUG(0, ("Failed to parse value for key [%s]: value[%s] does "
70 "not start with a number\n", key, value));
75 DEBUG(10, ("Parsing value for key [%s]: id=[%llu], endptr=[%s]\n",
76 key, (unsigned long long)tmp_id.id, endptr));
78 ret = (*endptr == ':');
82 tmp_id.type = ID_TYPE_UID;
86 tmp_id.type = ID_TYPE_GID;
90 tmp_id.type = ID_TYPE_BOTH;
94 tmp_id.type = ID_TYPE_NOT_SPECIFIED;
98 DEBUG(0, ("FAILED to parse value for key [%s] "
99 "(id=[%llu], endptr=[%s]): "
100 "no type character after colon\n",
101 key, (unsigned long long)tmp_id.id, endptr));
105 DEBUG(0, ("FAILED to parse value for key [%s] "
106 "(id=[%llu], endptr=[%s]): "
107 "illegal type character '%c'\n",
108 key, (unsigned long long)tmp_id.id, endptr,
113 if (endptr[2] != '\0') {
114 DEBUG(0, ("FAILED to parse value for key [%s] "
115 "(id=[%llu], endptr=[%s]): "
116 "more than 1 type character after colon\n",
117 key, (unsigned long long)tmp_id.id, endptr));
123 *expired = (timeout <= time(NULL));
125 DEBUG(0, ("FAILED to parse value for key [%s] (value=[%s]): "
126 "colon missing after id=[%llu]\n",
127 key, value, (unsigned long long)tmp_id.id));
137 * Find a sid2uid mapping
138 * @param[in] sid the sid to map
139 * @param[out] puid where to put the result
140 * @param[out] expired is the cache entry expired?
141 * @retval Was anything in the cache at all?
143 * If *puid == -1 this was a negative mapping.
146 bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
151 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
156 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
165 * Find a sid2gid mapping
166 * @param[in] sid the sid to map
167 * @param[out] pgid where to put the result
168 * @param[out] expired is the cache entry expired?
169 * @retval Was anything in the cache at all?
171 * If *pgid == -1 this was a negative mapping.
174 bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
179 ret = idmap_cache_find_sid2unixid(sid, &id, expired);
184 if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
192 struct idmap_cache_xid2sid_state {
198 static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
202 struct idmap_cache_xid2sid_state *state =
203 (struct idmap_cache_xid2sid_state *)private_data;
206 ZERO_STRUCTP(state->sid);
209 if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
211 * Not a string, can't be a valid mapping
216 value = (char *)blob.data;
218 if (value[0] != '-') {
219 state->ret = string_to_sid(state->sid, value);
222 *state->expired = gencache_timeout_expired(timeout);
227 * Find a uid2sid mapping
228 * @param[in] uid the uid to map
229 * @param[out] sid where to put the result
230 * @param[out] expired is the cache entry expired?
231 * @retval Was anything in the cache at all?
233 * If "is_null_sid(sid)", this was a negative mapping.
236 bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired)
239 struct idmap_cache_xid2sid_state state;
241 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)uid);
244 state.expired = expired;
247 gencache_parse(key, idmap_cache_xid2sid_parser, &state);
252 * Find a gid2sid mapping
253 * @param[in] gid the gid to map
254 * @param[out] sid where to put the result
255 * @param[out] expired is the cache entry expired?
256 * @retval Was anything in the cache at all?
258 * If "is_null_sid(sid)", this was a negative mapping.
261 bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired)
264 struct idmap_cache_xid2sid_state state;
266 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
269 state.expired = expired;
272 gencache_parse(key, idmap_cache_xid2sid_parser, &state);
277 * Store a mapping in the idmap cache
278 * @param[in] sid the sid to map
279 * @param[in] unix_id the unix_id to map
281 * If both parameters are valid values, then a positive mapping in both
282 * directions is stored. If "is_null_sid(sid)" is true, then this will be a
283 * negative mapping of xid, we want to cache that for this xid we could not
284 * find anything. Likewise if "xid==-1", then we want to cache that we did not
285 * find a mapping for the sid passed here.
288 void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
290 time_t now = time(NULL);
294 if (!is_null_sid(sid)) {
295 struct dom_sid_buf sidstr;
296 fstr_sprintf(key, "IDMAP/SID2XID/%s",
297 dom_sid_str_buf(sid, &sidstr));
298 switch (unix_id->type) {
300 fstr_sprintf(value, "%d:U", (int)unix_id->id);
303 fstr_sprintf(value, "%d:G", (int)unix_id->id);
306 fstr_sprintf(value, "%d:B", (int)unix_id->id);
308 case ID_TYPE_NOT_SPECIFIED:
309 fstr_sprintf(value, "%d:N", (int)unix_id->id);
314 timeout = (unix_id->id == -1)
315 ? lp_idmap_negative_cache_time()
316 : lp_idmap_cache_time();
317 gencache_set(key, value, now + timeout);
319 if (unix_id->id != -1) {
320 if (is_null_sid(sid)) {
321 /* negative xid mapping */
323 timeout = lp_idmap_negative_cache_time();
326 sid_to_fstring(value, sid);
327 timeout = lp_idmap_cache_time();
329 switch (unix_id->type) {
331 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
332 gencache_set(key, value, now + timeout);
333 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
334 gencache_set(key, value, now + timeout);
338 fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
342 fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
348 gencache_set(key, value, now + timeout);
352 static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
353 return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
356 static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
358 snprintf(str, sizeof(str), "%d", id);
359 return key_xid2sid_str(mem_ctx, t, str);
362 static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, const char* id) {
363 return talloc_asprintf(mem_ctx, "IDMAP/SID2XID/%s", id);
366 static bool idmap_cache_del_xid(char t, int xid)
368 TALLOC_CTX* mem_ctx = talloc_stackframe();
369 const char* key = key_xid2sid(mem_ctx, t, xid);
370 char* sid_str = NULL;
374 if (!gencache_get(key, mem_ctx, &sid_str, &timeout)) {
375 DEBUG(3, ("no entry: %s\n", key));
380 if (sid_str[0] != '-') {
381 const char* sid_key = key_sid2xid_str(mem_ctx, sid_str);
382 if (!gencache_del(sid_key)) {
383 DEBUG(2, ("failed to delete: %s\n", sid_key));
386 DEBUG(5, ("delete: %s\n", sid_key));
391 if (!gencache_del(key)) {
392 DEBUG(1, ("failed to delete: %s\n", key));
395 DEBUG(5, ("delete: %s\n", key));
399 talloc_free(mem_ctx);
403 bool idmap_cache_del_uid(uid_t uid) {
404 return idmap_cache_del_xid('U', uid);
407 bool idmap_cache_del_gid(gid_t gid) {
408 return idmap_cache_del_xid('G', gid);
411 bool idmap_cache_del_sid(const struct dom_sid *sid)
413 TALLOC_CTX* mem_ctx = talloc_stackframe();
419 if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
427 idmap_cache_del_xid('U', id.id);
428 idmap_cache_del_xid('G', id.id);
431 idmap_cache_del_xid('U', id.id);
434 idmap_cache_del_xid('G', id.id);
441 sid_key = key_sid2xid_str(mem_ctx, dom_sid_string(mem_ctx, sid));
442 if (sid_key == NULL) {
445 /* If the mapping was symmetric, then this should fail */
446 gencache_del(sid_key);
448 talloc_free(mem_ctx);