2 Unix SMB/CIFS implementation.
4 Trusted domain names cache on top of gencache.
6 Copyright (C) Rafal Szczesniak 2002
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "../libcli/security/security.h"
26 #define DBGC_CLASS DBGC_ALL /* there's no proper class yet */
28 #define TDOMKEY_FMT "TDOM/%s"
29 #define TDOMTSKEY "TDOMCACHE/TIMESTAMP"
33 * @file trustdom_cache.c
35 * Implementation of trusted domain names cache useful when
36 * samba acts as domain member server. In such case, caching
37 * domain names currently trusted gives a performance gain
38 * because there's no need to query PDC each time we need
39 * list of trusted domains
43 * Initialise trustdom name caching system. Call gencache
44 * initialisation routine to perform necessary activities.
46 * @return true upon successful cache initialisation or
47 * false if cache init failed
50 bool trustdom_cache_enable(void)
57 * Shutdown trustdom name caching system. Calls gencache
60 * @return true upon successful cache close or
64 bool trustdom_cache_shutdown(void)
71 * Form up trustdom name key. It is based only
74 * @param name trusted domain name
75 * @return cache key for use in gencache mechanism
78 static char* trustdom_cache_key(const char* name)
81 asprintf_strupper_m(&keystr, TDOMKEY_FMT, name);
88 * Store trusted domain in gencache as the domain name (key)
89 * and trusted domain's SID (value)
91 * @param name trusted domain name
92 * @param alt_name alternative trusted domain name (used in ADS domains)
93 * @param sid trusted domain's SID
94 * @param timeout cache entry expiration time
95 * @return true upon successful value storing or
96 * false if store attempt failed
99 bool trustdom_cache_store(char* name, char* alt_name, const struct dom_sid *sid,
106 DEBUG(5, ("trustdom_store: storing SID %s of domain %s\n",
107 sid_string_dbg(sid), name));
109 key = trustdom_cache_key(name);
110 alt_key = alt_name ? trustdom_cache_key(alt_name) : NULL;
112 /* Generate string representation domain SID */
113 sid_to_fstring(sid_string, sid);
116 * try to put the names in the cache
119 ret = gencache_set(alt_key, sid_string, timeout);
121 ret = gencache_set(key, sid_string, timeout);
128 ret = gencache_set(key, sid_string, timeout);
135 * Fetch trusted domain's SID from the gencache.
136 * This routine can also be used to check whether given
137 * domain is currently trusted one.
139 * @param name trusted domain name
140 * @param sid trusted domain's SID to be returned
141 * @return true if entry is found or
142 * false if has expired/doesn't exist
145 bool trustdom_cache_fetch(const char* name, struct dom_sid* sid)
147 char *key = NULL, *value = NULL;
150 /* exit now if null pointers were passed as they're required further */
154 /* prepare a key and get the value */
155 key = trustdom_cache_key(name);
159 if (!gencache_get(key, &value, &timeout)) {
160 DEBUG(5, ("no entry for trusted domain %s found.\n", name));
165 DEBUG(5, ("trusted domain %s found (%s)\n", name, value));
168 /* convert sid string representation into struct dom_sid structure */
169 if(! string_to_sid(sid, value)) {
180 /*******************************************************************
181 fetch the timestamp from the last update
182 *******************************************************************/
184 uint32 trustdom_cache_fetch_timestamp( void )
190 if (!gencache_get(TDOMTSKEY, &value, &timeout)) {
191 DEBUG(5, ("no timestamp for trusted domain cache located.\n"));
196 timestamp = atoi(value);
202 /*******************************************************************
203 store the timestamp from the last update
204 *******************************************************************/
206 bool trustdom_cache_store_timestamp( uint32 t, time_t timeout )
210 fstr_sprintf(value, "%d", t );
212 if (!gencache_set(TDOMTSKEY, value, timeout)) {
213 DEBUG(5, ("failed to set timestamp for trustdom_cache\n"));
222 * Delete single trustdom entry. Look at the
223 * gencache_iterate definition.
227 static void flush_trustdom_name(const char* key, const char *value, time_t timeout, void* dptr)
230 DEBUG(5, ("Deleting entry %s\n", key));
235 * Flush all the trusted domains entries from the cache.
238 void trustdom_cache_flush(void)
241 * iterate through each TDOM cache's entry and flush it
242 * by flush_trustdom_name function
244 gencache_iterate(flush_trustdom_name, NULL, trustdom_cache_key("*"));
245 DEBUG(5, ("Trusted domains cache flushed\n"));
248 /********************************************************************
249 update the trustdom_cache if needed
250 ********************************************************************/
251 #define TRUSTDOM_UPDATE_INTERVAL 600
253 void update_trustdom_cache( void )
256 struct dom_sid *dom_sids;
260 TALLOC_CTX *mem_ctx = NULL;
261 time_t now = time(NULL);
264 /* get the timestamp. We have to initialise it if the last timestamp == 0 */
265 if ( (last_check = trustdom_cache_fetch_timestamp()) == 0 )
266 trustdom_cache_store_timestamp(0, now+TRUSTDOM_UPDATE_INTERVAL);
268 time_diff = (int) (now - last_check);
270 if ( (time_diff > 0) && (time_diff < TRUSTDOM_UPDATE_INTERVAL) ) {
271 DEBUG(10,("update_trustdom_cache: not time to update trustdom_cache yet\n"));
275 /* note that we don't lock the timestamp. This prevents this
276 smbd from blocking all other smbd daemons while we
277 enumerate the trusted domains */
278 trustdom_cache_store_timestamp(now, now+TRUSTDOM_UPDATE_INTERVAL);
280 if ( !(mem_ctx = talloc_init("update_trustdom_cache")) ) {
281 DEBUG(0,("update_trustdom_cache: talloc_init() failed!\n"));
285 /* get the domains and store them */
287 if ( enumerate_domain_trusts(mem_ctx, lp_workgroup(), &domain_names,
288 &num_domains, &dom_sids)) {
289 for ( i=0; i<num_domains; i++ ) {
290 trustdom_cache_store( domain_names[i], NULL, &dom_sids[i],
291 now+TRUSTDOM_UPDATE_INTERVAL);
294 /* we failed to fetch the list of trusted domains - restore the old
296 trustdom_cache_store_timestamp(last_check,
297 last_check+TRUSTDOM_UPDATE_INTERVAL);
301 talloc_destroy( mem_ctx );